source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securedapp.ini @ 7824

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securedapp.ini@7824
Revision 7824, 4.8 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • Completed all templates
  • Tested OpenID Provider setup from template. TODO: test remaining configurations as created by respective templates
  • ALL UNIT TESTS pass for ndg.security.*
  • fix from rel to abs file path for authorisation-service.ini, tidied unit test directory.
  • Property svn:keywords set to Id
Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21testConfigDir = %(here)s/../../config
22beakerSessionKeyName = beaker.session.ndg.security
23
24[server:main]
25use = egg:Paste#http
26host = 0.0.0.0
27port = 7080
28
29[pipeline:main]
30pipeline = BeakerSessionFilter
31                   AuthenticationFilter
32                   AuthorisationFilter
33                   AuthZTestApp
34
35[app:AuthZTestApp]
36paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory
37
38
39[filter:BeakerSessionFilter]
40paste.filter_app_factory = beaker.middleware:SessionMiddleware
41
42# Cookie name
43beaker.session.key = ndg.security.session
44
45# WSGI environ key name
46environ_key = %(beakerSessionKeyName)s
47beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
48beaker.cache.data_dir = %(here)s/authn/beaker/cache
49beaker.session.data_dir = %(here)s/authn/beaker/sessions
50
51#beaker.session.cookie_domain = .localhost
52
53[filter:AuthenticationFilter]
54paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
55prefix = authN.
56
57# Set redirect for OpenID Relying Party in the Security Services app instance
58authN.redirectURI = https://localhost:7443/verify
59
60# Default URI to return to if middleware wasn't able to set via HTTP_REFERER or
61# passed return to query argument
62authN.sessionHandler.defaultLogoutReturnToURI = https://localhost:7443/
63
64# AuthKit Set-up
65authkit.setup.method=cookie
66
67# This cookie name and secret MUST agree with the name used by the security web
68# services app
69authkit.cookie.name=ndg.security.auth
70authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
71authkit.cookie.signoutpath = /logout
72
73# Disable inclusion of client IP address from cookie signature due to
74# suspected problem with AuthKit setting it when a HTTP Proxy is in place
75authkit.cookie.includeip = False
76
77#authkit.cookie.params.expires = 2
78#authkit.cookie.params.domain = .localhost
79
80# environ key name for beaker session
81authkit.session.middleware = %(beakerSessionKeyName)s
82
83#
84# Authorisation filter contains a Policy Enforcement Point which enforces access
85# control decisions made by the Authorisation Service
86[filter:AuthorisationFilter]
87paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorisationFilter.filter_app_factory
88
89# Result handler handles the response for HTTP 403 responses set by the
90# application or the PEP.
91resultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware
92resultHandler.staticContentDir = %(here)s/pep_result_handler
93resultHandler.heading = NDG Security Integration Tests
94
95# Settings for the PEP (Policy Enforcement Point)
96pep.sessionKey = beaker.session.ndg.security
97pep.authzServiceURI = https://localhost:7443/AuthorisationService
98pep.cacheDecisions = True
99
100# Including this setting activates a simple PDP local to this PEP which filters
101# requests to cut down on calls to the authorisation service.  This is useful
102# for example to avoid calling the authorisation service for non-secure content
103# such as HTML CSS or graphics.  Note that filters based on resource URI
104# requested alone.  Subject, action and environment settings are not passed in
105# the request context to the local PDP.
106#
107# The policy content should be set carefully to avoid unintended override of the
108# authorisation service's policy
109pep.localPolicyFilePath = %(here)s/request-filter.xml
110
111# Settings for Policy Information Point used by the Policy Decision Point to
112# retrieve subject attributes from the Attribute Authority associated with the
113# resource to be accessed
114
115# If omitted, DN of SSL Cert is used
116pep.authzDecisionQuery.issuerName = /O=NDG/OU=BADC/CN=test
117pep.authzDecisionQuery.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
118pep.authzDecisionQuery.subjectIdFormat = urn:esg:openid
119pep.authzDecisionQuery.clockSkewTolerance = 0.
120pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/pki/ca
121pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt
122pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key
123
124# Logging configuration
125[loggers]
126keys = root, ndg
127
128[handlers]
129keys = console
130
131[formatters]
132keys = generic
133
134[logger_root]
135level = INFO
136handlers = console
137
138[logger_ndg]
139level = DEBUG
140handlers =
141qualname = ndg
142
143[handler_console]
144class = StreamHandler
145args = (sys.stderr,)
146level = NOTSET
147formatter = generic
148
149[formatter_generic]
150format = %(asctime)s.%(msecs)03d %(levelname)-7.7s [%(name)s:%(lineno)s] %(message)s
151datefmt = %Y-%m-%d-%H:%M:%S
152
Note: See TracBrowser for help on using the repository browser.