source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securedapp.ini @ 5181

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securedapp.ini@5181
Revision 5181, 2.6 KB checked in by pjkersha, 11 years ago (diff)

Added a Policy Information Point to encapsulate subject attribute retrieval.

Line 
1#
2# AuthN WSGI Testing environment configuration
3#
4# The %(here)s variable will be replaced with the parent directory of this file
5#
6[DEFAULT]
7testConfigDir = %(here)s/../../config
8
9[server:main]
10use = egg:Paste#http
11host = 0.0.0.0
12port = 7080
13
14[pipeline:main]
15pipeline = AuthenticationFilter AuthorizationFilter AuthZTestApp
16
17[app:AuthZTestApp]
18paste.app_factory = ndg.security.test.integration.authz.securedapp:AuthZTestMiddleware.app_factory
19
20[filter:AuthenticationFilter]
21paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
22prefix = authN.
23
24# Set redirect for OpenID Relying Party in the Security Services app instance
25authN.redirectURI = http://localhost:7443/verify
26
27# Beaker Session set-up
28beaker.session.key = ndg.security.session
29beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
30beaker.cache.data_dir = %(here)s/authn/beaker/cache
31beaker.session.data_dir = %(here)s/authn/beaker/sessions
32
33# AuthKit Set-up
34authkit.setup.method=cookie
35
36# This cookie name and secret MUST agree with the name used by the security web
37# services app
38authkit.cookie.name=ndg.security.auth
39authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
40authkit.cookie.signoutpath = /logout
41
42[filter:AuthorizationFilter]
43paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
44prefix = authz.
45pdp.policyFilePath = %(here)s/policy.xml
46
47# Settings for Policy Information Point used by the Policy Decision Point to
48# retrieve subject attributes from the Attribute Authority associated with the
49# resource to be accessed
50pip.sslCACertFilePathList=
51
52#
53# WS-Security Settings for call to Session Manager
54
55# Signature of an outbound message
56
57# Certificate associated with private key used to sign a message.  The sign
58# method will add this to the BinarySecurityToken element of the WSSE header. 
59# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
60# As an alternative, use signingCertChain - see below...
61
62# PEM encode cert
63pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
64
65# PEM encoded private key file
66pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
67
68# Password protecting private key.  Leave blank if there is no password.
69pip.wssecurity.signingPriKeyPwd=
70
71# For signature verification.  Provide a space separated list of file paths
72pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
73
74# ValueType for the BinarySecurityToken added to the WSSE header
75pip.wssecurity.reqBinSecTokValType=X509v3
76
77# Add a timestamp element to an outbound message
78pip.wssecurity.addTimestamp=True
Note: See TracBrowser for help on using the repository browser.