Ignore:
Timestamp:
27/11/09 15:52:29 (10 years ago)
Author:
pjkersha
Message:

Working authz lite integration tests with integrated SAML Attribute Authority interface to authz middleware: the old NDG Attribute Authority SOAP/WSDL interface is completely removed as a dependency.

  • major fixes to ndg.security.common.credentialwallet NDGCredentialWallet and SAMLCredentialWallet for slots and pickling capability needed for beaker.session. NDGCredentialWallet is kept for the moment for backwards compatibility.
File:
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini

    r6059 r6063  
    5555 
    5656# Set redirect for OpenID Relying Party in the Security Services app instance 
    57 authN.redirectURI = http://localhost:7443/verify 
     57authN.redirectURI = https://localhost:7443/verify 
    5858# Test with an SSL endpoint 
    5959#authN.redirectURI = https://localhost/verify 
     
    7676 
    7777[filter:AuthorizationFilter] 
    78 paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory 
     78paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory 
    7979prefix = authz. 
    8080policy.filePath = %(here)s/policy.xml 
     
    8383# retrieve subject attributes from the Attribute Authority associated with the 
    8484# resource to be accessed 
    85 pip.sslCACertFilePathList= 
    8685 
    87 # List of CA certificates used to verify the signatures of  
    88 # Attribute Certificates retrieved 
    89 pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt 
    90  
    91 # 
    92 # WS-Security Settings for call to Attribute Authority to retrieve user  
    93 # attributes 
    94  
    95 # Signature of an outbound message 
    96  
    97 # Certificate associated with private key used to sign a message.  The sign  
    98 # method will add this to the BinarySecurityToken element of the WSSE header.   
    99 # binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.   
    100 # As an alternative, use signingCertChain - see below... 
    101  
    102 # PEM encode cert 
    103 pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt 
    104  
    105 # PEM encoded private key file 
    106 pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key 
    107  
    108 # Password protecting private key.  Leave blank if there is no password. 
    109 pip.wssecurity.signingPriKeyPwd= 
    110  
    111 # For signature verification.  Provide a space separated list of file paths 
    112 pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt 
    113  
    114 # ValueType for the BinarySecurityToken added to the WSSE header 
    115 pip.wssecurity.reqBinSecTokValType=X509v3 
    116  
    117 # Add a timestamp element to an outbound message 
    118 pip.wssecurity.addTimestamp=True 
     86# If omitted, DN of SSL Cert is used 
     87pip.attributeQuery.issuerName =  
     88pip.attributeQuery.clockSkew = 0. 
     89pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 
     90pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca 
     91pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
     92pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
    11993 
    12094# Logging configuration 
Note: See TracChangeset for help on using the changeset viewer.