source: TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml @ 4158

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/python/ndg.security.server/ndg/security/server/conf/sessionMgrProperties.xml@4158
Revision 4158, 6.2 KB checked in by cbyrom, 13 years ago (diff)

Create new utility module, ClassFactory? - to allow generic instantiation
of classes dynamically.

Implement use of this in the AttAuth? and SessionMgr? services + adjust
the config files for these accordingly + abstract use of MyProxy? in
SessionMgr? to generic authNService - and create packages with real
and test authN services. Adjust the SessionMgr? tests to use the
test authN service.

Line 
1<?xml version="1.0" encoding="utf-8"?>
2<sessMgrProp>
3    <!-- the port number the service is to run on -->
4    <portNum></portNum> 
5    <!--
6    Flag for SSL - set to something to stipulate http, leave blank to use
7    http
8    -->
9    <useSSL>Yes</useSSL>
10    <!-- X.509 certificate for SSL connections - ignored if useSSL is blank--> 
11    <sslCertFile>$NDGSEC_DIR/conf/certs/hostcert.pem</sslCertFile>
12    <!-- Private key file for SSL  - ignored if useSSL is blank -->
13    <sslKeyFile>$NDGSEC_DIR/conf/certs/hostkey.pem</sslKeyFile>
14    <!--
15    Directory containing CA cert.s to verify SSL peer cert against
16     - ignored if useSSL is blank -->
17    <sslCACertDir>$NDGSEC_DIR/conf/certs/ca</sslCACertDir>
18    <!--
19    PKI settings for WS-Security signature of outbound SOAP messages
20    -->
21    <!--  NB, if no signature handling is required, do not include this element -->
22    <WS-Security>
23            <!-- X.509 certificate included in SOAP header -->
24            <signingCertFilePath>$NDGSEC_DIR/conf/certs/sm-cert.pem</signingCertFilePath>
25            <!-- corresponding private key used to sign the SOAP message -->
26            <signingPriKeyFilePath>$NDGSEC_DIR/conf/certs/sm-key.pem</signingPriKeyFilePath>
27            <!-- Password protecting private key file - leave blank if none set -->
28            <signingPriKeyPwd></signingPriKeyPwd>
29            <!--
30            Inclusive namespace prefixes for reference and SignedInfo sections of
31                WS-Security digital signature
32            -->
33        <refC14nInclNS></refC14nInclNS>
34                <signedInfoC14nInclNS></signedInfoC14nInclNS>
35        <!--
36        CA Certificates used to verify X.509 certs used in peer SOAP messages,
37            and Attribute Certificates.
38   
39            The CA certificates of other NDG trusted sites should go here.
40            -->
41        <caCertFilePathList>
42                <caCertFile>$NDGSEC_DIR/conf/certs/ca/cacert.pem</caCertFile>
43        </caCertFilePathList>
44            <!--
45        Set the certificate used to verify the signature of messages from the
46            client.  This can usually be left blank since the client is expected to
47        include the cert with the signature in the inbound SOAP message
48            -->
49            <verifyingCertPath></verifyingCertPath>
50        </WS-Security> 
51    <!--
52    Following two settings may be left blank.  These fields are likely to be
53    removed from a future version
54    -->   
55    <sessMgrEncrKey></sessMgrEncrKey>
56    <sessMgrURI></sessMgrURI>
57    <!--
58    Domain defaults to the server host - any more generic setting could be a
59    a security risk.  Leave blank to default to the fully qualified domain
60    name of the server.
61    -->
62    <cookieDomain></cookieDomain>
63    <!-- Proxy Client properties -->
64    <authNServiceProp>
65            <moduleFilePath></moduleFilePath>
66            <moduleName>ndg.security.server.authenservice.session_mgr_my_proxy_client</moduleName>
67            <className>SessionMgrMyProxyClient</className>
68            <!-- If properties file specified, the contents will augment/override any
69            other properties set here -->
70            <propertiesFile></propertiesFile>
71        <!--
72        Delete this element and take setting from MYPROXY_SERVER environment
73        variable if required
74        -->
75        <hostname>localhost</hostname>
76        <!--
77        Delete this element to take default setting 7512 or read
78        MYPROXY_SERVER_PORT setting
79        -->
80        <port>7512</port>
81        <!--
82        Useful if hostname and certificate CN don't match correctly.  Globus
83        host DN is set to "host/<fqdn>".  Delete this element and set from
84        MYPROXY_SERVER_DN environment variable if prefered
85        <serverDN></serverDN>
86        -->
87        <!--
88        Set "host/" prefix to host cert CN as is default with globus
89        -->
90        <serverCNprefix>host/</serverCNprefix>   
91        <!--
92        This directory path is used to locate the OpenSSL configuration file
93       
94        The settings are used to set up the defaults for the Distinguished Name of
95        the new proxy cert. issued
96       
97        GLOBUS_LOCATION or GRID_SECURITY_DIR environment variables may be used
98        but the settings can be independent of any Globus installation
99        -->
100        <openSSLConfFilePath>$NDGSEC_DIR/conf/openssl.conf</openSSLConfFilePath>
101        <tmpDir>/tmp</tmpDir>
102        <!--
103            Limit on maximum lifetime any proxy certificate can have -
104            specified when a certificate is first created by store() method
105        -->
106        <proxyCertMaxLifetime>43200</proxyCertMaxLifetime> <!-- in seconds -->
107        <!--
108            Life time of a proxy certificate when issued from the Proxy Server
109            with ndg.security.server.MyProxy.getDelegation() method
110        -->
111        <proxyCertLifetime>43200</proxyCertLifetime> <!-- in seconds -->
112        <!--
113        CA certificate applied to verify peer certificate against in
114        SSL connection to MyProxy server
115        -->
116        <caCertFile>$NDGSEC_DIR/conf/certs/cacert.pem</caCertFile>
117    </authNServiceProp>
118    <!--
119    Properties for a Session Manager client to a Simple CA.
120    Not currently used and likely to be removed from a future release
121    -->
122    <simpleCACltProp>
123        <uri></uri>
124        <xmlSigKeyFile></xmlSigKeyFile>
125        <xmlSigCertFile></xmlSigCertFile>
126        <xmlSigCertPwd></xmlSigCertPwd>
127    </simpleCACltProp>
128    <!--
129    <simpleCASrvProp>
130        <certExpiryDate></certExpiryDate>
131        <certLifetimeDays></certLifetimeDays>
132        <certTmpDir></certTmpDir>
133        <caCertFile></caCertFile>
134        <signExe></signExe>
135        <path></path>
136    </simpleCASrvProp>
137    -->
138    <!--
139    Settings for Credential Repository plugin
140    -->
141    <credReposProp>
142        <!--
143        File path to plugin module - may be left blank if
144        module is included in the current PYTHONPATH
145        -->
146        <modFilePath></modFilePath>
147        <!--
148        Module name - the default is an empty stub
149        -->
150        <modName>ndg.security.common.CredWallet</modName>
151        <!-- Name of class in module to instantiate -->
152        <className>NullCredRepos</className>
153        <!--
154        Optional Properties file argument to Credential
155        Repository class.  This is include to enable custom
156        settings to be defined from an external configuration file
157        -->
158        <propFile></propFile>
159    </credReposProp>
160</sessMgrProp>
Note: See TracBrowser for help on using the repository browser.