/[pdpsoft]/trunk/novalocal-test-delegserver/DS/roles/delegserver/templates/server-cfg.xml.j2
ViewVC logotype

Contents of /trunk/novalocal-test-delegserver/DS/roles/delegserver/templates/server-cfg.xml.j2

Parent Directory Parent Directory | Revision Log Revision Log


Revision 3234 - (show annotations) (download)
Fri Apr 20 14:03:43 2018 UTC (4 years, 1 month ago) by msalle
File size: 4761 byte(s)
Syncing with RCauth CA

1 <config>
2
3 <service name="default" alias="server-config"/>
4
5 <!-- ############################################################################## -->
6
7 <service name="server-config" address="https://{{ inventory_hostname }}/{{ oa4mp_server }}" debug="true">
8
9 <!-- Regular Logs -->
10 <logging logFileName="{{ oa4mp_server_log_dir }}/{{ oa4mp_server }}.log"
11 logName="oauth2"
12 logSize="10000000"
13 logFileCount="10"
14 debug="true"
15 />
16
17 <!-- Trace Logs -->
18 <traceLogging logFileName="{{ oa4mp_server_log_dir }}/trace.log"
19 logName="trace"
20 logSize="10000000"
21 logFileCount="3"
22 debug="true"
23 />
24
25 <!-- JSON Web key for signing -->
26 <JSONWebKey defaultKeyID="{{ oa4mp_server_jwk_key_id }}">
27 <path>{{ oa4mp_server_jwk_file }}</path>
28 </JSONWebKey>
29
30 <!-- Claim mappings -->
31 <scopes handler="org.delegserver.oauth2.DSDynamicScopeHandler">
32 <scope name="edu.uiuc.ncsa.myproxy.getcert">
33 <claim name="cert_subject_dn">X509_CERT_SUBJECT</claim>
34 </scope>
35 <scope name="email">
36 <claim name="email">mail</claim>
37 </scope>
38 <scope name="openid">
39 <!--
40 The 'sub' claim is always sent and it defaults to whatever the
41 authorizationServlet returns as a username
42 -->
43 <!-- <claim name="sub">REMOTE_USER</claim> -->
44 </scope>
45 <scope name="profile">
46 <claim name="given_name">givenName</claim>
47 <claim name="family_name">sn</claim>
48 </scope>
49 <scope name="org.cilogon.userinfo">
50 <claim name="idp">Shib-Authenticating-Authority</claim>
51 <claim name="idp_display_name">o</claim>
52 <claim name="eduPersonTargetedID">eptid</claim>
53 <claim name="eduPersonPrincipalName">eppn</claim>
54 <claim name="eduPersonUniqueId">epuid</claim>
55 <claim name="eduPersonScopedAffiliation">affiliation</claim>
56 <claim name="name">displayName</claim>
57 </scope>
58 </scopes>
59
60 <!-- DN generator sources -->
61 <!-- <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=rcauth-clients,DC=rcauth,DC=eu"> -->
62 <dnGenerator attributeName="X509_CERT_SUBJECT" type="rfc2253" baseDN="DC=Example,DC=NL">
63 <cnName>
64 <source>displayName</source>
65 <source>givenName+sn</source>
66 <source>cn</source>
67 </cnName>
68 <cnUniqueId>
69 <source>epuid</source>
70 <source>eppn</source>
71 <source>eptid</source>
72 </cnUniqueId>
73 <organisation>
74 <source>schacHomeOrganization</source>
75 <source filter="url">o</source>
76 </organisation>
77 <extensions>
78 <source name="email">mail</source>
79 </extensions>
80 </dnGenerator>
81
82 <attributeFilters>
83 <filter name="url">org.delegserver.oauth2.shib.filters.URLDomainNameFilter</filter>
84 <filter name="shout">org.delegserver.oauth2.shib.filters.ShoutFilter</filter>
85 <filter name="leetify">org.delegserver.oauth2.shib.filters.LeetifyFilter</filter>
86 <filter name="missepll">org.delegserver.oauth2.shib.filters.MissepllFilter</filter>
87 </attributeFilters>
88
89
90 {% if oa4mp_server_db_conf == "fileStore" %}
91
92 <{{ oa4mp_server_db_conf }} path="{{ oa4mp_server_storage_dir }}">
93 <transactions/>
94 <clients/>
95 <clientApprovals/>
96 <traceRecords/>
97 </{{ oa4mp_server_db_conf }}>
98
99 {% else %}
100
101 <{{ oa4mp_server_db_conf }} username="{{ oa4mp_server_db_user }}"
102 password="{{ oa4mp_server_db_pw }}"
103 database="{{ oa4mp_server_db }}"
104 schema="{{ oa4mp_server_db }}" >
105 <transactions/>
106 <clients/>
107 <clientApprovals/>
108 <traceRecords/>
109 </{{ oa4mp_server_db_conf }}>
110
111 {% endif %}
112
113 <myproxy host="{{ myproxy_ca_host }}" port="{{ myproxy_ca_port }}">
114 <keystore path="{{ oa4mp_server_keystore }}"
115 type="pkcs12"
116 password="{{ oa4mp_server_keystore_pw }}"
117 factory="SunX509" />
118 </myproxy>
119
120 <authorizationServlet useHeader="true" requireHeader="true" headerFieldName="{{ oa4mp_remote_user }}" />
121
122 </service>
123
124 </config>
125

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28