source: TI12-security/trunk/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini @ 5770

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini@5770
Revision 5770, 4.1 KB checked in by pjkersha, 10 years ago (diff)

Adding SSL Client authentication step into authz_lite integration test. Broken redirecting back from authn step to requested resource.

Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21testConfigDir = %(here)s/../../config
22beakerSessionKeyName = beaker.session.ndg.security
23
24[server:main]
25use = egg:Paste#http
26host = 0.0.0.0
27port = 7080
28
29[pipeline:main]
30pipeline = BeakerSessionFilter
31                   AuthenticationFilter
32                   AuthorizationFilter
33                   AuthZTestApp
34
35[app:AuthZTestApp]
36paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory
37
38
39[filter:BeakerSessionFilter]
40paste.filter_app_factory = beaker.middleware:SessionMiddleware
41
42# Cookie name
43beaker.session.key = ndg.security.session
44
45# WSGI environ key name
46environ_key = %(beakerSessionKeyName)s
47beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
48beaker.cache.data_dir = %(here)s/authn/beaker/cache
49beaker.session.data_dir = %(here)s/authn/beaker/sessions
50
51
52[filter:AuthenticationFilter]
53paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
54prefix = authN.
55
56# Set redirect for OpenID Relying Party in the Security Services app instance
57#authN.redirectURI = http://localhost:7443/verify
58authN.redirectURI = https://localhost/verify
59
60# AuthKit Set-up
61authkit.setup.method=cookie
62
63# This cookie name and secret MUST agree with the name used by the security web
64# services app
65authkit.cookie.name=ndg.security.auth
66authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
67authkit.cookie.signoutpath = /logout
68
69# Disable inclusion of client IP address from cookie signature due to
70# suspected problem with AuthKit setting it when a HTTP Proxy is in place
71authkit.cookie.includeip = False
72
73# environ key name for beaker session
74authkit.session.middleware = %(beakerSessionKeyName)s
75
76[filter:AuthorizationFilter]
77paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
78prefix = authz.
79policy.filePath = %(here)s/policy.xml
80
81# Settings for Policy Information Point used by the Policy Decision Point to
82# retrieve subject attributes from the Attribute Authority associated with the
83# resource to be accessed
84pip.sslCACertFilePathList=
85
86# List of CA certificates used to verify the signatures of
87# Attribute Certificates retrieved
88pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
89
90#
91# WS-Security Settings for call to Attribute Authority to retrieve user
92# attributes
93
94# Signature of an outbound message
95
96# Certificate associated with private key used to sign a message.  The sign
97# method will add this to the BinarySecurityToken element of the WSSE header. 
98# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
99# As an alternative, use signingCertChain - see below...
100
101# PEM encode cert
102pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
103
104# PEM encoded private key file
105pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
106
107# Password protecting private key.  Leave blank if there is no password.
108pip.wssecurity.signingPriKeyPwd=
109
110# For signature verification.  Provide a space separated list of file paths
111pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
112
113# ValueType for the BinarySecurityToken added to the WSSE header
114pip.wssecurity.reqBinSecTokValType=X509v3
115
116# Add a timestamp element to an outbound message
117pip.wssecurity.addTimestamp=True
118
119# Logging configuration
120[loggers]
121keys = root, ndg
122
123[handlers]
124keys = console
125
126[formatters]
127keys = generic
128
129[logger_root]
130level = INFO
131handlers = console
132
133[logger_ndg]
134level = DEBUG
135handlers =
136qualname = ndg
137
138[handler_console]
139class = StreamHandler
140args = (sys.stderr,)
141level = NOTSET
142formatter = generic
143
144[formatter_generic]
145format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
146datefmt = %H:%M:%S
147
Note: See TracBrowser for help on using the repository browser.