source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/services.ini @ 5016

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/services.ini@5016
Revision 5016, 4.8 KB checked in by pjkersha, 11 years ago (diff)

Rearranged authz integration tests to run two application servers: one simulating an application stack to be secured, the other a stack of security services to perform authentication / authorization.

Line 
1#
2# NERC DataGrid Security
3#
4# Paste configuration for authorization integration tests
5#
6# The %(here)s variable will be replaced with the parent directory of this file
7#
8# Author: P J Kershaw
9# date: 05/02/09
10# Copyright: (C) 2009 Science and Technology Facilities Council
11# license: BSD - see LICENSE file in top-level directory
12# Contact: Philip.Kershaw@stfc.ac.uk
13# Revision: $Id$
14
15[DEFAULT]
16
17[server:main]
18use = egg:Paste#http
19host = 0.0.0.0
20port = 5800
21
22# Play with this pipeline at your peril! ...
23#
24# The order is counter-intuitive here because of the way intercepts are made
25# by wrapping start_response calls.
26# 1) PEP checks for a secured URI: if secured raise a 403
27# 2) PDP catches the 403 and
28#  a) checks for user logged in, if not, raise 401.
29#  b) checks user authorisation credentials - if OK set 200 response, if not
30# set 403 (and display access denied) message
31# 3) AuthKit middleware (part of OpenIDRelyingPartyFilter) intercepts any
32# 401 code set and triggers OpenID Relying Party Signin
33# 4) If the request got through this chain with a 200 code then invoke the
34# response from the AuthZTestApp.  AuthZTestApp is the app that is being
35# protected.
36[pipeline:main]
37pipeline = SessionMiddlewareFilter
38                   OpenIDRelyingPartyFilter
39                   PDPMiddlewareFilter
40                   PEPMiddlewareFilter
41                   AuthZTestApp
42
43[app:AuthZTestApp]
44paste.app_factory = ndg.security.test.integration.authz.serverapp:app_factory
45
46[filter:PEPMiddlewareFilter]
47paste.filter_app_factory=ndg.security.server.wsgi.pep:PEPMiddleware.filter_app_factory
48prefix = pep.
49pep.pathMatchList = /test_securedURI
50
51[filter:PDPMiddlewareFilter]
52#paste.filter_app_factory=ndg.security.server.wsgi.pdp:PDPMiddleware.filter_app_factory
53#prefix = pdp.
54#paste.filter_app_factory = ndg.security.server.wsgi.pdp:PDPMiddlewareAppFactory
55paste.filter_app_factory = ndg.security.server.wsgi.pdp:PDPHandlerMiddleware.filter_app_factory
56
57#______________________________________________________________________________
58# Beaker Session Middleware (used by OpenID Provider Filter)
59[filter:SessionMiddlewareFilter]
60paste.filter_app_factory=beaker.middleware:SessionMiddleware
61#beaker.session.key = sso
62beaker.session.secret = somesecret
63
64# If you'd like to fine-tune the individual locations of the cache data dirs
65# for the Cache data, or the Session saves, un-comment the desired settings
66# here:
67beaker.cache.data_dir = %(here)s/beaker/cache
68beaker.session.data_dir = %(here)s/beaker/sessions
69
70[filter:OpenIDRelyingPartyFilter]
71paste.filter_app_factory = 
72        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory
73
74openid.relyingparty.sessionKey = beaker.session
75openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
76openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate
77openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates
78openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
79openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
80openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
81openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
82openid.relyingparty.signinInterface.ndgLink = http://ndg.nerc.ac.uk/
83openid.relyingparty.signinInterface.ndgImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
84openid.relyingparty.signinInterface.disclaimer = This site is for test purposes only and is under active development.
85openid.relyingparty.signinInterface.stfcLink = http://www.stfc.ac.uk/
86openid.relyingparty.signinInterface.stfcImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/stfc-circle-sm.gif
87openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png
88
89cache_dir = %(here)s/data
90
91# AuthKit Set-up
92authkit.setup.method=openid, cookie
93authkit.cookie.secret=secret encryption string
94authkit.cookie.signoutpath = /logout
95authkit.openid.path.signedin=/
96authkit.openid.store.type=file
97authkit.openid.store.config=%(here)s/data/openid
98authkit.openid.session.key = authkit_openid
99authkit.openid.session.secret = random string
100
101authkit.openid.baseurl = http://localhost:5800
102
103# Template for signin
104#authkit.openid.template.obj =
105
106# Handler for parsing OpenID and creating a session from it
107#authkit.openid.urltouser =
108
109
110# Logging configuration
111[loggers]
112keys = root, ndg
113
114[handlers]
115keys = console
116
117[formatters]
118keys = generic
119
120[logger_root]
121level = INFO
122handlers = console
123
124[logger_ndg]
125level = DEBUG
126handlers =
127qualname = ndg
128
129[handler_console]
130class = StreamHandler
131args = (sys.stderr,)
132level = NOTSET
133formatter = generic
134
135[formatter_generic]
136format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
137datefmt = %H:%M:%S
138
Note: See TracBrowser for help on using the repository browser.