Changeset 5148 for TI12-security


Ignore:
Timestamp:
30/03/09 15:11:23 (11 years ago)
Author:
pjkersha
Message:

Added capability to pass Session Manager URI over OpenID Attribute Exchange Interface:

  • Added AXInterface interface class to OpenID Provider to set custom AX response
  • Refactored ndg.security.server.wsgi.authn to handle setting of Session Manager URI passed via AuthKit? cookie from OpenID Relying Party
  • AuthKit? cookie user data is deleted once its handed to the NDG Security session management to minimize exposure as plain text in AuthKit? cookie.
Location:
TI12-security/trunk/python
Files:
3 added
9 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/Tests/xacml/test_xacml.py

    r5115 r5148  
     1'''Test creating a XACML Policy 
     2 
     3Adapted from DeveloperWorks Article: 
     4 
     5http://www.ibm.com/developerworks/xml/library/x-xacml/ 
     6 
     7P J Kershaw 18/03/09 
     8''' 
    19from ndg.security.common.authz.xacml import AttributeDesignator, TargetMatch, \ 
    210    Target, MatchFunction, EqualFunction 
     
    2331     
    2432    # Regex match to URI 
    25     resourceDesignatorType ="http://www.w3.org/2001/XMLSchema#anyURI" 
     33    resourceDesignatorType = "http://www.w3.org/2001/XMLSchema#anyURI" 
    2634    resourceDesignatorId ="urn:oasis:names:tc:xacml:1.0:resource:resource-id" 
    2735 
     
    3240                                           resourceDesignatorId) 
    3341 
    34     resourceValue = "http://localhost:7080/secured" 
    35  
    3642    resourceFunction = MatchFunction(resourceMatchId); 
     43    resourceValue = "http://localhost:7080/secured/.*" 
    3744 
    3845    resourceMatch = TargetMatch(TargetMatch.RESOURCE, 
     
    4855    return Target(subjects, resources) 
    4956 
     57def createRuleCondition(): 
     58    conditionArgs = [] 
     59 
     60    # Define the name and type of the attribute to be used in the condition 
     61    designatorType = "http://www.w3.org/2001/XMLSchema#string" 
     62    designatorId = "group" 
     63 
     64    # Pick the function that the condition uses 
     65    conditionFunction = EqualFunction( 
     66              "urn:oasis:names:tc:xacml:1.0:function:string-equal") 
     67 
     68    # Choose the function to pick one of the multiple values returned by  
     69    # AttributeDesignator 
     70    applyFunction = EqualFunction( 
     71              "urn:oasis:names:tc:xacml:1.0:function:" + "string-one-and-only") 
     72 
     73    # Create the AttributeDesignator 
     74    designator = AttributeDesignator(AttributeDesignator.SUBJECT_TARGET, 
     75                                     designatorType, 
     76                                     designatorId, 
     77                                     False, 
     78                                     None) 
     79    applyArgs = [designator] 
     80 
     81    # Create the Apply object and pass it the function and the  
     82    # AttributeDesignator. The function picks up one of the multiple values  
     83    # returned by the AttributeDesignator 
     84    apply = Apply(applyFunction, applyArgs, false) 
     85 
     86    # Add the new apply element to the list of inputs 
     87    # to the condition along with the AttributeValue 
     88    conditionArgs.add(apply) 
     89 
     90    value = StringAttribute("owner") 
     91    conditionArgs.add(value) 
     92 
     93    # Finally, create and return the condition 
     94    condition = Apply(conditionFunction, conditionArgs, true) 
     95    return condition 
     96 
     97 
     98def createRuleTarget(): 
     99    return ruleTarget 
     100 
     101def createRules(): 
     102     
     103    # Step 1: Define the identifier for the rule 
     104    ruleId = URI("ProjectPlanAccessRule") 
     105    ruleDescription = "Rule for accessing project plan" 
     106 
     107    # Step 2: Define the effect of the rule 
     108    effect = Result.DECISION_PERMIT 
     109 
     110    # Step 3: Get the target for the rule 
     111    target = createRuleTarget() 
     112 
     113    # Step 4: Get the condition for the rule 
     114    condition = createRuleCondition() 
     115 
     116    # Step 5: Create the rule 
     117    openRule = Rule(ruleId, effect, ruleDescription, target, condition) 
     118 
     119    # Create a list for the rules and add the rule to it 
     120    ruleList = [openRule] 
     121 
     122    return ruleList 
     123 
    50124if __name__ == "__main__": 
    51125    target = createPolicyTarget() 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/authz/xacml.py

    r5115 r5148  
    769769        Indeterminate result''' 
    770770        raise NotImplementedError() 
     771 
     772 
     773class Apply(Evaluatable): 
     774    '''Represents the XACML ApplyType and ConditionType XML types.''' 
     775 
     776    def __init__(self, function, evals, bagFunction=None, isCondition): 
     777        '''Constructs an Apply object. Throws an 
     778        IllegalArgumentException if the given parameter list 
     779        isn't valid for the given function. 
     780         
     781        @param function the Function to use in evaluating the elements in the  
     782        apply 
     783        @param evals the contents of the apply which will be the parameters 
     784        to the function, each of which is an Evaluatable 
     785        @param bagFunction the higher-order function to use 
     786        @param isCondition true if this Apply is a Condition, False otherwise 
     787        ''' 
     788     
     789        # check that the given inputs work for the function 
     790        inputs = evals 
     791        if bagFunction is not None: 
     792            inputs = [bagFunction] 
     793            inputs += evals 
     794         
     795        function.checkInputs(inputs) 
     796 
     797        # if everything checks out, then store the inputs 
     798        self.function = function 
     799        self.evals = tuple(evals) 
     800        self.bagFunction = bagFunction 
     801        self.isCondition = isCondition 
     802     
     803     
     804    @staticmethod 
     805    def getConditionInstance(root, xpathVersion): 
     806        '''Returns an instance of an Apply based on the given DOM 
     807        root node. This will actually return a special kind of 
     808        Apply, namely an XML ConditionType, which is the root 
     809        of the condition logic in a RuleType. A ConditionType is the same 
     810        as an ApplyType except that it must use a FunctionId that returns 
     811        a boolean value. 
     812         
     813        @param root the DOM root of a ConditionType XML type 
     814        @param xpathVersion the XPath version to use in any selectors or XPath 
     815                            functions, or null if this is unspecified (ie, not 
     816                            supplied in the defaults section of the policy) 
     817         
     818        ''' 
     819        raise NotImplementedError() 
     820          
     821    def getInstance(self, root, factory=None, isCondition=False, xpathVersion): 
     822        '''Returns an instance of Apply based on the given DOM root. 
     823         
     824        @param root the DOM root of an ApplyType XML type 
     825        @param xpathVersion the XPath version to use in any selectors or XPath 
     826                            functions, or null if this is unspecified (ie, not 
     827                            supplied in the defaults section of the policy)''' 
     828         
     829        raise NotImplementedError() 
     830     
     831    @staticmethod 
     832    def getFunction(root, version, factory): 
     833        '''Helper method that tries to get a function instance''' 
     834        raise NotImplementedError() 
     835             
     836    def getFunction(self): 
     837        '''Returns the Function used by this Apply. 
     838         
     839        @return the Function''' 
     840        return function 
     841     
     842    def getChildren(self): 
     843        '''Returns the List of children for this Apply. 
     844        The List contains Evaluatables. The list is 
     845        unmodifiable, and may be empty. 
     846         
     847        @return a List of Evaluatables''' 
     848        return self.evals 
     849     
     850    def getHigherOrderFunction(self): 
     851        '''Returns the higher order bag function used by this Apply 
     852        if it exists, or null if no higher order function is used. 
     853         
     854        @return the higher order Function or null''' 
     855        return self.bagFunction 
     856     
     857    def isCondition(self): 
     858        '''Returns whether or not this ApplyType is actually a ConditionType. 
     859         
     860        @return whether or not this represents a ConditionType''' 
     861        return isCondition 
     862 
     863    def evaluate(self, context): 
     864        '''Evaluates the apply object using the given function. This will in 
     865        turn call evaluate on all the given parameters, some of which may be 
     866        other Apply objects. 
     867         
     868        @param context the representation of the request 
     869         
     870        @return the result of trying to evaluate this apply object''' 
     871        parameters = self.evals 
     872 
     873        # see if there is a higher-order function in here 
     874        if bagFunction != None: 
     875            # this is a special case, so we setup the parameters, starting 
     876            # with the function 
     877            parameters = [bagFunction] 
     878 
     879            # now we evaluate all the parameters, returning INDETERMINATE 
     880            # if that's what any of them return, and otherwise tracking 
     881            # all the AttributeValues that get returned 
     882            for eval in self.evals: 
     883                result = eval.evaluate(context) 
     884                 
     885                # in a higher-order case, if anything is INDETERMINATE, then 
     886                # we stop right away 
     887                if result.indeterminate(): 
     888                    return result 
     889 
     890                parameters.add(result.getAttributeValue()) 
     891             
     892        # now we can call the base function 
     893        return function.evaluate(parameters, context) 
     894          
     895    def getType(self): 
     896        '''Returns the type of attribute that this object will return on a call 
     897        to evaluate. In practice, this will always be the same as 
     898        the result of calling getReturnType on the function used 
     899        by this object. 
     900         
     901        @return the type returned by evaluate''' 
     902        return self.function.getReturnType() 
     903       
     904    def evaluatesToBag(self): 
     905        '''Returns whether or not the Function will return a bag 
     906        of values on evaluation. 
     907         
     908        @return true if evaluation will return a bag of values, false otherwise 
     909        ''' 
     910        return self.function.returnsBag() 
     911 
     912    def encode(self, output, indenter): 
     913        '''Encodes this Apply into its XML representation and 
     914        writes this encoding to the given OutputStream with 
     915        indentation. 
     916         
     917        @param output a stream into which the XML-encoded data is written 
     918        @param indenter an object that creates indentation strings''' 
     919        raise NotImplementedError() 
  • TI12-security/trunk/python/ndg.security.common/ndg/security/common/utils/classfactory.py

    r5060 r5148  
    3131     
    3232    if className is None: 
    33         _moduleName, className = moduleName.rsplit(moduleName, 1) 
     33        _moduleName, className = moduleName.rsplit('.', 1) 
    3434    else: 
    3535        _moduleName = moduleName 
     
    8989             
    9090            # Import module name specified in properties file 
    91             module = __import__(moduleName) 
    92             components = moduleName.split('.') 
    93             for component in components[1:]: 
    94                 module = getattr(module, component) 
    95  
    9691            importedClass = importClass(moduleName, className=className) 
    9792        finally: 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authn.py

    r5091 r5148  
    4646from urlparse import urlparse 
    4747from paste.request import construct_url 
     48from beaker.middleware import SessionMiddleware 
    4849import authkit.authenticate 
    4950 
     
    5152    NDGSecurityMiddlewareConfigError 
    5253 
    53 class AuthNRedirectMiddleware(NDGSecurityMiddlewareBase): 
     54class AuthenticationRedirectMiddleware(NDGSecurityMiddlewareBase): 
    5455    '''Middleware to redirect to another URI if no user is set in the  
    5556    REMOTE_USER key of environ 
     
    7475    def __init__(self, app, global_conf, **app_conf): 
    7576        self._redirectURI = None 
    76         super(AuthNRedirectMiddleware, self).__init__(app,  
     77        super(AuthenticationRedirectMiddleware, self).__init__(app,  
    7778                                                      global_conf,  
    7879                                                      **app_conf) 
     
    8788         
    8889        else: 
     90            # Retrieve OpenID response parameters and set a Forbidden response 
     91            # to trigger the PEP to check to see if the requested URI is a  
     92            # secured one 
     93             
    8994            def set403Response(status, header, exc_info=None): 
    9095                return start_response(self.getStatusMessage(403), 
     
    118123        quotedReturn2URI = urllib.quote(return2URI, safe='') 
    119124        return2URIQueryArg = urllib.urlencode( 
    120                     {AuthNRedirectMiddleware.return2URIArgName:  
     125                    {AuthenticationRedirectMiddleware.return2URIArgName:  
    121126                     quotedReturn2URI}) 
    122127 
     
    152157 
    153158 
    154 class LogoutHandlerMiddleware(NDGSecurityMiddlewareBase): 
     159class SessionHandlerMiddleware(NDGSecurityMiddlewareBase): 
    155160    '''Middleware to redirect back to referrer URI following call to a logout 
    156161    URI as implemented in AuthKit''' 
    157     prefix = 'logout.' 
     162    prefix = 'sessionHandler.' 
    158163     
    159164    logoutReturn2URIArgName = 'ndg.security.logout.r' 
     
    166171 
    167172    def __init__(self, app, global_conf, prefix='', **app_conf): 
    168         #_prefix = prefix + LogoutHandlerMiddleware.prefix 
    169         super(LogoutHandlerMiddleware, self).__init__(app,  
     173        if 'beaker.session.key' in app_conf: 
     174            app_conf[prefix+'sessionKey'] = app_conf['beaker.session.key'] 
     175             
     176        super(SessionHandlerMiddleware, self).__init__(app,  
    170177                                                      global_conf, 
    171178                                                      prefix=prefix,  
     
    189196                _start_response = start_response 
    190197        else: 
     198            if 'username' not in session and 'REMOTE_USER' in environ: 
     199                session['username'] = environ['REMOTE_USER'] 
     200                 
     201            if 'REMOTE_USER_DATA' in environ: 
     202                # eval is safe here because AuthKit cookie is signed and  
     203                # AuthKit middleware checks for tampering 
     204                if 'sessionManagerURI' not in session: 
     205                    axData = eval(environ['REMOTE_USER_DATA']) 
     206                    sessionManagerURI=axData['ax']['value.sessionManagerURI.1'] 
     207                    session['sessionManagerURI'] = sessionManagerURI 
     208                 
     209                # Reset cookie removing user data 
     210                environ['paste.auth_tkt.set_user'](session['username']) 
     211                 
    191212            # Set a return to address for logout 
    192213            session[self.__class__.logoutReturn2URIArgName] = self.pathInfo 
     
    224245         
    225246        # Set logout URI parameter from AuthKit settings if not otherwise set 
    226         logoutPrefix = prefix + LogoutHandlerMiddleware.prefix 
     247        logoutPrefix = prefix + SessionHandlerMiddleware.prefix 
    227248        signoutPathParamName = logoutPrefix + 'signoutPath' 
    228249        if signoutPathParamName not in app_conf: 
     
    235256                                                    (signoutPathParamName, e)) 
    236257         
    237         app = LogoutHandlerMiddleware(app,  
    238                                       global_conf,  
    239                                       prefix=logoutPrefix, 
    240                                       **app_conf) 
    241          
    242         # Remove logout middleware specific parameters 
     258        app = SessionHandlerMiddleware(app,  
     259                                       global_conf,  
     260                                       prefix=logoutPrefix, 
     261                                       **app_conf) 
     262         
     263        # Remove session handler middleware specific parameters 
    243264        for k in app_conf.keys(): 
    244265            if k.startswith(logoutPrefix): 
    245266                del app_conf[k] 
    246                  
     267         
     268        app = SessionMiddleware(app, **app_conf) 
     269         
    247270        app = authkit.authenticate.middleware(app, app_conf) 
    248271        MultiHandler.__init__(self, app) 
    249272 
    250         self.add_method(AuthNRedirectMiddleware.id,  
    251                         AuthNRedirectMiddleware.filter_app_factory,  
     273        self.add_method(AuthenticationRedirectMiddleware.id,  
     274                        AuthenticationRedirectMiddleware.filter_app_factory,  
    252275                        global_conf, 
    253276                        prefix=prefix, 
    254277                        **app_conf) 
    255278         
    256         self.add_checker(AuthNRedirectMiddleware.id,  
    257                          AuthNRedirectMiddleware.checker) 
    258  
     279        self.add_checker(AuthenticationRedirectMiddleware.id,  
     280                         AuthenticationRedirectMiddleware.checker) 
     281 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/openid/provider/__init__.py

    r5091 r5148  
    2828from openid.consumer import discover 
    2929 
     30from ndg.security.common.utils.classfactory import instantiateClass 
    3031from ndg.security.server.wsgi import NDGSecurityMiddlewareBase         
     32from ndg.security.server.wsgi.openid.provider.axinterface import AXInterface 
    3133 
    3234 
     
    162164        raise NotImplementedError() 
    163165 
    164      
    165 class OpenIDProviderMiddlewareError(Exception): 
    166     """OpenID Provider WSGI Middleware Error""" 
    167  
    168 class OpenIDProviderConfigError(OpenIDProviderMiddlewareError): 
    169     """OpenID Provider Configuration Error""" 
    170  
    171 class OpenIDProviderMissingRequiredAXAttrs(OpenIDProviderMiddlewareError):  
     166 
     167from ndg.security.server.wsgi.openid.provider.axinterface import \ 
     168    MissingRequiredAttrs 
     169     
     170class OpenIDProviderMissingRequiredAXAttrs(MissingRequiredAttrs):  
    172171    """Raise if a Relying Party *requires* one or more attributes via 
    173172    the AX interface but this OpenID Provider cannot return them.  This doesn't 
    174173    apply to attributes that are optional""" 
     174    
     175class OpenIDProviderMiddlewareError(Exception): 
     176    """OpenID Provider WSGI Middleware Error""" 
     177 
     178class OpenIDProviderConfigError(OpenIDProviderMiddlewareError): 
     179    """OpenID Provider Configuration Error""" 
    175180 
    176181class OpenIDProviderMissingAXResponseHandler(OpenIDProviderMiddlewareError):  
     
    372377                                                self.sregResponseHandler) 
    373378             
    374         # Callable to handle OpenID Attribute Exchange (AX) requests from 
     379        # Class to handle OpenID Attribute Exchange (AX) requests from 
    375380        # the Relying Party 
    376         self.axResponseHandler = opt.get('axResponseHandler', None) 
    377         if self.axResponseHandler and not callable(self.axResponseHandler): 
    378             raise OpenIDProviderMiddlewareError("Expecting callable for " 
    379                                                 "axResponseHandler keyword, " 
    380                                                 "got %r" %  
    381                                                 self.axResponseHandler) 
     381        axResponseClassName = opt.pop('axResponse_class', None) 
     382        if axResponseClassName is not None: 
     383            axResponseProperties = dict( 
     384                [(k.replace('axResponse_', ''), v)  
     385                 for k,v in opt.items() if k.startswith('axResponse_')]) 
     386                
     387            try: 
     388                self.axResponse = instantiateClass( 
     389                                        axResponseClassName,  
     390                                        None,  
     391                                        objectType=AXInterface,  
     392                                        classProperties=axResponseProperties) 
     393            except Exception, e: 
     394                log.error("Error instantiating AX interface: %s" % e) 
     395                raise 
    382396         
    383397        # Instantiate OpenID consumer store and OpenID consumer.  If you 
     
    411425            return optName not in cls.defOpt and \ 
    412426               not optName.startswith('authN_') and \ 
    413                not optName.startswith('rendering_') 
     427               not optName.startswith('rendering_') and \ 
     428               not optName.startswith('axResponse_') 
    414429                
    415430        badOptNames = []  
     
    10191034        ax_resp = ax.FetchResponse(request=ax_req) 
    10201035         
    1021         if self.axResponseHandler is None: 
     1036        if self.axResponse is None: 
    10221037            requiredAttr = ax_req.getRequiredAttrs() 
    10231038            if len(requiredAttr) > 0: 
     
    10341049        # possibly via FetchRequest.getRequiredAttrs() 
    10351050        try: 
    1036             self.axResponseHandler(ax_req, ax_resp, self.session.get('username')) 
     1051            self.axResponse(ax_req, ax_resp, self.session.get('username')) 
    10371052             
    10381053        except OpenIDProviderMissingRequiredAXAttrs, e: 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/pdp.py

    r5037 r5148  
    1313import httplib 
    1414 
    15 from ndg.security.common.authz.pdp.xacml import PDP as XacmlPDP 
    16 from ndg.security.common.authz.pdp.xacml import Subject as XacmlSubject 
    17 from ndg.security.common.authz.pdp.xacml import Action as XacmlAction 
    18 from ndg.security.common.authz.pdp.xacml import Environment as XacmlEnvironment 
     15from ndg.security.common.authz.pdp import PDPInterface 
    1916 
    2017from ndg.security.server.wsgi import NDGSecurityMiddlewareBase, \ 
     
    2421from ndg.security.server.wsgi.pep import Resource 
    2522 
    26 class Subject(XacmlSubject): 
     23class Subject(object): 
    2724    def __init__(self): 
    2825        self.sessionManagerURI = None 
     
    3431        self.attributes = [] 
    3532 
    36 class Action(XacmlAction): 
     33class Action(object): 
    3734    pass 
    3835 
    39 class Environment(XacmlEnvironment): 
     36class Environment(object): 
    4037    pass 
    4138         
    42 class PDP(XacmlPDP): 
    43     def accessPermitted(self, subject, resource, action, environ): 
     39class PDP(PDPInterface): 
     40    def __init__(self, *arg, **kw): 
     41        pass 
     42 
     43    def accessPermitted(self, subject, resource, action, environ, **kw): 
    4444        '''Make access control decision''' 
    4545        if action is None: 
     
    4949            environ = Environment() 
    5050             
    51         super(PDP, self).accessPermitted(subject, resource, action, environ) 
     51        #super(PDP, self).accessPermitted(subject, resource, action, environ) 
    5252        for attr in resource.attributes: 
    5353            if attr in subject.attributes: 
     
    5555             
    5656        return False 
    57          
     57 
     58    __call__ = accessPermitted 
     59     
    5860         
    5961class PDPMiddlewareConfigError(NDGSecurityMiddlewareConfigError): 
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/pep/__init__.py

    r5087 r5148  
    2121 
    2222# TODO: move this class to separate resource constraint module 
    23 from ndg.security.common.authz.pdp.xacml import Resource as XacmlResource 
    24  
    25 class Resource(XacmlResource): 
     23class Resource(object): 
    2624    def __init__(self, uri, attributes): 
    2725        self.uri = uri 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securedapp.ini

    r5091 r5148  
    1212 
    1313[pipeline:main] 
    14 pipeline = SessionMiddlewareFilter 
    15                    AuthenticationFilter 
     14#pipeline = SessionMiddlewareFilter 
     15#                  AuthenticationFilter 
     16#                  PDPMiddlewareFilter 
     17#                  PEPMiddlewareFilter 
     18#                  AuthZTestApp 
     19pipeline = AuthenticationFilter 
    1620                   PDPMiddlewareFilter 
    1721                   PEPMiddlewareFilter 
     
    4246authN.redirectURI = http://localhost:7443/verify 
    4347 
     48# Beaker Session set-up 
     49beaker.session.key = ndg.security.session 
     50beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW 
     51beaker.cache.data_dir = %(here)s/authn/beaker/cache 
     52beaker.session.data_dir = %(here)s/authn/beaker/sessions 
     53 
    4454# AuthKit Set-up 
    4555authkit.setup.method=cookie 
    46 authkit.cookie.name=ndg.security 
    47 authkit.cookie.secret=secret encryption string 
     56authkit.cookie.name=ndg.security.auth 
     57authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr 
    4858authkit.cookie.signoutpath = /logout 
    4959 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securityservices.ini

    r5091 r5148  
    2222openIDProviderIDSelectURI = %(baseURI)s%(openIDProviderIDBase)s 
    2323testConfigDir = %(here)s/../../config 
     24sessionManagerPath = /SessionManager 
     25sessionManagerURI = %(baseURI)s%(sessionManagerPath)s 
     26openid.ax.sessionManagerURI.typeURI=urn:ndg.security.openid.sessionManagerURI 
    2427 
    2528#______________________________________________________________________________ 
     
    179182paste.filter_app_factory=beaker.middleware:SessionMiddleware 
    180183beaker.session.key = openid 
    181 beaker.session.secret = somesecret 
     184beaker.session.secret = qKEdQdCr33NE087dRUWX3qUv5r7AsuQU 
    182185# These options enable cookie only type sessions with the cookie content  
    183186# encrypted 
     
    229232authkit.openid.baseurl = %(baseURI)s 
    230233 
     234authkit.openid.ax.typeuri.sessionManagerURI=%(openid.ax.sessionManagerURI.typeURI)s 
     235authkit.openid.ax.required.sessionManagerURI=True 
     236authkit.openid.ax.alias.sessionManagerURI=sessionManagerURI 
     237 
    231238# Template for signin 
    232239#authkit.openid.template.obj =  
     
    283290 
    284291#openid.provider.sregResponseHandler=ndg.security.server.pylons.container.lib.openid_provider_util:esgSRegResponseHandler 
    285 #openid.provider.axResponseHandler=ndg.security.server.pylons.container.lib.openid_provider_util:esgAXResponseHandler 
     292openid.provider.axResponse.class=ndg.security.server.wsgi.openid.provider.axinterface.sessionmanager.SessionManagerAXInterface 
     293openid.provider.axResponse.sessionManagerURI=%(sessionManagerURI)s 
     294openid.provider.axResponse.sessionManagerURITypeURI=%(openid.ax.sessionManagerURI.typeURI)s 
    286295 
    287296# Basic Authentication interface to demonstrate capabilities 
     
    390399 
    391400# Path from URI for Session Manager in this Paste deployment 
    392 path = /SessionManager 
     401path = %(sessionManagerPath)s 
    393402 
    394403# External endpoint for this Session Manager - must agree with setting used to 
     
    400409# a request is being made to the local service or to another session manager 
    401410# running elsewhere 
    402 publishedURI = %(baseURI)s%(path)s 
     411publishedURI = %(sessionManagerURI)s 
    403412 
    404413# Enable ?wsdl query argument to list the WSDL content 
Note: See TracChangeset for help on using the changeset viewer.