source: TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/openidprovider/service.ini_tmpl @ 7817

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/openidprovider/service.ini_tmpl@7817
Revision 7817, 7.5 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • major progress on independent OpenID Provider template. Requires some fixes to Yadis templates to complete.
Line 
1#
2# NERC DataGrid Security
3#
4# Description: Paste configuration for OpenID Provider standalone service
5#
6# The %(here)s variable will be replaced with the parent directory of this file
7#
8# Author:       P J Kershaw
9#
10# Date:         01/07/09
11#
12# Copyright: (C) 2010 Science and Technology Facilities Council
13# license: BSD - see LICENSE file in top-level directory
14# Contact: Philip.Kershaw@stfc.ac.uk
15
16
17[DEFAULT]
18portNum = %%{portNumber}
19hostname = localhost
20scheme = https
21baseURI = %%{baseURI}
22openIDProviderIDBase = /openid
23openIDProviderIDSelectURI = %(baseURI)s%(openIDProviderIDBase)s
24
25beakerSessionKeyName = beaker.session.ndg.security.services
26
27dbConnectionString = sqlite:///%(here)s/user.db
28
29[server:main]
30use = egg:Paste#http
31host = 0.0.0.0
32port = %(portNum)s
33
34# Use composite cascade construct to enable Provider app to pick up static
35# content 
36[filter-app:OpenIDProviderFilterApp]
37use = egg:Paste#httpexceptions
38next = cascade
39
40# Composite for OpenID Provider to enable settings for picking up static
41# content
42[composit:cascade]
43use = egg:Paste#cascade
44app1 = OpenIDProviderApp
45app2 = OpenIDProviderStaticContent
46catch = 404
47
48[app:OpenIDProviderStaticContent]
49use = egg:Paste#static
50document_root = %(here)s/public
51
52# Ordering of filters and app is critical
53[pipeline:main]
54pipeline = SessionMiddlewareFilter OpenIDProviderFilterApp
55
56#______________________________________________________________________________
57# Beaker Session Middleware (used by OpenID Provider Filter)
58[filter:SessionMiddlewareFilter]
59paste.filter_app_factory=beaker.middleware:SessionMiddleware
60beaker.session.key = openid
61beaker.session.secret = %%{beakerSessionCookieSecret}
62
63# If you'd like to fine-tune the individual locations of the cache data dirs
64# for the Cache data, or the Session saves, un-comment the desired settings
65# here:
66beaker.cache.data_dir = %(here)s/beaker/cache
67beaker.session.data_dir = %(here)s/beaker/sessions
68beaker.session.cookie_expires = True
69
70#beaker.session.cookie_domain = .localhost
71
72# Key name for keying into environ dictionary
73environ_key = %(beakerSessionKeyName)s
74
75#______________________________________________________________________________
76# OpenID Provider WSGI Settings
77[app:OpenIDProviderApp]
78paste.app_factory=ndg.security.server.wsgi.openid.provider:OpenIDProviderMiddleware.app_factory
79
80openid.provider.path.openidserver=/OpenID/Provider/server
81openid.provider.path.login=/OpenID/Provider/login
82openid.provider.path.loginsubmit=/OpenID/Provider/loginsubmit
83
84# Yadis based discovery only - the 'id' path is configured may be set to page
85# with <link rel="openid.server" href="..."> and Yadis
86# <meta http-equiv="x-xrds-location" content="..."> links if required but in
87# this implementation it set to return 404 not found - see
88# ndg.security.server.wsgi.openid.provider.renderinginterface.genshi.GenshiRendering
89# class
90openid.provider.path.id=/OpenID/Provider/id/${userIdentifier}
91openid.provider.path.yadis=%(openIDProviderIDBase)s/${userIdentifier}
92
93# Yadis based discovery for idselect mode - this is where the user has entered
94# a URI at the Relying Party which identifies their Provider only and not their
95# full ID URI.  e.g. https://badc.nerc.ac.uk instead of
96# https://badc.nerc.ac.uk/John
97openid.provider.path.serveryadis=%(openIDProviderIDBase)s
98openid.provider.path.allow=/OpenID/Provider/allow
99openid.provider.path.decide=/OpenID/Provider/decide
100openid.provider.path.mainpage=/OpenID/Provider/home
101
102openid.provider.session_middleware=%(beakerSessionKeyName)s
103openid.provider.base_url=%(baseURI)s
104
105# Enable login to construct an identity URI if IDSelect mode was chosen and
106# no identity URI was passed from the Relying Party.  This value should
107# match openid.provider.path.id and/or openid.provider.path.yadis - see above
108identityUriTemplate=%(baseURI)s%(openIDProviderIDBase)s/${userIdentifier}
109
110openid.provider.trace=False
111openid.provider.consumer_store_dirpath=%(here)s
112openid.provider.renderingClass=ndg.security.server.wsgi.openid.provider.renderinginterface.genshi.GenshiRendering
113#openid.provider.renderingClass=ndg.security.server.wsgi.openid.provider.DemoRenderingInterface
114
115# Templates
116openid.provider.rendering.templateRootDir = %(here)s/templates
117
118# Layout
119openid.provider.rendering.baseURL = %(openid.provider.base_url)s
120openid.provider.rendering.helpIcon = %(openid.provider.rendering.baseURL)s/layout/icons/help.png
121openid.provider.rendering.footerText = This site is for test purposes only.
122openid.provider.rendering.rightLink = http://ceda.ac.uk/
123openid.provider.rendering.rightImage = %(openid.provider.rendering.baseURL)s/layout/CEDA_RightButton60.png
124openid.provider.rendering.rightAlt = Centre for Environmental Data Archival
125
126# Basic Authentication interface to demonstrate capabilities
127#openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicAuthNInterface
128openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.sqlalchemy_authn.SQLAlchemyAuthnInterface
129openid.provider.authN.connectionString=%(dbConnectionString)s
130openid.provider.authN.logonSqlQuery=select count(*) from users where username = '${username}' and md5password = '${password}'
131openid.provider.authN.username2UserIdentifierSqlQuery=select openid_identifier from users where username = '${username}'
132openid.provider.authN.isMD5EncodedPwd=True
133
134# user login details format is:
135# <username>:<password>:<OpenID name>, ... <OpenID name N> <username>:... etc
136# Each user entry is delimited by a space. username, password and OpenID name
137# list are delimited by a colon.  The list of OpenID names are delimited by
138# commas.  The OpenID name represents the unique part of the OpenID URL for the
139# individual user.  Each username may have more than one OpenID alias but only
140# alias at a time may be registered with a given Attribute Authority
141openid.provider.authN.userCreds=pjk:testpassword:PhilipKershaw,P.J.Kershaw another:testpassword:A.N.Other
142
143# Basic authentication for testing/admin - comma delimited list of
144# <username>:<password> pairs
145#openid.provider.usercreds=pjk:test
146
147# Attribute Exchange interface
148#openid.provider.axResponse.class=ndg.security.server.wsgi.openid.provider.axinterface.csv.CSVFileAXInterface
149#openid.provider.axResponse.csvFilePath=%(here)s/attributeexchange.csv
150openid.provider.axResponse.class=ndg.security.server.wsgi.openid.provider.axinterface.sqlalchemy_ax.SQLAlchemyAXInterface
151openid.provider.axResponse.connectionString=%(dbConnectionString)s
152openid.provider.axResponse.sqlQuery = select firstname, lastname, emailaddress from users where username = '${username}'
153openid.provider.axResponse.attributeNames=http://openid.net/schema/namePerson/first
154    http://openid.net/schema/namePerson/last
155    http://openid.net/schema/contact/internet/email
156   
157openid.provider.trustedRelyingParties=https://localhost:7443, https://ndg.somewhere.ac.uk,
158        https://badc.somewhere.ac.uk
159
160# Logging configuration
161[loggers]
162keys = root, ndg
163
164[handlers]
165keys = console, logfile
166
167[formatters]
168keys = console, generic
169
170[logger_root]
171level = INFO
172handlers = console
173
174[logger_ndg]
175level = DEBUG
176handlers =
177qualname = ndg
178
179[handler_console]
180class = StreamHandler
181args = (sys.stderr,)
182level = NOTSET
183formatter = console
184
185[handler_logfile]
186class = handlers.RotatingFileHandler
187level=NOTSET
188formatter=generic
189args=(os.path.join('%%{outputDir}', 'log', 'openidprovider.log'), 'a', 100000, 10)
190
191[formatter_generic]
192format = %(asctime)s.%(msecs)03d %(levelname)-7.7s [%(name)s:%(lineno)s] %(message)s
193datefmt = %Y-%m-%d %H:%M:%S
194
195# Skip date / time for this output as system logs picks up stderr and timestamps
196# it anyway
197[formatter_console]
198format = %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s
Note: See TracBrowser for help on using the repository browser.