Changeset 5447


Ignore:
Timestamp:
01/07/09 16:25:34 (11 years ago)
Author:
pjkersha
Message:

Added a new integration test configuration ndg.security.test.integration.authz_lite which runs without a Session Manager. The Policy Information Point is able to automatically switch Attribute queries to the specified Attribute Authority rather than the a Session Manager if none is specified. This makes the configuration simpler but may introduce a performance overhead. However, this should be negliglible since the PIP already implements user Attribute Certificate caching.

Location:
TI12-security/trunk/python
Files:
45 added
3 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.server/ndg/security/server/wsgi/authz.py

    r5436 r5447  
    397397         
    398398        return self._app(environ, start_response) 
    399      
    400              
     399                
    401400    def _getAttributeCertificate(self, attributeAuthorityURI, **kw): 
    402401        '''Extend base class implementation to make use of the CredentialWallet 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/README

    r5315 r5447  
    1313system.  The OpenID login will be triggered if a link requires authentication, 
    1414select go with the default URL set of, "http://localhost:7443/openid".  When 
    15 prompted for a username and password, enter pjkersha/testpassword  
     15prompted for a username and password, enter pjk/testpassword  
    1616respectively. 
    1717 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/securityservices.ini

    r5372 r5447  
    5555# Settings for custom AttributeInterface derived class to get user roles for given  
    5656# user ID 
    57 attributeAuthority.attributeInterface.modFilePath: %(testConfigDir)s/attributeauthority/sitea 
    58 attributeAuthority.attributeInterface.modName: siteAUserRoles 
     57#attributeAuthority.attributeInterface.modFilePath: %(testConfigDir)s/attributeauthority/sitea 
     58attributeAuthority.attributeInterface.modName: ndg.security.test.integration.authz.attributeinterface 
    5959attributeAuthority.attributeInterface.className: TestUserRoles 
    6060 
     
    332332 
    333333# Database connection to enable check between username and OpenID identifier 
    334 openid.provider.authN.connectionString: postgres://postgres:testpassword@%(hostname)s/testUserDb 
    335 openid.provider.authN.logonSQLQuery: select username from openid where username = '$username' and ident = '$userIdentifier' 
    336 openid.provider.authN.userIdentifiersSQLQuery: select distinct ident from openid where username = '$username' 
     334#openid.provider.authN.connectionString: postgres://postgres:testpassword@%(hostname)s/testUserDb 
     335#openid.provider.authN.logonSQLQuery: select username from openid where username = '$username' and ident = '$userIdentifier' 
     336#openid.provider.authN.userIdentifiersSQLQuery: select distinct ident from openid where username = '$username' 
    337337 
    338338## Basic Authentication but linking to a Session Manager 
    339 #openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicSessionManagerOpenIDAuthNInterface 
    340 # 
    341 ## Connect to a Session Manager at a given URI or see next... 
    342 ##openid.provider.authN.sessionManagerURI= 
    343 # 
    344 ## environ dictionary key to Session Manager WSGI instance held locally.   
    345 ## The setting below is the default and can be omitted if it matches the  
    346 ## filterID set for the Session Manager 
    347 #openid.provider.authN.environKeyName=filter:SessionManagerFilter 
    348 # 
    349 ## Link usernames for login to the OpenID identifiers they correspond to. 
    350 ## See openid.provider.path.id with $userIdentifier setting 
    351 #openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw 
     339openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicSessionManagerOpenIDAuthNInterface 
     340 
     341# Connect to a Session Manager at a given URI or see next... 
     342openid.provider.authN.sessionManagerURI= 
     343 
     344# environ dictionary key to Session Manager WSGI instance held locally.   
     345# The setting below is the default and can be omitted if it matches the  
     346# filterID set for the Session Manager 
     347openid.provider.authN.environKeyName=filter:SessionManagerFilter 
     348 
     349# Link usernames for login to the OpenID identifiers they correspond to. 
     350# See openid.provider.path.id with $userIdentifier setting 
     351openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw another:A.N.Other 
    352352 
    353353# Basic authentication for testing/admin - comma delimited list of  
Note: See TracChangeset for help on using the changeset viewer.