Changeset 3919


Ignore:
Timestamp:
22/05/08 15:08:26 (11 years ago)
Author:
pjkersha
Message:

Initial Integration of Single Sign On Service with OpenID and Pylons AuthKit?:

  • WAYF now contains an OpenID textbox for sign in
  • No role integration carried out yet - OpenID has no better privileges than an anonymous user(!)
  • Integrated into Authkit - requires lots of config settings in pylons ini file
  • HTTP 401 error get redirected automatically to WAYF
  • Need to create an AuthKit? egg from SVN 151 checkout - will put on NDG dist

SWITCH OFF security by setting standalone = False in ndgDiscovery.

Location:
TI05-delivery/ows_framework/trunk/ows_server
Files:
1 added
7 edited

Legend:

Unmodified
Added
Removed
  • TI05-delivery/ows_framework/trunk/ows_server/development.ini

    r3893 r3919  
    2424use = egg:ows_server 
    2525cache_dir = %(here)s/data 
    26 session_key = ows_server 
    27 session_secret = somesecret 
     26session.key = ows_server 
     27session.secret = somesecret 
    2828csml_dir = /research/home/spascoe/host/saturn/data/ddc_data/obs 
    2929tmp_dir = %(here)s/data/tmp 
     
    5858#set debug = false 
    5959 
     60# AuthKit Set-up 
     61authkit.setup.method=openid, cookie 
     62authkit.cookie.secret=secret encryption string 
     63authkit.cookie.signoutpath = /logout 
     64authkit.openid.path.signedin=/ 
     65authkit.openid.store.type=file 
     66authkit.openid.store.config=%(here)s/data/openid 
     67authkit.openid.session.key = authkit_openid 
     68authkit.openid.session.secret = random string 
     69 
     70authkit.openid.baseurl = http://localhost 
     71 
     72# Template for signin 
     73authkit.openid.template.obj = ndg.security.server.sso.sso.lib.openid_util:make_template 
     74 
     75# Handler for parsing OpenID and creating a session from it 
     76authkit.openid.urltouser = ndg.security.server.sso.sso.lib.openid_util:url2user 
     77 
    6078# Logging configuration 
    6179[loggers] 
     
    82100qualname = ndg 
    83101 
     102[logger_authkit] 
     103level = DEBUG 
     104handlers = 
     105qualname = authkit 
     106 
    84107 
    85108[handler_console] 
  • TI05-delivery/ows_framework/trunk/ows_server/ndgDiscovery.config

    r3901 r3919  
    146146#wayfURI:               https://localhost/sso/wayf 
    147147# 
    148 ## Logout URI running on Single Sign On Service - omit to default to WAYF running on 
    149 ## THIS paster instance 
     148## Logout URI running on Single Sign On Service - omit to default to logout  
     149## running on THIS paster instance 
    150150#logoutURI:             https://localhost/sso/logout 
    151151 
     
    166166# sslServer and server settings must match for the sharing of cookies. 
    167167server: http://localhost 
     168 
     169enableOpenID: True 
    168170 
    169171# Redirect SOAP output to a file e.g. open(<somefile>, 'w') 
     
    184186sslCACertFilePathList: certs/ndg-test-ca.crt 
    185187 
     188# Web Services HTTP Proxy fine tuning  
     189# 
     190# For most situations, these settings can be ignored and instead make use of  
     191# the http_proxy environment variable.  They allow for the case where specific  
     192# settings are needed just for the security web services calls 
     193 
     194# Overrides the http_proxy environment variable setting - may be omitted 
     195#httpProxyHost: wwwcache.rl.ac.uk:8080 
     196 
     197# Web service clients pick up the http_proxy environment variable setting by 
     198# default.  Set this flag to True to ignore http_proxy for web service  
     199# connections.  To use the http_proxy setting, set this parameter to False or  
     200# remove it completely from this file. 
     201ignoreHttpProxyEnv: True 
    186202 
    187203# WS-Security signature handler - set a config file with 'wssCfgFilePath' 
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/config/middleware.py

    r3536 r3919  
    4444    # handling middleware underneath 
    4545 
    46     app = ndgMiddleware(app,g) 
    47     g=app.globals 
     46    app = ndgMiddleware(app, g, app_conf) 
     47    g=app.globals    
    4848     
    4949    # Configure logging 
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/config/ndgMiddleware.py

    r3901 r3919  
    99class ndgMiddleware: 
    1010     
    11     def __init__(self,app,g): 
     11    def __init__(self, app, g, app_conf): 
    1212         
    1313        #this is the next application in the wsgi stack 
     
    8686                         
    8787                 
    88             SSOMiddleware(app, cf.config, g, 
    89                           defSection='NDG_SECURITY.ssoClient') 
     88            self.app = SSOMiddleware(app, cf.config, g, app_conf, 
     89                                     defSection='NDG_SECURITY.ssoClient') 
    9090             
    91             self.globals.sslServer = g.ndg.security.client.ssoclient.cfg.sslServer 
    92             self.globals.wayfuri=g.ndg.security.client.ssoclient.cfg.wayfuri 
    93             self.globals.logout=g.ndg.security.client.ssoclient.cfg.logoutURI 
     91            self.globals.sslServer = g.ndg.security.common.sso.cfg.sslServer 
     92            self.globals.wayfuri=g.ndg.security.common.sso.cfg.wayfuri 
     93            self.globals.logout=g.ndg.security.common.sso.cfg.logoutURI 
    9494             
    9595        elif isSSOService: 
     
    104104                         
    105105                 
    106             SSOMiddleware(app, cf.config, g,  
    107                           defSection='NDG_SECURITY.ssoService') 
     106            self.app = SSOMiddleware(app, g, app_conf, 
     107                                     defSection='NDG_SECURITY.ssoService', 
     108                                     wssSection='NDG_SECURITY.wssecurity') 
    108109             
    109             self.globals.sslServer=g.ndg.security.server.ssoservice.cfg.sslServer 
    110             self.globals.wayfuri=g.ndg.security.server.ssoservice.cfg.wayfuri 
    111             self.globals.logout=g.ndg.security.server.ssoservice.cfg.logoutURI 
    112             self.globals.getCredentials=g.ndg.security.server.ssoservice.cfg.getCredentials 
     110            self.globals.sslServer=g.ndg.security.server.sso.cfg.sslServer 
     111            self.globals.wayfuri=g.ndg.security.server.sso.cfg.wayfuri 
     112            self.globals.logout=g.ndg.security.server.sso.cfg.logoutURI 
     113            self.globals.getCredentials=g.ndg.security.server.sso.cfg.getCredentials 
    113114 
    114115        # Policy Enforcement Point initialisation 
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/controllers/login.py

    r3893 r3919  
    1 import sys,cgi 
    2 from urlparse import urlsplit, urlunsplit 
    3 import base64 
    41 
    52from ows_server.lib.base import * 
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/controllers/wayf.py

    r3893 r3919  
    33log = logging.getLogger(__name__) 
    44 
    5 try: 
    6     from ndg.security.server.sso.sso.controllers.wayf import WayfController as\ 
    7         _WayfController 
    8          
    9     class WayfController(_WayfController): 
    10         '''Provides the pylons controller for Where Are You From.  This is a  
    11         wrapper class.  - All functionality is provided from  
    12         ndg.security.server.sso.sso the NDG Security Single Sign On Service  
    13         package''' 
    14              
    15 except ImportError, e: 
    16     from warnings import warn 
    17     warn("Importing WayfController for Single Sign On Service: %s" % e,  
    18          RuntimeWarning) 
    19      
    20     # Default to base version to avoid an exception if 'wayf' is invoked         
    21     class WayfController(BaseController): 
    22         ''' Raise a 404 error for case where Single Sign ON Service is disabled 
    23         '''         
    24         def index(self): 
    25             log.info("Single Sign On Service is disabled setting 404 error...") 
    26             abort(404) 
     5class WayfController(BaseController): 
     6    def index(self): 
     7        abort(401) 
     8#try: 
     9#    from ndg.security.server.sso.sso.controllers.wayf import WayfController as\ 
     10#        _WayfController 
     11#         
     12#    class WayfController(_WayfController): 
     13#        '''Provides the pylons controller for Where Are You From.  This is a  
     14#        wrapper class.  - All functionality is provided from  
     15#        ndg.security.server.sso.sso the NDG Security Single Sign On Service  
     16#        package''' 
     17#             
     18#except ImportError, e: 
     19#    from warnings import warn 
     20#    warn("Importing WayfController for Single Sign On Service: %s" % e,  
     21#         RuntimeWarning) 
     22#     
     23#    # Default to base version to avoid an exception if 'wayf' is invoked         
     24#    class WayfController(BaseController): 
     25#        ''' Raise a 404 error for case where Single Sign ON Service is disabled 
     26#        '''         
     27#        def index(self): 
     28#            log.info("Single Sign On Service is disabled setting 404 error...") 
     29#            abort(404) 
  • TI05-delivery/ows_framework/trunk/ows_server/ows_server/templates/ndgPage.kid

    r3893 r3919  
    140140            # Base 64 encode to enable passing around in 'r' argument of query 
    141141            # string for use with login/logout 
    142             c.returnTo = c.requestURL 
    143             c.b64encReturnTo = urlsafe_b64encode(c.requestURL) 
     142            g.ndg.security.common.sso.state.returnToURL = c.requestURL 
     143            g.ndg.security.common.sso.state.b64encReturnToURL = urlsafe_b64encode(c.requestURL) 
    144144            ?> 
    145145        <form action="$g.logout"> 
    146             <input type="hidden" name="r" value="${c.b64encReturnTo}"/> 
     146            <input type="hidden" name="r" value="${g.ndg.security.common.sso.state.b64encReturnToURL}"/> 
    147147            <input type="submit" value="Logout"/> 
    148148        </form> 
     
    155155            # Base 64 encode to enable passing around in 'r' argument of query 
    156156            # string for use with login/logout 
    157             c.returnTo = c.requestURL 
    158             c.b64encReturnTo = urlsafe_b64encode(c.requestURL) 
     157            g.ndg.security.common.sso.state.returnToURL = c.requestURL 
     158            g.ndg.security.common.sso.state.b64encReturnToURL = urlsafe_b64encode(c.requestURL) 
    159159            ?> 
    160160        <form action="$g.wayfuri"> 
    161             <input type="hidden" name="r" value="${c.b64encReturnTo}"/> 
     161            <input type="hidden" name="r" value="${g.ndg.security.common.sso.state.b64encReturnToURL}"/> 
    162162            <input type="submit" value="Login"/> 
    163163        </form> 
Note: See TracChangeset for help on using the changeset viewer.