source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz_lite/securedapp.ini @ 5451

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz_lite/securedapp.ini@5451
Revision 5451, 3.4 KB checked in by pjkersha, 11 years ago (diff)
Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21testConfigDir = %(here)s/../../config
22
23[server:main]
24use = egg:Paste#http
25host = 0.0.0.0
26port = 7080
27
28[pipeline:main]
29pipeline = AuthenticationFilter AuthorizationFilter AuthZTestApp
30
31[app:AuthZTestApp]
32paste.app_factory = ndg.security.test.integration.authz_lite.securedapp:AuthZTestMiddleware.app_factory
33
34[filter:AuthenticationFilter]
35paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
36prefix = authN.
37
38# Set redirect for OpenID Relying Party in the Security Services app instance
39authN.redirectURI = http://localhost:7443/verify
40
41# Beaker Session set-up
42beaker.session.key = ndg.security.session
43beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
44beaker.cache.data_dir = %(here)s/authn/beaker/cache
45beaker.session.data_dir = %(here)s/authn/beaker/sessions
46
47# AuthKit Set-up
48authkit.setup.method=cookie
49
50# This cookie name and secret MUST agree with the name used by the security web
51# services app
52authkit.cookie.name=ndg.security.auth
53authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
54authkit.cookie.signoutpath = /logout
55
56# Disable inclusion of client IP address from cookie signature due to
57# suspected problem with AuthKit setting it when a HTTP Proxy is in place
58authkit.cookie.includeip = False
59
60[filter:AuthorizationFilter]
61paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
62prefix = authz.
63policy.filePath = %(here)s/policy.xml
64
65# Settings for Policy Information Point used by the Policy Decision Point to
66# retrieve subject attributes from the Attribute Authority associated with the
67# resource to be accessed
68pip.sslCACertFilePathList=
69
70# List of CA certificates used to verify the signatures of
71# Attribute Certificates retrieved
72pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
73
74#
75# WS-Security Settings for call to Attribute Authority to retrieve user
76# attributes
77
78# Signature of an outbound message
79
80# Certificate associated with private key used to sign a message.  The sign
81# method will add this to the BinarySecurityToken element of the WSSE header. 
82# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
83# As an alternative, use signingCertChain - see below...
84
85# PEM encode cert
86pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
87
88# PEM encoded private key file
89pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
90
91# Password protecting private key.  Leave blank if there is no password.
92pip.wssecurity.signingPriKeyPwd=
93
94# For signature verification.  Provide a space separated list of file paths
95pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
96
97# ValueType for the BinarySecurityToken added to the WSSE header
98pip.wssecurity.reqBinSecTokValType=X509v3
99
100# Add a timestamp element to an outbound message
101pip.wssecurity.addTimestamp=True
Note: See TracBrowser for help on using the repository browser.