/[pdpsoft]/trunk/novalocal-test-delegserver/DS/roles/delegserver/templates/server-cfg.xml.j2
ViewVC logotype

Annotation of /trunk/novalocal-test-delegserver/DS/roles/delegserver/templates/server-cfg.xml.j2

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3079 - (hide annotations) (download)
Tue Aug 9 11:29:55 2016 UTC (5 years, 9 months ago) by msalle
File size: 4552 byte(s)
Adding ansible scripts for the jenkins/novalocal test Delegation Server

1 msalle 3079 <config>
2    
3     <service name="default" alias="server-config"/>
4    
5     <!-- ############################################################################## -->
6    
7     <service name="server-config" address="https://{{ inventory_hostname }}/{{ oa4mp_server }}" debug="true">
8    
9     <!-- Regular Logs -->
10     <logging logFileName="{{ oa4mp_server_log_dir }}/{{ oa4mp_server }}.log"
11     logName="oauth2"
12     logSize="1000000"
13     logFileCount="10"
14     debug="true"
15     />
16    
17     <!-- Trace Logs -->
18     <traceLogging logFileName="{{ oa4mp_server_log_dir }}/trace.log"
19     logName="trace"
20     logSize="1000000"
21     logFileCount="3"
22     debug="true"
23     />
24    
25     <!-- Claim mappings -->
26     <scopes handler="org.delegserver.oauth2.DSDynamicScopeHandler">
27     <scope name="edu.uiuc.ncsa.myproxy.getcert">
28     <claim name="cert_subject_dn">X509_CERT_SUBJECT</claim>
29     </scope>
30     <scope name="email">
31     <claim name="email">mail</claim>
32     </scope>
33     <scope name="openid">
34     <!--
35     The 'sub' claim is always sent and it defaults to whatever the
36     authorizationServlet returns as a username
37     -->
38     <!-- <claim name="sub">REMOTE_USER</claim> -->
39     </scope>
40     <scope name="profile">
41     <claim name="given_name">givenName</claim>
42     <claim name="family_name">sn</claim>
43     </scope>
44     <scope name="org.cilogon.userinfo">
45     <claim name="idp">Shib-Authenticating-Authority</claim>
46     <claim name="idp_display_name">o</claim>
47     <claim name="eduPersonTargetedID">eptid</claim>
48     <claim name="eduPersonPrincipalName">eppn</claim>
49     <claim name="oidc">oidc</claim>
50     <claim name="affiliation">affiliation</claim>
51     <claim name="name">displayName</claim>
52     </scope>
53     </scopes>
54    
55     <!-- DN generator sources -->
56     <!-- <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=rcauth-clients,DC=rcauth,DC=eu"> -->
57     <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=Example,DC=NL">
58     <cnName>
59     <source>displayName</source>
60     <source>givenName+sn</source>
61     <source>cn</source>
62     </cnName>
63     <cnUniqueId>
64     <source>epuid</source>
65     <source>eppn</source>
66     <source>eptid</source>
67     </cnUniqueId>
68     <organisation>
69     <source>schacHomeOrganization</source>
70     <source filter="url">o</source>
71     </organisation>
72     <extensions>
73     <source name="email">mail</source>
74     </extensions>
75     </dnGenerator>
76    
77     <attributeFilters>
78     <filter name="url">org.delegserver.oauth2.shib.filters.URLDomainNameFilter</filter>
79     <filter name="shout">org.delegserver.oauth2.shib.filters.ShoutFilter</filter>
80     <filter name="leetify">org.delegserver.oauth2.shib.filters.LeetifyFilter</filter>
81     <filter name="missepll">org.delegserver.oauth2.shib.filters.MissepllFilter</filter>
82     </attributeFilters>
83    
84    
85     {% if oa4mp_server_db_conf == "fileStore" %}
86    
87     <{{ oa4mp_server_db_conf }} path="{{ oa4mp_server_storage_dir }}">
88     <transactions/>
89     <clients/>
90     <clientApprovals/>
91     <traceRecords/>
92     </{{ oa4mp_server_db_conf }}>
93    
94     {% else %}
95    
96     <{{ oa4mp_server_db_conf }} username="{{ oa4mp_server_db_user }}"
97     password="{{ oa4mp_server_db_pw }}"
98     database="{{ oa4mp_server_db }}"
99     schema="{{ oa4mp_server_db }}" >
100     <transactions/>
101     <clients/>
102     <clientApprovals/>
103     <traceRecords/>
104     </{{ oa4mp_server_db_conf }}>
105    
106     {% endif %}
107    
108     <myproxy host="{{ myproxy_ca_host }}" port="{{ myproxy_ca_port }}">
109     <keystore path="{{ oa4mp_server_keystore }}"
110     type="pkcs12"
111     password="{{ oa4mp_server_keystore_pw }}"
112     factory="SunX509" />
113     </myproxy>
114    
115     <authorizationServlet useHeader="true" requireHeader="true" headerFieldName="{{ oa4mp_remote_user }}" />
116    
117     </service>
118    
119     </config>
120    

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28