source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini @ 5541

#
# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
# defines the configuration for a an application to be secured.  Security
# filters placed in front of the application in the WSGI pipeline act as
# client to security services running on a separate application stack.  - See
# securityservices.ini
#
# NERC DataGrid
#
# Author: P J Kershaw
#
# Date: 01/07/09
#
# Copyright: STFC 2009
#
# Licence: BSD - See top-level LICENCE file for licence details
#
# The %(here)s variable will be replaced with the parent directory of this file
#
[DEFAULT]
portNum = 7080
hostname = localhost
scheme = http
baseURI = %(scheme)s://%(hostname)s:%(portNum)s
openIDProviderIDBase = /openid
openIDProviderIDSelectURI = %(baseURI)s%(openIDProviderIDBase)s
testConfigDir = %(here)s/../../config

[server:main]
use = egg:Paste#http
host = 0.0.0.0
port = 7080

[pipeline:main]
pipeline = SessionMiddlewareFilter
                   OpenIDRelyingPartyFilter 
                   AuthorizationFilter 
                   AuthZTestApp

[app:AuthZTestApp]
paste.app_factory = ndg.security.test.integration.openidrelyingparty_withapp.securedapp:AuthZTestApp.app_factory

[filter:AuthenticationFilter]
paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
prefix = authN.

# Set redirect for OpenID Relying Party in the Security Services app instance
authN.redirectURI = http://localhost:7443/verify

# Beaker Session set-up
beaker.session.key = ndg.security.session
beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
beaker.cache.data_dir = %(here)s/authn/beaker/cache
beaker.session.data_dir = %(here)s/authn/beaker/sessions

# AuthKit Set-up
authkit.setup.method=cookie

# This cookie name and secret MUST agree with the name used by the security web
# services app
authkit.cookie.name=ndg.security.auth
authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
authkit.cookie.signoutpath = /logout

# Disable inclusion of client IP address from cookie signature due to 
# suspected problem with AuthKit setting it when a HTTP Proxy is in place
authkit.cookie.includeip = False

[filter:AuthorizationFilter]
paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
prefix = authz.
policy.filePath = %(here)s/policy.xml

# Settings for Policy Information Point used by the Policy Decision Point to
# retrieve subject attributes from the Attribute Authority associated with the
# resource to be accessed
pip.sslCACertFilePathList=

# List of CA certificates used to verify the signatures of 
# Attribute Certificates retrieved
pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt

#
# WS-Security Settings for call to Attribute Authority to retrieve user 
# attributes

# Signature of an outbound message

# Certificate associated with private key used to sign a message.  The sign 
# method will add this to the BinarySecurityToken element of the WSSE header.  
# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.  
# As an alternative, use signingCertChain - see below...

# PEM encode cert
pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt

# PEM encoded private key file
pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key

# Password protecting private key.  Leave blank if there is no password.
pip.wssecurity.signingPriKeyPwd=

# For signature verification.  Provide a space separated list of file paths
pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt

# ValueType for the BinarySecurityToken added to the WSSE header
pip.wssecurity.reqBinSecTokValType=X509v3

# Add a timestamp element to an outbound message
pip.wssecurity.addTimestamp=True

#______________________________________________________________________________
# Beaker Session Middleware (used by OpenID Provider Filter)
[filter:SessionMiddlewareFilter]
paste.filter_app_factory=beaker.middleware:SessionMiddleware
beaker.session.key = openid
beaker.session.secret = qKEdQdCr33NE087dRUWX3qUv5r7AsuQU
# These options enable cookie only type sessions with the cookie content 
# encrypted
#beaker.session.type = cookie
#beaker.session.validate_key = 0123456789abcdef
#beaker.session.encrypt_key = fedcba9876543210

# If you'd like to fine-tune the individual locations of the cache data dirs
# for the Cache data, or the Session saves, un-comment the desired settings
# here:
beaker.cache.data_dir = %(here)s/openidprovider/beaker/cache
beaker.session.data_dir = %(here)s/openidprovider/beaker/sessions
beaker.session.cookie_expires = True


[filter:OpenIDRelyingPartyFilter]
paste.filter_app_factory = 
        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory

openid.relyingparty.sessionKey = beaker.session
openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
openid.relyingparty.certFilePath = %(testConfigDir)s/pki/localhost.crt
openid.relyingparty.priKeyFilePath = %(testConfigDir)s/pki/localhost.key
openid.relyingparty.priKeyPwd = 
openid.relyingparty.caCertDirPath = %(testConfigDir)s/ca
openid.relyingparty.providerWhitelistFilePath =
#openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.test.integration.openid.openidrelyingparty.signin_interface.CombinedSigninAndLoginInterface
#openid.relyingparty.signinInterface.templatePackage = ndg.security.test.integration.openid.openidrelyingparty.templates
openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate
openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates
openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s
openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
openid.relyingparty.signinInterface.ndgLink = http://ndg.nerc.ac.uk/
openid.relyingparty.signinInterface.ndgImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
openid.relyingparty.signinInterface.disclaimer = This site is for test purposes only and is under active development.
openid.relyingparty.signinInterface.stfcLink = http://www.stfc.ac.uk/
openid.relyingparty.signinInterface.stfcImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/stfc-circle-sm.gif
openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png

cache_dir = %(here)s/data

# AuthKit Set-up
authkit.setup.method=openid, cookie

# This cookie name and secret MUST agree with the name used by the 
# Authentication Filter used to secure a given app
authkit.cookie.name=ndg.security.auth
authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
authkit.cookie.signoutpath = /logout

# Disable inclusion of client IP address from cookie signature due to 
# suspected problem with AuthKit setting it when a HTTP Proxy is in place
authkit.cookie.includeip = False

authkit.openid.path.signedin=/
authkit.openid.store.type=file
authkit.openid.store.config=%(here)s/openidrelyingparty/store
authkit.openid.session.key = authkit_openid
authkit.openid.session.secret = random string

authkit.openid.baseurl = %(baseURI)s