source: TI12-security/trunk/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini @ 6059

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini@6059
Revision 6059, 4.1 KB checked in by pjkersha, 10 years ago (diff)

Updated ndg.security.server.wsgi.authz module to include AuthorizationMiddleware? classes to support PIP attribute retrieval with either the NDG Attribute Authority interface (SOAP/WSDL + NDG Attribute Certificates) or (SOAP/SAML + SAML Assertions) - NDGAuthorizationMiddleware and SAMLAuthorizationMiddleware respectively. AuthorizationMiddlewareBase? provides an ABC and AuthorizationMiddleware? definition is an alias to NDGAuthorizationMiddleware for backwards compatibility.

Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21testConfigDir = %(here)s/../../config
22beakerSessionKeyName = beaker.session.ndg.security
23
24[server:main]
25use = egg:Paste#http
26host = 0.0.0.0
27port = 7080
28
29[pipeline:main]
30pipeline = BeakerSessionFilter
31                   AuthenticationFilter
32                   AuthorizationFilter
33                   AuthZTestApp
34
35[app:AuthZTestApp]
36paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory
37
38
39[filter:BeakerSessionFilter]
40paste.filter_app_factory = beaker.middleware:SessionMiddleware
41
42# Cookie name
43beaker.session.key = ndg.security.session
44
45# WSGI environ key name
46environ_key = %(beakerSessionKeyName)s
47beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
48beaker.cache.data_dir = %(here)s/authn/beaker/cache
49beaker.session.data_dir = %(here)s/authn/beaker/sessions
50
51
52[filter:AuthenticationFilter]
53paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
54prefix = authN.
55
56# Set redirect for OpenID Relying Party in the Security Services app instance
57authN.redirectURI = http://localhost:7443/verify
58# Test with an SSL endpoint
59#authN.redirectURI = https://localhost/verify
60
61# AuthKit Set-up
62authkit.setup.method=cookie
63
64# This cookie name and secret MUST agree with the name used by the security web
65# services app
66authkit.cookie.name=ndg.security.auth
67authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
68authkit.cookie.signoutpath = /logout
69
70# Disable inclusion of client IP address from cookie signature due to
71# suspected problem with AuthKit setting it when a HTTP Proxy is in place
72authkit.cookie.includeip = False
73
74# environ key name for beaker session
75authkit.session.middleware = %(beakerSessionKeyName)s
76
77[filter:AuthorizationFilter]
78paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
79prefix = authz.
80policy.filePath = %(here)s/policy.xml
81
82# Settings for Policy Information Point used by the Policy Decision Point to
83# retrieve subject attributes from the Attribute Authority associated with the
84# resource to be accessed
85pip.sslCACertFilePathList=
86
87# List of CA certificates used to verify the signatures of
88# Attribute Certificates retrieved
89pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
90
91#
92# WS-Security Settings for call to Attribute Authority to retrieve user
93# attributes
94
95# Signature of an outbound message
96
97# Certificate associated with private key used to sign a message.  The sign
98# method will add this to the BinarySecurityToken element of the WSSE header. 
99# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType. 
100# As an alternative, use signingCertChain - see below...
101
102# PEM encode cert
103pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
104
105# PEM encoded private key file
106pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
107
108# Password protecting private key.  Leave blank if there is no password.
109pip.wssecurity.signingPriKeyPwd=
110
111# For signature verification.  Provide a space separated list of file paths
112pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
113
114# ValueType for the BinarySecurityToken added to the WSSE header
115pip.wssecurity.reqBinSecTokValType=X509v3
116
117# Add a timestamp element to an outbound message
118pip.wssecurity.addTimestamp=True
119
120# Logging configuration
121[loggers]
122keys = root, ndg
123
124[handlers]
125keys = console
126
127[formatters]
128keys = generic
129
130[logger_root]
131level = INFO
132handlers = console
133
134[logger_ndg]
135level = DEBUG
136handlers =
137qualname = ndg
138
139[handler_console]
140class = StreamHandler
141args = (sys.stderr,)
142level = NOTSET
143formatter = generic
144
145[formatter_generic]
146format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s
147datefmt = %Y-%m-%d-%H:%M:%S
148
Note: See TracBrowser for help on using the repository browser.