source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini @ 7077

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini@7077
Revision 7077, 4.5 KB checked in by pjkersha, 9 years ago (diff)
  • Property svn:keywords set to Id
Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21testConfigDir = %(here)s/../../config
22beakerSessionKeyName = beaker.session.ndg.security
23
24[server:main]
25use = egg:Paste#http
26host = 0.0.0.0
27port = 7080
28
29[pipeline:main]
30pipeline = BeakerSessionFilter
31                   AuthenticationFilter
32                   AuthorizationFilter
33                   AuthZTestApp
34
35[app:AuthZTestApp]
36paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory
37
38
39[filter:BeakerSessionFilter]
40paste.filter_app_factory = beaker.middleware:SessionMiddleware
41
42# Cookie name
43beaker.session.key = ndg.security.session
44
45# WSGI environ key name
46environ_key = %(beakerSessionKeyName)s
47beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
48beaker.cache.data_dir = %(here)s/authn/beaker/cache
49beaker.session.data_dir = %(here)s/authn/beaker/sessions
50
51#beaker.session.cookie_domain = .localhost
52
53[filter:AuthenticationFilter]
54paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
55prefix = authN.
56
57# Set redirect for OpenID Relying Party in the Security Services app instance
58authN.redirectURI = https://localhost:7443/verify
59
60# Default URI to return to if middleware wasn't able to set via HTTP_REFERER or
61# passed return to query argument
62authN.sessionHandler.defaultLogoutReturnToURI = https://localhost:7443/
63
64# AuthKit Set-up
65authkit.setup.method=cookie
66
67# This cookie name and secret MUST agree with the name used by the security web
68# services app
69authkit.cookie.name=ndg.security.auth
70authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
71authkit.cookie.signoutpath = /logout
72
73# Disable inclusion of client IP address from cookie signature due to
74# suspected problem with AuthKit setting it when a HTTP Proxy is in place
75authkit.cookie.includeip = False
76
77#authkit.cookie.params.expires = 2
78#authkit.cookie.params.domain = .localhost
79
80# environ key name for beaker session
81authkit.session.middleware = %(beakerSessionKeyName)s
82
83[filter:AuthorizationFilter]
84paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory
85prefix = authz.
86authz.pepResultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware
87authz.pepResultHandler.staticContentDir = %(here)s/pep_result_handler
88authz.pepResultHandler.baseURL = http://localhost:7080
89authz.pepResultHandler.heading = Access Denied
90authz.pepResultHandler.messageTemplate = Access is forbidden for this resource:<div id="accessDeniedMessage">$pdpResponseMsg</div>Please check with your site administrator that you have the required access privileges.
91authz.pepResultHandler.footerText = This site is for test purposes only.
92authz.pepResultHandler.rightLink = http://ceda.ac.uk/
93authz.pepResultHandler.rightImage = %(authz.pepResultHandler.baseURL)s/layout/CEDA_RightButton60.png
94authz.pepResultHandler.rightAlt = Centre for Environmental Data Archival
95authz.pepResultHandler.helpIcon = %(authz.pepResultHandler.baseURL)s/layout/icons/help.png
96
97policy.filePath = %(here)s/policy.xml
98
99# Settings for Policy Information Point used by the Policy Decision Point to
100# retrieve subject attributes from the Attribute Authority associated with the
101# resource to be accessed
102
103# If omitted, DN of SSL Cert is used
104pip.attributeQuery.issuerName = 
105pip.attributeQuery.subjectIdFormat = urn:esg:openid
106pip.attributeQuery.clockSkewTolerance = 0.
107pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string
108pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca
109pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt
110pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key
111
112# Logging configuration
113[loggers]
114keys = root, ndg
115
116[handlers]
117keys = console
118
119[formatters]
120keys = generic
121
122[logger_root]
123level = INFO
124handlers = console
125
126[logger_ndg]
127level = DEBUG
128handlers =
129qualname = ndg
130
131[handler_console]
132class = StreamHandler
133args = (sys.stderr,)
134level = NOTSET
135formatter = generic
136
137[formatter_generic]
138format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s
139datefmt = %Y-%m-%d-%H:%M:%S
140
Note: See TracBrowser for help on using the repository browser.