source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini @ 5549

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini@5549
Revision 5549, 6.1 KB checked in by pjkersha, 11 years ago (diff)

Fixes for testing OpenID Relying Party running in the application code stack instead of the separate services stack:

  • Removed redirect start_response wrapper from ndg.security.server.wsgi.openid.relyingparty.OpenIDRelyingPartyMiddleware - ndg.security.server.wsgi.authn.SessionHandlerMiddleware? does this job. TODO: this needs checking with the alternate configuration of the Relying Party middleware set-up in the Security Services WSGI stack.
  • Tidied up ndg.security.server.wsgi.authn.SessionHandlerMiddleware? so that it can deployed as a standalone filter in a Paste ini file as required in this use case. It will also be needed for the non-browser SSL based authentication use case.
Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21portNum = 7080
22hostname = localhost
23scheme = http
24baseURI = %(scheme)s://%(hostname)s:%(portNum)s
25openIDProviderIDBase = /openid
26openIDProviderIDSelectURI = http://localhost:7443%(openIDProviderIDBase)s
27testConfigDir = %(here)s/../../config
28beakerSessionKeyName = beaker.session.ndg.security
29
30# Logout URI used by AuthKit and SessionHandlerMiddleware
31globalSignoutPath = /logout
32
33[server:main]
34use = egg:Paste#http
35host = 0.0.0.0
36port = 7080
37
38[pipeline:main]
39pipeline = BeakerSessionFilter
40                   OpenIDRelyingPartyFilter
41                   SessionHandlerFilter
42                   AuthorizationFilter
43                   AuthZTestApp
44
45[app:AuthZTestApp]
46paste.app_factory = ndg.security.test.integration.openidrelyingparty_withapp.securedapp:AuthZTestApp.app_factory
47
48[filter:AuthorizationFilter]
49paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
50prefix = authz.
51policy.filePath = %(here)s/policy.xml
52
53# Settings for Policy Information Point used by the Policy Decision Point to
54# retrieve subject attributes from the Attribute Authority associated with the
55# resource to be accessed
56pip.sslCACertFilePathList=
57
58# List of CA certificates used to verify the signatures of
59# Attribute Certificates retrieved
60pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
61
62#
63# WS-Security Settings for call to Attribute Authority to retrieve user
64# attributes
65
66# Signature of an outbound message
67
68# Certificate associated with private key used to sign a message.  The sign
69# method will add this to the BinarySecurityToken element of the WSSE header. 
70# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
71# As an alternative, use signingCertChain - see below...
72
73# PEM encode cert
74pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
75
76# PEM encoded private key file
77pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
78
79# Password protecting private key.  Leave blank if there is no password.
80pip.wssecurity.signingPriKeyPwd=
81
82# For signature verification.  Provide a space separated list of file paths
83pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
84
85# ValueType for the BinarySecurityToken added to the WSSE header
86pip.wssecurity.reqBinSecTokValType=X509v3
87
88# Add a timestamp element to an outbound message
89pip.wssecurity.addTimestamp=True
90
91[filter:BeakerSessionFilter]
92paste.filter_app_factory = beaker.middleware:SessionMiddleware
93
94# Cookie name
95beaker.session.key = ndg.security.session
96
97# WSGI environ key name
98environ_key = %(beakerSessionKeyName)s
99beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
100beaker.cache.data_dir = %(here)s/authn/beaker/cache
101beaker.session.data_dir = %(here)s/authn/beaker/sessions
102
103# Handle setting of session cookie following sign-in
104[filter:SessionHandlerFilter]
105paste.filter_app_factory = ndg.security.server.wsgi.authn:SessionHandlerMiddleware.filter_app_factory
106sessionhandler.signoutPath = %(globalSignoutPath)s
107sessionhandler.sessionKey = %(beakerSessionKeyName)s
108
109[filter:OpenIDRelyingPartyFilter]
110paste.filter_app_factory = 
111        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory
112
113openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
114openid.relyingparty.certFilePath = %(testConfigDir)s/pki/localhost.crt
115openid.relyingparty.priKeyFilePath = %(testConfigDir)s/pki/localhost.key
116openid.relyingparty.priKeyPwd = 
117openid.relyingparty.caCertDirPath = %(testConfigDir)s/ca
118openid.relyingparty.providerWhitelistFilePath =
119openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate
120openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates
121openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
122openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
123openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s
124openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
125openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
126openid.relyingparty.signinInterface.ndgLink = http://ndg.nerc.ac.uk/
127openid.relyingparty.signinInterface.ndgImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
128openid.relyingparty.signinInterface.disclaimer = This site is for test purposes only and is under active development.
129openid.relyingparty.signinInterface.stfcLink = http://www.stfc.ac.uk/
130openid.relyingparty.signinInterface.stfcImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/stfc-circle-sm.gif
131openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png
132
133cache_dir = %(here)s/data
134
135# AuthKit Set-up
136authkit.setup.method=openid, cookie
137
138# This cookie name and secret MUST agree with the name used by the
139# Authentication Filter used to secure a given app
140authkit.cookie.name=ndg.security.authkit
141authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
142authkit.cookie.signoutpath = %(globalSignoutPath)s
143
144# Disable inclusion of client IP address from cookie signature due to
145# suspected problem with AuthKit setting it when a HTTP Proxy is in place
146authkit.cookie.includeip = False
147
148authkit.openid.path.signedin=/
149authkit.openid.store.type=file
150authkit.openid.store.config=%(here)s/openidrelyingparty/store
151authkit.openid.session.key = authkit_openid
152authkit.openid.session.secret = random string
153authkit.openid.session.middleware = %(beakerSessionKeyName)s
154
155authkit.openid.baseurl = %(baseURI)s
Note: See TracBrowser for help on using the repository browser.