Ignore:
Timestamp:
04/08/09 14:32:51 (11 years ago)
Author:
pjkersha
Message:

OpenID Relying Party flexible configuration

Fixed security WSGI configuration so that the OpenID Relying Party can run in the same middleware as the application it protects or independently in the security services middleware stack. There are two applications involved in applying security:

  1. the app to be secured
  2. app running security services


  1. is configured with middleware to intercept requests and apply the security policy. 2. runs services such as the Attribute Authority and OpenID Provider used by 1. The OpenID Relying Party can now be incorporated in either. For cases where an application runs in a different domain to the security services stack it's easier to deploy a Relying Party with the app in 1. as otherwise cookies set by the RP won't be in the scope of the secured app. 2. is useful for where the app is in the same domain as 2. and there's a need to run the RP over SSL.

Configurations can be set at deployment from Paste ini file pipeline settings.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg.security.test/ndg/security/test/integration/authz_lite/securityservices.ini

    r5454 r5555  
    2222openIDProviderIDSelectURI = %(baseURI)s%(openIDProviderIDBase)s 
    2323testConfigDir = %(here)s/../../config 
     24beakerSessionKeyName = beaker.session.ndg.security.services 
    2425 
    2526#______________________________________________________________________________ 
     
    9596beaker.session.key = openid 
    9697beaker.session.secret = qKEdQdCr33NE087dRUWX3qUv5r7AsuQU 
    97 # These options enable cookie only type sessions with the cookie content  
    98 # encrypted 
    99 #beaker.session.type = cookie 
    100 #beaker.session.validate_key = 0123456789abcdef 
    101 #beaker.session.encrypt_key = fedcba9876543210 
    10298 
    10399# If you'd like to fine-tune the individual locations of the cache data dirs 
     
    108104beaker.session.cookie_expires = True 
    109105 
     106# Key name for keying into environ dictionary 
     107environ_key = %(beakerSessionKeyName)s 
     108 
    110109[filter:OpenIDRelyingPartyFilter] 
    111110paste.filter_app_factory =  
    112111        ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory 
    113112 
    114 openid.relyingparty.sessionKey = beaker.session 
    115113openid.relyingparty.baseURL = %(authkit.openid.baseurl)s 
    116114openid.relyingparty.certFilePath = %(testConfigDir)s/pki/localhost.crt 
     
    119117openid.relyingparty.caCertDirPath = %(testConfigDir)s/ca 
    120118openid.relyingparty.providerWhitelistFilePath = 
    121 #openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.test.integration.openid.openidrelyingparty.signin_interface.CombinedSigninAndLoginInterface 
    122 #openid.relyingparty.signinInterface.templatePackage = ndg.security.test.integration.openid.openidrelyingparty.templates 
    123119openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate 
    124120openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates 
     
    143139# Authentication Filter used to secure a given app 
    144140authkit.cookie.name=ndg.security.auth 
     141 
    145142authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr 
    146143authkit.cookie.signoutpath = /logout 
     
    156153authkit.openid.session.secret = random string 
    157154 
     155# Key name for dereferencing beaker.session object held in environ 
     156authkit.openid.session.middleware = %(beakerSessionKeyName)s 
     157 
    158158authkit.openid.baseurl = %(baseURI)s 
    159159 
     
    168168[app:OpenIDProviderMiddlewareApp] 
    169169paste.app_factory=ndg.security.server.wsgi.openid.provider:OpenIDProviderMiddleware.app_factory 
     170 
    170171openid.provider.path.openidserver=/OpenID/Provider/server 
    171172openid.provider.path.login=/OpenID/Provider/login 
     
    187188openid.provider.path.mainpage=/OpenID/Provider/home 
    188189 
    189 openid.provider.session_middleware=beaker.session  
     190openid.provider.session_middleware=%(beakerSessionKeyName)s 
    190191openid.provider.base_url=%(baseURI)s 
    191192openid.provider.trace=False 
Note: See TracChangeset for help on using the changeset viewer.