Changeset 4773 for TI12-security


Ignore:
Timestamp:
09/01/09 09:27:53 (11 years ago)
Author:
pjkersha
Message:
  • Added Paster template ndgsecurity_services_with_sso - the saem as default_deployment but includes config for the Single Sign On service as well.
  • Fix to default deployment - include test cert and key for WS-Security Signature Handler
  • Fixes to Single Sign On service: openIDEnabled flag in config now enables/disables OpenID div in wayf.kid + return to URL now correctly initialised to
Location:
TI12-security/trunk/python
Files:
52 added
8 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/default_deployment/attributeauthority/mapConfig.xml_tmpl

    r4674 r4773  
    22<AAmap> 
    33    <thisHost name="${attributeAuthorityID}"> 
     4        <siteName>${siteName}</siteName> 
    45        <aaURI>http://localhost:8000/AttributeAuthority</aaURI> 
    56        <loginURI>https://localhost/sso/login</loginURI> 
     
    89            <loginRequestServerDN>/C=UK/ST=Oxfordshire/O=STFC/OU=BADC/CN=localhost</loginRequestServerDN> 
    910        </thisHost> 
    10     <trusted name="Site C"> 
     11    <trusted name="Site C Identifier"> 
     12        <siteName>Site C's full name</siteName> 
    1113        <aaURI>http://aa.sitec.blah</aaURI> 
    1214        <loginURI>https://www.sitec.blah/login</loginURI> 
     
    1618        <role remote="StaffMember" local="staff"/> 
    1719    </trusted> 
    18     <trusted name="Site D"> 
     20    <trusted name="Site D Identifier"> 
     21        <siteName>Site D's full name</siteName> 
    1922        <aaURI>http://aa.sited.blah</aaURI> 
    2023        <loginURI>https://www.sited.blah/login</loginURI> 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/default_deployment/services.ini_tmpl

    r4770 r4773  
    1010# Author: P J Kershaw 
    1111# date: 30/11/05 
    12 # Copyright: (C) 2008 STFC & NERC 
     12# Copyright: (C) 2008 STFC 
    1313# license: This software may be distributed under the terms of the Q Public  
    1414# License, version 1.0 or later. 
     
    300300# Certificate associated with private key used to sign a message.  The sign  
    301301# method will add this to the BinarySecurityToken element of the WSSE header.   
    302 wssecurity.signingCertFilePath=%(here)s/wssecurity/server.crt 
     302wssecurity.signingCertFilePath=%(here)s/pki/wsse-server.crt 
    303303 
    304304# PEM encoded private key file 
    305 wssecurity.signingPriKeyFilePath=%(here)s/wssecurity/server.key 
     305wssecurity.signingPriKeyFilePath=%(here)s/pki/wsse-server.key 
    306306 
    307307# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/template.py

    r4692 r4773  
    1313     
    1414vars = [ 
     15    var('siteName',  
     16        ('Full name for this site used by the Attribute Authority to describe ' 
     17         'this site'), 
     18        default='NDG Partner Site'), 
    1519    var('attributeAuthorityID',  
    1620        ('Unique identity by which this Attribute Authority will be known by ' 
     
    2428    vars = vars 
    2529 
     30# Single Sign On Service not included in this template 
     31#    def write_files(self, command, output_dir, vars): 
     32#        '''Extend to enable substitutions for Single Sign On Service config 
     33#        file''' 
     34#        if output_dir.startswith('./'): 
     35#            outDir = output_dir.lstrip('./') 
     36#        else: 
     37#            outDir = output_dir 
     38#             
     39#        vars['ssoConfigDir'] = os.path.join(os.getcwd(), outDir, 'sso') 
     40#        super(DefaultDeploymentTemplate, self).write_files(command,  
     41#                                                           output_dir,  
     42#                                                           vars) 
     43         
     44class FullDeploymentTemplate(Template): 
     45    _template_dir = 'full_deployment' 
     46    summary = ('NERC DataGrid Security services full deployment template ' 
     47               'including the Single Sign On Service') 
     48    vars = vars 
     49 
    2650    def write_files(self, command, output_dir, vars): 
    2751        '''Extend to enable substitutions for Single Sign On Service config 
     
    3256            outDir = output_dir 
    3357             
    34         vars['ssoConfigDir'] = os.path.join(os.getcwd(), outDir, 'sso') 
    35         super(DefaultDeploymentTemplate, self).write_files(command,  
    36                                                            output_dir,  
    37                                                            vars) 
     58        vars['installDir'] = os.path.join(os.getcwd(), outDir) 
     59        super(FullDeploymentTemplate, self).write_files(command,  
     60                                                        output_dir,  
     61                                                        vars) 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/config/ssoServiceMiddleware.py

    r4692 r4773  
    3434                    by setting it in ndgPage.kid a template that is extended by 
    3535                    all Browse pages.''' 
    36                     returnToURL = None 
    37                     b64encReturnToURL = None 
     36                    returnToURL = '' 
     37                    b64encReturnToURL = '' 
    3838                 
    3939class SSOMiddleware(object): 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/controllers/wayf.py

    r4377 r4773  
    2222            state = g.ndg.security.common.sso.state 
    2323         
    24             state.b64encReturnToURL = str(request.params['r']) 
     24            state.b64encReturnToURL = str(request.params.get('r', '')) 
    2525            state.returnToURL = urlsafe_b64decode(str(state.b64encReturnToURL))  
    2626            log.debug("Set return to URL from 'r' query arg: r = %s"% \ 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/sso/sso/templates/ndg/security/wayf.kid

    r3960 r4773  
    1212                </ul> 
    1313            </p> 
    14                 <p>Alternatively, sign in with OpenID:</p> 
     14        <p py:if="g.ndg.security.server.sso.cfg.enableOpenID==True">Alternatively, sign in with OpenID:</p> 
    1515        </div> 
    1616    <div py:if="len(g.ndg.security.server.sso.state.trustedIdPs) == 0" py:def="trustedSitesListNotAvailable()" class="trustedSitesListNotAvailable" style="text-indent:5px">         
    1717                <h4>Where are you from?</h4> 
    1818        </div> 
    19     <div py:def="openIDSignin()" class="openIDSignin" style="text-indent:5px"> 
     19        <div py:if="g.ndg.security.server.sso.cfg.enableOpenID==True" py:def="openIDSignin()" class="openIDSignin" style="text-indent:5px"> 
    2020                <form action="$g.ndg.security.server.sso.cfg.server/verify" method="post"> 
    2121                  <table cellspacing="0" border="0" cellpadding="5"> 
  • TI12-security/trunk/python/ndg.security.server/setup.py

    r4770 r4773  
    3838    [paste.paster_create_template] 
    3939    ndgsecurity_services=ndg.security.server.paster_templates.template:DefaultDeploymentTemplate 
     40    ndgsecurity_services_with_sso=ndg.security.server.paster_templates.template:FullDeploymentTemplate 
    4041    """ 
    41      
     42    
    4243_longDescription = """\ 
    4344NDG Security is the security system for the UK Natural Environment Research 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singleSignOnService/sso.cfg

    r4739 r4773  
    5050 
    5151# Flag to enable OpenID login 
    52 enableOpenID: True 
     52#enableOpenID: True 
    5353 
    5454# Service addresses - connect to a remote service or provide a key to WSGI  
Note: See TracChangeset for help on using the changeset viewer.