source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/xacml/saml_pip.cfg @ 7358

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/authz/xacml/saml_pip.cfg@7358
Revision 7358, 1.4 KB checked in by pjkersha, 9 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • added caching capability to Policy Information Point. This enables the PIP to retrieve previously cached assertions from an Attribute Authority optimising performance. Caching is done with beaker.session but instead of indexing based on a cookie, it's based on the subject Id i.e. for ESG, a user's OpenID.
Line 
1#
2# NDG Security XACML Policy Information Point configuration file
3#
4# NERC DataGrid
5#
6# Author: P J Kershaw
7#
8# Date: 11/08/10
9#
10# Copyright: STFC 2010
11#
12# Licence: BSD - See top-level LICENCE file for licence details
13#
14# $Id$
15[DEFAULT]
16# Attribute ID -> Attribute Authority mapping file.  The PIP, on receipt of a
17# query from the XACML context handler, checks the attribute(s) being queried
18# for and looks up this mapping to determine which attribute authority to query
19# to find out if the subject has the attribute in their entitlement
20saml_pip.mappingFilePath = %(here)s/pip-mapping.txt
21
22# Cache assertions retrieved from the Attribute Authority to optimise performance
23saml_pip.sessionCacheDataDir = %(here)s/query-results-cache
24
25# The attribute ID of the subject value to extract from the XACML request
26# context and pass in the SAML attribute query
27saml_pip.subjectAttributeId = urn:esg:openid
28
29saml_pip.attributeQuery.issuerName = O=NDG, OU=Security, CN=localhost
30saml_pip.attributeQuery.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName
31
32# These settings configure SSL mutual authentication for the query to the SAML
33# Attribute Authority
34saml_pip.attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.crt
35saml_pip.attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.key
36saml_pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca
Note: See TracBrowser for help on using the repository browser.