/[pdpsoft]/trunk/novalocal-test-delegserver/DS/roles/delegserver/templates/server-cfg.xml.j2
ViewVC logotype

Contents of /trunk/novalocal-test-delegserver/DS/roles/delegserver/templates/server-cfg.xml.j2

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3124 - (show annotations) (download)
Thu Oct 13 14:55:35 2016 UTC (5 years, 7 months ago) by tamasb
File size: 4581 byte(s)
fixed claim release

- added epuid
- modified eduScopeAffiliation
- removed unnecesarry claims


1 <config>
2
3 <service name="default" alias="server-config"/>
4
5 <!-- ############################################################################## -->
6
7 <service name="server-config" address="https://{{ inventory_hostname }}/{{ oa4mp_server }}" debug="true">
8
9 <!-- Regular Logs -->
10 <logging logFileName="{{ oa4mp_server_log_dir }}/{{ oa4mp_server }}.log"
11 logName="oauth2"
12 logSize="1000000"
13 logFileCount="10"
14 debug="true"
15 />
16
17 <!-- Trace Logs -->
18 <traceLogging logFileName="{{ oa4mp_server_log_dir }}/trace.log"
19 logName="trace"
20 logSize="1000000"
21 logFileCount="3"
22 debug="true"
23 />
24
25 <!-- Claim mappings -->
26 <scopes handler="org.delegserver.oauth2.DSDynamicScopeHandler">
27 <scope name="edu.uiuc.ncsa.myproxy.getcert">
28 <claim name="cert_subject_dn">X509_CERT_SUBJECT</claim>
29 </scope>
30 <scope name="email">
31 <claim name="email">mail</claim>
32 </scope>
33 <scope name="openid">
34 <!--
35 The 'sub' claim is always sent and it defaults to whatever the
36 authorizationServlet returns as a username
37 -->
38 <!-- <claim name="sub">REMOTE_USER</claim> -->
39 </scope>
40 <scope name="profile">
41 <claim name="given_name">givenName</claim>
42 <claim name="family_name">sn</claim>
43 </scope>
44 <scope name="org.cilogon.userinfo">
45 <claim name="idp">Shib-Authenticating-Authority</claim>
46 <claim name="idp_display_name">o</claim>
47 <claim name="eduPersonTargetedID">eptid</claim>
48 <claim name="eduPersonPrincipalName">eppn</claim>
49 <claim name="eduPersonUniqueId">epuid</claim>
50 <claim name="eduPersonScopedAffiliation">affiliation</claim>
51 <claim name="name">displayName</claim>
52 </scope>
53 </scopes>
54
55 <!-- DN generator sources -->
56 <!-- <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=rcauth-clients,DC=rcauth,DC=eu"> -->
57 <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=Example,DC=NL">
58 <cnName>
59 <source>displayName</source>
60 <source>givenName+sn</source>
61 <source>cn</source>
62 </cnName>
63 <cnUniqueId>
64 <source>epuid</source>
65 <source>eppn</source>
66 <source>eptid</source>
67 </cnUniqueId>
68 <organisation>
69 <source>schacHomeOrganization</source>
70 <source filter="url">o</source>
71 </organisation>
72 <extensions>
73 <source name="email">mail</source>
74 </extensions>
75 </dnGenerator>
76
77 <attributeFilters>
78 <filter name="url">org.delegserver.oauth2.shib.filters.URLDomainNameFilter</filter>
79 <filter name="shout">org.delegserver.oauth2.shib.filters.ShoutFilter</filter>
80 <filter name="leetify">org.delegserver.oauth2.shib.filters.LeetifyFilter</filter>
81 <filter name="missepll">org.delegserver.oauth2.shib.filters.MissepllFilter</filter>
82 </attributeFilters>
83
84
85 {% if oa4mp_server_db_conf == "fileStore" %}
86
87 <{{ oa4mp_server_db_conf }} path="{{ oa4mp_server_storage_dir }}">
88 <transactions/>
89 <clients/>
90 <clientApprovals/>
91 <traceRecords/>
92 </{{ oa4mp_server_db_conf }}>
93
94 {% else %}
95
96 <{{ oa4mp_server_db_conf }} username="{{ oa4mp_server_db_user }}"
97 password="{{ oa4mp_server_db_pw }}"
98 database="{{ oa4mp_server_db }}"
99 schema="{{ oa4mp_server_db }}" >
100 <transactions/>
101 <clients/>
102 <clientApprovals/>
103 <traceRecords/>
104 </{{ oa4mp_server_db_conf }}>
105
106 {% endif %}
107
108 <myproxy host="{{ myproxy_ca_host }}" port="{{ myproxy_ca_port }}">
109 <keystore path="{{ oa4mp_server_keystore }}"
110 type="pkcs12"
111 password="{{ oa4mp_server_keystore_pw }}"
112 factory="SunX509" />
113 </myproxy>
114
115 <authorizationServlet useHeader="true" requireHeader="true" headerFieldName="{{ oa4mp_remote_user }}" />
116
117 </service>
118
119 </config>
120

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28