source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/authorisation-service.ini @ 7330

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/authorisation-service.ini@7335
Revision 7330, 3.8 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • integrating XACML context handler with authorisation service.
Line 
1#
2# INI file for testing the SAML Authorisation Query interface.  It uses a
3# test stub for the Authorisation Service
4#
5# The %(here)s variable will be replaced with the parent directory of this file
6#
7[DEFAULT]
8testConfigDir = ../../../config
9port = 5000
10baseURI = localhost:%(port)s
11
12[server:main]
13use = egg:Paste#http
14host = 0.0.0.0
15port = %(port)s
16
17[pipeline:main]
18pipeline = TestAuthorisationServiceFilter SAMLSoapAuthzDecisionInterfaceFilter TestApp
19
20[app:TestApp]
21paste.app_factory = ndg.saml.test.binding.soap:TestApp
22
23[filter:SAMLSoapAuthzDecisionInterfaceFilter]
24paste.filter_app_factory = ndg.saml.saml2.binding.soap.server.wsgi.queryinterface:SOAPQueryInterfaceMiddleware.filter_app_factory
25prefix = saml.
26saml.mountPath = /authorisation-service
27saml.queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC
28saml.deserialise = ndg.saml.xml.etree:AuthzDecisionQueryElementTree.fromXML
29saml.serialise = ndg.saml.xml.etree:ResponseElementTree.toXML
30saml.issuerName = /O=Test/OU=Authorisation Service
31saml.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName
32
33#______________________________________________________________________________
34# Authorisation Service WSGI settings
35#
36[filter:TestAuthorisationServiceFilter]
37# This filter is a container for a binding to a SOAP based interface to the
38# Attribute Authority
39paste.filter_app_factory = ndg.security.server.wsgi.authz.service:AuthorisationServiceMiddleware.filter_app_factory
40prefix = authz.
41authz.queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC
42
43authz.xacmlContext.assertionLifetime = 86400
44
45#
46# XACML Context handler manages PEP (Policy Information Point) requests and the
47# PDP's (Policy Decison Point's) interface to the PIP (Policy Information Point)
48#
49
50# XACML Policy file
51authz.ctx_handler.policyFilePath = %(here)s/policy.xml
52
53# Settings for SAML authorisation decision response to a Policy Enforcement Point
54# making a decision query
55authz.ctx_handler.issuerName = O=NDG, OU=Security, CN=localhost
56authz.ctx_handler.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName
57authz.ctx_handler.assertionLifetime = 86400
58
59#
60# Policy Information Point interface settings
61#
62# The Context handler is a client to the PIP, passing on attribute queries
63# on behalf of the PDP onwards to the PIP
64
65#
66# Attribute ID -> Attribute Authority mapping file.  The PIP, on receipt of a
67# query from the XACML context handler, checks the attribute(s) being queried
68# for and looks up this mapping to determine which attribute authority to query
69# to find out if the subject has the attribute in their entitlement
70authz.ctx_handler.pip.mappingFilePath = %(here)s/pip-mapping.txt
71
72# The attribute ID of the subject value to extract from the XACML request
73# context and pass in the SAML attribute query
74authz.ctx_handler.pip.subjectAttributeId = urn:esg:openid
75
76# The context handler
77authz.ctx_handler.pip.attributeQuery.issuerName = %(authz.ctx_handler.issuerName)s
78authz.ctx_handler.pip.attributeQuery.issuerFormat = %(authz.ctx_handler.issuerFormat)s
79
80# These settings configure SSL mutual authentication for the query to the SAML Attribute Authority
81authz.ctx_handler.pip.attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.crt
82authz.ctx_handler.pip.attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.key
83authz.ctx_handler.pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca
84
85
86# Logging configuration
87[loggers]
88keys = root, ndg
89
90[handlers]
91keys = console
92
93[formatters]
94keys = generic
95
96[logger_root]
97level = INFO
98handlers = console
99
100[logger_ndg]
101level = DEBUG
102handlers = 
103qualname = ndg
104
105[handler_console]
106class = StreamHandler
107args = (sys.stderr,)
108level = NOTSET
109formatter = generic
110
111[formatter_generic]
112format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
113datefmt = %Y/%m/%d %H:%M:%S
Note: See TracBrowser for help on using the repository browser.