source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/pep-result-handler-test.ini @ 7824

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/pep-result-handler-test.ini
Revision 7824, 2.1 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • Completed all templates
  • Tested OpenID Provider setup from template. TODO: test remaining configurations as created by respective templates
  • ALL UNIT TESTS pass for ndg.security.*
  • fix from rel to abs file path for authorisation-service.ini, tidied unit test directory.
  • Property svn:keywords set to Id
Line 
1#
2# AuthZ WSGI Testing environment configuration
3#
4# The %(here)s variable will be replaced with the parent directory of this file
5#
6[DEFAULT]
7testConfigDir = %(here)s/../../../config
8
9[server:main]
10use = egg:Paste#http
11host = 0.0.0.0
12port = 5000
13
14[pipeline:main]
15pipeline = AuthZFilter TestApp
16
17[app:TestApp]
18paste.app_factory = ndg.security.test.unit.wsgi.authz.test_authz:TestAuthZMiddleware
19
20[filter:AuthZFilter]
21paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorisationFilter.filter_app_factory
22prefix = authz.
23
24# This result handler responds with a redirect request to the client if access
25# denied to the original requested URI
26authz.resultHandler = ndg.security.server.wsgi.authz.result_handler.redirect.HTTPRedirectPEPResultHandlerMiddleware
27authz.resultHandler.redirectURI = /test_accessGrantedToSecuredURI
28
29# Settings for the Policy Enforcement Point
30authz.pep.sessionKey = beaker.session.ndg.security
31authz.pep.authzServiceURI = https://localhost:9443/authorisation-service
32authz.pep.cacheDecisions = True
33
34# Including this setting activates a simple PDP local to this PEP which filters
35# requests to cut down on calls to the authorisation service.  This is useful
36# for example to avoid calling the authorisation service for non-secure content
37# such as HTML CSS or graphics.  Note that filters based on resource URI
38# requested alone.  Subject, action and environment settings are not passed in
39# the request context to the local PDP.
40#
41# The policy content should be set carefully to avoid unintended override of the
42# authorisation service's policy
43authz.pep.localPolicyFilePath = %(here)s/request-filter.xml
44
45# If omitted, DN of SSL Cert is used
46authz.pep.authzDecisionQuery.issuerName = /O=NDG/OU=BADC/CN=test
47authz.pep.authzDecisionQuery.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName
48authz.pep.authzDecisionQuery.subjectIdFormat = urn:esg:openid
49authz.pep.authzDecisionQuery.clockSkewTolerance = 0.
50authz.pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/pki/ca
51authz.pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt
52authz.pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key
Note: See TracBrowser for help on using the repository browser.