source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini @ 6271

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini@6271
Revision 6271, 4.2 KB checked in by pjkersha, 11 years ago (diff)

Working Genshi PEP result handler plugin

Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21testConfigDir = %(here)s/../../config
22beakerSessionKeyName = beaker.session.ndg.security
23
24[server:main]
25use = egg:Paste#http
26host = 0.0.0.0
27port = 7080
28
29[pipeline:main]
30pipeline = BeakerSessionFilter
31                   AuthenticationFilter
32                   AuthorizationFilter
33                   AuthZTestApp
34
35[app:AuthZTestApp]
36paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory
37
38
39[filter:BeakerSessionFilter]
40paste.filter_app_factory = beaker.middleware:SessionMiddleware
41
42# Cookie name
43beaker.session.key = ndg.security.session
44
45# WSGI environ key name
46environ_key = %(beakerSessionKeyName)s
47beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
48beaker.cache.data_dir = %(here)s/authn/beaker/cache
49beaker.session.data_dir = %(here)s/authn/beaker/sessions
50
51
52[filter:AuthenticationFilter]
53paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
54prefix = authN.
55
56# Set redirect for OpenID Relying Party in the Security Services app instance
57authN.redirectURI = https://localhost:7443/verify
58# Test with an SSL endpoint
59#authN.redirectURI = https://localhost/verify
60
61# AuthKit Set-up
62authkit.setup.method=cookie
63
64# This cookie name and secret MUST agree with the name used by the security web
65# services app
66authkit.cookie.name=ndg.security.auth
67authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
68authkit.cookie.signoutpath = /logout
69
70# Disable inclusion of client IP address from cookie signature due to
71# suspected problem with AuthKit setting it when a HTTP Proxy is in place
72authkit.cookie.includeip = False
73
74# environ key name for beaker session
75authkit.session.middleware = %(beakerSessionKeyName)s
76
77[filter:AuthorizationFilter]
78paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory
79prefix = authz.
80authz.pepResultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware
81authz.pepResultHandler.staticContentDir = %(here)s/pep_result_handler
82authz.pepResultHandler.baseURL = http://localhost:7080
83authz.pepResultHandler.heading = Access Denied
84authz.pepResultHandler.messageTemplate = Access is forbidden for this resource:<div id="accessDeniedMessage">$pdpResponseMsg</div>Please check with your site administrator that you have the required access privileges.
85authz.pepResultHandler.footerText = This site is for test purposes only.
86authz.pepResultHandler.rightLink = http://ceda.ac.uk/
87authz.pepResultHandler.rightImage = %(authz.pepResultHandler.baseURL)s/layout/CEDA_RightButton60.png
88authz.pepResultHandler.rightAlt = Centre for Environmental Data Archival
89authz.pepResultHandler.helpIcon = %(authz.pepResultHandler.baseURL)s/layout/icons/help.png
90
91policy.filePath = %(here)s/policy.xml
92
93# Settings for Policy Information Point used by the Policy Decision Point to
94# retrieve subject attributes from the Attribute Authority associated with the
95# resource to be accessed
96
97# If omitted, DN of SSL Cert is used
98pip.attributeQuery.issuerName = 
99pip.attributeQuery.clockSkew = 0.
100pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string
101pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca
102pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt
103pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key
104
105# Logging configuration
106[loggers]
107keys = root, ndg
108
109[handlers]
110keys = console
111
112[formatters]
113keys = generic
114
115[logger_root]
116level = INFO
117handlers = console
118
119[logger_ndg]
120level = DEBUG
121handlers =
122qualname = ndg
123
124[handler_console]
125class = StreamHandler
126args = (sys.stderr,)
127level = NOTSET
128formatter = generic
129
130[formatter_generic]
131format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s
132datefmt = %Y-%m-%d-%H:%M:%S
133
Note: See TracBrowser for help on using the repository browser.