Ignore:
Timestamp:
06/02/09 16:56:59 (11 years ago)
Author:
pjkersha
Message:

Major progress on authentication and authorisation WSGI chain:

  • integration test harness in ndg.security.test.integration.authz
    • chain PEP middleware catches secured URIs. If URI is a secured one, it sets the status to 403.
    • The 403 status is caught by the PDP. The PDP checks for a login cookie, if not set it sets 401 Unauthorized
    • 401 is caught by OpenID handler and sets OpenID signin form response so that the user can login
    • If the user is logged in, the PDP checks authZ credentials (TODO) if not set it sets a 403 status and responds with an access denied message
  • The PDP uses authkit.authenticate.multi.MultiHandler? to trap 403 responses from the PEP and display an access denied message.
  • ndg.security.server.wsgi.pdp needs cleaning up in line with change to use authkit MultiHandler?
Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test
Files:
26 added
2 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/combinedservices/singlesignonservice/sso.cfg

    r4890 r4909  
    1616# content such as graphics and stylesheets 
    1717#configDir=%(here)s 
     18configDir=/home/pjkersha/workspace/security/python/ndg.security.server/ndg/security/server/sso/sso/badc_site 
    1819 
    1920# Switch from default templates package to templates/ in alternative directory 
    20 #templatesPackage: ndg.security.server.sso.sso.badc_site.templates 
     21templatesPackage: ndg.security.server.sso.sso.badc_site.templates 
    2122 
    2223# Redirect SOAP output to a file e.g. open(<somefile>, 'w') 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/openidrelyingparty/services.ini

    r4907 r4909  
    33# 
    44# Paste configuration for OpenID Relying Party test service 
    5 # * Session Manager 
    6 # * Attribute Authority 
    75# 
    86# The %(here)s variable will be replaced with the parent directory of this file 
     
    3432[filter:SessionMiddlewareFilter] 
    3533paste.filter_app_factory=beaker.middleware:SessionMiddleware 
    36 #beaker.session.key = sso 
    3734beaker.session.secret = somesecret 
    3835 
     
    4845 
    4946openid.relyingparty.sessionKey = beaker.session 
    50 openid.relyingparty.baseURL = http://localhost:5600 
    51 openid.relyingparty.reservedPaths = %(authkit.openid.path.process)s, %(authkit.openid.path.verify)s 
     47openid.relyingparty.baseURL = %(authkit.openid.baseurl)s 
    5248openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate 
    5349openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates 
     
    7066authkit.cookie.signoutpath = /logout 
    7167authkit.openid.path.signedin=/ 
    72 #authkit.openid.path.process=/PROCESS 
    73 #authkit.openid.path.verify=/VERIFY 
    74 authkit.openid.path.process=/process 
    75 authkit.openid.path.verify=/verify 
    7668authkit.openid.store.type=file 
    7769authkit.openid.store.config=%(here)s/data/openid 
Note: See TracChangeset for help on using the changeset viewer.