source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini @ 5541

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini@5541
Revision 5541, 7.3 KB checked in by pjkersha, 11 years ago (diff)

New integration test for trying out OpenID Relying Party running in the application code stack instead of the separate services stack.

Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21portNum = 7080
22hostname = localhost
23scheme = http
24baseURI = %(scheme)s://%(hostname)s:%(portNum)s
25openIDProviderIDBase = /openid
26openIDProviderIDSelectURI = %(baseURI)s%(openIDProviderIDBase)s
27testConfigDir = %(here)s/../../config
28
29[server:main]
30use = egg:Paste#http
31host = 0.0.0.0
32port = 7080
33
34[pipeline:main]
35pipeline = SessionMiddlewareFilter
36                   OpenIDRelyingPartyFilter
37                   AuthorizationFilter
38                   AuthZTestApp
39
40[app:AuthZTestApp]
41paste.app_factory = ndg.security.test.integration.openidrelyingparty_withapp.securedapp:AuthZTestApp.app_factory
42
43[filter:AuthenticationFilter]
44paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
45prefix = authN.
46
47# Set redirect for OpenID Relying Party in the Security Services app instance
48authN.redirectURI = http://localhost:7443/verify
49
50# Beaker Session set-up
51beaker.session.key = ndg.security.session
52beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
53beaker.cache.data_dir = %(here)s/authn/beaker/cache
54beaker.session.data_dir = %(here)s/authn/beaker/sessions
55
56# AuthKit Set-up
57authkit.setup.method=cookie
58
59# This cookie name and secret MUST agree with the name used by the security web
60# services app
61authkit.cookie.name=ndg.security.auth
62authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
63authkit.cookie.signoutpath = /logout
64
65# Disable inclusion of client IP address from cookie signature due to
66# suspected problem with AuthKit setting it when a HTTP Proxy is in place
67authkit.cookie.includeip = False
68
69[filter:AuthorizationFilter]
70paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
71prefix = authz.
72policy.filePath = %(here)s/policy.xml
73
74# Settings for Policy Information Point used by the Policy Decision Point to
75# retrieve subject attributes from the Attribute Authority associated with the
76# resource to be accessed
77pip.sslCACertFilePathList=
78
79# List of CA certificates used to verify the signatures of
80# Attribute Certificates retrieved
81pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
82
83#
84# WS-Security Settings for call to Attribute Authority to retrieve user
85# attributes
86
87# Signature of an outbound message
88
89# Certificate associated with private key used to sign a message.  The sign
90# method will add this to the BinarySecurityToken element of the WSSE header. 
91# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
92# As an alternative, use signingCertChain - see below...
93
94# PEM encode cert
95pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
96
97# PEM encoded private key file
98pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
99
100# Password protecting private key.  Leave blank if there is no password.
101pip.wssecurity.signingPriKeyPwd=
102
103# For signature verification.  Provide a space separated list of file paths
104pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
105
106# ValueType for the BinarySecurityToken added to the WSSE header
107pip.wssecurity.reqBinSecTokValType=X509v3
108
109# Add a timestamp element to an outbound message
110pip.wssecurity.addTimestamp=True
111
112#______________________________________________________________________________
113# Beaker Session Middleware (used by OpenID Provider Filter)
114[filter:SessionMiddlewareFilter]
115paste.filter_app_factory=beaker.middleware:SessionMiddleware
116beaker.session.key = openid
117beaker.session.secret = qKEdQdCr33NE087dRUWX3qUv5r7AsuQU
118# These options enable cookie only type sessions with the cookie content
119# encrypted
120#beaker.session.type = cookie
121#beaker.session.validate_key = 0123456789abcdef
122#beaker.session.encrypt_key = fedcba9876543210
123
124# If you'd like to fine-tune the individual locations of the cache data dirs
125# for the Cache data, or the Session saves, un-comment the desired settings
126# here:
127beaker.cache.data_dir = %(here)s/openidprovider/beaker/cache
128beaker.session.data_dir = %(here)s/openidprovider/beaker/sessions
129beaker.session.cookie_expires = True
130
131
132[filter:OpenIDRelyingPartyFilter]
133paste.filter_app_factory = 
134        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory
135
136openid.relyingparty.sessionKey = beaker.session
137openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
138openid.relyingparty.certFilePath = %(testConfigDir)s/pki/localhost.crt
139openid.relyingparty.priKeyFilePath = %(testConfigDir)s/pki/localhost.key
140openid.relyingparty.priKeyPwd = 
141openid.relyingparty.caCertDirPath = %(testConfigDir)s/ca
142openid.relyingparty.providerWhitelistFilePath =
143#openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.test.integration.openid.openidrelyingparty.signin_interface.CombinedSigninAndLoginInterface
144#openid.relyingparty.signinInterface.templatePackage = ndg.security.test.integration.openid.openidrelyingparty.templates
145openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate
146openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates
147openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
148openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
149openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s
150openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
151openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
152openid.relyingparty.signinInterface.ndgLink = http://ndg.nerc.ac.uk/
153openid.relyingparty.signinInterface.ndgImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
154openid.relyingparty.signinInterface.disclaimer = This site is for test purposes only and is under active development.
155openid.relyingparty.signinInterface.stfcLink = http://www.stfc.ac.uk/
156openid.relyingparty.signinInterface.stfcImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/stfc-circle-sm.gif
157openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png
158
159cache_dir = %(here)s/data
160
161# AuthKit Set-up
162authkit.setup.method=openid, cookie
163
164# This cookie name and secret MUST agree with the name used by the
165# Authentication Filter used to secure a given app
166authkit.cookie.name=ndg.security.auth
167authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
168authkit.cookie.signoutpath = /logout
169
170# Disable inclusion of client IP address from cookie signature due to
171# suspected problem with AuthKit setting it when a HTTP Proxy is in place
172authkit.cookie.includeip = False
173
174authkit.openid.path.signedin=/
175authkit.openid.store.type=file
176authkit.openid.store.config=%(here)s/openidrelyingparty/store
177authkit.openid.session.key = authkit_openid
178authkit.openid.session.secret = random string
179
180authkit.openid.baseurl = %(baseURI)s
Note: See TracBrowser for help on using the repository browser.