source: TI12-security/trunk/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini @ 6063

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg/TI12-security/trunk/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini@6063
Revision 6063, 3.3 KB checked in by pjkersha, 10 years ago (diff)

Working authz lite integration tests with integrated SAML Attribute Authority interface to authz middleware: the old NDG Attribute Authority SOAP/WSDL interface is completely removed as a dependency.

  • major fixes to ndg.security.common.credentialwallet NDGCredentialWallet and SAMLCredentialWallet for slots and pickling capability needed for beaker.session. NDGCredentialWallet is kept for the moment for backwards compatibility.
Line 
1#
2# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
3# defines the configuration for a an application to be secured.  Security
4# filters placed in front of the application in the WSGI pipeline act as
5# client to security services running on a separate application stack.  - See
6# securityservices.ini
7#
8# NERC DataGrid
9#
10# Author: P J Kershaw
11#
12# Date: 01/07/09
13#
14# Copyright: STFC 2009
15#
16# Licence: BSD - See top-level LICENCE file for licence details
17#
18# The %(here)s variable will be replaced with the parent directory of this file
19#
20[DEFAULT]
21testConfigDir = %(here)s/../../config
22beakerSessionKeyName = beaker.session.ndg.security
23
24[server:main]
25use = egg:Paste#http
26host = 0.0.0.0
27port = 7080
28
29[pipeline:main]
30pipeline = BeakerSessionFilter
31                   AuthenticationFilter
32                   AuthorizationFilter
33                   AuthZTestApp
34
35[app:AuthZTestApp]
36paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory
37
38
39[filter:BeakerSessionFilter]
40paste.filter_app_factory = beaker.middleware:SessionMiddleware
41
42# Cookie name
43beaker.session.key = ndg.security.session
44
45# WSGI environ key name
46environ_key = %(beakerSessionKeyName)s
47beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
48beaker.cache.data_dir = %(here)s/authn/beaker/cache
49beaker.session.data_dir = %(here)s/authn/beaker/sessions
50
51
52[filter:AuthenticationFilter]
53paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
54prefix = authN.
55
56# Set redirect for OpenID Relying Party in the Security Services app instance
57authN.redirectURI = https://localhost:7443/verify
58# Test with an SSL endpoint
59#authN.redirectURI = https://localhost/verify
60
61# AuthKit Set-up
62authkit.setup.method=cookie
63
64# This cookie name and secret MUST agree with the name used by the security web
65# services app
66authkit.cookie.name=ndg.security.auth
67authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
68authkit.cookie.signoutpath = /logout
69
70# Disable inclusion of client IP address from cookie signature due to
71# suspected problem with AuthKit setting it when a HTTP Proxy is in place
72authkit.cookie.includeip = False
73
74# environ key name for beaker session
75authkit.session.middleware = %(beakerSessionKeyName)s
76
77[filter:AuthorizationFilter]
78paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory
79prefix = authz.
80policy.filePath = %(here)s/policy.xml
81
82# Settings for Policy Information Point used by the Policy Decision Point to
83# retrieve subject attributes from the Attribute Authority associated with the
84# resource to be accessed
85
86# If omitted, DN of SSL Cert is used
87pip.attributeQuery.issuerName = 
88pip.attributeQuery.clockSkew = 0.
89pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string
90pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca
91pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt
92pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key
93
94# Logging configuration
95[loggers]
96keys = root, ndg
97
98[handlers]
99keys = console
100
101[formatters]
102keys = generic
103
104[logger_root]
105level = INFO
106handlers = console
107
108[logger_ndg]
109level = DEBUG
110handlers =
111qualname = ndg
112
113[handler_console]
114class = StreamHandler
115args = (sys.stderr,)
116level = NOTSET
117formatter = generic
118
119[formatter_generic]
120format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s
121datefmt = %Y-%m-%d-%H:%M:%S
122
Note: See TracBrowser for help on using the repository browser.