source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singlesignonservice/sso.cfg @ 4909

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singlesignonservice/sso.cfg@4909
Revision 4909, 4.7 KB checked in by pjkersha, 11 years ago (diff)

Major progress on authentication and authorisation WSGI chain:

  • integration test harness in ndg.security.test.integration.authz
    • chain PEP middleware catches secured URIs. If URI is a secured one, it sets the status to 403.
    • The 403 status is caught by the PDP. The PDP checks for a login cookie, if not set it sets 401 Unauthorized
    • 401 is caught by OpenID handler and sets OpenID signin form response so that the user can login
    • If the user is logged in, the PDP checks authZ credentials (TODO) if not set it sets a 403 status and responds with an access denied message
  • The PDP uses authkit.authenticate.multi.MultiHandler? to trap 403 responses from the PEP and display an access denied message.
  • ndg.security.server.wsgi.pdp needs cleaning up in line with change to use authkit MultiHandler?
Line 
1# Single Sign On Service Configuration
2
3[DEFAULT]
4# Server address for secure connections
5#sslServer: https://localhost
6#server:    http://localhost:4000
7sslServer: https://localhost/sso
8server:    http://localhost/sso
9layout:         %(server)s/layout/
10icondir:        %(server)s/layout/icons/
11disclaimer:
12
13# Example of set-up for alternative site graphics...
14
15# Switch to alternative location to pick up public/ dir containing static
16# content such as graphics and stylesheets
17#configDir=%(here)s
18configDir=/home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/sso/sso/badc_site
19
20# Switch from default templates package to templates/ in alternative directory
21templatesPackage: ndg.security.server.sso.sso.badc_site.templates
22
23# Redirect SOAP output to a file e.g. open(<somefile>, 'w')
24tracefile: None
25#tracefile: sys.stderr
26
27# WS-Security signature handler - set a config file with 'wssCfgFilePath'
28# or omit and put the relevant content directly in here under
29# 'NDG_SECURITY.wssecurity' section
30#wssCfgFilePath: wssecurity.cfg
31
32# SSL Connections
33#
34# Space separated list of CA cert. files.  The peer cert.
35# must verify against at least one of these otherwise the connection is
36# dropped.
37sslCACertFilePathList: $NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt
38
39# Web Services HTTP Proxy fine tuning
40#
41# For most situations, these settings can be ignored and instead make use of
42# the http_proxy environment variable.  They allow for the case where specific
43# settings are needed just for the security web services calls
44
45# Overrides the http_proxy environment variable setting - may be omitted
46#httpProxyHost: wwwcache.rl.ac.uk:8080
47
48# Web service clients pick up the http_proxy environment variable setting by
49# default.  Set this flag to True to ignore http_proxy for web service
50# connections.  To use the http_proxy setting, set this parameter to False or
51# remove it completely from this file.
52ignoreHttpProxyEnv: True
53
54# Flag to enable OpenID login
55enableOpenID: True
56
57# Service addresses - connect to a remote service or provide a key to WSGI
58# environ for a service running locally.  See services.ini to get the key
59# names from the filterID options set
60#sessionMgrURI: http://localhost:8000/SessionManager
61sessionManagerEnvironKey = filter:SessionManagerFilter
62
63# If the Attribute Authority URI is commented out the service will try to
64# connect to an Attribute Authority instance in the local WSG stack
65#attributeAuthorityURI: http://localhost:8000/AttributeAuthority
66attributeAuthorityEnvironKey = filter:AttributeAuthorityFilter
67
68
69[WS-Security]
70
71# Settings for signature of an outbound message ...
72
73# Certificate associated with private key used to sign a message.  The sign
74# method will add this to the BinarySecurityToken element of the WSSE header. 
75# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
76# As an alternative, use 'signingCertChain' parameter
77
78# file path PEM encoded cert
79signingCertFilePath=$NDGSEC_UNITTEST_CONFIG_DIR/pki/wsse-clnt.crt
80
81# file path to PEM encoded private key file
82signingPriKeyFilePath=$NDGSEC_UNITTEST_CONFIG_DIR/pki/wsse-clnt.key
83
84# Password protecting private key.  Leave blank if there is no password.
85signingPriKeyPwd=
86
87# Pass a list of certificates ',' separated PEM encoded certs constituting a
88# chain of trust from the certificate used to verifying the signature backward
89# to the CA cert.  The CA cert need not be included.  To use this option,
90# reqBinSecTokValType must be set to the X509PKIPathv1
91signingCertChain=
92
93# Provide a space separated list of file paths.  CA Certs should be included
94# for all the sites this installation trusts
95caCertFilePathList=$NDGSEC_UNITTEST_CONFIG_DIR/ca/ndg-test-ca.crt
96
97# Set the ValueType for the BinarySecurityToken added to the WSSE header for a
98# signed message. 
99reqBinSecTokValType=X509v3
100
101# Add a timestamp element to an outbound message
102addTimestamp=True
103
104# For WSSE 1.1 - service returns signature confirmation containing signature
105# value sent by client
106applySignatureConfirmation=False
107
108tracefile=sys.stderr
109
110[layout]
111###### user customisable:
112localLink:      http://ndg.nerc.ac.uk/
113localImage:     %(layout)sndg_logo_circle.gif
114localAlt:       visit badc
115###### ought to be the end of the customisations
116ndgLink:        http://ndg.nerc.ac.uk/
117ndgImage:       %(layout)sndg_logo_circle.gif
118ndgAlt:         visit ndg
119stfcLink:       http://ceda.stfc.ac.uk/
120stfcImage:      %(layout)sstfc-circle-sm.gif
121key:            %(icondir)spadlock.png
122keyGrey:        %(layout)skeyG.gif
123selectI:        %(layout)stick.png
124Xicon:          %(icondir)sxml.png
125plot:           %(icondir)splot.png
126printer:        %(icondir)sprinter.png
127helpIcon:       %(icondir)shelp.png
128HdrLeftAlt:     %(layout)sNatural Environment Research Council
129HdrLeftLogo:    %(layout)sNERC_Logo.gif
Note: See TracBrowser for help on using the repository browser.