source: MILK/trunk/milk_server/milk_server/templates/wayf.kid @ 2929

Subversion URL:
Revision 2929, 2.6 KB checked in by pjkersha, 13 years ago (diff)

MAjor change to enable login transactions to operate over https.

ndgDiscovery.config: added sslServer param for https virtual host to serve secured login


  • access config params via g.securityCfg set in ndgMiddleware
  • improved error reporting

ows_server/config/ added global settings ...

  • sslServer - virtual host for running login transactions over https
  • securityCfg - security configuration parameters


  • urlsplit instead of urlparse
  • use to check peer cert prior to redirect back to login requestor in LoginController?.doRedirect
  • replace 'setup' with 'before'. Latter is pylons/paste convenience method enabling settings to be made prior to each action
  • removed 'securitySetup' - this is done in ndgMiddleware at start-up
  • Nb. in doRedirect - currently set to always return params over http GET even if requestor and logi service are in the same domain - this is for testing only


  • replace 'setup' with 'before'.
  • removed 'securitySetup' - this is done in ndgMiddleware at start-up


  • Added SecurityConfig? class - a container for security config items held by 'g' global variable.

ows_server/lib/ on setting of security params from LoginService? redirect back to http from https

ows_server/templates/ndgPage.kid: removed Session Manager address from the display - not needed for the user to see.

ows_server/templates/wayf.kid: ensure return URL is switched to https from http so that GET query args are hidden.

1<html py:extends="'ndgPage.kid'" xmlns="" xmlns:py="">
2    <head>
3    <replace py:replace="pagehead()"/>
4    </head>
5    <body>
6        <div py:replace="header()"/>
7        <h4> Where are you from? </h4>
8        <?python
9                # Decode the return URL so that it can be displayed to the user.
10                # The URL has previously been encoded from ndgPage.kid
11                from base64 import urlsafe_b64decode, urlsafe_b64encode
12                b64decReturnTo = urlsafe_b64decode(c.returnTo)
14                # Ensure login can return to an address over https to
15                # preserve confidentiality of credentials
16                if g.server in b64decReturnTo:
17                        b64decReturnTo = b64decReturnTo.replace(g.server, g.sslServer)
18                        c.returnTo = urlsafe_b64encode(b64decReturnTo)       
19        ?>
20        <p> You can login in at
21        <ul py:for="h in c.providers">
22            <li> <a href="${c.providers[h]}?r=${c.returnTo}">${h}</a></li>
23        </ul></p>
24        <p>Before clicking on these links, please check that the links redirect to a site
25        you trust with your security credentials.</p>
26        <p> How can I tell?  For any of the above, following login you will be
27        redirected back to the URL: <a href="${b64decReturnTo}">${b64decReturnTo}</a></p>
28        <div py:replace="footer()"/>
29    </body>
31        <div py:def="footer()" id="Footer">
32        <center><table><tbody>
33            <tr>
34                <td align="center" width="60%">
35                    <table><tbody>
36                    <tr><td><span py:replace="linkimage(g.ndgLink,g.ndgImage,'NDG')"/></td>
37                    <td> This portal is a product of the <a href=""> NERC DataGrid</a>
38                    Not all functionality is completely implemented, bugs and problems are expected </td>
39                    </tr>
40                    </tbody></table>
41                </td>
42                <td width="40%" align="center">
43                    <div id="loginStatus">
44                        <!--! now we choose one of the next two (logged in or not) -->
45                        <div py:if="'ndgSec' in session"><table><tbody><tr><td> User [${session['ndgSec']['u']}] logged in
46                        at [${session['ndgSec']['h']}] with roles [${session['ndgSec']['roles']}]</td><td>
47                        &nbsp;<span py:replace="logOut()"/></td></tr></tbody></table></div>
48                        <div py:if="'ndgSec' not in session"></div>
49                    </div>
50                </td>
51                <td><span py:replace="linkimage(g.stfcLink,g.stfcImage,'Hosted by the STFC CEDA')"/></td>
52            </tr>
53        </tbody></table></center>
54    </div>
Note: See TracBrowser for help on using the repository browser.