source: TI01-discovery/trunk/OAIInfoEditor/secured.ini @ 5470

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI01-discovery/trunk/OAIInfoEditor/secured.ini@5470
Revision 5470, 4.1 KB checked in by cbyrom, 10 years ago (diff)

Update documentation, adding a section on how to set up the security
+ tidy up the codebase, moving configuration files to the top level
and deleting any app specific data + fix a few links to properly
include the admin parameter + fix an issue with the admin redirection.

Line 
1#
2# oai_info_editor - Pylons development environment configuration with security enabled
3#
4# The %(here)s variable will be replaced with the parent directory of this file
5#
6[DEFAULT]
7debug = true
8
9[pipeline:main]
10pipeline = AuthenticationFilter AuthorizationFilter logger main_app
11
12[filter:logger]
13use = egg:Paste#translogger
14
15[server:main]
16use = egg:Paste#http
17host = 0.0.0.0
18port = 5000
19
20[app:main_app]
21use = egg:oai_info_editor
22full_stack = true
23cache_dir = %(here)s/data
24beaker.session.key = oai_info_editor
25beaker.session.secret = somesecret
26configfile = %(here)s/editor.config
27
28# If you'd like to fine-tune the individual locations of the cache data dirs
29# for the Cache data, or the Session saves, un-comment the desired settings
30# here:
31#beaker.cache.data_dir = %(here)s/data/cache
32#beaker.session.data_dir = %(here)s/data/sessions
33
34# WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*
35# Debug mode will enable the interactive debugging tool, allowing ANYONE to
36# execute malicious code after an exception is raised.
37#set debug = false
38
39
40[filter:AuthenticationFilter]
41paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
42prefix = authN.
43
44# Set redirect for OpenID Relying Party in the Security Services app instance
45authN.redirectURI = http://localhost:7443/verify
46
47# Beaker Session set-up
48beaker.session.key = ndg.security.session
49beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
50beaker.cache.data_dir = %(here)s/authn/beaker/cache
51beaker.session.data_dir = %(here)s/authn/beaker/sessions
52
53# AuthKit Set-up
54authkit.setup.method=cookie
55
56# This cookie name and secret MUST agree with the name used by the security web
57# services app
58authkit.cookie.name=ndg.security.auth
59authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
60authkit.cookie.signoutpath = /logout
61
62# Disable inclusion of client IP address from cookie signature due to
63# suspected problem with AuthKit setting it when a HTTP Proxy is in place
64authkit.cookie.includeip = False
65
66
67[filter:AuthorizationFilter]
68paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
69prefix = authz.
70policy.filePath = %(here)s/policy.xml
71
72authz.pepResultHandler = oai_info_editor.lib.security_redirector.RedirectFollowingAccessDenied
73
74# Settings for Policy Information Point used by the Policy Decision Point to
75# retrieve subject attributes from the Attribute Authority associated with the
76# resource to be accessed
77pip.sslCACertFilePathList=
78
79# List of CA certificates used to verify the signatures of
80# Attribute Certificates retrieved
81pip.caCertFilePathList=%(here)s/ca/cacert.pem
82
83#
84# WS-Security Settings for call to Session Manager
85
86# Signature of an outbound message
87
88# Certificate associated with private key used to sign a message.  The sign
89# method will add this to the BinarySecurityToken element of the WSSE header. 
90# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
91# As an alternative, use signingCertChain - see below...
92
93# PEM encode cert
94pip.wssecurity.signingCertFilePath=%(here)s/pki/wsse-oai-editor.crt
95
96# PEM encoded private key file
97pip.wssecurity.signingPriKeyFilePath=%(here)s/pki/wsse-oai-editor.key
98
99# Password protecting private key.  Leave blank if there is no password.
100pip.wssecurity.signingPriKeyPwd=
101
102# For signature verification.  Provide a space separated list of file paths
103pip.wssecurity.caCertFilePathList=%(here)s/ca/cacert.pem
104
105# ValueType for the BinarySecurityToken added to the WSSE header
106pip.wssecurity.reqBinSecTokValType=X509v3
107
108# Add a timestamp element to an outbound message
109pip.wssecurity.addTimestamp=False
110
111# Logging configuration
112[loggers]
113keys = root, oai_info_editor
114
115[handlers]
116keys = console
117
118[formatters]
119keys = generic, debug
120
121[logger_root]
122level = INFO
123handlers = console
124
125[logger_oai_info_editor]
126level = DEBUG
127handlers =
128qualname = oai_info_editor
129
130[handler_console]
131class = StreamHandler
132args = (sys.stderr,)
133level = NOTSET
134formatter = debug
135
136[formatter_generic]
137format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
138datefmt = %H:%M:%S
139
140[formatter_debug]
141format = %(asctime)s.%(msecs)03d %(filename)s:%(lineno)d %(levelname)s %(message)s
142datefmt = %H:%M:%S
143
Note: See TracBrowser for help on using the repository browser.