source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/saml-test.ini @ 7287

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/saml-test.ini@7287
Revision 7287, 1.3 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 2: XACML-Security Integration

  • Working WSGI Authorisation filter with connection to SAML/XACML based Authorisation Service - unit tests: ndg.security.test.unit.wsgi.authz.test_authz
  • It may need some optimisation to avoid too many WS callouts to the Authorisation Service - perhaps add a local PDP to the authorisation filter to filter out some requests going over the wire e.g. requests for web page CSS or graphics content.
  • The XACML policy file has some big additions to it to support the various test conditions in ndg.security.test.unit.wsgi.authz.test_authz. These should be ported back to the ndg_xacml package unit tests.
  • Next major task: remove temp fix in XACML Context handler - instead of using hardwired roles for the user alter it so that the PDP makes a request back to the PIP (Policy Enforcement Point) to grab additional attributes. The PIP will call to Attibute Service(s) to pull any additional attributes needed/
  • Property svn:keywords set to Id
Line 
1#
2# AuthZ WSGI Testing environment configuration
3#
4# The %(here)s variable will be replaced with the parent directory of this file
5#
6[DEFAULT]
7testConfigDir = %(here)s/../../../config
8
9[server:main]
10use = egg:Paste#http
11host = 0.0.0.0
12port = 5000
13
14[pipeline:main]
15pipeline = PolicyEnforcementPointFilter TestApp
16
17[app:TestApp]
18paste.app_factory = ndg.security.test.unit.wsgi.authz.test_authz:TestAuthZMiddleware
19
20[filter:PolicyEnforcementPointFilter]
21paste.filter_app_factory=ndg.security.server.wsgi.authz.pep:SamlPepFilter.filter_app_factory
22prefix = pep.
23pep.sessionKey = beaker.session.ndg.security
24pep.authzServiceURI = https://localhost:9443/authorisation-service
25
26# Settings for Policy Information Point used by the Policy Decision Point to
27# retrieve subject attributes from the Attribute Authority associated with the
28# resource to be accessed
29
30# If omitted, DN of SSL Cert is used
31pep.authzDecisionQuery.issuerName = /O=NDG/OU=BADC/CN=test
32pep.authzDecisionQuery.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName
33pep.authzDecisionQuery.subjectIdFormat = urn:esg:openid
34pep.authzDecisionQuery.clockSkewTolerance = 0.
35pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/ca
36pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt
37pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key
Note: See TracBrowser for help on using the repository browser.