/[pdpsoft]/trunk/eu.rcauth.pilot-ica/DS/ansible/roles/delegserver/templates/server-cfg.xml.j2
ViewVC logotype

Contents of /trunk/eu.rcauth.pilot-ica/DS/ansible/roles/delegserver/templates/server-cfg.xml.j2

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3045 - (show annotations) (download)
Mon Jul 11 10:52:25 2016 UTC (5 years, 11 months ago) by tamasb
File size: 4298 byte(s)
Change delegation server idp to RCauth WAYF

- change IdP metadata endpoint and entityID
- idp claim source becomes Shib-Authenticating-Authority (since Shib-Identity-Provider will always be the WAYF from here on)
- idp_name claim source becomse o (since orgDisplayName will always be the WAYF)


1 <config>
2
3 <service name="default" alias="server-config"/>
4
5 <!-- ############################################################################## -->
6
7 <service name="server-config" address="https://{{ inventory_hostname }}/{{ oa4mp_server }}" debug="true">
8
9 <!-- Regular Logs -->
10 <logging logFileName="{{ oa4mp_server_log_dir }}/{{ oa4mp_server }}.log"
11 logName="oauth2"
12 logSize="1000000"
13 logFileCount="10"
14 debug="true"
15 />
16
17 <!-- Trace Logs -->
18 <traceLogging logFileName="{{ oa4mp_server_log_dir }}/trace.log"
19 logName="trace"
20 logSize="1000000"
21 logFileCount="10"
22 debug="false"
23 />
24
25 <!-- Claim mappings -->
26 <scopes handler="org.delegserver.oauth2.DSDynamicScopeHandler">
27 <scope name="edu.uiuc.ncsa.myproxy.getcert">
28 <claim name="cert_subject_dn">X509_CERT_SUBJECT</claim>
29 </scope>
30 <scope name="email">
31 <claim name="email">mail</claim>
32 </scope>
33 <scope name="openid">
34 <!--
35 The 'sub' claim is always sent and it defaults to whatever the
36 authorizationServlet returns as a username
37 -->
38 <!-- <claim name="sub">REMOTE_USER</claim> -->
39 </scope>
40 <scope name="profile">
41 <claim name="given_name">givenName</claim>
42 <claim name="family_name">sn</claim>
43 </scope>
44 <scope name="org.cilogon.userinfo">
45 <claim name="idp">Shib-Authenticating-Authority</claim>
46 <claim name="idp_name">o</claim>
47 <claim name="eduPersonTargetedID">eptid</claim>
48 <claim name="eduPersonPrincipalName">eppn</claim>
49 <claim name="oidc">oidc</claim>
50 <claim name="affiliation">affiliation</claim>
51 <claim name="ou">ou</claim>
52 <claim name="name">displayName</claim>
53 </scope>
54 </scopes>
55
56 <!-- DN generator sources -->
57 <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=rcauth-clients,DC=rcauth,DC=eu">
58 <cnName>
59 <source>displayName</source>
60 <source>givenName+sn</source>
61 <source>cn</source>
62 </cnName>
63 <cnUniqueId>
64 <source>epuid</source>
65 <source>eppn</source>
66 <source>eptid</source>
67 </cnUniqueId>
68 <organisation>
69 <source>schacHomeOrganization</source>
70 <source>o</source>
71 <source filter="url">Shib-Authenticating-Authority</source>
72 </organisation>
73 <extensions>
74 <source name="email">mail</source>
75 </extensions>
76 </dnGenerator>
77
78 <attributeFilters>
79 <filter name="url">org.delegserver.oauth2.shib.filters.URLDomainNameFilter</filter>
80 </attributeFilters>
81
82
83 {% if oa4mp_server_db_conf == "fileStore" %}
84
85 <{{ oa4mp_server_db_conf }} path="{{ oa4mp_server_storage_dir }}">
86 <transactions/>
87 <clients/>
88 <clientApprovals/>
89 <traceRecords/>
90 </{{ oa4mp_server_db_conf }}>
91
92 {% else %}
93
94 <{{ oa4mp_server_db_conf }} username="{{ oa4mp_server_db_user }}"
95 password="{{ oa4mp_server_db_pw }}"
96 database="{{ oa4mp_server_db }}"
97 schema="{{ oa4mp_server_db }}" >
98 <transactions/>
99 <clients/>
100 <clientApprovals/>
101 <traceRecords/>
102 </{{ oa4mp_server_db_conf }}>
103
104 {% endif %}
105
106 <myproxy host="{{ myproxy_ca_host }}" port="{{ myproxy_ca_port }}">
107 <keystore path="{{ oa4mp_server_keystore }}"
108 type="pkcs12"
109 password="{{ oa4mp_server_keystore_pw }}"
110 factory="SunX509" />
111 </myproxy>
112
113 <authorizationServlet useHeader="true" requireHeader="true" headerFieldName="{{ oa4mp_remote_user }}" />
114
115 </service>
116
117 </config>
118

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28