Ignore:
Timestamp:
16/08/10 16:35:11 (9 years ago)
Author:
pjkersha
Message:

Incomplete - task 2: XACML-Security Integration

  • integrating XACML context handler with authorisation service.
Location:
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice
Files:
1 added
1 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/authorisation-service.ini

    r7257 r7330  
    4040prefix = authz. 
    4141authz.queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC 
    42 authz.policyFilePath = %(here)s/policy.xml 
     42 
    4343authz.xacmlContext.assertionLifetime = 86400 
     44 
     45# 
     46# XACML Context handler manages PEP (Policy Information Point) requests and the  
     47# PDP's (Policy Decison Point's) interface to the PIP (Policy Information Point) 
     48#  
     49 
     50# XACML Policy file 
     51authz.ctx_handler.policyFilePath = %(here)s/policy.xml 
     52 
     53# Settings for SAML authorisation decision response to a Policy Enforcement Point 
     54# making a decision query 
     55authz.ctx_handler.issuerName = O=NDG, OU=Security, CN=localhost 
     56authz.ctx_handler.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName 
     57authz.ctx_handler.assertionLifetime = 86400 
     58 
     59# 
     60# Policy Information Point interface settings 
     61# 
     62# The Context handler is a client to the PIP, passing on attribute queries  
     63# on behalf of the PDP onwards to the PIP 
     64 
     65#  
     66# Attribute ID -> Attribute Authority mapping file.  The PIP, on receipt of a  
     67# query from the XACML context handler, checks the attribute(s) being queried  
     68# for and looks up this mapping to determine which attribute authority to query  
     69# to find out if the subject has the attribute in their entitlement 
     70authz.ctx_handler.pip.mappingFilePath = %(here)s/pip-mapping.txt 
     71 
     72# The attribute ID of the subject value to extract from the XACML request 
     73# context and pass in the SAML attribute query 
     74authz.ctx_handler.pip.subjectAttributeId = urn:esg:openid 
     75 
     76# The context handler  
     77authz.ctx_handler.pip.attributeQuery.issuerName = %(authz.ctx_handler.issuerName)s 
     78authz.ctx_handler.pip.attributeQuery.issuerFormat = %(authz.ctx_handler.issuerFormat)s 
     79 
     80# These settings configure SSL mutual authentication for the query to the SAML Attribute Authority 
     81authz.ctx_handler.pip.attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.crt 
     82authz.ctx_handler.pip.attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.key 
     83authz.ctx_handler.pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca 
     84 
    4485 
    4586# Logging configuration 
Note: See TracChangeset for help on using the changeset viewer.