Changeset 6912 for TI12-security


Ignore:
Timestamp:
01/06/10 11:24:18 (9 years ago)
Author:
pjkersha
Message:

Updated and re-ran unit tests for new SAML release.

  • All pass apart from MyProxy? interface ones which require MyProxy? server running.
  • Removed old NDG Browse and ProFTP PDP interface unit tests
Location:
TI12-security/trunk/NDGSecurity/python
Files:
1 added
2 deleted
8 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/saml/__init__.py

    r6861 r6912  
    6666    DESERIALISE_OPTNAME = 'deserialise'  
    6767    SAML_VERSION_OPTNAME = 'samlVersion' 
    68     ISSUER_OPTNAME = 'issuer' 
    6968    ISSUER_NAME_OPTNAME = 'issuerName' 
    7069    ISSUER_FORMAT_OPTNAME = 'issuerFormat' 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

    r6730 r6912  
    1313attributeAuthorityEnvironKeyName = attribute-authority 
    1414attributeQueryInterfaceEnvironKeyName = attributeQueryInterface 
    15 attributeAuthoritySoapWsdlServicePath = /AttributeAuthority 
    1615 
    1716[server:main] 
     
    7069saml.soapbinding.clockSkewTolerance: 180.0 
    7170 
    72 saml.soapbinding.issuer: /O=Site A/CN=Attribute Authority 
     71saml.soapbinding.issuerName: /O=Site A/CN=Attribute Authority 
    7372 
    7473# Logging configuration 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securityservices.ini

    r6868 r6912  
    107107paste.filter_app_factory = ndg.security.server.wsgi.ssl:AuthKitSSLAuthnMiddleware 
    108108prefix = ssl. 
     109 
     110# Apply verification against a list of trusted CAs.  To skip this step, comment 
     111# out or remove this item.  e.g. set CA verification in the Apache config file. 
    109112ssl.caCertFilePathList = %(testConfigDir)s/ca/ndg-test-ca.crt 
    110113#ssl.clientCertDNMatchList = /O=NDG/OU=BADC/CN=mytest /O=gabriel/OU=BADC/CN=test /O=NDG/OU=BADC/CN=test 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/authz/policy.xml

    r6866 r6912  
    1313    </Target> 
    1414    <Target> 
    15         <URIPattern>^/sresa1b_ncar_ccsm3_0_run1_200001.*$</URIPattern> 
     15        <URIPattern>^/RUC.*$</URIPattern> 
    1616        <Attributes> 
    1717            <Attribute> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/saml/test_samlinterface.py

    r6686 r6912  
    304304         
    305305        request = UrlLib2SOAPRequest() 
    306         request.url = 'http://localhost:5000/AttributeAuthority/saml' 
     306        request.url = 'http://localhost:5000/AttributeAuthority' 
    307307        request.envelope = SOAPEnvelope() 
    308308        request.envelope.create() 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/__init__.py

    r6617 r6912  
    55__author__ = "P J Kershaw" 
    66__date__ = "23/02/09" 
    7 __copyright__ = "(C) 2009 Science and Technology Facilities Council" 
     7__copyright__ = "(C) 2010 Science and Technology Facilities Council" 
    88__license__ = "BSD - see LICENSE file in top-level directory" 
    99__contact__ = "Philip.Kershaw@stfc.ac.uk" 
    10 __revision__ = '$Id: $' 
     10__revision__ = '$Id$' 
    1111 
    1212import paste.httpserver 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/attributeauthority/test.ini

    r5779 r6912  
    55# 
    66[DEFAULT] 
    7 testConfigDir = %(here)s/../../../config 
     7attributeQueryInterfaceEnvironKeyName = attributeQueryInterface 
    88 
    99[server:main] 
     
    2020[filter:AttributeAuthorityFilter] 
    2121paste.filter_app_factory = ndg.security.server.wsgi.attributeauthority:AttributeAuthorityMiddleware.filter_app_factory 
    22 prefix = attributeauthority. 
     22prefix = attributeAuthority. 
    2323 
    24 attributeauthority.environKeyName = myAttributeAuthority 
     24attributeAuthority.environKeyName = myAttributeAuthority 
    2525 
    26 # Attribute Authority settings 
    27 # 'name' setting MUST agree with map config file 'thisHost' name attribute 
    28 attributeauthority.name: Site A 
     26# Key name for the SAML SOAP binding based interface to reference this 
     27# service's attribute query method 
     28attributeAuthority.environKeyNameAttributeQueryInterface: %(attributeQueryInterfaceEnvironKeyName)s 
     29 
     30# Attribute Authority settings... 
    2931 
    3032# Lifetime is measured in seconds 
    31 attributeauthority.attCertLifetime: 28800  
    32  
    33 # Allow an offset for clock skew between servers running  
    34 # security services. NB, measured in seconds - use a minus sign for time in the 
    35 # past 
    36 attributeauthority.attCertNotBeforeOff: 0 
    37  
    38 # All Attribute Certificates issued are recorded in this dir 
    39 attributeauthority.attCertDir: %(testConfigDir)s/attributeauthority/sitea/attributeCertificateLog 
    40  
    41 # Files in attCertDir are stored using a rotating file handler 
    42 # attCertFileLogCnt sets the max number of files created before the first is  
    43 # overwritten 
    44 attributeauthority.attCertFileName: ac.xml 
    45 attributeauthority.attCertFileLogCnt: 16 
    46 attributeauthority.dnSeparator:/ 
    47  
    48 # Location of role mapping file 
    49 attributeauthority.mapConfigFilePath: %(testConfigDir)s/attributeauthority/sitea/siteAMapConfig.xml 
     33attributeAuthority.assertionLifetime: 28800  
    5034 
    5135# Settings for custom AttributeInterface derived class to get user roles for given  
    5236# user ID 
    53 #attributeauthority.attributeInterface.modFilePath: %(testConfigDir)s/attributeauthority/sitea 
    54 attributeauthority.attributeInterface.modName: ndg.security.test.integration.authz.attributeinterface 
    55 attributeauthority.attributeInterface.className: TestUserRoles 
     37attributeAuthority.attributeInterface.modFilePath: %(here)s 
     38attributeAuthority.attributeInterface.className: ndg.security.test.config.attributeauthority.sitea.sitea_attributeinterface.TestUserRoles 
    5639 
    57 # Config for XML signature of Attribute Certificate 
    58 attributeauthority.signingPriKeyFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.key 
    59 attributeauthority.signingCertFilePath: %(testConfigDir)s/attributeauthority/sitea/siteA-aa.crt 
    60 attributeauthority.caCertFilePathList: %(testConfigDir)s/ca/ndg-test-ca.crt 
     40# SAML SOAP Binding to the Attribute Authority 
     41[filter:AttributeAuthoritySamlSoapBindingFilter] 
     42paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPQueryInterfaceMiddleware.filter_app_factory 
     43prefix = saml.soapbinding. 
    6144 
     45saml.soapbinding.deserialise = ndg.saml.xml.etree:AttributeQueryElementTree.fromXML 
     46 
     47# Specialisation to incorporate ESG Group/Role type 
     48saml.soapbinding.serialise = ndg.security.common.saml_utils.esg.xml.etree:EsgResponseElementTree.toXML 
     49 
     50saml.soapbinding.pathMatchList = /AttributeAuthority 
     51saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s 
     52 
     53# Clock skew for SAML Attribute Queries - allow clockSkew number of seconds 
     54# tolerance for query issueInstant parameter. Set here to 3 minutes 
     55saml.soapbinding.clockSkewTolerance: 180.0 
     56 
     57saml.soapbinding.issuerName: /O=Site A/CN=Attribute Authority 
     58 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/saml-test.ini

    r6788 r6912  
    3131# If omitted, DN of SSL Cert is used 
    3232pip.attributeQuery.issuerName =  
     33pip.attributeQuery.subjectIdFormat = urn:esg:openid 
    3334pip.attributeQuery.clockSkewTolerance = 0. 
    3435pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 
Note: See TracChangeset for help on using the changeset viewer.