source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini @ 5565

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini@5565
Revision 5565, 6.2 KB checked in by pjkersha, 10 years ago (diff)

Important fix for OpenID Relying Party: enable fully configurable URI path for OpenID AuthKit? verify action. AuthKit? requires a patch also.

Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21portNum = 7080
22hostname = localhost
23scheme = http
24baseURI = %(scheme)s://%(hostname)s:%(portNum)s
25openIDProviderIDBase = /openid
26openIDProviderIDSelectURI = http://localhost:7443%(openIDProviderIDBase)s
27testConfigDir = %(here)s/../../config
28beakerSessionKeyName = beaker.session.ndg.security
29
30# Logout URI used by AuthKit and SessionHandlerMiddleware
31globalSignoutPath = /logout
32
33[server:main]
34use = egg:Paste#http
35host = 0.0.0.0
36port = 7080
37
38[pipeline:main]
39pipeline = BeakerSessionFilter
40                   OpenIDRelyingPartyFilter
41                   SessionHandlerFilter
42                   AuthorizationFilter
43                   AuthZTestApp
44
45[app:AuthZTestApp]
46paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory
47
48[filter:BeakerSessionFilter]
49paste.filter_app_factory = beaker.middleware:SessionMiddleware
50
51# Cookie name
52beaker.session.key = ndg.security.session
53
54# WSGI environ key name
55environ_key = %(beakerSessionKeyName)s
56beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
57beaker.cache.data_dir = %(here)s/authn/beaker/cache
58beaker.session.data_dir = %(here)s/authn/beaker/sessions
59
60# Handle setting of session cookie following sign-in
61[filter:SessionHandlerFilter]
62paste.filter_app_factory = ndg.security.server.wsgi.authn:SessionHandlerMiddleware.filter_app_factory
63sessionhandler.signoutPath = %(globalSignoutPath)s
64sessionhandler.sessionKey = %(beakerSessionKeyName)s
65
66[filter:OpenIDRelyingPartyFilter]
67paste.filter_app_factory = 
68        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory
69
70openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
71openid.relyingparty.certFilePath = %(testConfigDir)s/pki/localhost.crt
72openid.relyingparty.priKeyFilePath = %(testConfigDir)s/pki/localhost.key
73openid.relyingparty.priKeyPwd = 
74openid.relyingparty.caCertDirPath = %(testConfigDir)s/ca
75openid.relyingparty.providerWhitelistFilePath =
76openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate
77openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates
78openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
79openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
80openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s
81openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
82openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
83openid.relyingparty.signinInterface.ndgLink = http://ndg.nerc.ac.uk/
84openid.relyingparty.signinInterface.ndgImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
85openid.relyingparty.signinInterface.disclaimer = This site is for test purposes only and is under active development.
86openid.relyingparty.signinInterface.stfcLink = http://www.stfc.ac.uk/
87openid.relyingparty.signinInterface.stfcImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/stfc-circle-sm.gif
88openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png
89
90cache_dir = %(here)s/data
91
92# AuthKit Set-up
93authkit.setup.method=openid, cookie
94
95# This cookie name and secret MUST agree with the name used by the
96# Authentication Filter used to secure a given app
97authkit.cookie.name=ndg.security.authkit
98
99authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
100authkit.cookie.signoutpath = %(globalSignoutPath)s
101
102# Disable inclusion of client IP address from cookie signature due to
103# suspected problem with AuthKit setting it when a HTTP Proxy is in place
104authkit.cookie.includeip = False
105
106authkit.openid.path.signedin=/
107authkit.openid.path.verify=/openid/verify
108authkit.openid.path.process=/openid/process
109authkit.openid.store.type=file
110authkit.openid.store.config=%(here)s/openidrelyingparty/store
111authkit.openid.session.key = authkit_openid
112authkit.openid.session.secret = random string
113
114# Key name for dereferencing beaker.session object held in environ
115authkit.openid.session.middleware = %(beakerSessionKeyName)s
116
117authkit.openid.baseurl = %(baseURI)s
118
119
120[filter:AuthorizationFilter]
121paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
122prefix = authz.
123policy.filePath = %(here)s/policy.xml
124
125# Settings for Policy Information Point used by the Policy Decision Point to
126# retrieve subject attributes from the Attribute Authority associated with the
127# resource to be accessed
128pip.sslCACertFilePathList=
129
130# List of CA certificates used to verify the signatures of
131# Attribute Certificates retrieved
132pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
133
134#
135# WS-Security Settings for call to Attribute Authority to retrieve user
136# attributes
137
138# Signature of an outbound message
139
140# Certificate associated with private key used to sign a message.  The sign
141# method will add this to the BinarySecurityToken element of the WSSE header. 
142# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
143# As an alternative, use signingCertChain - see below...
144
145# PEM encode cert
146pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
147
148# PEM encoded private key file
149pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
150
151# Password protecting private key.  Leave blank if there is no password.
152pip.wssecurity.signingPriKeyPwd=
153
154# For signature verification.  Provide a space separated list of file paths
155pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
156
157# ValueType for the BinarySecurityToken added to the WSSE header
158pip.wssecurity.reqBinSecTokValType=X509v3
159
160# Add a timestamp element to an outbound message
161pip.wssecurity.addTimestamp=True
Note: See TracBrowser for help on using the repository browser.