delegserver/templates/server-cfg.xml.j2

<config>

    <service name="default" alias="server-config"/>

    <!-- ############################################################################## -->

    <service name="server-config" address="https://{{ inventory_hostname }}/{{ oa4mp_server }}" debug="true">

       <!-- Regular Logs -->
       <logging  logFileName="{{ oa4mp_server_log_dir }}/{{ oa4mp_server }}.log"
                 logName="oauth2"
                 logSize="1000000"
                 logFileCount="10"
                 debug="true"
       />

       <!-- Trace Logs -->
       <traceLogging  logFileName="{{ oa4mp_server_log_dir }}/trace.log"
                 logName="trace"
                 logSize="1000000"
                 logFileCount="3"
                 debug="true"
       />

       <!-- Claim mappings -->
       <scopes handler="org.delegserver.oauth2.DSDynamicScopeHandler">
         <scope name="edu.uiuc.ncsa.myproxy.getcert">
                <claim name="cert_subject_dn">X509_CERT_SUBJECT</claim>
         </scope> 
         <scope name="email">
                <claim name="email">mail</claim>
         </scope>
         <scope name="openid">
                <!-- 
                     The 'sub' claim is always sent and it defaults to whatever the 
                     authorizationServlet returns as a username 
                -->
                <!-- <claim name="sub">REMOTE_USER</claim> -->
         </scope>
         <scope name="profile">
                <claim name="given_name">givenName</claim>
                <claim name="family_name">sn</claim>
         </scope>
         <scope name="org.cilogon.userinfo">
                <claim name="idp">Shib-Authenticating-Authority</claim>
                <claim name="idp_display_name">o</claim>
                <claim name="eduPersonTargetedID">eptid</claim>
                <claim name="eduPersonPrincipalName">eppn</claim>
                <claim name="oidc">oidc</claim>
                <claim name="affiliation">affiliation</claim>
                <claim name="name">displayName</claim>
         </scope>
       </scopes>

       <!-- DN generator sources -->
       <!-- <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=rcauth-clients,DC=rcauth,DC=eu"> -->
       <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=Example,DC=NL">
         <cnName>
                <source>displayName</source>
                <source>givenName+sn</source>
                <source>cn</source>
         </cnName>
         <cnUniqueId>
                <source>epuid</source>
                <source>eppn</source>
                <source>eptid</source>
         </cnUniqueId>
         <organisation>
                <source>schacHomeOrganization</source>
                <source filter="url">o</source>
         </organisation>
         <extensions>
                <source name="email">mail</source>
         </extensions>
       </dnGenerator>

       <attributeFilters>
                <filter name="url">org.delegserver.oauth2.shib.filters.URLDomainNameFilter</filter>
                <filter name="shout">org.delegserver.oauth2.shib.filters.ShoutFilter</filter>
                <filter name="leetify">org.delegserver.oauth2.shib.filters.LeetifyFilter</filter>
                <filter name="missepll">org.delegserver.oauth2.shib.filters.MissepllFilter</filter>
       </attributeFilters>


{% if oa4mp_server_db_conf == "fileStore" %}

       <{{ oa4mp_server_db_conf }} path="{{ oa4mp_server_storage_dir }}">
                         <transactions/>
                         <clients/>
                         <clientApprovals/>
                         <traceRecords/>
       </{{ oa4mp_server_db_conf }}>

{% else %}

       <{{ oa4mp_server_db_conf }}    username="{{ oa4mp_server_db_user }}" 
                   password="{{ oa4mp_server_db_pw }}" 
                   database="{{ oa4mp_server_db }}" 
                   schema="{{ oa4mp_server_db }}" >
                         <transactions/>
                         <clients/>
                         <clientApprovals/>
                         <traceRecords/>
       </{{ oa4mp_server_db_conf }}>

{% endif %}

       <myproxy host="{{ myproxy_ca_host }}" port="{{ myproxy_ca_port }}">
                 <keystore path="{{ oa4mp_server_keystore }}"
                           type="pkcs12"
                           password="{{ oa4mp_server_keystore_pw }}"
                           factory="SunX509" />
       </myproxy>

       <authorizationServlet useHeader="true" requireHeader="true" headerFieldName="{{ oa4mp_remote_user }}" />

    </service>

</config>

1	msalle	3079	<config>
2
3			<service name="default" alias="server-config"/>
4
5			<!-- ############################################################################## -->
6
7			<service name="server-config" address="https://{{ inventory_hostname }}/{{ oa4mp_server }}" debug="true">
8
9			<!-- Regular Logs -->
10			<logging logFileName="{{ oa4mp_server_log_dir }}/{{ oa4mp_server }}.log"
11			logName="oauth2"
12			logSize="1000000"
13			logFileCount="10"
14			debug="true"
15			/>
16
17			<!-- Trace Logs -->
18			<traceLogging logFileName="{{ oa4mp_server_log_dir }}/trace.log"
19			logName="trace"
20			logSize="1000000"
21			logFileCount="3"
22			debug="true"
23			/>
24
25			<!-- Claim mappings -->
26			<scopes handler="org.delegserver.oauth2.DSDynamicScopeHandler">
27			<scope name="edu.uiuc.ncsa.myproxy.getcert">
28			<claim name="cert_subject_dn">X509_CERT_SUBJECT</claim>
29			</scope>
30			<scope name="email">
31			<claim name="email">mail</claim>
32			</scope>
33			<scope name="openid">
34			<!--
35			The 'sub' claim is always sent and it defaults to whatever the
36			authorizationServlet returns as a username
37			-->
38			<!-- <claim name="sub">REMOTE_USER</claim> -->
39			</scope>
40			<scope name="profile">
41			<claim name="given_name">givenName</claim>
42			<claim name="family_name">sn</claim>
43			</scope>
44			<scope name="org.cilogon.userinfo">
45			<claim name="idp">Shib-Authenticating-Authority</claim>
46			<claim name="idp_display_name">o</claim>
47			<claim name="eduPersonTargetedID">eptid</claim>
48			<claim name="eduPersonPrincipalName">eppn</claim>
49			<claim name="oidc">oidc</claim>
50			<claim name="affiliation">affiliation</claim>
51			<claim name="name">displayName</claim>
52			</scope>
53			</scopes>
54
55			<!-- DN generator sources -->
56			<!-- <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=rcauth-clients,DC=rcauth,DC=eu"> -->
57			<dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=Example,DC=NL">
58			<cnName>
59			<source>displayName</source>
60			<source>givenName+sn</source>
61			<source>cn</source>
62			</cnName>
63			<cnUniqueId>
64			<source>epuid</source>
65			<source>eppn</source>
66			<source>eptid</source>
67			</cnUniqueId>
68			<organisation>
69			<source>schacHomeOrganization</source>
70			<source filter="url">o</source>
71			</organisation>
72			<extensions>
73			<source name="email">mail</source>
74			</extensions>
75			</dnGenerator>
76
77			<attributeFilters>
78			<filter name="url">org.delegserver.oauth2.shib.filters.URLDomainNameFilter</filter>
79			<filter name="shout">org.delegserver.oauth2.shib.filters.ShoutFilter</filter>
80			<filter name="leetify">org.delegserver.oauth2.shib.filters.LeetifyFilter</filter>
81			<filter name="missepll">org.delegserver.oauth2.shib.filters.MissepllFilter</filter>
82			</attributeFilters>
83
84
85			{% if oa4mp_server_db_conf == "fileStore" %}
86
87			<{{ oa4mp_server_db_conf }} path="{{ oa4mp_server_storage_dir }}">
88			<transactions/>
89			<clients/>
90			<clientApprovals/>
91			<traceRecords/>
92			</{{ oa4mp_server_db_conf }}>
93
94			{% else %}
95
96			<{{ oa4mp_server_db_conf }} username="{{ oa4mp_server_db_user }}"
97			password="{{ oa4mp_server_db_pw }}"
98			database="{{ oa4mp_server_db }}"
99			schema="{{ oa4mp_server_db }}" >
100			<transactions/>
101			<clients/>
102			<clientApprovals/>
103			<traceRecords/>
104			</{{ oa4mp_server_db_conf }}>
105
106			{% endif %}
107
108			<myproxy host="{{ myproxy_ca_host }}" port="{{ myproxy_ca_port }}">
109			<keystore path="{{ oa4mp_server_keystore }}"
110			type="pkcs12"
111			password="{{ oa4mp_server_keystore_pw }}"
112			factory="SunX509" />
113			</myproxy>
114
115			<authorizationServlet useHeader="true" requireHeader="true" headerFieldName="{{ oa4mp_remote_user }}" />
116
117			</service>
118
119			</config>
120
grid.support@nikhef.nl	ViewVC Help
Powered by ViewVC 1.1.28