Ignore:
Timestamp:
09/01/09 13:25:52 (11 years ago)
Author:
pjkersha
Message:
  • Moved StaticURLParser app for serving OpenID Provider static content from into a Paste ini file [composit:...] - for combined services unit tests and default and full paster templates
  • Added main_app factory class method to OpenIDProviderMiddleware to fit main_app function signature required for Paste ini file to run OpenID Provider as the main app rather than as a filter.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/paster_templates/default_deployment/services.ini_tmpl

    r4773 r4775  
    55# * Session Manager 
    66# * Attribute Authority 
     7# * OpenID Provider 
    78# 
    89# The %(here)s variable will be replaced with the parent directory of this file 
     
    129130# Authentication service properties  
    130131sessionManager.authNService.moduleFilePath:  
    131 sessionManager.authNService.moduleName: ndg.security.test.combinedservices.sessionmanager.userx509certauthn 
     132sessionManager.authNService.moduleName: ndg.security.test.config.sessionmanager.userx509certauthn 
    132133sessionManager.authNService.className: UserX509CertAuthN 
    133134 
     
    143144port = 8000 
    144145 
    145 [app:mainApp] 
    146 paste.app_factory = ndg.security.server.sso.sso.config.middleware:make_app 
    147 cache_dir = %(here)s/data 
    148 beaker.session.key = sso 
    149 beaker.session.secret = somesecret 
    150  
    151 # If you'd like to fine-tune the individual locations of the cache data dirs 
    152 # for the Cache data, or the Session saves, un-comment the desired settings 
    153 # here: 
    154 #beaker.cache.data_dir = %(here)s/data/cache 
    155 #beaker.session.data_dir = %(here)s/data/sessions 
    156  
    157 # WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* 
    158 # Debug mode will enable the interactive debugging tool, allowing ANYONE to 
    159 # execute malicious code after an exception is raised. 
    160 set debug = false 
    161  
    162 configfile = %(here)s/sso/sso.cfg 
    163  
    164 # AuthKit Set-up 
    165 authkit.setup.method=openid, cookie 
    166 authkit.cookie.secret=secret encryption string 
    167 authkit.cookie.signoutpath = /logout 
    168 authkit.openid.path.signedin=/ 
    169 authkit.openid.store.type=file 
    170 authkit.openid.store.config=%(here)s/data/openid 
    171 authkit.openid.session.key = authkit_openid 
    172 authkit.openid.session.secret = random string 
    173  
    174 authkit.openid.baseurl = http://localhost 
    175  
    176 # Template for signin 
    177 authkit.openid.template.obj = ndg.security.server.sso.sso.lib.openid_util:make_template 
    178  
    179 # Handler for parsing OpenID and creating a session from it 
    180 authkit.openid.urltouser = ndg.security.server.sso.sso.lib.openid_util:url2user 
    181  
    182 # Chain of SOAP Middleware filters 
    183 [pipeline:main] 
    184 pipeline = wsseSignatureVerificationFilter  
    185                    AttributeAuthorityFilter  
    186            SessionManagerFilter  
    187            wsseSignatureFilter  
    188            httpBasicAuthFilter  
    189            SessionMiddlewareFilter 
    190            OpenIDProviderFilter 
    191            mainApp 
    192  
    193  
    194 #______________________________________________________________________________ 
    195 # Attribute Authority WSGI settings 
    196 # 
    197 [filter:AttributeAuthorityFilter] 
    198 # This filter is a container for a binding to a SOAP based interface to the 
    199 # Attribute Authority 
    200 paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware 
    201  
    202 # Use this ZSI generated SOAP service interface class to handle i/o for this 
    203 # filter 
    204 ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS 
    205  
    206 # SOAP Binding Class specific keywords are in this section identified by this 
    207 # prefix: 
    208 ServiceSOAPBindingPropPrefix = AttributeAuthority 
    209  
    210 # The AttributeAuthority class has settings in the default section above  
    211 # identified by this prefix: 
    212 AttributeAuthority.propPrefix = attributeAuthority 
    213 AttributeAuthority.propFilePath = %(here)s/services.ini 
    214 AttributeAuthority.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    215  
    216 # Provide an identifier for this filter so that main WSGI app  
    217 # CombinedServicesWSGI Session Manager filter can call this Attribute Authority 
    218 # directly 
    219 referencedFilters = filter:wsseSignatureVerificationFilter 
    220  
    221 # Path from URL for Attribute Authority in this Paste deployment 
    222 path = /AttributeAuthority 
    223  
    224 # Enable ?wsdl query argument to list the WSDL content 
    225 enableWSDLQuery = True 
    226 charset = utf-8 
    227 filterID = %(__name__)s 
    228  
    229 #______________________________________________________________________________ 
    230 # Session Manager WSGI settings 
    231 # 
    232 [filter:SessionManagerFilter] 
    233 # This filter is a container for a binding to a SOAP based interface to the 
    234 # Session Manager 
    235 paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware 
    236  
    237 # Use this ZSI generated SOAP service interface class to handle i/o for this 
    238 # filter 
    239 ServiceSOAPBindingClass = ndg.security.server.zsi.sessionmanager.SessionManagerWS 
    240  
    241 # SOAP Binding Class specific keywords are in this section identified by this 
    242 # prefix: 
    243 ServiceSOAPBindingPropPrefix = SessionManager 
    244  
    245 # The SessionManager class has settings in the default section above identified 
    246 # by this prefix: 
    247 SessionManager.propPrefix = sessionManager 
    248 SessionManager.propFilePath = %(here)s/services.ini 
    249  
    250 # This filter references other filters - a local Attribute Authority (optional) 
    251 # and a WS-Security signature verification filter (required if using signature 
    252 # to authenticate user in requests 
    253 SessionManager.attributeAuthorityFilterID = filter:AttributeAuthorityFilter 
    254 SessionManager.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    255  
    256 # The SessionManagerWS SOAP interface class needs to know about these other  
    257 # filters 
    258 referencedFilters = filter:wsseSignatureVerificationFilter  
    259                                         filter:AttributeAuthorityFilter 
    260  
    261 # Path from URL for Session Manager in this Paste deployment 
    262 path = /SessionManager 
    263  
    264 # Enable ?wsdl query argument to list the WSDL content 
    265 enableWSDLQuery = True 
    266 charset = utf-8 
    267  
    268 # Provide an identifier for this filter so that main WSGI app  
    269 # CombinedServicesWSGI can call this Session Manager directly 
    270 filterID = %(__name__)s 
    271  
    272 #______________________________________________________________________________ 
    273 # WS-Security Signature Verification 
    274 [filter:wsseSignatureVerificationFilter] 
    275 paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter 
    276 filterID = %(__name__)s 
    277  
    278 # Settings for WS-Security SignatureHandler class used by this filter 
    279 wsseCfgFilePrefix = wssecurity 
    280  
    281 # Verify against known CAs - Provide a space separated list of file paths 
    282 wssecurity.caCertFilePathList=%(here)s/ca/ndg-test-ca.crt 
    283  
    284 #______________________________________________________________________________ 
    285 # Apply WS-Security Signature  
    286 [filter:wsseSignatureFilter] 
    287 paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter 
    288  
    289 # Reference the verification filter in order to be able to apply signature 
    290 # confirmation 
    291 referencedFilters = filter:wsseSignatureVerificationFilter 
    292 wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
    293  
    294 # Last filter in chain of SOAP handlers writes the response 
    295 writeResponse = True 
    296  
    297 # Settings for WS-Security SignatureHandler class used by this filter 
    298 wsseCfgFilePrefix = wssecurity 
    299  
    300 # Certificate associated with private key used to sign a message.  The sign  
    301 # method will add this to the BinarySecurityToken element of the WSSE header.   
    302 wssecurity.signingCertFilePath=%(here)s/pki/wsse-server.crt 
    303  
    304 # PEM encoded private key file 
    305 wssecurity.signingPriKeyFilePath=%(here)s/pki/wsse-server.key 
    306  
    307 # Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
    308 # signed message.  See __setReqBinSecTokValType method and binSecTokValType  
    309 # class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
    310 # give full namespace to alternative - see  
    311 # ZSI.wstools.Namespaces.OASIS.X509TOKEN 
    312 # 
    313 # binSecTokValType determines whether signingCert or signingCertChain  
    314 # attributes will be used. 
    315 wssecurity.reqBinSecTokValType=X509v3 
    316  
    317 # Add a timestamp element to an outbound message 
    318 wssecurity.addTimestamp=True 
    319  
    320 # For WSSE 1.1 - service returns signature confirmation containing signature  
    321 # value sent by client 
    322 wssecurity.applySignatureConfirmation=True 
    323  
    324 #______________________________________________________________________________ 
    325 # Apply HTTP Basic Authentication using AuthKit to enable a convenient no SOAP 
    326 # based call to Session Manager connect method 
    327 [filter:httpBasicAuthFilter] 
    328 paste.filter_app_factory = authkit.authenticate:middleware 
    329 setup_method=basic 
    330 basic_realm=NDG Security Combined Services Tests 
    331 basic_authenticate_function=ndg.security.test.combinedservices.serverapp:CombinedServicesWSGI.httpBasicAuthentication 
    332  
    333  
    334 #______________________________________________________________________________ 
    335 # OpenID Provider WSGI Settings 
    336 [filter:OpenIDProviderFilter] 
    337 paste.filter_app_factory=ndg.security.server.wsgi.openid.provider:OpenIDProviderMiddleware 
     146[filter-app:mainApp] 
     147use = egg:Paste#httpexceptions 
     148next = cascade 
     149 
     150# Put OpenID Provider and Static URL parser together in a cascade 
     151[composit:cascade] 
     152use = egg:Paste#cascade 
     153app1 = StaticOpenIDProviderContent 
     154app2 = OpenIDProviderApp 
     155catch = 404 
     156 
     157[app:StaticOpenIDProviderContent] 
     158# Static URL Parser to serve OpenID Provider static page content such as CSS 
     159# and graphics 
     160use = egg:Paste#static 
     161document_root = %(here)s/openidprovider 
     162 
     163[app:OpenIDProviderApp] 
     164# OpenID Provider set as the main application 
     165paste.app_factory=ndg.security.server.wsgi.openid.provider:OpenIDProviderMiddleware.main_app 
    338166openid.provider.path.openidserver=/openid/endpoint 
    339167openid.provider.path.login=/openid/login 
     
    407235[filter:SessionMiddlewareFilter] 
    408236paste.filter_app_factory=beaker.middleware:SessionMiddleware 
     237# Chain of SOAP Middleware filters 
     238[pipeline:main] 
     239pipeline = wsseSignatureVerificationFilter  
     240                   AttributeAuthorityFilter  
     241           SessionManagerFilter  
     242           wsseSignatureFilter  
     243           SessionMiddlewareFilter 
     244           mainApp 
     245 
     246 
     247#______________________________________________________________________________ 
     248# Attribute Authority WSGI settings 
     249# 
     250[filter:AttributeAuthorityFilter] 
     251# This filter is a container for a binding to a SOAP based interface to the 
     252# Attribute Authority 
     253paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware 
     254 
     255# Use this ZSI generated SOAP service interface class to handle i/o for this 
     256# filter 
     257ServiceSOAPBindingClass = ndg.security.server.zsi.attributeauthority.AttributeAuthorityWS 
     258 
     259# SOAP Binding Class specific keywords are in this section identified by this 
     260# prefix: 
     261ServiceSOAPBindingPropPrefix = AttributeAuthority 
     262 
     263# The AttributeAuthority class has settings in the default section above  
     264# identified by this prefix: 
     265AttributeAuthority.propPrefix = attributeAuthority 
     266AttributeAuthority.propFilePath = %(here)s/services.ini 
     267AttributeAuthority.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
     268 
     269# Provide an identifier for this filter so that main WSGI app  
     270# CombinedServicesWSGI Session Manager filter can call this Attribute Authority 
     271# directly 
     272referencedFilters = filter:wsseSignatureVerificationFilter 
     273 
     274# Path from URL for Attribute Authority in this Paste deployment 
     275path = /AttributeAuthority 
     276 
     277# Enable ?wsdl query argument to list the WSDL content 
     278enableWSDLQuery = True 
     279charset = utf-8 
     280filterID = %(__name__)s 
     281 
     282#______________________________________________________________________________ 
     283# Session Manager WSGI settings 
     284# 
     285[filter:SessionManagerFilter] 
     286# This filter is a container for a binding to a SOAP based interface to the 
     287# Session Manager 
     288paste.filter_app_factory = ndg.security.server.wsgi.soap:SOAPBindingMiddleware 
     289 
     290# Use this ZSI generated SOAP service interface class to handle i/o for this 
     291# filter 
     292ServiceSOAPBindingClass = ndg.security.server.zsi.sessionmanager.SessionManagerWS 
     293 
     294# SOAP Binding Class specific keywords are in this section identified by this 
     295# prefix: 
     296ServiceSOAPBindingPropPrefix = SessionManager 
     297 
     298# The SessionManager class has settings in the default section above identified 
     299# by this prefix: 
     300SessionManager.propPrefix = sessionManager 
     301SessionManager.propFilePath = %(here)s/services.ini 
     302 
     303# This filter references other filters - a local Attribute Authority (optional) 
     304# and a WS-Security signature verification filter (required if using signature 
     305# to authenticate user in requests 
     306SessionManager.attributeAuthorityFilterID = filter:AttributeAuthorityFilter 
     307SessionManager.wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
     308 
     309# The SessionManagerWS SOAP interface class needs to know about these other  
     310# filters 
     311referencedFilters = filter:wsseSignatureVerificationFilter  
     312                                        filter:AttributeAuthorityFilter 
     313 
     314# Path from URL for Session Manager in this Paste deployment 
     315path = /SessionManager 
     316 
     317# Enable ?wsdl query argument to list the WSDL content 
     318enableWSDLQuery = True 
     319charset = utf-8 
     320 
     321# Provide an identifier for this filter so that main WSGI app  
     322# CombinedServicesWSGI can call this Session Manager directly 
     323filterID = %(__name__)s 
     324 
     325#______________________________________________________________________________ 
     326# WS-Security Signature Verification 
     327[filter:wsseSignatureVerificationFilter] 
     328paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:SignatureVerificationFilter 
     329filterID = %(__name__)s 
     330 
     331# Settings for WS-Security SignatureHandler class used by this filter 
     332wsseCfgFilePrefix = wssecurity 
     333 
     334# Verify against known CAs - Provide a space separated list of file paths 
     335wssecurity.caCertFilePathList=%(here)s/ca/ndg-test-ca.crt 
     336 
     337#______________________________________________________________________________ 
     338# Apply WS-Security Signature  
     339[filter:wsseSignatureFilter] 
     340paste.filter_app_factory = ndg.security.server.wsgi.wssecurity:ApplySignatureFilter 
     341 
     342# Reference the verification filter in order to be able to apply signature 
     343# confirmation 
     344referencedFilters = filter:wsseSignatureVerificationFilter 
     345wsseSignatureVerificationFilterID = filter:wsseSignatureVerificationFilter 
     346 
     347# Last filter in chain of SOAP handlers writes the response 
     348writeResponse = True 
     349 
     350# Settings for WS-Security SignatureHandler class used by this filter 
     351wsseCfgFilePrefix = wssecurity 
     352 
     353# Certificate associated with private key used to sign a message.  The sign  
     354# method will add this to the BinarySecurityToken element of the WSSE header.   
     355wssecurity.signingCertFilePath=%(here)s/pki/wsse-server.crt 
     356 
     357# PEM encoded private key file 
     358wssecurity.signingPriKeyFilePath=%(here)s/pki/wsse-server.key 
     359 
     360# Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
     361# signed message.  See __setReqBinSecTokValType method and binSecTokValType  
     362# class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
     363# give full namespace to alternative - see  
     364# ZSI.wstools.Namespaces.OASIS.X509TOKEN 
     365# 
     366# binSecTokValType determines whether signingCert or signingCertChain  
     367# attributes will be used. 
     368wssecurity.reqBinSecTokValType=X509v3 
     369 
     370# Add a timestamp element to an outbound message 
     371wssecurity.addTimestamp=True 
     372 
     373# For WSSE 1.1 - service returns signature confirmation containing signature  
     374# value sent by client 
     375wssecurity.applySignatureConfirmation=True 
     376 
    409377 
    410378# Logging configuration 
Note: See TracChangeset for help on using the changeset viewer.