source: TI01-discovery/trunk/OAIInfoEditor/oai_info_editor/secured.ini @ 5466

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI01-discovery/trunk/OAIInfoEditor/oai_info_editor/secured.ini@5466
Revision 5466, 4.2 KB checked in by cbyrom, 10 years ago (diff)

Add to code to allow the OAI editor to be used with the new openid
based security system. Add the policy file and secured ini file +
adjust handling of users - enforcing page access via URL content

  • basically either by provider ID or via 'admin=1' parameter for

admin users. For the latter, provider security_redirector module to
allow admin users to use same point of entry as normal users.

Line 
1#
2# oai_info_editor - Pylons development environment configuration
3#
4# The %(here)s variable will be replaced with the parent directory of this file
5#
6[DEFAULT]
7debug = true
8
9[pipeline:main]
10pipeline = AuthenticationFilter AuthorizationFilter logger main_app
11
12[filter:logger]
13use = egg:Paste#translogger
14
15[server:main]
16use = egg:Paste#http
17host = 0.0.0.0
18port = 5000
19
20[app:main_app]
21use = egg:oai_info_editor
22full_stack = true
23cache_dir = %(here)s/data
24beaker.session.key = oai_info_editor
25beaker.session.secret = somesecret
26configfile = %(here)s/editor.config
27
28# If you'd like to fine-tune the individual locations of the cache data dirs
29# for the Cache data, or the Session saves, un-comment the desired settings
30# here:
31#beaker.cache.data_dir = %(here)s/data/cache
32#beaker.session.data_dir = %(here)s/data/sessions
33
34# WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*
35# Debug mode will enable the interactive debugging tool, allowing ANYONE to
36# execute malicious code after an exception is raised.
37#set debug = false
38
39
40[filter:AuthenticationFilter]
41paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
42prefix = authN.
43
44# Set redirect for OpenID Relying Party in the Security Services app instance
45authN.redirectURI = http://localhost:7443/verify
46
47# Beaker Session set-up
48beaker.session.key = ndg.security.session
49beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
50beaker.cache.data_dir = %(here)s/authn/beaker/cache
51beaker.session.data_dir = %(here)s/authn/beaker/sessions
52
53# AuthKit Set-up
54authkit.setup.method=cookie
55
56# This cookie name and secret MUST agree with the name used by the security web
57# services app
58authkit.cookie.name=ndg.security.auth
59authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
60authkit.cookie.signoutpath = /logout
61
62# Disable inclusion of client IP address from cookie signature due to
63# suspected problem with AuthKit setting it when a HTTP Proxy is in place
64authkit.cookie.includeip = False
65
66
67[filter:AuthorizationFilter]
68paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
69prefix = authz.
70policy.filePath = %(here)s/policy.xml
71
72authz.pepResultHandler = oai_info_editor.lib.security_redirector.RedirectFollowingAccessDenied
73
74# Settings for Policy Information Point used by the Policy Decision Point to
75# retrieve subject attributes from the Attribute Authority associated with the
76# resource to be accessed
77pip.sslCACertFilePathList=
78
79# List of CA certificates used to verify the signatures of
80# Attribute Certificates retrieved
81pip.caCertFilePathList=%(here)s/ca/cacert.pem
82
83#
84# WS-Security Settings for call to Session Manager
85
86# Signature of an outbound message
87
88# Certificate associated with private key used to sign a message.  The sign
89# method will add this to the BinarySecurityToken element of the WSSE header. 
90# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
91# As an alternative, use signingCertChain - see below...
92
93# PEM encode cert
94pip.wssecurity.signingCertFilePath=%(here)s/pki/wsse-oai-editor.crt
95
96# PEM encoded private key file
97pip.wssecurity.signingPriKeyFilePath=%(here)s/pki/wsse-oai-editor.key
98
99# Password protecting private key.  Leave blank if there is no password.
100pip.wssecurity.signingPriKeyPwd=
101
102# For signature verification.  Provide a space separated list of file paths
103pip.wssecurity.caCertFilePathList=%(here)s/ca/cacert.pem
104
105# ValueType for the BinarySecurityToken added to the WSSE header
106pip.wssecurity.reqBinSecTokValType=X509v3
107
108# Add a timestamp element to an outbound message
109pip.wssecurity.addTimestamp=False
110
111# Logging configuration
112[loggers]
113keys = root, oai_info_editor, ndg
114
115[handlers]
116keys = console
117
118[formatters]
119keys = generic, debug
120
121[logger_root]
122level = DEBUG
123handlers = console
124
125[logger_ndg]
126level = DEBUG
127handlers =
128qualname = ndg
129
130[logger_oai_info_editor]
131level = DEBUG
132handlers =
133qualname = oai_info_editor
134
135[handler_console]
136class = StreamHandler
137args = (sys.stderr,)
138level = NOTSET
139formatter = debug
140
141[formatter_generic]
142format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
143datefmt = %H:%M:%S
144
145[formatter_debug]
146format = %(asctime)s.%(msecs)03d %(filename)s:%(lineno)d %(levelname)s %(message)s
147datefmt = %H:%M:%S
148
Note: See TracBrowser for help on using the repository browser.