source: MILK/trunk/milk_server/milk_server/templates/wayf.kid @ 2929

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/MILK/trunk/milk_server/milk_server/templates/wayf.kid@4992
Revision 2929, 2.6 KB checked in by pjkersha, 12 years ago (diff)

MAjor change to enable login transactions to operate over https.

ndgDiscovery.config: added sslServer param for https virtual host to serve secured login

ows_server/models/ndgSecurity.py:

  • access config params via g.securityCfg set in ndgMiddleware
  • improved error reporting

ows_server/config/ndgMiddleware.py: added global settings ...

  • sslServer - virtual host for running login transactions over https
  • securityCfg - security configuration parameters

ows_server/controllers/login.py:

  • urlsplit instead of urlparse
  • use ndg.security.common.m2CryptoSSLUtility.HTTPSConnection to check peer cert prior to redirect back to login requestor in LoginController?.doRedirect
  • replace 'setup' with 'before'. Latter is pylons/paste convenience method enabling settings to be made prior to each action
  • removed 'securitySetup' - this is done in ndgMiddleware at start-up
  • Nb. in doRedirect - currently set to always return params over http GET even if requestor and logi service are in the same domain - this is for testing only

ows_server/controllers/logout.py:

  • replace 'setup' with 'before'.
  • removed 'securitySetup' - this is done in ndgMiddleware at start-up

ows_server/lib/security_util.py:

  • Added SecurityConfig? class - a container for security config items held by 'g' global variable.

ows_server/lib/base.py: on setting of security params from LoginService? redirect back to http from https

ows_server/templates/ndgPage.kid: removed Session Manager address from the display - not needed for the user to see.

ows_server/templates/wayf.kid: ensure return URL is switched to https from http so that GET query args are hidden.

Line 
1<html py:extends="'ndgPage.kid'" xmlns="http://www.w3.org/1999/xhtml" xmlns:py="http://purl.org/kid/ns#">
2    <head>
3    <replace py:replace="pagehead()"/>
4    </head>
5    <body>
6        <div py:replace="header()"/>
7        <h4> Where are you from? </h4>
8        <?python
9                # Decode the return URL so that it can be displayed to the user.
10                # The URL has previously been encoded from ndgPage.kid
11                from base64 import urlsafe_b64decode, urlsafe_b64encode
12                b64decReturnTo = urlsafe_b64decode(c.returnTo)
13               
14                # Ensure login can return to an address over https to
15                # preserve confidentiality of credentials
16                if g.server in b64decReturnTo:
17                        b64decReturnTo = b64decReturnTo.replace(g.server, g.sslServer)
18                        c.returnTo = urlsafe_b64encode(b64decReturnTo)       
19        ?>
20        <p> You can login in at
21        <ul py:for="h in c.providers">
22            <li> <a href="${c.providers[h]}?r=${c.returnTo}">${h}</a></li>
23        </ul></p>
24        <p>Before clicking on these links, please check that the links redirect to a site
25        you trust with your security credentials.</p>
26        <p> How can I tell?  For any of the above, following login you will be
27        redirected back to the URL: <a href="${b64decReturnTo}">${b64decReturnTo}</a></p>
28        <div py:replace="footer()"/>
29    </body>
30   
31        <div py:def="footer()" id="Footer">
32        <center><table><tbody>
33            <tr>
34                <td align="center" width="60%">
35                    <table><tbody>
36                    <tr><td><span py:replace="linkimage(g.ndgLink,g.ndgImage,'NDG')"/></td>
37                    <td> This portal is a product of the <a href="http://ndg.nerc.ac.uk"> NERC DataGrid</a>
38                    Not all functionality is completely implemented, bugs and problems are expected </td>
39                    </tr>
40                    </tbody></table>
41                </td>
42                <td width="40%" align="center">
43                    <div id="loginStatus">
44                        <!--! now we choose one of the next two (logged in or not) -->
45                        <div py:if="'ndgSec' in session"><table><tbody><tr><td> User [${session['ndgSec']['u']}] logged in
46                        at [${session['ndgSec']['h']}] with roles [${session['ndgSec']['roles']}]</td><td>
47                        &nbsp;<span py:replace="logOut()"/></td></tr></tbody></table></div>
48                        <div py:if="'ndgSec' not in session"></div>
49                    </div>
50                </td>
51                <td><span py:replace="linkimage(g.stfcLink,g.stfcImage,'Hosted by the STFC CEDA')"/></td>
52            </tr>
53        </tbody></table></center>
54    </div>
55</html>
Note: See TracBrowser for help on using the repository browser.