source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/utils/sessionMgr.cfg @ 4158

# Configuration file for Session Manager Server 
# 
# NERC Data Grid Project
# 
# P J Kershaw 07/08/08
# 
# Copyright (C) 2008 CCLRC & NERC
# 
# This software may be distributed under the terms of the Q Public License,
# version 1.0 or later.
#
[DEFAULT]
# the port number the service is to run on 
portNum:  

# Flag for SSL - set to something to stipulate http, leave blank to use http 
useSSL: Yes

# X.509 certificate for SSL connections - ignored if useSSL is blank 
sslCertFile: $NDGSEC_DIR/conf/certs/hostcert.pem

# Private key file for SSL  - ignored if useSSL is blank 
sslKeyFile: $NDGSEC_DIR/conf/certs/hostkey.pem

# Directory containing CA cert.s to verify SSL peer cert against - ignored if 
# useSSL is blank 
sslCACertDir: $NDGSEC_DIR/conf/certs/ca
 
# Domain defaults to the server host - any more generic setting could be a 
# a security risk.  Leave blank to default to the fully qualified domain
# name of the server.
cookieDomain: 

#
# SOAP Signature Handler settings
# Leave blank for NO SOAP signature
[WS-Security]
#
# OUTBOUND MESSAGE CONFIG

# CA Certificates used to verify X.509 certs used in Attribute Certificates.
# The CA certificates of other NDG trusted sites should go here.  NB, multiple
# values should be delimited by a space
caCertFilePathList: $NDGSEC_DIR/conf/certs/ca/cacert.pem  

# Signature of an outbound message

# Certificate associated with private key used to sign a message.  The sign 
# method will add this to the BinarySecurityToken element of the WSSE header.  
# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.  
# As an alternative, use signingCertChain - see below...

# PEM encoded cert
signingCertFilePath: $NDGSEC_DIR/conf/certs/sm-cert.pem

# ... or provide file path to PEM encoded private key file
signingPriKeyFilePath: $NDGSEC_DIR/conf/certs/sm-key.pem

# Password protecting private key.  Leave blank if there is no password.
signingPriKeyPwd=

# Pass a list of certificates ',' separated PEM encoded certs constituting a 
# chain of trust from the certificate used to verifying the signature backward 
# to the CA cert.  The CA cert need not be included.  To use this option, 
# reqBinSecTokValType must be set to the X509PKIPathv1
signingCertChain=

# Provide a space separated list of file paths
caCertFilePathList: $NDGSEC_DIR/conf/certs/ca/cacert.pem

# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
# signed message.  See __setReqBinSecTokValType method and binSecTokValType 
# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or 
# give full namespace to alternative - see 
# ZSI.wstools.Namespaces.OASIS.X509TOKEN
#
# binSecTokValType determines whether signingCert or signingCertChain 
# attributes will be used.
reqBinSecTokValType: X509v3

# Add a timestamp element to an outbound message
addTimestamp: True

# For WSSE 1.1 - service returns signature confirmation containing signature 
# value sent by client
applySignatureConfirmation: True

# Inclusive namespace prefixes - for Exclusive Canonicalisation only
# TODO: include option to set C14N algorithm - C14N currently set to Exclusive

# Inclusive namespace prefixes Canonicalisation of reference elements - 
# space separated list e.g. refC14nInclNS=wsse ds ns1
refC14nInclNS:

# Inclusive namespaces prefixes for Canonicalisation of SignedInfo element -
# same format as the above
signedInfoC14nInclNS:

#
# INBOUND MESSAGE CONFIG

# X.509 certificate used by verify method to verify a message.  This argument 
# can be omitted if the message to be verified contains the X.509 certificate 
# in the BinarySecurityToken element.  In this case, the cert read from the
# message will be assigned to the verifyingCert attribute.

# ... or provide file path PEM encode cert here
verifyingCertFilePath: 


# Authentication service properties 
[authNServiceProp]
moduleFilePath: 
moduleName: ndg.security.server.authenservice.session_mgr_my_proxy_client
className: SessionMgrMyProxyClient
propertiesFile:
# Delete this element and take setting from MYPROXY_SERVER environment 
# variable if required

# hostname: localhost
# 
# Delete this element to take default setting 7512 or read 
# MYPROXY_SERVER_PORT setting
port: 7512

# Useful if hostname and certificate CN don't match correctly.  Globus 
# host DN is set to "host/<fqdn: ".  Delete this element and set from 
# MYPROXY_SERVER_DN environment variable if prefered
serverDN:

# Set "host/" prefix to host cert CN as is default with globus
serverCNprefix: host/ 
 
# This directory path is used to locate the OpenSSL configuration file
#
# The settings are used to set up the defaults for the Distinguished Name of
# the new proxy cert. issued 
# 
# GLOBUS_LOCATION or GRID_SECURITY_DIR environment variables may be used
# but the settings can be independent of any Globus installation
openSSLConfFilePath: $NDGSEC_DIR/conf/openssl.conf
tmpDir: /tmp

# Limit on maximum lifetime any proxy certificate can have - 
# specified when a certificate is first created by store() method
proxyCertMaxLifetime: 43200 # in seconds

# Life time of a proxy certificate (seconds) when issued from the Proxy Server 
# with ndg.security.server.MyProxy.getDelegation() method
proxyCertLifetime: 43200
 
# CA certificate applied to verify peer certificate against in
# SSL connection to MyProxy server
caCertFile: $NDGSEC_DIR/conf/certs/cacert.pem


# Settings for Credential Repository plugin
[credReposProp]
# File path to plugin module - may be left blank if module is included in the 
# current PYTHONPATH
#modFilePath:

#
# Module name - the default is an empty stub
modName: ndg.security.common.CredWallet

# Name of class in module to instantiate 
className: NullCredRepos

# Optional Properties file argument to Credential Repository class.  This is 
# include to enable custom settings to be defined from an external 
# configuration file
propFile: