source: TI12-security/trunk/python/ndg.security.test/ndg/security/test/openidrelyingparty/services.ini @ 4909

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg.security.test/ndg/security/test/openidrelyingparty/services.ini@4909
Revision 4909, 3.6 KB checked in by pjkersha, 11 years ago (diff)

Major progress on authentication and authorisation WSGI chain:

  • integration test harness in ndg.security.test.integration.authz
    • chain PEP middleware catches secured URIs. If URI is a secured one, it sets the status to 403.
    • The 403 status is caught by the PDP. The PDP checks for a login cookie, if not set it sets 401 Unauthorized
    • 401 is caught by OpenID handler and sets OpenID signin form response so that the user can login
    • If the user is logged in, the PDP checks authZ credentials (TODO) if not set it sets a 403 status and responds with an access denied message
  • The PDP uses authkit.authenticate.multi.MultiHandler? to trap 403 responses from the PEP and display an access denied message.
  • ndg.security.server.wsgi.pdp needs cleaning up in line with change to use authkit MultiHandler?
Line 
1#
2# NERC DataGrid Security
3#
4# Paste configuration for OpenID Relying Party test service
5#
6# The %(here)s variable will be replaced with the parent directory of this file
7#
8# Author: P J Kershaw
9# date: 21/01/09
10# Copyright: (C) 2009 Science and Technology Facilities Council
11# license: BSD - see LICENSE file in top-level directory
12# Contact: Philip.Kershaw@stfc.ac.uk
13# Revision: $Id$
14
15[DEFAULT]
16
17[server:main]
18use = egg:Paste#http
19host = 0.0.0.0
20port = 5600
21
22[pipeline:main]
23pipeline = SessionMiddlewareFilter
24                   OpenIDRelyingPartyFilter
25           mainApp
26
27[app:mainApp]
28paste.app_factory = ndg.security.test.openidrelyingparty.serverapp:app_factory
29
30#______________________________________________________________________________
31# Beaker Session Middleware (used by OpenID Provider Filter)
32[filter:SessionMiddlewareFilter]
33paste.filter_app_factory=beaker.middleware:SessionMiddleware
34beaker.session.secret = somesecret
35
36# If you'd like to fine-tune the individual locations of the cache data dirs
37# for the Cache data, or the Session saves, un-comment the desired settings
38# here:
39beaker.cache.data_dir = %(here)s/beaker/cache
40beaker.session.data_dir = %(here)s/beaker/sessions
41
42[filter:OpenIDRelyingPartyFilter]
43paste.filter_app_factory = 
44        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory
45
46openid.relyingparty.sessionKey = beaker.session
47openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
48openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate
49openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates
50openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/public
51openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
52openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
53openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
54openid.relyingparty.signinInterface.ndgLink = http://ndg.nerc.ac.uk/
55openid.relyingparty.signinInterface.ndgImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
56openid.relyingparty.signinInterface.disclaimer = This site is for test purposes only and is under active development.
57openid.relyingparty.signinInterface.stfcLink = http://www.stfc.ac.uk/
58openid.relyingparty.signinInterface.stfcImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/stfc-circle-sm.gif
59openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png
60
61cache_dir = %(here)s/data
62
63# AuthKit Set-up
64authkit.setup.method=openid, cookie
65authkit.cookie.secret=secret encryption string
66authkit.cookie.signoutpath = /logout
67authkit.openid.path.signedin=/
68authkit.openid.store.type=file
69authkit.openid.store.config=%(here)s/data/openid
70authkit.openid.session.key = authkit_openid
71authkit.openid.session.secret = random string
72
73authkit.openid.baseurl = http://localhost:5600
74
75# Template for signin
76#authkit.openid.template.obj =
77
78# Handler for parsing OpenID and creating a session from it
79#authkit.openid.urltouser =
80
81
82# Logging configuration
83[loggers]
84keys = root, ndg
85
86[handlers]
87keys = console
88
89[formatters]
90keys = generic
91
92[logger_root]
93level = INFO
94handlers = console
95
96[logger_ndg]
97level = DEBUG
98handlers =
99qualname = ndg
100
101[handler_console]
102class = StreamHandler
103args = (sys.stderr,)
104level = NOTSET
105formatter = generic
106
107[formatter_generic]
108format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
109datefmt = %H:%M:%S
110
Note: See TracBrowser for help on using the repository browser.