source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini @ 5543

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini@5543
Revision 5543, 5.9 KB checked in by pjkersha, 11 years ago (diff)

Fixes for testing OpenID Relying Party running in the application code stack instead of the separate services stack.

Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21portNum = 7080
22hostname = localhost
23scheme = http
24baseURI = %(scheme)s://%(hostname)s:%(portNum)s
25openIDProviderIDBase = /openid
26openIDProviderIDSelectURI = http://localhost:7443%(openIDProviderIDBase)s
27testConfigDir = %(here)s/../../config
28beakerSessionKeyName = beaker.session.ndg.security
29
30[server:main]
31use = egg:Paste#http
32host = 0.0.0.0
33port = 7080
34
35[pipeline:main]
36pipeline = BeakerSessionFilter
37                   OpenIDRelyingPartyFilter
38                   SessionHandlerFilter
39                   AuthorizationFilter
40                   AuthZTestApp
41
42[app:AuthZTestApp]
43paste.app_factory = ndg.security.test.integration.openidrelyingparty_withapp.securedapp:AuthZTestApp.app_factory
44
45[filter:AuthorizationFilter]
46paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
47prefix = authz.
48policy.filePath = %(here)s/policy.xml
49
50# Settings for Policy Information Point used by the Policy Decision Point to
51# retrieve subject attributes from the Attribute Authority associated with the
52# resource to be accessed
53pip.sslCACertFilePathList=
54
55# List of CA certificates used to verify the signatures of
56# Attribute Certificates retrieved
57pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
58
59#
60# WS-Security Settings for call to Attribute Authority to retrieve user
61# attributes
62
63# Signature of an outbound message
64
65# Certificate associated with private key used to sign a message.  The sign
66# method will add this to the BinarySecurityToken element of the WSSE header. 
67# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
68# As an alternative, use signingCertChain - see below...
69
70# PEM encode cert
71pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
72
73# PEM encoded private key file
74pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
75
76# Password protecting private key.  Leave blank if there is no password.
77pip.wssecurity.signingPriKeyPwd=
78
79# For signature verification.  Provide a space separated list of file paths
80pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
81
82# ValueType for the BinarySecurityToken added to the WSSE header
83pip.wssecurity.reqBinSecTokValType=X509v3
84
85# Add a timestamp element to an outbound message
86pip.wssecurity.addTimestamp=True
87
88[filter:BeakerSessionFilter]
89paste.filter_app_factory = beaker.middleware:SessionMiddleware
90
91# Cookie name
92beaker.session.key = ndg.security.session
93
94# WSGI environ key name
95environ_key = %(beakerSessionKeyName)s
96beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
97beaker.cache.data_dir = %(here)s/authn/beaker/cache
98beaker.session.data_dir = %(here)s/authn/beaker/sessions
99
100[filter:SessionHandlerFilter]
101paste.filter_app_factory = ndg.security.server.wsgi.authn:SessionHandlerMiddleware.filter_app_factory
102sessionKey = %(beakerSessionKeyName)s
103signoutPath = /logout
104
105[filter:OpenIDRelyingPartyFilter]
106paste.filter_app_factory = 
107        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory
108
109openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
110openid.relyingparty.certFilePath = %(testConfigDir)s/pki/localhost.crt
111openid.relyingparty.priKeyFilePath = %(testConfigDir)s/pki/localhost.key
112openid.relyingparty.priKeyPwd = 
113openid.relyingparty.caCertDirPath = %(testConfigDir)s/ca
114openid.relyingparty.providerWhitelistFilePath =
115openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate
116openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates
117openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
118openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
119openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s
120openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
121openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
122openid.relyingparty.signinInterface.ndgLink = http://ndg.nerc.ac.uk/
123openid.relyingparty.signinInterface.ndgImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
124openid.relyingparty.signinInterface.disclaimer = This site is for test purposes only and is under active development.
125openid.relyingparty.signinInterface.stfcLink = http://www.stfc.ac.uk/
126openid.relyingparty.signinInterface.stfcImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/stfc-circle-sm.gif
127openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png
128
129cache_dir = %(here)s/data
130
131# AuthKit Set-up
132authkit.setup.method=openid, cookie
133
134# This cookie name and secret MUST agree with the name used by the
135# Authentication Filter used to secure a given app
136authkit.cookie.name=ndg.security.authkit
137authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
138authkit.cookie.signoutpath = /logout
139
140# Disable inclusion of client IP address from cookie signature due to
141# suspected problem with AuthKit setting it when a HTTP Proxy is in place
142authkit.cookie.includeip = False
143
144authkit.openid.path.signedin=/
145authkit.openid.store.type=file
146authkit.openid.store.config=%(here)s/openidrelyingparty/store
147authkit.openid.session.key = authkit_openid
148authkit.openid.session.secret = random string
149authkit.openid.session.middleware = %(beakerSessionKeyName)s
150
151authkit.openid.baseurl = %(baseURI)s
Note: See TracBrowser for help on using the repository browser.