source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgr.cfg @ 4158

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgr.cfg@4158
Revision 4158, 5.8 KB checked in by cbyrom, 12 years ago (diff)

Create new utility module, ClassFactory? - to allow generic instantiation
of classes dynamically.

Implement use of this in the AttAuth? and SessionMgr? services + adjust
the config files for these accordingly + abstract use of MyProxy? in
SessionMgr? to generic authNService - and create packages with real
and test authN services. Adjust the SessionMgr? tests to use the
test authN service.

Line 
1# Configuration file for Session Manager Server
2#
3# NERC Data Grid Project
4#
5# P J Kershaw 07/08/08
6#
7# Copyright (C) 2008 CCLRC & NERC
8#
9# This software may be distributed under the terms of the Q Public License,
10# version 1.0 or later.
11#
12[DEFAULT]
13# the port number the service is to run on
14portNum: 
15
16# Flag for SSL - set to something to stipulate http, leave blank to use http
17useSSL: Yes
18
19# X.509 certificate for SSL connections - ignored if useSSL is blank
20sslCertFile: $NDGSEC_DIR/conf/certs/hostcert.pem
21
22# Private key file for SSL  - ignored if useSSL is blank
23sslKeyFile: $NDGSEC_DIR/conf/certs/hostkey.pem
24
25# Directory containing CA cert.s to verify SSL peer cert against - ignored if
26# useSSL is blank
27sslCACertDir: $NDGSEC_DIR/conf/certs/ca
28 
29# Domain defaults to the server host - any more generic setting could be a
30# a security risk.  Leave blank to default to the fully qualified domain
31# name of the server.
32cookieDomain: 
33
34#
35# SOAP Signature Handler settings
36# Leave blank for NO SOAP signature
37[WS-Security]
38#
39# OUTBOUND MESSAGE CONFIG
40
41# CA Certificates used to verify X.509 certs used in Attribute Certificates.
42# The CA certificates of other NDG trusted sites should go here.  NB, multiple
43# values should be delimited by a space
44caCertFilePathList: $NDGSEC_DIR/conf/certs/ca/cacert.pem 
45
46# Signature of an outbound message
47
48# Certificate associated with private key used to sign a message.  The sign
49# method will add this to the BinarySecurityToken element of the WSSE header. 
50# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
51# As an alternative, use signingCertChain - see below...
52
53# PEM encoded cert
54signingCertFilePath: $NDGSEC_DIR/conf/certs/sm-cert.pem
55
56# ... or provide file path to PEM encoded private key file
57signingPriKeyFilePath: $NDGSEC_DIR/conf/certs/sm-key.pem
58
59# Password protecting private key.  Leave blank if there is no password.
60signingPriKeyPwd=
61
62# Pass a list of certificates ',' separated PEM encoded certs constituting a
63# chain of trust from the certificate used to verifying the signature backward
64# to the CA cert.  The CA cert need not be included.  To use this option,
65# reqBinSecTokValType must be set to the X509PKIPathv1
66signingCertChain=
67
68# Provide a space separated list of file paths
69caCertFilePathList: $NDGSEC_DIR/conf/certs/ca/cacert.pem
70
71# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
72# signed message.  See __setReqBinSecTokValType method and binSecTokValType
73# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or
74# give full namespace to alternative - see
75# ZSI.wstools.Namespaces.OASIS.X509TOKEN
76#
77# binSecTokValType determines whether signingCert or signingCertChain
78# attributes will be used.
79reqBinSecTokValType: X509v3
80
81# Add a timestamp element to an outbound message
82addTimestamp: True
83
84# For WSSE 1.1 - service returns signature confirmation containing signature
85# value sent by client
86applySignatureConfirmation: True
87
88# Inclusive namespace prefixes - for Exclusive Canonicalisation only
89# TODO: include option to set C14N algorithm - C14N currently set to Exclusive
90
91# Inclusive namespace prefixes Canonicalisation of reference elements -
92# space separated list e.g. refC14nInclNS=wsse ds ns1
93refC14nInclNS:
94
95# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element -
96# same format as the above
97signedInfoC14nInclNS:
98
99#
100# INBOUND MESSAGE CONFIG
101
102# X.509 certificate used by verify method to verify a message.  This argument
103# can be omitted if the message to be verified contains the X.509 certificate
104# in the BinarySecurityToken element.  In this case, the cert read from the
105# message will be assigned to the verifyingCert attribute.
106
107# ... or provide file path PEM encode cert here
108verifyingCertFilePath: 
109
110
111# Authentication service properties
112[authNServiceProp]
113moduleFilePath: 
114moduleName: ndg.security.server.authenservice.session_mgr_my_proxy_client
115className: SessionMgrMyProxyClient
116propertiesFile:
117# Delete this element and take setting from MYPROXY_SERVER environment
118# variable if required
119
120# hostname: localhost
121#
122# Delete this element to take default setting 7512 or read
123# MYPROXY_SERVER_PORT setting
124port: 7512
125
126# Useful if hostname and certificate CN don't match correctly.  Globus
127# host DN is set to "host/<fqdn: ".  Delete this element and set from
128# MYPROXY_SERVER_DN environment variable if prefered
129serverDN:
130
131# Set "host/" prefix to host cert CN as is default with globus
132serverCNprefix: host/ 
133 
134# This directory path is used to locate the OpenSSL configuration file
135#
136# The settings are used to set up the defaults for the Distinguished Name of
137# the new proxy cert. issued
138#
139# GLOBUS_LOCATION or GRID_SECURITY_DIR environment variables may be used
140# but the settings can be independent of any Globus installation
141openSSLConfFilePath: $NDGSEC_DIR/conf/openssl.conf
142tmpDir: /tmp
143
144# Limit on maximum lifetime any proxy certificate can have -
145# specified when a certificate is first created by store() method
146proxyCertMaxLifetime: 43200 # in seconds
147
148# Life time of a proxy certificate (seconds) when issued from the Proxy Server
149# with ndg.security.server.MyProxy.getDelegation() method
150proxyCertLifetime: 43200
151 
152# CA certificate applied to verify peer certificate against in
153# SSL connection to MyProxy server
154caCertFile: $NDGSEC_DIR/conf/certs/cacert.pem
155
156
157# Settings for Credential Repository plugin
158[credReposProp]
159# File path to plugin module - may be left blank if module is included in the
160# current PYTHONPATH
161#modFilePath:
162
163#
164# Module name - the default is an empty stub
165modName: ndg.security.common.CredWallet
166
167# Name of class in module to instantiate
168className: NullCredRepos
169
170# Optional Properties file argument to Credential Repository class.  This is
171# include to enable custom settings to be defined from an external
172# configuration file
173propFile:
Note: See TracBrowser for help on using the repository browser.