Changeset 3892
- Timestamp:
- 13/05/08 09:14:41 (13 years ago)
- Location:
- TI12-security/trunk/python
- Files:
-
- 3 added
- 27 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/python/Tests/authtest/authtest/config/environment.py
r3830 r3892 21 21 # Initialize config with the basic options 22 22 config.init_app(global_conf, app_conf, package='authtest', 23 template_engine='mako', paths=paths) 23 #template_engine='mako', 24 template_engine='kid', 25 paths=paths) 24 26 25 27 config['routes.map'] = make_map() … … 32 34 # CONFIGURATION OPTIONS HERE (note: all config options will override 33 35 # any Pylons config options) 36 # kidopts = {'kid.assume_encoding':'utf-8', 'kid.encoding':'utf-8'} 37 # config.add_template_engine('kid', 'authtest.templates', kidopts) 38 -
TI12-security/trunk/python/Tests/authtest/authtest/controllers/auth.py
r3830 r3892 36 36 def signout(self): 37 37 return Response("Successfully signed out!") 38 39 def testkid(self): 40 return render('signin') -
TI12-security/trunk/python/Tests/authtest/development.ini
r3830 r3892 56 56 authkit.openid.baseurl = http://localhost:5000 57 57 58 # Template for signin 59 authkit.openid.template.obj = authtest.lib.template:make_template 60 58 61 # Logging configuration 59 62 [loggers] -
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoClient.cfg
r3755 r3892 16 16 server: http://localhost/ssoClient 17 17 wayfURI: https://localhost/sso/wayf 18 # Use Client side logout instead 19 #logoutURI: https://localhost/sso/logout 18 19 # File object to direct SOAP trace to. Leave blank or set to None for no trace 20 tracefile: sys.stderr 20 21 layout: %(server)s/layout/ 21 22 icondir: %(server)s/layout/icons/ -
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/config/ssoClientMiddleware.py
r3751 r3892 18 18 class SSOMiddleware(object): 19 19 20 def __init__(self, app, cfg FilePath, appGlobals):20 def __init__(self, app, cfg, appGlobals, **kw): 21 21 22 22 log.debug("SSOMiddleware.__init__ ...") 23 23 self.app = app 24 ndg.security.client.ssoclient.cfg = SSOClientConfig(cfgFilePath) 25 ndg.security.client.ssoclient.cfg .read()24 25 ndg.security.client.ssoclient.cfg = SSOClientConfig(cfg, **kw) 26 26 appGlobals.ndg = ndg 27 27 … … 40 40 """Get Security related parameters from the Pylons NDG config file""" 41 41 42 def __init__(self, cfgFilePath=None): 43 '''Get PKI settings for Attribute Authority and Session Manager from 44 the configuration file 42 def __init__(self, cfg=None, **parseKw): 43 '''Get settings for Single Sign On client''' 44 45 if isinstance(cfg, basestring): 46 # Assume file path to be read 47 self.read(cfg) 48 else: 49 # Assume existing config type object 50 self.cfg = cfg 51 52 if self.cfg: 53 self.parse(**parseKw) 54 55 def read(self, cfgFilePath): 56 '''Read config file into SafeConfigParser instance 45 57 46 58 @type cfgFilePath: pylons config file object 47 @param cfgFilePath: reference to NDG configuration file. If omitted 48 defaults to request.environ['ndgConfig']''' 49 50 self.cfgFilePath = cfgFilePath 51 52 def read(self): 53 '''Read content of config file into object''' 54 cfg = ConfigParser() 55 cfg.read(self.cfgFilePath) 59 @param cfgFilePath: reference to NDG configuration file.''' 60 self.cfg = ConfigParser() 61 self.cfg.read(cfgFilePath) 62 63 def parse(self, defSection='DEFAULT', layoutSection='layout'): 64 '''Extract content of config file object into self''' 65 56 66 # Hostname 57 self.server= cfg.get('DEFAULT', 'server', '')67 self.server=self.cfg.get(defSection, 'server') 58 68 59 69 # For secure connections 60 self.sslServer = cfg.get('DEFAULT', 'sslServer', '')70 self.sslServer = self.cfg.get(defSection, 'sslServer') 61 71 62 72 # Where Are You From URI - defaults to server root if not set in 63 73 # config - i.e. assumes same host as client 64 if cfg.has_option('DEFAULT', 'wayfURI'):65 self.wayfuri = cfg.get('DEFAULT','wayfURI','')74 if self.cfg.has_option(defSection, 'wayfURI'): 75 self.wayfuri = self.cfg.get(defSection, 'wayfURI') 66 76 else: 67 77 self.wayfuri = '%s/wayf' % self.server … … 69 79 # Logout URI can reside on this server or somewhere else determined by 70 80 # the logout config file setting 71 if cfg.has_option('DEFAULT', 'logoutURI'):72 self.logoutURI = cfg.get('DEFAULT','logoutURI','')81 if self.cfg.has_option(defSection, 'logoutURI'): 82 self.logoutURI = self.cfg.get(defSection, 'logoutURI') 73 83 else: 74 84 self.logoutURI = '%s/logout' % self.server 75 76 self.localLink= cfg.get('layout', 'localLink', None)77 self.localImage= cfg.get('layout', 'localImage', None)78 self.localAlt= cfg.get('layout', 'localAlt', 'Visit Local Site')79 self.ndgLink= cfg.get('layout', 'ndgLink', 'http://ndg.nerc.ac.uk')80 self.ndgImage= cfg.get('layout', 'ndgImage', None)81 self.ndgAlt= cfg.get('layout', 'ndgAlt','Visit NDG')82 self.stfcLink= cfg.get('layout', 'stfcLink')83 self.stfcImage= cfg.get('layout', 'stfcImage')84 self.helpIcon= cfg.get('layout', 'helpIcon')85 self.LeftAlt= cfg.get('layout', 'HdrLeftAlt')86 self.LeftLogo= cfg.get('layout', 'HdrLeftLogo')85 86 self.localLink=self.cfg.get(layoutSection, 'localLink', None) 87 self.localImage=self.cfg.get(layoutSection, 'localImage', None) 88 self.localAlt=self.cfg.get(layoutSection, 'localAlt', 'Visit Local Site') 89 self.ndgLink=self.cfg.get(layoutSection, 'ndgLink', 'http://ndg.nerc.ac.uk') 90 self.ndgImage=self.cfg.get(layoutSection, 'ndgImage', None) 91 self.ndgAlt=self.cfg.get(layoutSection, 'ndgAlt','Visit NDG') 92 self.stfcLink=self.cfg.get(layoutSection, 'stfcLink') 93 self.stfcImage=self.cfg.get(layoutSection, 'stfcImage') 94 self.helpIcon=self.cfg.get(layoutSection, 'helpIcon') 95 self.LeftAlt=self.cfg.get(layoutSection, 'HdrLeftAlt') 96 self.LeftLogo=self.cfg.get(layoutSection, 'HdrLeftLogo') 87 97 self.pageLogo="bodcHdr" 88 self.icons_xml= cfg.get('layout','Xicon')89 self.icons_plot= cfg.get('layout','plot')90 self.icons_prn= cfg.get('layout', 'printer')98 self.icons_xml=self.cfg.get(layoutSection,'Xicon') 99 self.icons_plot=self.cfg.get(layoutSection,'plot') 100 self.icons_prn=self.cfg.get(layoutSection, 'printer') 91 101 92 self.disclaimer = cfg.get('DEFAULT', 'disclaimer')102 self.disclaimer = self.cfg.get(defSection, 'disclaimer') 93 103 94 104 # TODO: re-include security settings to enable logout via Session -
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/controllers/logout.py
r3751 r3892 1 from ssoclient.lib.base import *1 from ndg.security.client.ssoclient.ssoclient.lib.base import * 2 2 3 3 log = logging.getLogger(__name__) … … 22 22 '''Logout - remove session from Session Manager tidy up cookie''' 23 23 24 log. info("LogoutController.index ...")24 log.debug("LogoutController.index ...") 25 25 26 26 … … 33 33 smClnt = SessionMgrClient(uri=session['ndgSec']['h'], 34 34 tracefile=g.ndg.security.client.ssoclient.cfg.tracefile, 35 **g.ndg.security. server.ssoservice.cfg.wss)35 **g.ndg.security.client.ssoclient.cfg.wss) 36 36 except Exception, e: 37 37 log.error("logout - creating Session Manager client: %s" % e) … … 53 53 def _cleanupAndRedirect(self): 54 54 """Remove security session and call _redirect""" 55 log.debug("LogoutController._cleanupAndRedirect...") 56 55 57 try: 56 58 # easy to kill our cookie -
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/lib/base.py
r3751 r3892 11 11 from pylons.templating import render 12 12 13 import ssoclient.lib.helpers as h14 import ssoclient.model as model13 import ndg.security.client.ssoclient.ssoclient.lib.helpers as h 14 import ndg.security.client.ssoclient.ssoclient.model as model 15 15 16 16 import urllib … … 19 19 20 20 from ndg.security.common.pylons.security_util import setSecuritySession, \ 21 LoginServiceQuery21 SSOServiceQuery, SecuritySession 22 22 23 23 import logging … … 51 51 52 52 log.debug('Switching from https to http...') 53 returnToURL = g.ndg.security.client.ssoclient.cfg.server + self.pathInfo 53 returnToURL = g.ndg.security.client.ssoclient.cfg.server + \ 54 self.pathInfo 54 55 55 # Re -construct the URL removing the security related arguments56 qs = LoginServiceQuery.stripFromURI()56 # Reconstruct the URL removing the security related arguments 57 qs = SSOServiceQuery.stripFromURI() 57 58 if qs: 58 59 returnToURL += "?" + qs 59 60 60 61 log.debug('URL transport switched to http: "%s"' % returnToURL) 61 62 h.redirect_to(returnToURL) 62 63 64 elif 'logout' in request.params: 65 # Request comes from a successful logout call. Clean up any 66 # security cookies in this domain 67 log.debug("Removing security details following logout ...") 68 69 returnToURL = g.ndg.security.client.ssoclient.cfg.server + \ 70 self.pathInfo 71 72 # Reconstruct the URL removing the logout flag argument 73 qs = SSOServiceQuery.stripFromURI('logout') 74 if qs: 75 returnToURL += "?" + qs 76 77 # Delete security session cookie details 78 SecuritySession.delete() 79 80 # Redirect to cleaned up URL 81 h.redirect_to(returnToURL) 82 83 63 84 def __call__(self, environ, start_response): 64 85 # Insert any code to be run per request here. The Routes match … … 71 92 log.debug("environ = %s" % environ) 72 93 log.debug("_"*80) 73 log.debug("start_response = %s" % start_response)74 log.debug("_"*80)75 94 76 95 self.pathInfo = urllib.quote(environ.get('PATH_INFO', '')) … … 78 97 # construct URL picking up setting of server name from config to 79 98 # avoid exposing absolute URL hidden behind mod_proxy see #857 80 c.requestURL = g.ndg.security.client.ssoclient.cfg.server + self.pathInfo 99 c.requestURL = g.ndg.security.client.ssoclient.cfg.server + \ 100 self.pathInfo 81 101 qs = '&'.join(["%s=%s" % item for item in request.params.items()]) 82 102 if qs: 83 103 c.requestURL += '?' + qs 84 104 105 self._environ = environ 106 85 107 return WSGIController.__call__(self, environ, start_response) 86 108 -
TI12-security/trunk/python/ndg.security.client/ndg/security/client/ssoclient/ssoclient/templates/ndg/security/ndgPage.kid
r3751 r3892 97 97 c.b64encReturnTo = urlsafe_b64encode(c.requestURL) 98 98 ?> 99 <form action="$g.ndg.security.client.ssoclie 6nt.cfg.logoutURI">99 <form action="$g.ndg.security.client.ssoclient.cfg.logoutURI"> 100 100 <input type="hidden" name="r" value="${c.b64encReturnTo}"/> 101 101 <input type="submit" value="Logout"/> -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/__init__.py
r2954 r3892 18 18 # installation of SQLObject 19 19 __all__ = [ 20 'authz', 20 21 'AttAuthority', 21 22 'AttCert', … … 23 24 'm2CryptoSSLUtility', 24 25 'openssl', 25 ' SessionCookie',26 'sessionCookie', 26 27 'SessionMgr', 27 28 'wsSecurity', 28 29 'X509', 29 'XMLSec' 30 'XMLSec', 31 'zsi_utils' 30 32 ] -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/m2CryptoSSLUtility.py
r2954 r3892 80 80 @param host: name of host to check 81 81 """ 82 if peerCert is None: 83 raise SSL.Checker.NoCertificate(\ 84 'SSL Peer did not return certificate') 85 82 86 peerCertDN = '/'+peerCert.get_subject().as_text().replace(', ', '/') 83 87 try: … … 100 104 x509Cert2Verify=X509Cert(m2CryptoX509=peerCert)) 101 105 except Exception, e: 102 raise InvalidCertSignature , \103 "Peer certificate verification against CA cert failed: %s" % e 106 raise InvalidCertSignature( 107 "Peer certificate verification against CA cert failed: %s" % e) 104 108 105 109 # They match - drop the exception and return all OK instead … … 129 133 if not isinstance(caCertFilePathList, list) and \ 130 134 not isinstance(caCertFilePathList, tuple): 131 raise AttributeError , \132 'Expecting a list or tuple for "caCertFilePathList"' 135 raise AttributeError( 136 'Expecting a list or tuple for "caCertFilePathList"') 133 137 134 138 self.__caCertStack = X509Stack() … … 175 179 if 'readTimeout' in kw: 176 180 if not isinstance(readTimeout, SSL.timeout): 177 raise AttributeError ,"readTimeout must be of type " + \178 "M2Crypto.SSL.timeout"181 raise AttributeError("readTimeout must be of type " + \ 182 "M2Crypto.SSL.timeout") 179 183 self.readTimeout = readTimeout 180 184 del kw['readTimeout'] … … 184 188 if 'writeTimeout' in kw: 185 189 if not isinstance(writeTimeout, SSL.timeout): 186 raise AttributeError ,"writeTimeout must be of type " + \187 "M2Crypto.SSL.timeout"190 raise AttributeError("writeTimeout must be of type " + \ 191 "M2Crypto.SSL.timeout") 188 192 self.writeTimeout = writeTimeout 189 193 del kw['writeTimeout'] -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/pylons/security_util.py
r3755 r3892 71 71 72 72 class LoginServiceQueryError(Exception): 73 """Error handling for LoginServiceQuery - a class which handles the73 """Error handling for SSOServiceQuery - a class which handles the 74 74 parsing of security args in a HTTP GET request for the LoginService""" 75 75 76 class LoginServiceQuery(object):76 class SSOServiceQuery(object): 77 77 """Create query string containing security credentials. This is used by 78 78 the Identity Provider pass the credentials over a HTTP GET back to the … … 124 124 @return: URL query string with security args removed""" 125 125 keys = params or cls.keys 126 return cls.argSep.join(['%s=%s' % (i, request.params[i]) \127 for i in request.params if i not in keys]) 126 return str(cls.argSep.join(['%s=%s' % (i, request.params[i]) \ 127 for i in request.params if i not in keys])) 128 128 129 129 @classmethod … … 151 151 152 152 return keys 153 154 # Backwards compatibility 155 LoginServiceQuery = SSOServiceQuery 153 156 154 157 # TODO: this could be used in the future to replace parts of BaseController. -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/wsSecurity.py
r3790 r3892 254 254 if cfgFilePath: 255 255 log.debug("SignatureHandler.__init__: Processing config file...") 256 self.cfg.read(cfgFilePath, section=cfgFileSection) 256 self.cfg.read(cfgFilePath) 257 self.cfg.parse(section=cfgFileSection) 257 258 258 259 # Also update config from keywords set -
TI12-security/trunk/python/ndg.security.common/ndg/security/common/wssecurity/__init__.py
r3790 r3892 45 45 46 46 def __init__(self, cfg=SafeConfigParser()): 47 '''Initialise settings from an existing config file object or the 48 given path to config file 49 50 @type cfg: SafeConfigParser or string 51 @param cfg: config object instance or file path to config file to be 52 parsed''' 53 47 54 dict.__init__(self) 48 self._cfg = cfg49 55 50 56 # Initialise parameters from ref in class var 51 57 self._param = WSSecurityConfig.defParam.copy() 52 58 53 54 def read(self, *arg, **kw): 55 '''Read ConfigParser object but also set _param dict''' 59 if isinstance(cfg, basestring): 60 # Assume file path to be read 61 self.read(cfg) 62 else: 63 # Assume existing config type object 64 self._cfg = cfg 65 66 67 def read(self, *arg): 68 '''Read ConfigParser object''' 69 self._cfg = SafeConfigParser() 56 70 self._cfg.read(*arg) 57 58 # This enables WS-Security params to be set in a config file with 59 # other sections e.g. params could be under the section 'wssecurity' 71 72 73 def parse(self, **kw): 74 '''Extract items from config file and place in dict 75 @type **kw: dict 76 @param **kw: this enables WS-Security params to be set in a config file 77 with other sections e.g. params could be under the section 'wssecurity' 78 ''' 60 79 if 'section' in kw: 61 80 section = kw['section'] -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py
r3754 r3892 4 4 P J Kershaw 18/03/08 5 5 ''' 6 from os.path import expandvars as xpdvars 7 import logging 8 log = logging.getLogger(__name__) 6 9 7 10 class ndg: … … 13 16 class ssoservice: 14 17 cfg = None 18 class client: 19 '''Client class is also needed for BaseController handler to handle 20 responses from Single Sign On IdP''' 21 class ssoclient: 22 class cfg: 23 '''Placeholder for server and sslServer attributes''' 15 24 16 25 class SSOMiddleware: 17 18 def __init__(self, app, cfgFilePath, appGlobals): 26 27 def __init__(self, app, cfg, appGlobals, **kw): 28 log.debug("SSOMiddleware.__init__ ...") 19 29 self.app = app 20 ndg.security.server.ssoservice.cfg = SecurityConfig(cfgFilePath) 21 ndg.security.server.ssoservice.cfg.read() 30 ndg.security.server.ssoservice.cfg = SSOServiceConfig(cfg, **kw) 31 32 # Copy into client for the benefit of 33 # ndg.security.client.ssoclient.ssoclient.lib.base.BaseController 34 # used to process responses back from SSO IdP 35 ndg.security.client.ssoclient.cfg.server = \ 36 ndg.security.server.ssoservice.cfg.server 37 ndg.security.client.ssoclient.cfg.sslServer = \ 38 ndg.security.server.ssoservice.cfg.sslServer 39 22 40 appGlobals.ndg = ndg 23 41 24 42 def __call__(self, environ, start_response): 25 43 26 # environ['securityConfig'] = self.config27 44 return self.app(environ, start_response) 28 45 … … 32 49 from ndg.security.common.wssecurity import WSSecurityConfig 33 50 34 class S ecurityConfigError(Exception):51 class SSOServiceConfigError(Exception): 35 52 """Handle errors from parsing security config items""" 36 53 37 class S ecurityConfig(object):54 class SSOServiceConfig(object): 38 55 """Get Security related parameters from the Pylons NDG config file""" 39 56 40 def __init__(self, cfg FilePath=None):57 def __init__(self, cfg=None, **parseKw): 41 58 '''Get PKI settings for Attribute Authority and Session Manager from 42 59 the configuration file 43 60 44 @type cfg FilePath: pylons config file object45 @param cfg FilePath: reference to NDG configuration file. If omitted46 defaults to request.environ['ndgConfig']'''61 @type cfg: config file object or string 62 @param cfg: reference to NDG configuration file or config file object 63 ''' 47 64 48 self.cfgFilePath = cfgFilePath49 self.gk = None50 65 self.wss = {} 51 66 52 def read(self): 67 if isinstance(cfg, basestring): 68 # Assume file path to be read 69 self.read(cfg) 70 else: 71 # Assume existing config type object 72 self.cfg = cfg 73 74 if self.cfg: 75 self.parse(**parseKw) 76 77 78 def read(self, cfgFilePath): 53 79 '''Read content of config file into object''' 54 cfg = ConfigParser() 55 cfg.read(self.cfgFilePath) 56 57 tracefileExpr = cfg.get('NDG_SECURITY', 'tracefile') 58 if tracefileExpr: 59 self.tracefile = eval(tracefileExpr) 80 self.cfg = ConfigParser() 81 self.cfg.read(cfgFilePath) 82 60 83 61 self.smURI = cfg.get('NDG_SECURITY', 'sessionMgrURI') 62 self.aaURI = cfg.get('NDG_SECURITY', 'attAuthorityURI') 84 def parse(self, 85 defSection='DEFAULT', 86 layoutSection='layout', 87 wssSection='NDG_SECURITY.wssecurity'): 88 '''Extract content of config file object into self''' 89 90 if self.cfg.has_option(defSection, 'tracefile'): 91 self.tracefile = eval(self.cfg.get(defSection,'tracefile')) 92 else: 93 self.tracefile = None 94 95 self.smURI = self.cfg.get(defSection, 'sessionMgrURI') 96 self.aaURI = self.cfg.get(defSection, 'attAuthorityURI') 63 97 64 98 # ... for SSL connections to security web services 65 99 try: 66 100 self.sslCACertFilePathList = \ 67 cfg.get('NDG_SECURITY', 'sslCACertFilePathList').split()101 xpdvars(self.cfg.get(defSection, 'sslCACertFilePathList')).split() 68 102 69 103 except AttributeError: 70 raise S ecurityConfigError, \104 raise SSOServiceConfigError, \ 71 105 'No "sslCACertFilePathList" security setting' 72 106 73 self.sslPeerCertCN = cfg.get('NDG_SECURITY', 'sslPeerCertCN', None) 107 # If no separate WS-Security config file is set then read these params 108 # from the current config file 109 if self.cfg.has_option(defSection, 'wssCfgFilePath'): 110 path = self.cfg.get(defSection,'wssCfgFilePath', None) 111 wssCfgFilePath = xpdvars(path) 112 else: 113 wssCfgFilePath = None 114 115 wss = WSSecurityConfig(cfg=wssCfgFilePath or self.cfg) 116 wss.parse(section=wssSection) 74 117 75 wssCfgFilePath = cfg.get('NDG_SECURITY', 'wssCfgFilePath', None)76 wss = WSSecurityConfig()77 wss.read(wssCfgFilePath)78 118 79 119 # Cast to standard dict because WSSecurityConfig object can't be … … 81 121 # TODO: check for cleaner solution - dict(wss) 82 122 self.wss = dict(wss.items()) 83 84 # # ...and for WS-Security digital signature85 # self.wssCertFilePath = cfg.get('NDG_SECURITY', 'wssCertFilePath')86 # self.wssPriKeyFilePath = cfg.get('NDG_SECURITY', 'wssKeyFilePath')87 # self.wssPriKeyPwd = cfg.get('NDG_SECURITY', 'wssKeyPwd')88 #89 # try:90 # self.wssCACertFilePathList = \91 # cfg.get('NDG_SECURITY', 'wssCACertFilePathList').split()92 #93 # except AttributeError:94 # raise SecurityConfigError, \95 # 'No "wssCACertFilePathList" security setting'96 #97 # # Inclusive namespace prefixes for Exclusive C14N98 # try:99 # self.wssRefInclNS = cfg.get('NDG_SECURITY', 'wssRefInclNS').split()100 #101 # except AttributeError:102 # raise SecurityConfigError, 'No "wssRefInclNS" security setting'103 #104 # try:105 # self.wssSignedInfoInclNS = cfg.get('NDG_SECURITY',106 # 'wssSignedInfoInclNS').split()107 # except AttributeError:108 # raise SecurityConfigError, \109 # 'No "wssSignedInfoInclNS" security setting'110 123 111 124 … … 113 126 114 127 # Attribute Certificate Issuer 115 self.acIssuer = cfg.get('NDG_SECURITY', 'acIssuer')128 self.acIssuer = self.cfg.get(defSection, 'acIssuer') 116 129 117 130 # verification of X.509 cert back to CA 118 131 try: 119 self.acCACertFilePathList = cfg.get('NDG_SECURITY',120 'acCACertFilePathList') .split()132 self.acCACertFilePathList = xpdvars(self.cfg.get(defSection, 133 'acCACertFilePathList')).split() 121 134 except AttributeError: 122 raise S ecurityConfigError, \123 'No "acCACertFilePathList" security setting' 135 raise SSOServiceConfigError( 136 'No "acCACertFilePathList" security setting') 124 137 125 138 # Hostname 126 self.server= cfg.get('NDG_SECURITY', 'server', '')139 self.server=self.cfg.get(defSection, 'server', '') 127 140 128 141 # For secure connections 129 self.sslServer = cfg.get('NDG_SECURITY', 'sslServer', '')142 self.sslServer = self.cfg.get(defSection, 'sslServer', '') 130 143 131 144 # These URLs are referred from template files 132 145 self.getCredentials = '%s/getCredentials' % self.sslServer 133 self.logout = '%s/logout' % self.server146 self.logoutURI = '%s/logout' % self.server 134 147 135 148 # Where Are You From URI 136 149 self.wayfuri='%s/wayf' % self.server 137 150 138 self.localLink= cfg.get('layout', 'localLink', None)139 self.localImage= cfg.get('layout', 'localImage', None)140 self.localAlt= cfg.get('layout', 'localAlt', 'Visit Local Site')141 self.ndgLink= cfg.get('layout', 'ndgLink', 'http://ndg.nerc.ac.uk')142 self.ndgImage= cfg.get('layout', 'ndgImage', None)143 self.ndgAlt= cfg.get('layout', 'ndgAlt','Visit NDG')144 self.stfcLink= cfg.get('layout', 'stfcLink')145 self.stfcImage= cfg.get('layout', 'stfcImage')146 self.helpIcon= cfg.get('layout', 'helpIcon')147 self.LeftAlt= cfg.get('layout', 'HdrLeftAlt')148 self.LeftLogo= cfg.get('layout', 'HdrLeftLogo')151 self.localLink=self.cfg.get(layoutSection, 'localLink', None) 152 self.localImage=self.cfg.get(layoutSection, 'localImage', None) 153 self.localAlt=self.cfg.get(layoutSection, 'localAlt', 'Visit Local Site') 154 self.ndgLink=self.cfg.get(layoutSection, 'ndgLink', 'http://ndg.nerc.ac.uk') 155 self.ndgImage=self.cfg.get(layoutSection, 'ndgImage', None) 156 self.ndgAlt=self.cfg.get(layoutSection, 'ndgAlt','Visit NDG') 157 self.stfcLink=self.cfg.get(layoutSection, 'stfcLink') 158 self.stfcImage=self.cfg.get(layoutSection, 'stfcImage') 159 self.helpIcon=self.cfg.get(layoutSection, 'helpIcon') 160 self.LeftAlt=self.cfg.get(layoutSection, 'HdrLeftAlt') 161 self.LeftLogo=self.cfg.get(layoutSection, 'HdrLeftLogo') 149 162 self.pageLogo="bodcHdr" 150 self.icons_xml= cfg.get('layout','Xicon')151 self.icons_plot= cfg.get('layout','plot')152 self.icons_prn= cfg.get('layout', 'printer')163 self.icons_xml=self.cfg.get(layoutSection,'Xicon') 164 self.icons_plot=self.cfg.get(layoutSection,'plot') 165 self.icons_prn=self.cfg.get(layoutSection, 'printer') 153 166 154 self.disclaimer = cfg.get('DEFAULT', 'disclaimer')167 self.disclaimer = self.cfg.get('DEFAULT', 'disclaimer') 155 168 156 169 -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/login.py
r3754 r3892 1 1 import logging 2 2 3 from sso.lib.base import *4 from ndg.security.common.pylons.security_util import setSecuritySession, SecuritySession,\5 LoginServiceQuery3 from ndg.security.server.sso.sso.lib.base import * 4 from ndg.security.common.pylons.security_util import setSecuritySession, \ 5 SecuritySession, SSOServiceQuery 6 6 from ndg.security.common.AttAuthority import AttAuthorityClient 7 7 from ndg.security.common.SessionMgr import SessionMgrClient, SessionExpired, \ … … 27 27 if 'ndgSec' not in session: 28 28 log.debug('No security session details found - offering login...') 29 return render('ndg.security. login')29 return render('ndg.security.kid', 'ndg.security.login') 30 30 31 31 # Session is set in this domain - check it … … 42 42 SecuritySession.delete() 43 43 response.status_code = 400 44 return render('ndg.security. login')44 return render('ndg.security.kid', 'ndg.security.login') 45 45 46 46 # Check session status … … 55 55 SecuritySession.delete() 56 56 response.status_code = 400 57 return render('ndg.security. login')57 return render('ndg.security.kid', 'ndg.security.login') 58 58 59 59 if bSessOK: … … 66 66 "from cookie and re-displaying login...") 67 67 SecuritySession.delete() 68 return render('ndg.security. login')68 return render('ndg.security.kid', 'ndg.security.login') 69 69 70 70 … … 79 79 if 'username' not in request.params: 80 80 log.debug("No username set - rendering login...") 81 return render('ndg.security. login')81 return render('ndg.security.kid', 'ndg.security.login') 82 82 83 83 try: … … 95 95 log.error("Login: initialising SessionMgrClient: %s" % e) 96 96 response.status_code = 400 97 return render('ndg.security. login')97 return render('ndg.security.kid', 'ndg.security.login') 98 98 99 99 # Connect to Session Manager … … 107 107 log.error("Session Manager connect returned: %s" % e) 108 108 response.status_code = 401 109 return render('ndg.security. login')109 return render('ndg.security.kid', 'ndg.security.login') 110 110 111 111 # Cache user attributes in Session Manager … … 119 119 c.xml = "Session has expired, please re-login" 120 120 response.status_code = 401 121 return render('ndg.security. login')121 return render('ndg.security.kid', 'ndg.security.login') 122 122 123 123 except AttributeRequestDenied, e: … … 126 126 "account. Please check with your site administrator." 127 127 response.status_code = 401 128 return render('ndg.security. login')128 return render('ndg.security.kid', 'ndg.security.login') 129 129 130 130 except Exception, e: … … 133 133 "your site administrator." 134 134 response.status_code = 400 135 return render('ndg.security. login')135 return render('ndg.security.kid', 'ndg.security.login') 136 136 137 137 log.debug('Completing login...') … … 145 145 session.save() 146 146 147 log.debug("session = %s" % session) 147 148 log.info("user %s logged in with roles %s" % (session['ndgSec']['u'], 148 149 session['ndgSec']['roles'])) … … 177 178 # details into the URL query string 178 179 if '?' in returnToURL: 179 returnToURL += '&%s' % LoginServiceQuery()180 returnToURL += '&%s' % SSOServiceQuery() 180 181 else: 181 returnToURL += '?%s' % LoginServiceQuery()182 returnToURL += '?%s' % SSOServiceQuery() 182 183 183 184 # Check return-to address by examining peer cert … … 197 198 "Attribute Authority [%s] expecting DN for SSL peer one of: %s" % \ 198 199 (g.ndg.security.server.ssoservice.cfg.aaURI, requestServerDN)) 199 hostCheck=HostCheck(acceptedDNs=requestServerDN, 200 caCertFilePathList=g.ndg.security.server.ssoservice.cfg.sslCACertFilePathList) 200 201 hostCheck = HostCheck(acceptedDNs=requestServerDN, 202 caCertFilePathList=\ 203 g.ndg.security.server.ssoservice.cfg.sslCACertFilePathList) 204 201 205 testConnection = HTTPSConnection(returnToURLHostname, 202 206 None, … … 213 217 Please report this to your site administrator.""" % returnToURLHostname 214 218 response.status_code = 400 215 return render('ndg.security. login')219 return render('ndg.security.kid', 'ndg.security.login') 216 220 finally: 217 221 testConnection.close() … … 225 229 "LoginController._redirect: no redirect URL set - render login page") 226 230 c.xml='Logged in' 227 return render('ndg.security. login')231 return render('ndg.security.kid', 'ndg.security.login') -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/logout.py
r3754 r3892 1 from sso.lib.base import *1 from ndg.security.server.sso.sso.lib.base import * 2 2 from ndg.security.common.pylons.security_util import SecuritySession 3 3 import logging … … 16 16 ''' 17 17 18 19 18 def index(self): 20 19 '''Logout - remove session from Session Manager tidy up cookie''' … … 76 75 log.error("logout - decoding return URL: %s" % e) 77 76 c.xml = "Error carrying out browser redirect following logout" 78 return render('ndg.security. error')77 return render('ndg.security.kid', 'ndg.security.error') 79 78 80 79 # Check for 'getCredentials' - avoid in case username/password … … 86 85 b64decReturnTo = b64decReturnTo[:getCredentialsIdx] + '/login' 87 86 87 # Add flag indicating to caller that logout succeeded. The caller 88 # can use this to remove any security cookie present in their 89 # domain - See: 90 # ndg.security.client.ssoclient.ssoclient.lib.base.BaseController 91 if '?' in b64decReturnTo: 92 b64decReturnTo += '&logout=1' 93 else: 94 b64decReturnTo += '?logout=1' 95 88 96 # and now go back to whence we had come 89 97 log.debug("LogoutController._redirect: redirect to %s" % \ … … 92 100 else: 93 101 log.debug("LogoutController._redirect: no redirect URL set.") 94 return render('ndg.security. error')102 return render('ndg.security.kid', 'ndg.security.error') -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py
r3754 r3892 1 1 import logging 2 2 3 from sso.lib.base import *3 from ndg.security.server.sso.sso.lib.base import * 4 4 from ndg.security.common.AttAuthority import AttAuthorityClient 5 5 import base64 … … 15 15 """For each action, get 'r' return to URL argument from current URL 16 16 query string. c.b64encReturnTo is used in some of the .kid files""" 17 c.b64encReturnTo = request.params.get('r', '')17 c.b64encReturnTo = str(request.params.get('r', '')) 18 18 log.debug("WayfController.__before__: c.b64encReturnTo = %s" % \ 19 19 c.b64encReturnTo) … … 55 55 session.save() 56 56 57 return render('ndg.security.wayf') 57 # Use an alias 'ndg.security.kid' to integration with another pylons 58 # code stack. The alias tells render to pick up the template from a 59 # separate SSO templates directory to whatever is the default 60 return render('ndg.security.kid', 'ndg.security.wayf') -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/lib/base.py
r3754 r3892 11 11 from pylons.templating import render 12 12 13 import sso.lib.helpers as h14 import sso.model as model13 import ndg.security.server.sso.sso.lib.helpers as h 14 import ndg.security.server.sso.sso.model as model 15 15 16 16 import urllib … … 19 19 20 20 from ndg.security.common.pylons.security_util import setSecuritySession, \ 21 LoginServiceQuery21 SSOServiceQuery 22 22 23 23 import logging -
TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/wayf.kid
r3754 r3892 21 21 redirected back to the URL: <a href="${c.returnTo}">${c.returnTo}</a></p> 22 22 </div> 23 <div py:replace="footer( )"/>23 <div py:replace="footer(showLoginStatus=False)"/> 24 24 </body> 25 26 <div py:def="footer(showLoginStatus=False)" id="Footer">27 <center><table><tbody>28 <tr>29 <td align="center" width="60%">30 <table><tbody>31 <tr><td><span py:replace="linkimage(g.ndg.security.server.ssoservice.cfg.ndgLink,g.ndg.security.server.ssoservice.cfg.ndgImage,'NDG')"/></td>32 <td> This portal is a product of the <a href="http://ndg.nerc.ac.uk"> NERC DataGrid</a>33 Not all functionality is completely implemented, bugs and problems are expected </td>34 </tr>35 </tbody></table>36 </td>37 <td width="40%" align="center">38 <div id="loginStatus">39 <!--! now we choose one of the next two (logged in or not) -->40 <div py:if="'ndgSec' in session"><table><tbody><tr><td> User [${session['ndgSec']['u']}] logged in41 at [${session['ndgSec']['h']}] with roles [${session['ndgSec']['roles']}]</td><td>42 <span py:replace="logOut()"/></td></tr></tbody></table></div>43 <div py:if="'ndgSec' not in session"></div>44 </div>45 </td>46 <td><span py:replace="linkimage(g.ndg.security.server.ssoservice.cfg.stfcLink,g.ndg.security.server.ssoservice.cfg.stfcImage,'Hosted by the STFC CEDA')"/></td>47 </tr>48 </tbody></table></center>49 </div>50 25 </html>
Note: See TracChangeset
for help on using the changeset viewer.