Changeset 5448


Ignore:
Timestamp:
01/07/09 16:30:52 (11 years ago)
Author:
pjkersha
Message:

ndg.security.test.integration.authz_lite integration test: revised securityservices.ini stripping out Session Manager settings.

Location:
TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz/openidprovider/README

    r5087 r5448  
    11This directory includes graphics and stylesheet used by Pylons Buffet based 
    2 rendering interface specified in services.ini 
     2rendering interface for the OpenID Provider 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz_lite/openidprovider/README

    r5447 r5448  
    11This directory includes graphics and stylesheet used by Pylons Buffet based 
    2 rendering interface specified in services.ini 
     2rendering interface for the OpenID Provider 
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz_lite/securityservices.ini

    r5447 r5448  
    6464attributeAuthority.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt 
    6565 
    66 #______________________________________________________________________________ 
    67 # Session Manager specific settings - commented out settings will take their 
    68 # default settings.  To override the defaults uncomment and set as required. 
    69 # See ndg.security.server.sessionmanager module for details 
    70  
    71 # Credential Wallet Settings - global to all user sessions 
    72 # 
    73 # CA certificates for Attribute Certificate signature validation 
    74 sessionManager.credentialWallet.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt 
    75  
    76 # CA certificates for SSL connection peer cert. validation - required if 
    77 # connecting to an Attribute Authority over SSL 
    78 sessionManager.credentialWallet.sslCACertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt 
    79  
    80 # Allow Get Attribute Certificate calls to try to get a mapped certificate 
    81 # from another organisation trusted by the target Attribute Authority 
    82 sessionManager.credentialWallet.mapFromTrustedHosts=True 
    83 sessionManager.credentialWallet.rtnExtAttCertList=True 
    84  
    85 # Refresh an Attribute Certificate, if an existing one in the wallet has only 
    86 # this length of time left before it expires 
    87 credentialWallet.attCertRefreshElapse=7200 
    88  
    89 # Pointer to WS-Security settings.  These WS-Security settings are for use 
    90 # by user credential wallets held in user sessions hosted by the Session 
    91 # Manager.  They enable individual wallets to query Attribute Authorities for 
    92 # user Attribute Certificates.  Nb. the difference between these settings and 
    93 # the WS-Security section for handling requests to the Session Manager. 
    94 # 
    95 # Settings are identified by a prefix.   
    96 sessionManager.credentialWallet.wssCfgPrefix=sessionManager.credentialWallet.wssecurity 
    97  
    98 # ...A section name could also be used. 
    99 #sessionManager.credentialWallet.wssCfgSection= 
    100  
    101 # SOAP Signature Handler settings for the Credential Wallet's Attribute  
    102 # Authority interface 
    103 # 
    104 # CA Certificates used to verify X.509 certs used in Attribute Certificates. 
    105 # The CA certificates of other NDG trusted sites should go here.  NB, multiple 
    106 # values should be delimited by a space 
    107 sessionManager.credentialWallet.wssecurity.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt 
    108  
    109 # Signature of an outbound message 
    110 # 
    111 # Certificate associated with private key used to sign a message.  The sign  
    112 # method will add this to the BinarySecurityToken element of the WSSE header.   
    113 # binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.   
    114 # As an alternative, use signingCertChain - see below... 
    115  
    116 # PEM encoded cert 
    117 sessionManager.credentialWallet.wssecurity.signingCertFilePath: %(testConfigDir)s/sessionmanager/sm.crt 
    118  
    119 # ... or provide file path to PEM encoded private key file 
    120 sessionManager.credentialWallet.wssecurity.signingPriKeyFilePath: %(testConfigDir)s/sessionmanager/sm.key 
    121  
    122 # Set the ValueType for the BinarySecurityToken added to the WSSE header for a 
    123 # signed message.  See __setReqBinSecTokValType method and binSecTokValType  
    124 # class variable for options - it may be one of X509, X509v3, X509PKIPathv1 or  
    125 # give full namespace to alternative - see  
    126 # ZSI.wstools.Namespaces.OASIS.X509TOKEN 
    127 # 
    128 # binSecTokValType determines whether signingCert or signingCertChain  
    129 # attributes will be used. 
    130 sessionManager.credentialWallet.wssecurity.reqBinSecTokValType: X509v3 
    131  
    132 # Add a timestamp element to an outbound message 
    133 sessionManager.credentialWallet.wssecurity.addTimestamp: True 
    134  
    135 # For WSSE 1.1 - service returns signature confirmation containing signature  
    136 # value sent by client 
    137 sessionManager.credentialWallet.wssecurity.applySignatureConfirmation: True 
    138  
    139 # Authentication service properties  
    140 sessionManager.authNService.moduleFilePath:  
    141 sessionManager.authNService.moduleName: ndg.security.test.config.sessionmanager.userx509certauthn 
    142 sessionManager.authNService.className: UserX509CertAuthN 
    143  
    144 # Specific settings for UserCertAuthN Session Manager authentication plugin 
    145 # This sets up PKI credentials for a single test account 
    146 sessionManager.authNService.userX509CertFilePath: %(testConfigDir)s/pki/user.crt 
    147 sessionManager.authNService.userPriKeyFilePath: %(testConfigDir)s/pki/user.key 
    148 sessionManager.authNService.userPriKeyPwd: testpassword 
    149  
    15066[server:main] 
    15167use = egg:Paste#http 
     
    17288pipeline = wsseSignatureVerificationFilter  
    17389                   AttributeAuthorityFilter  
    174            SessionManagerFilter  
    17590           wsseSignatureFilter  
    17691                   SessionMiddlewareFilter 
     
    307222openid.provider.rendering.helpIcon = %(openid.provider.rendering.baseURL)s/layout/icons/help.png 
    308223 
    309  
    310 openid.provider.axResponse.class=ndg.security.server.wsgi.openid.provider.axinterface.sessionmanager.SessionManagerAXInterface 
    311 openid.provider.axResponse.sessionManagerURI=%(sessionManagerURI)s 
    312 openid.provider.axResponse.sessionManagerURITypeURI=%(openid.ax.sessionManagerURI.typeURI)s 
    313 openid.provider.axResponse.sessionIdTypeURI=%(openid.ax.sessionId.typeURI)s 
    314  
    315224# Basic Authentication interface to demonstrate capabilities 
    316 #openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicAuthNInterface 
    317 #openid.provider.authN.userCreds=pjk:test 
    318 #openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw 
    319  
    320 # Link Authentication to a Session Manager instance running in the same WSGI 
    321 # stack or on a remote service 
    322 openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.sessionmanager.SessionManagerOpenIDAuthNInterface 
    323  
    324 # Omit or leave as blank if the Session Manager is accessible locally in the 
    325 # same WSGI stack. 
    326 #openid.provider.authN.sessionManagerURI= 
    327  
    328 # environ dictionary key to Session Manager WSGI instance held locally.  The 
    329 # setting below is the default and can be omitted if it matches the filterID 
    330 # set for the Session Manager 
    331 openid.provider.authN.environKeyName=filter:SessionManagerFilter 
    332  
    333 # Database connection to enable check between username and OpenID identifier 
    334 #openid.provider.authN.connectionString: postgres://postgres:testpassword@%(hostname)s/testUserDb 
    335 #openid.provider.authN.logonSQLQuery: select username from openid where username = '$username' and ident = '$userIdentifier' 
    336 #openid.provider.authN.userIdentifiersSQLQuery: select distinct ident from openid where username = '$username' 
    337  
    338 ## Basic Authentication but linking to a Session Manager 
    339 openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicSessionManagerOpenIDAuthNInterface 
    340  
    341 # Connect to a Session Manager at a given URI or see next... 
    342 openid.provider.authN.sessionManagerURI= 
    343  
    344 # environ dictionary key to Session Manager WSGI instance held locally.   
    345 # The setting below is the default and can be omitted if it matches the  
    346 # filterID set for the Session Manager 
    347 openid.provider.authN.environKeyName=filter:SessionManagerFilter 
    348  
    349 # Link usernames for login to the OpenID identifiers they correspond to. 
    350 # See openid.provider.path.id with $userIdentifier setting 
     225openid.provider.authNInterface=ndg.security.server.wsgi.openid.provider.authninterface.basic.BasicAuthNInterface 
     226openid.provider.authN.userCreds=pjk:test 
    351227openid.provider.authN.username2UserIdentifiers=pjk:PhilipKershaw,P.J.Kershaw another:A.N.Other 
    352228 
Note: See TracChangeset for help on using the changeset viewer.