Ignore:
Timestamp:
04/08/09 14:32:51 (11 years ago)
Author:
pjkersha
Message:

OpenID Relying Party flexible configuration

Fixed security WSGI configuration so that the OpenID Relying Party can run in the same middleware as the application it protects or independently in the security services middleware stack. There are two applications involved in applying security:

  1. the app to be secured
  2. app running security services


  1. is configured with middleware to intercept requests and apply the security policy. 2. runs services such as the Attribute Authority and OpenID Provider used by 1. The OpenID Relying Party can now be incorporated in either. For cases where an application runs in a different domain to the security services stack it's easier to deploy a Relying Party with the app in 1. as otherwise cookies set by the RP won't be in the scope of the secured app. 2. is useful for where the app is in the same domain as 2. and there's a need to run the RP over SSL.

Configurations can be set at deployment from Paste ini file pipeline settings.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz_lite/securedapp.ini

    r5451 r5555  
    2020[DEFAULT] 
    2121testConfigDir = %(here)s/../../config 
     22beakerSessionKeyName = beaker.session.ndg.security 
    2223 
    2324[server:main] 
     
    2728 
    2829[pipeline:main] 
    29 pipeline = AuthenticationFilter AuthorizationFilter AuthZTestApp 
     30pipeline = BeakerSessionFilter  
     31                   AuthenticationFilter  
     32                   AuthorizationFilter  
     33                   AuthZTestApp 
    3034 
    3135[app:AuthZTestApp] 
    32 paste.app_factory = ndg.security.test.integration.authz_lite.securedapp:AuthZTestMiddleware.app_factory 
     36paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory 
     37 
     38 
     39[filter:BeakerSessionFilter] 
     40paste.filter_app_factory = beaker.middleware:SessionMiddleware 
     41 
     42# Cookie name 
     43beaker.session.key = ndg.security.session 
     44 
     45# WSGI environ key name 
     46environ_key = %(beakerSessionKeyName)s 
     47beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW 
     48beaker.cache.data_dir = %(here)s/authn/beaker/cache 
     49beaker.session.data_dir = %(here)s/authn/beaker/sessions 
     50 
    3351 
    3452[filter:AuthenticationFilter] 
     
    3856# Set redirect for OpenID Relying Party in the Security Services app instance 
    3957authN.redirectURI = http://localhost:7443/verify 
    40  
    41 # Beaker Session set-up 
    42 beaker.session.key = ndg.security.session 
    43 beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW 
    44 beaker.cache.data_dir = %(here)s/authn/beaker/cache 
    45 beaker.session.data_dir = %(here)s/authn/beaker/sessions 
    4658 
    4759# AuthKit Set-up 
     
    5769# suspected problem with AuthKit setting it when a HTTP Proxy is in place 
    5870authkit.cookie.includeip = False 
     71 
     72# environ key name for beaker session 
     73authkit.session.middleware = %(beakerSessionKeyName)s 
    5974 
    6075[filter:AuthorizationFilter] 
Note: See TracChangeset for help on using the changeset viewer.