source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/pep-result-handler-test.ini @ 7287

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/pep-result-handler-test.ini@7287
Revision 7287, 1.5 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • Working WSGI Authorisation filter with connection to SAML/XACML based Authorisation Service - unit tests: ndg.security.test.unit.wsgi.authz.test_authz
  • It may need some optimisation to avoid too many WS callouts to the Authorisation Service - perhaps add a local PDP to the authorisation filter to filter out some requests going over the wire e.g. requests for web page CSS or graphics content.
  • The XACML policy file has some big additions to it to support the various test conditions in ndg.security.test.unit.wsgi.authz.test_authz. These should be ported back to the ndg_xacml package unit tests.
  • Next major task: remove temp fix in XACML Context handler - instead of using hardwired roles for the user alter it so that the PDP makes a request back to the PIP (Policy Enforcement Point) to grab additional attributes. The PIP will call to Attibute Service(s) to pull any additional attributes needed/
  • Property svn:keywords set to Id
RevLine 
[6284]1#
2# AuthZ WSGI Testing environment configuration
3#
4# The %(here)s variable will be replaced with the parent directory of this file
5#
6[DEFAULT]
7testConfigDir = %(here)s/../../../config
8
9[server:main]
10use = egg:Paste#http
11host = 0.0.0.0
12port = 5000
13
14[pipeline:main]
15pipeline = AuthZFilter TestApp
16
17[app:TestApp]
18paste.app_factory = ndg.security.test.unit.wsgi.authz.test_authz:TestAuthZMiddleware
19
20[filter:AuthZFilter]
[7287]21paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorisationFilter.filter_app_factory
[6284]22prefix = authz.
23
[7287]24# This result handler responds with a redirect request to the client if access
25# denied to the original requested URI
26authz.resultHandler = ndg.security.server.wsgi.authz.result_handler.redirect.HTTPRedirectPEPResultHandlerMiddleware
27authz.resultHandler.redirectURI = /test_accessGrantedToSecuredURI
[6284]28
[7287]29# Settings for the Policy Enforcement Point
30authz.pep.sessionKey = beaker.session.ndg.security
31authz.pep.authzServiceURI = https://localhost:9443/authorisation-service
[6284]32
33# If omitted, DN of SSL Cert is used
[7287]34authz.pep.authzDecisionQuery.issuerName = /O=NDG/OU=BADC/CN=test
35authz.pep.authzDecisionQuery.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName
36authz.pep.authzDecisionQuery.subjectIdFormat = urn:esg:openid
37authz.pep.authzDecisionQuery.clockSkewTolerance = 0.
38authz.pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/ca
39authz.pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt
40authz.pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key
Note: See TracBrowser for help on using the repository browser.