source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini @ 6788

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini@6788
Revision 6788, 4.5 KB checked in by pjkersha, 10 years ago (diff)

Contains important fix for OpenIDProviderMiddleware - moved OpenIDResponse object from class member to session key to preserve separation between user sessions in sign in process. This bug was manifest in users being incorrectly redirected following login.

Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21testConfigDir = %(here)s/../../config
22beakerSessionKeyName = beaker.session.ndg.security
23
24[server:main]
25use = egg:Paste#http
26host = 0.0.0.0
27port = 7080
28
29[pipeline:main]
30pipeline = BeakerSessionFilter
31                   AuthenticationFilter
32                   AuthorizationFilter
33                   AuthZTestApp
34
35[app:AuthZTestApp]
36paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory
37
38
39[filter:BeakerSessionFilter]
40paste.filter_app_factory = beaker.middleware:SessionMiddleware
41
42# Cookie name
43beaker.session.key = ndg.security.session
44
45# WSGI environ key name
46environ_key = %(beakerSessionKeyName)s
47beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
48beaker.cache.data_dir = %(here)s/authn/beaker/cache
49beaker.session.data_dir = %(here)s/authn/beaker/sessions
50
51#beaker.session.cookie_domain = .localhost
52
53[filter:AuthenticationFilter]
54paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
55prefix = authN.
56
57# Set redirect for OpenID Relying Party in the Security Services app instance
58authN.redirectURI = https://localhost:7443/verify
59
60# Default URI to return to if middleware wasn't able to set via HTTP_REFERER or
61# passed return to query argument
62authN.sessionHandler.defaultLogoutReturnToURI = https://localhost:7443/
63
64# AuthKit Set-up
65authkit.setup.method=cookie
66
67# This cookie name and secret MUST agree with the name used by the security web
68# services app
69authkit.cookie.name=ndg.security.auth
70authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
71authkit.cookie.signoutpath = /logout
72
73# Disable inclusion of client IP address from cookie signature due to
74# suspected problem with AuthKit setting it when a HTTP Proxy is in place
75authkit.cookie.includeip = False
76
77#authkit.cookie.params.expires = 2
78#authkit.cookie.params.domain = .localhost
79
80# environ key name for beaker session
81authkit.session.middleware = %(beakerSessionKeyName)s
82
83[filter:AuthorizationFilter]
84paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory
85prefix = authz.
86authz.pepResultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware
87authz.pepResultHandler.staticContentDir = %(here)s/pep_result_handler
88authz.pepResultHandler.baseURL = http://localhost:7080
89authz.pepResultHandler.heading = Access Denied
90authz.pepResultHandler.messageTemplate = Access is forbidden for this resource:<div id="accessDeniedMessage">$pdpResponseMsg</div>Please check with your site administrator that you have the required access privileges.
91authz.pepResultHandler.footerText = This site is for test purposes only.
92authz.pepResultHandler.rightLink = http://ceda.ac.uk/
93authz.pepResultHandler.rightImage = %(authz.pepResultHandler.baseURL)s/layout/CEDA_RightButton60.png
94authz.pepResultHandler.rightAlt = Centre for Environmental Data Archival
95authz.pepResultHandler.helpIcon = %(authz.pepResultHandler.baseURL)s/layout/icons/help.png
96
97policy.filePath = %(here)s/policy.xml
98
99# Settings for Policy Information Point used by the Policy Decision Point to
100# retrieve subject attributes from the Attribute Authority associated with the
101# resource to be accessed
102
103# If omitted, DN of SSL Cert is used
104pip.attributeQuery.issuerName = 
105pip.attributeQuery.subjectIdFormat = urn:esg:openid
106pip.attributeQuery.clockSkewTolerance = 0.
107pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string
108pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca
109pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt
110pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key
111
112# Logging configuration
113[loggers]
114keys = root, ndg
115
116[handlers]
117keys = console
118
119[formatters]
120keys = generic
121
122[logger_root]
123level = INFO
124handlers = console
125
126[logger_ndg]
127level = DEBUG
128handlers =
129qualname = ndg
130
131[handler_console]
132class = StreamHandler
133args = (sys.stderr,)
134level = NOTSET
135formatter = generic
136
137[formatter_generic]
138format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s
139datefmt = %Y-%m-%d-%H:%M:%S
140
Note: See TracBrowser for help on using the repository browser.