Changeset 7164 for TI12-security/trunk


Ignore:
Timestamp:
13/07/10 09:32:09 (9 years ago)
Author:
pjkersha
Message:

Fixes to Attribute Authority for SAML SOAP binding code forked into ndg.saml

Location:
TI12-security/trunk/NDGSecurity/python
Files:
1 added
1 deleted
4 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

    r7077 r7164  
    5454# SAML SOAP Binding to the Attribute Authority 
    5555[filter:AttributeAuthoritySamlSoapBindingFilter] 
    56 paste.filter_app_factory = ndg.security.server.wsgi.saml:SOAPQueryInterfaceMiddleware.filter_app_factory 
     56paste.filter_app_factory = ndg.saml.saml2.binding.soap.server.wsgi.queryinterface:SOAPQueryInterfaceMiddleware.filter_app_factory 
    5757prefix = saml.soapbinding. 
    5858 
     
    6262saml.soapbinding.serialise = ndg.security.common.saml_utils.esg.xml.etree:EsgResponseElementTree.toXML 
    6363 
    64 saml.soapbinding.pathMatchList = /AttributeAuthority 
     64saml.soapbinding.mountPath = /AttributeAuthority 
    6565saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s 
    6666 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/attributeauthorityclient/test_samlattributeauthorityclient.cfg

    r7077 r7164  
    4949 
    5050[test07AttributeQuerySslSOAPBindingInterface] 
    51 uri = http://localhost:5000/AttributeAuthority/ 
     51uri = https://localhost:5443/AttributeAuthority/ 
    5252subject = https://openid.localhost/philip.kershaw 
    5353 
     
    6262attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.crt 
    6363attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/test.key 
    64 attributeQuery.sslValidDNs = /C=UK/ST=Oxfordshire/O=BADC/OU=Security/CN=localhost, /O=Site A/CN=Attribute Authority 
     64attributeQuery.sslValidDNs = /O=NDG/OU=Security/CN=localhost, /O=Site A/CN=Attribute Authority 
    6565 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/saml-test.ini

    r7077 r7164  
    1919 
    2020[filter:AuthZFilter] 
    21 paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory 
    22 prefix = authz. 
     21paste.filter_app_factory=ndg.security.server.wsgi.authz.pep:SamlPepMiddleware.filter_app_factory 
     22prefix = pep. 
    2323policy.filePath = %(here)s/saml-policy.xml 
    2424 
    25 authz.pepResultHandler = ndg.security.test.unit.wsgi.authz.test_authz.RedirectFollowingAccessDenied 
     25pep.authzServiceURI = https://localhost:9443/AuthorisationService 
     26 
     27pep.pepResultHandler = ndg.security.test.unit.wsgi.authz.test_authz.RedirectFollowingAccessDenied 
    2628 
    2729# Settings for Policy Information Point used by the Policy Decision Point to 
     
    3032 
    3133# If omitted, DN of SSL Cert is used 
    32 pip.attributeQuery.issuerName =  
    33 pip.attributeQuery.subjectIdFormat = urn:esg:openid 
    34 pip.attributeQuery.clockSkewTolerance = 0. 
    35 pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 
    36 pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca 
    37 pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
    38 pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
     34pep.authzDecisionQuery.issuerName =  
     35pep.authzDecisionQuery.subjectIdFormat = urn:esg:openid 
     36pep.authzDecisionQuery.clockSkewTolerance = 0. 
     37pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/ca 
     38pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
     39pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/wsgi/authz/test_authz.py

    r7077 r7164  
    1111__revision__ = '$Id$' 
    1212import logging 
    13  
     13logging.basicConfig(level=logging.DEBUG) 
    1414 
    1515import unittest 
     
    1717from urlparse import urlunsplit 
    1818 
    19 from os.path import expandvars as xpdVars 
    20 from os.path import join as jnPath 
    21 mkPath = lambda file: jnPath(os.environ['NDGSEC_COMBINED_SRVS_UNITTEST_DIR'],  
    22                              file) 
     19from os import path 
    2320from ConfigParser import SafeConfigParser 
    2421 
     
    3330    HTTPRedirectPEPResultHandlerMiddleware 
    3431from ndg.security.server.wsgi.authz import SamlPIPMiddlewareConfigError 
    35 from ndg.security.common.authz.msi import Response 
    3632 
    3733 
     
    9793    def save(self): 
    9894        pass 
    99  
    100          
    101 class TestAuthZMiddleware(object): 
    102     '''Test Application for the Authentication handler to protect''' 
    103     response = "Test Authorization application" 
    104         
    105     def __init__(self, app_conf, **local_conf): 
    106         pass 
    107      
    108     def __call__(self, environ, start_response): 
    109          
    110         if environ['PATH_INFO'] == '/test_401': 
    111             status = "401 Unauthorized" 
    112              
    113         elif environ['PATH_INFO'] == '/test_403': 
    114             status = "403 Forbidden" 
    115              
    116         elif environ['PATH_INFO'] == '/test_200': 
    117             status = "200 OK" 
    118              
    119         elif environ['PATH_INFO'] == '/test_accessDeniedToSecuredURI': 
    120             # Nb. AuthZ middleware should intercept the request and bypass this 
    121             # response 
    122             status = "200 OK" 
    123              
    124         elif environ['PATH_INFO'] == '/test_accessGrantedToSecuredURI': 
    125             status = "200 OK" 
    126         else: 
    127             status = "404 Not found" 
    128                  
    129         start_response(status, 
    130                        [('Content-length',  
    131                          str(len(TestAuthZMiddleware.response))), 
    132                         ('Content-type', 'text/plain')]) 
    133         return [TestAuthZMiddleware.response] 
    134  
    135  
    136 class BeakerSessionStub(dict): 
    137     """Emulate beaker.session session object for purposes of the unit tests 
    138     """ 
    139     def save(self): 
    140         pass 
    14195  
    14296     
    14397class SamlWSGIAuthZTestCase(BaseTestCase): 
    14498    INI_FILE = 'saml-test.ini' 
    145     THIS_DIR = os.path.dirname(os.path.abspath(__file__)) 
     99    THIS_DIR = path.dirname(path.abspath(__file__)) 
    146100    def __init__(self, *args, **kwargs):        
    147101        BaseTestCase.__init__(self, *args, **kwargs) 
     
    276230    INI_FILE = 'pep-result-handler-test.ini' 
    277231    THIS_DIR = os.path.dirname(os.path.abspath(__file__)) 
    278     INI_FILEPATH = jnPath(THIS_DIR, INI_FILE) 
     232    INI_FILEPATH = path.join(THIS_DIR, INI_FILE) 
    279233     
    280234    def __init__(self, *arg, **kw): 
     
    282236         
    283237        here_dir = os.path.dirname(os.path.abspath(__file__)) 
    284         wsgiapp = loadapp('config:'+PEPResultHandlerTestCase.INI_FILE,  
    285                           relative_to=PEPResultHandlerTestCase.THIS_DIR) 
     238        wsgiapp = loadapp('config:'+self.__class__.INI_FILE,  
     239                          relative_to=self.__class__.THIS_DIR) 
    286240        self.app = paste.fixture.TestApp(wsgiapp) 
    287241         
    288         cfg = SafeConfigParser(dict(here=PEPResultHandlerTestCase.THIS_DIR)) 
    289         cfg.read(jnPath(PEPResultHandlerTestCase.INI_FILEPATH)) 
     242        cfg = SafeConfigParser(dict(here=self.__class__.THIS_DIR)) 
     243        cfg.read(self.__class__.INI_FILEPATH) 
    290244        self.redirectURI = cfg.get('filter:AuthZFilter',  
    291245                                   'authz.pepResultHandler.redirectURI') 
     
    300254        extra_environ = { 
    301255            'beaker.session.ndg.security': 
    302                 BeakerSessionStub(username=PEPResultHandlerTestCase.OPENID_URI) 
     256                        BeakerSessionStub(username=self.__class__.OPENID_URI) 
    303257        } 
    304258         
Note: See TracChangeset for help on using the changeset viewer.