delegserver/templates/server-cfg.xml.j2

<config>

    <service name="default" alias="server-config"/>

    <!-- ############################################################################## -->

    <service name="server-config" address="https://{{ inventory_hostname }}/{{ oa4mp_server }}" debug="true">

       <!-- Regular Logs -->
       <logging  logFileName="{{ oa4mp_server_log_dir }}/{{ oa4mp_server }}.log"
                 logName="oauth2"
                 logSize="1000000"
                 logFileCount="10"
                 debug="true"
       />

       <!-- Trace Logs -->
       <traceLogging  logFileName="{{ oa4mp_server_log_dir }}/trace.log"
                 logName="trace"
                 logSize="1000000"
                 logFileCount="3"
                 debug="true"
       />

       <!-- Claim mappings -->
       <scopes handler="org.delegserver.oauth2.DSDynamicScopeHandler">
         <scope name="edu.uiuc.ncsa.myproxy.getcert">
                <claim name="cert_subject_dn">X509_CERT_SUBJECT</claim>
         </scope> 
         <scope name="email">
                <claim name="email">mail</claim>
         </scope>
         <scope name="openid">
                <!-- 
                     The 'sub' claim is always sent and it defaults to whatever the 
                     authorizationServlet returns as a username 
                -->
                <!-- <claim name="sub">REMOTE_USER</claim> -->
         </scope>
         <scope name="profile">
                <claim name="given_name">givenName</claim>
                <claim name="family_name">sn</claim>
         </scope>
         <scope name="org.cilogon.userinfo">
                <claim name="idp">Shib-Authenticating-Authority</claim>
                <claim name="idp_display_name">o</claim>
                <claim name="eduPersonTargetedID">eptid</claim>
                <claim name="eduPersonPrincipalName">eppn</claim>
                <claim name="eduPersonUniqueId">epuid</claim>
                <claim name="eduPersonScopedAffiliation">affiliation</claim>
                <claim name="name">displayName</claim>
         </scope>
       </scopes>

       <!-- DN generator sources -->
       <!-- <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=rcauth-clients,DC=rcauth,DC=eu"> -->
       <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=Example,DC=NL">
         <cnName>
                <source>displayName</source>
                <source>givenName+sn</source>
                <source>cn</source>
         </cnName>
         <cnUniqueId>
                <source>epuid</source>
                <source>eppn</source>
                <source>eptid</source>
         </cnUniqueId>
         <organisation>
                <source>schacHomeOrganization</source>
                <source filter="url">o</source>
         </organisation>
         <extensions>
                <source name="email">mail</source>
         </extensions>
       </dnGenerator>

       <attributeFilters>
                <filter name="url">org.delegserver.oauth2.shib.filters.URLDomainNameFilter</filter>
                <filter name="shout">org.delegserver.oauth2.shib.filters.ShoutFilter</filter>
                <filter name="leetify">org.delegserver.oauth2.shib.filters.LeetifyFilter</filter>
                <filter name="missepll">org.delegserver.oauth2.shib.filters.MissepllFilter</filter>
       </attributeFilters>


{% if oa4mp_server_db_conf == "fileStore" %}

       <{{ oa4mp_server_db_conf }} path="{{ oa4mp_server_storage_dir }}">
                         <transactions/>
                         <clients/>
                         <clientApprovals/>
                         <traceRecords/>
       </{{ oa4mp_server_db_conf }}>

{% else %}

       <{{ oa4mp_server_db_conf }}    username="{{ oa4mp_server_db_user }}" 
                   password="{{ oa4mp_server_db_pw }}" 
                   database="{{ oa4mp_server_db }}" 
                   schema="{{ oa4mp_server_db }}" >
                         <transactions/>
                         <clients/>
                         <clientApprovals/>
                         <traceRecords/>
       </{{ oa4mp_server_db_conf }}>

{% endif %}

       <myproxy host="{{ myproxy_ca_host }}" port="{{ myproxy_ca_port }}">
                 <keystore path="{{ oa4mp_server_keystore }}"
                           type="pkcs12"
                           password="{{ oa4mp_server_keystore_pw }}"
                           factory="SunX509" />
       </myproxy>

       <authorizationServlet useHeader="true" requireHeader="true" headerFieldName="{{ oa4mp_remote_user }}" />

    </service>

</config>

1	<config>
2
3	<service name="default" alias="server-config"/>
4
5	<!-- ############################################################################## -->
6
7	<service name="server-config" address="https://{{ inventory_hostname }}/{{ oa4mp_server }}" debug="true">
8
9	<!-- Regular Logs -->
10	<logging logFileName="{{ oa4mp_server_log_dir }}/{{ oa4mp_server }}.log"
11	logName="oauth2"
12	logSize="1000000"
13	logFileCount="10"
14	debug="true"
15	/>
16
17	<!-- Trace Logs -->
18	<traceLogging logFileName="{{ oa4mp_server_log_dir }}/trace.log"
19	logName="trace"
20	logSize="1000000"
21	logFileCount="3"
22	debug="true"
23	/>
24
25	<!-- Claim mappings -->
26	<scopes handler="org.delegserver.oauth2.DSDynamicScopeHandler">
27	<scope name="edu.uiuc.ncsa.myproxy.getcert">
28	<claim name="cert_subject_dn">X509_CERT_SUBJECT</claim>
29	</scope>
30	<scope name="email">
31	<claim name="email">mail</claim>
32	</scope>
33	<scope name="openid">
34	<!--
35	The 'sub' claim is always sent and it defaults to whatever the
36	authorizationServlet returns as a username
37	-->
38	<!-- <claim name="sub">REMOTE_USER</claim> -->
39	</scope>
40	<scope name="profile">
41	<claim name="given_name">givenName</claim>
42	<claim name="family_name">sn</claim>
43	</scope>
44	<scope name="org.cilogon.userinfo">
45	<claim name="idp">Shib-Authenticating-Authority</claim>
46	<claim name="idp_display_name">o</claim>
47	<claim name="eduPersonTargetedID">eptid</claim>
48	<claim name="eduPersonPrincipalName">eppn</claim>
49	<claim name="eduPersonUniqueId">epuid</claim>
50	<claim name="eduPersonScopedAffiliation">affiliation</claim>
51	<claim name="name">displayName</claim>
52	</scope>
53	</scopes>
54
55	<!-- DN generator sources -->
56	<!-- <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=rcauth-clients,DC=rcauth,DC=eu"> -->
57	<dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=Example,DC=NL">
58	<cnName>
59	<source>displayName</source>
60	<source>givenName+sn</source>
61	<source>cn</source>
62	</cnName>
63	<cnUniqueId>
64	<source>epuid</source>
65	<source>eppn</source>
66	<source>eptid</source>
67	</cnUniqueId>
68	<organisation>
69	<source>schacHomeOrganization</source>
70	<source filter="url">o</source>
71	</organisation>
72	<extensions>
73	<source name="email">mail</source>
74	</extensions>
75	</dnGenerator>
76
77	<attributeFilters>
78	<filter name="url">org.delegserver.oauth2.shib.filters.URLDomainNameFilter</filter>
79	<filter name="shout">org.delegserver.oauth2.shib.filters.ShoutFilter</filter>
80	<filter name="leetify">org.delegserver.oauth2.shib.filters.LeetifyFilter</filter>
81	<filter name="missepll">org.delegserver.oauth2.shib.filters.MissepllFilter</filter>
82	</attributeFilters>
83
84
85	{% if oa4mp_server_db_conf == "fileStore" %}
86
87	<{{ oa4mp_server_db_conf }} path="{{ oa4mp_server_storage_dir }}">
88	<transactions/>
89	<clients/>
90	<clientApprovals/>
91	<traceRecords/>
92	</{{ oa4mp_server_db_conf }}>
93
94	{% else %}
95
96	<{{ oa4mp_server_db_conf }} username="{{ oa4mp_server_db_user }}"
97	password="{{ oa4mp_server_db_pw }}"
98	database="{{ oa4mp_server_db }}"
99	schema="{{ oa4mp_server_db }}" >
100	<transactions/>
101	<clients/>
102	<clientApprovals/>
103	<traceRecords/>
104	</{{ oa4mp_server_db_conf }}>
105
106	{% endif %}
107
108	<myproxy host="{{ myproxy_ca_host }}" port="{{ myproxy_ca_port }}">
109	<keystore path="{{ oa4mp_server_keystore }}"
110	type="pkcs12"
111	password="{{ oa4mp_server_keystore_pw }}"
112	factory="SunX509" />
113	</myproxy>
114
115	<authorizationServlet useHeader="true" requireHeader="true" headerFieldName="{{ oa4mp_remote_user }}" />
116
117	</service>
118
119	</config>
120
grid.support@nikhef.nl	ViewVC Help
Powered by ViewVC 1.1.28