/[pdpsoft]/trunk/eu.rcauth.pilot-ica/DS/ansible/roles/delegserver/templates/server-cfg.xml.j2
ViewVC logotype

Contents of /trunk/eu.rcauth.pilot-ica/DS/ansible/roles/delegserver/templates/server-cfg.xml.j2

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3007 - (show annotations) (download)
Tue May 3 17:07:17 2016 UTC (5 years, 8 months ago) by tamasb
File size: 3857 byte(s)
updated to support trace_records 

 - new war file
 - new server config 
 - new shibboleth config mapping more attributes
 - mysql scipt for creating the right DB tables


1 <config>
2
3 <service name="default" alias="server-config"/>
4
5 <!-- ############################################################################## -->
6
7 <service name="server-config" address="https://{{ inventory_hostname }}/{{ oa4mp_server }}" debug="true">
8
9 <!-- Regular Logs -->
10 <logging logFileName="{{ oa4mp_server_log_dir }}/{{ oa4mp_server }}.log"
11 logName="oauth2"
12 logSize="1000000"
13 logFileCount="10"
14 debug="true"
15 />
16
17 <!-- Trace Logs -->
18 <traceLogging logFileName="{{ oa4mp_server_log_dir }}/trace.log"
19 logName="trace"
20 logSize="1000000"
21 logFileCount="10"
22 debug="true"
23 />
24
25 <!-- Claim mappings -->
26 <scopes handler="org.delegserver.oauth2.DSDynamicScopeHandler">
27 <scope name="edu.uiuc.ncsa.myproxy.getcert"></scope>
28 <scope name="email">
29 <claim name="email">mail</claim>
30 </scope>
31 <scope name="openid">
32 <!--
33 The 'sub' claim is always sent and it defaults to whatever the
34 authorizationServlet returns as a username
35 -->
36 <!-- <claim name="sub">REMOTE_USER</claim> -->
37 </scope>
38 <scope name="profile">
39 <claim name="given_name">givenName</claim>
40 <claim name="family_name">sn</claim>
41 </scope>
42 <scope name="org.cilogon.userinfo">
43 <claim name="idp">idp</claim>
44 <claim name="idp_name">idp_name</claim>
45 <claim name="eptid">eptid</claim>
46 <claim name="eppn">eppn</claim>
47 <claim name="oidc">oidc</claim>
48 <claim name="affiliation">affiliation</claim>
49 <claim name="ou">ou</claim>
50 <claim name="name">displayName</claim>
51 </scope>
52 </scopes>
53
54 <!-- DN generator sources -->
55 <dnGenerator>
56 <cnName>
57 <source>displayName</source>
58 <source>givenName+sn</source>
59 <source>cn</source>
60 </cnName>
61 <cnUniqueId>
62 <source>epuid</source>
63 <source>eppn</source>
64 <source>eptid</source>
65 </cnUniqueId>
66 <organisation>
67 <source>schacHomeOrganization</source>
68 <source>Meta-orgDisplayName</source>
69 <source>Shib-Identity-Provider</source>
70 </organisation>
71 </dnGenerator>
72
73
74 {% if oa4mp_server_db_conf == "fileStore" %}
75
76 <{{ oa4mp_server_db_conf }} path="{{ oa4mp_server_storage_dir }}">
77 <transactions/>
78 <clients/>
79 <clientApprovals/>
80 <traceRecords/>
81 </{{ oa4mp_server_db_conf }}>
82
83 {% else %}
84
85 <{{ oa4mp_server_db_conf }} username="{{ oa4mp_server_db_user }}"
86 password="{{ oa4mp_server_db_pw }}"
87 database="{{ oa4mp_server_db }}"
88 schema="{{ oa4mp_server_db }}" >
89 <transactions/>
90 <clients/>
91 <clientApprovals/>
92 <traceRecords/>
93 </{{ oa4mp_server_db_conf }}>
94
95 {% endif %}
96
97 <myproxy host="{{ myproxy_ca_host }}" port="{{ myproxy_ca_port }}">
98 <keystore path="{{ oa4mp_server_keystore }}"
99 type="pkcs12"
100 password="{{ oa4mp_server_keystore_pw }}"
101 factory="SunX509" />
102 </myproxy>
103
104 <authorizationServlet useHeader="true" requireHeader="true" headerFieldName="{{ oa4mp_remote_user }}" />
105
106 <dnFormat>"/CN=%s"</dnFormat>
107
108 </service>
109
110 </config>
111

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28