Changeset 7733


Ignore:
Timestamp:
18/11/10 13:38:48 (9 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • added authorisation service template
Location:
TI12-security/trunk/NDGSecurity/python
Files:
7 added
4 edited
1 moved

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7637 r7733  
    106106                                                        output_dir,  
    107107                                                        vars) 
    108         
     108 
    109109         
     110from ndg.saml.saml2.core.AbstractNameIDType import X509_SUBJECT 
     111 
     112class AuthorisationServiceTemplate(Template): 
     113    """Paster template for the authorisation service""" 
     114    DEFAULT_MOUNT_POINT = 'AuthorisationService' 
     115    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
     116    DEFAULT_ISSUER_FORMAT = X509_SUBJECT 
     117     
     118    _template_dir = 'authorisationservice' 
     119    summary = ( 
     120        'Template to create an NDG Security Authorisation Service') 
     121    vars = [ 
     122        var('mountPoint',  
     123            ('URI path to mount service i.e. https://myhost/<mountPoint>'), 
     124            default=DEFAULT_MOUNT_POINT), 
     125 
     126        var('issuerName',  
     127            ('ID of this service used in SAML queries and responses'), 
     128            default=DEFAULT_ISSUER_NAME), 
     129 
     130        var('issuerFormat',  
     131            ('Format of issuerName string; if using the default, ensure that ' 
     132             'the issuerName value is a correctly formatted X.509 Subject Name'), 
     133            default=DEFAULT_ISSUER_FORMAT) 
     134    ] 
     135 
     136       
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/setup.py

    r7708 r7733  
    3636    main=pylons.util:PylonsInstaller 
    3737    [paste.paster_create_template] 
    38     ndgsecurity_services=ndg.security.server.paster_templates.template:DefaultDeploymentTemplate 
     38    ndgsecurity_authorisation_service=ndg.security.server.paster_templates.template:AuthorisationServiceTemplate 
    3939    ndgsecurity_services_with_sso=ndg.security.server.paster_templates.template:FullDeploymentTemplate 
    4040    """ 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/attributeauthority/sitea/site-a.ini

    r7698 r7733  
    66# P J Kershaw 12/09/08 
    77#  
    8 # Copyright (C) 2009 Science and Technology Facilities Council 
     8# Copyright (C) 2010 Science and Technology Facilities Council 
    99#  
    1010# BSD - See LICENCE file for details 
     
    6262saml.soapbinding.serialise = ndg.security.common.saml_utils.esgf.xml.etree:ESGFResponseElementTree.toXML 
    6363 
     64# Otherwise use default 
     65#saml.soapbinding.serialise = ndg.saml.xml.etree:AttributeQueryElementTree.toXML 
     66 
    6467saml.soapbinding.mountPath = /AttributeAuthority 
    6568saml.soapbinding.queryInterfaceKeyName = %(attributeQueryInterfaceEnvironKeyName)s 
     
    7679 
    7780[handlers] 
    78 keys = console 
     81keys = console, logfile 
    7982 
    8083[formatters] 
     
    97100 
    98101[formatter_generic] 
    99 format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s 
     102format = %(asctime)s.%(msecs)03d %(levelname)-8.8s [%(name)s:%(lineno)d] %(message)s 
    100103datefmt = %Y/%m/%d %H:%M:%S 
     104 
     105[handler_logfile] 
     106class = handlers.RotatingFileHandler 
     107level=NOTSET 
     108formatter=generic 
     109args=(os.path.join('%(here)s', 'service.log'), 'a', 10000, 2) 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/authorisation-service.ini

    r7709 r7733  
    11# 
    2 # INI file for testing the SAML Authorisation Query interface.  It uses a 
    3 # test stub for the Authorisation Service  
     2# Title: INI file for NDG Security SAML Authorisation Service with XACML PDP   
     3# 
     4# Description: Service for unit tests  
     5# 
     6# Author: P J Kershaw 
     7# 
     8# Date: 16/11/10 
     9# 
     10# Copyright: STFC 2010 
     11# 
     12# Licence: BSD - See top-level LICENCE file for licence details 
    413# 
    514# The %(here)s variable will be replaced with the parent directory of this file 
     
    716[DEFAULT] 
    817testConfigDir = ../../../config 
     18 
     19# This apply if the service is run with paster otherwise it's ignored e.g. if  
     20# the service is run in mod_wsgi 
    921port = 5000 
    1022baseURI = localhost:%(port)s 
     23authorisationDecisionFuncEnvironKeyName = saml.authz.queryInterfaceEnvironKey 
     24 
     25# Name of this authorisation service and the format of name.  Both are used in 
     26# SAML query/responses 
     27 
     28# This name must follow X.509 Subject Name format if following 'samlIssuerFormat' 
     29# is set as shown 
     30samlIssuerName = O=NDG, OU=Security, CN=localhost 
     31samlIssuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName 
    1132 
    1233[server:main] 
     
    1637 
    1738[pipeline:main] 
    18 pipeline = TestAuthorisationServiceFilter SAMLSoapAuthzDecisionInterfaceFilter TestApp 
     39pipeline = AuthorisationServiceFilter SAMLSoapAuthzDecisionInterfaceFilter TestApp 
    1940 
    2041[app:TestApp] 
     
    3253# The key name in environ which the upstream authorisation service must assign 
    3354# to its authorisation query callback 
    34 saml.queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC 
     55saml.queryInterfaceKeyName = %(authorisationDecisionFuncEnvironKeyName)s 
    3556 
    3657# ElementTree based XML parsing and serialisation used for SAML messages 
     
    3960 
    4061# Sets the identity of THIS authorisation service when filling in SAML responses 
    41 saml.issuerName = /O=Test/OU=Authorisation Service 
    42 saml.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName 
     62#saml.issuerName = /O=Test/OU=Authorisation Service 
     63saml.issuerName = %(samlIssuerName)s 
     64saml.issuerFormat = %(samlIssuerFormat)s 
    4365 
    4466#______________________________________________________________________________ 
    4567# Authorisation Service WSGI settings 
    46 [filter:TestAuthorisationServiceFilter] 
     68[filter:AuthorisationServiceFilter] 
    4769# This filter is a container for a binding to a SOAP/SAML based interface to the 
    4870# Authorisation Service.  It contains a XACML Context handler which manages 
     
    5173paste.filter_app_factory = ndg.security.server.wsgi.authz.service:AuthorisationServiceMiddleware.filter_app_factory 
    5274prefix = authz. 
    53 authz.queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC 
     75authz.queryInterfaceKeyName = %(authorisationDecisionFuncEnvironKeyName)s 
    5476 
    5577# Lifetime for authorisation assertions issued from this service 
     
    6688# Settings for SAML authorisation decision response to a Policy Enforcement Point 
    6789# making a decision query 
    68 authz.ctx_handler.issuerName = O=NDG, OU=Security, CN=localhost 
    69 authz.ctx_handler.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName 
     90authz.ctx_handler.issuerName = %(samlIssuerName)s 
     91authz.ctx_handler.issuerFormat = %(samlIssuerFormat)s 
    7092authz.ctx_handler.assertionLifetime = 86400 
    7193 
     
    118140authz.ctx_handler.pip.attributeQuery.issuerFormat = %(authz.ctx_handler.issuerFormat)s 
    119141 
     142authz.ctx_handler.pip.attributeQuery.serialise = ndg.saml.xml.etree:AttributeQueryElementTree.toXML 
     143 
    120144# Enable support for ESGF Group/Role Attribute Value in SAML Attribute queries 
    121 authz.ctx_handler.pip.attributeQuery.serialise = ndg.saml.xml.etree:AttributeQueryElementTree.toXML 
     145#authz.ctx_handler.pip.attributeQuery.serialise = ndg.saml.xml.etree:AttributeQueryElementTree.fromXML 
    122146authz.ctx_handler.pip.attributeQuery.deserialise = ndg.security.common.saml_utils.esgf.xml.etree:ESGFResponseElementTree.fromXML 
    123147 
    124148# These settings configure SSL mutual authentication for the query to the SAML Attribute Authority 
    125 authz.ctx_handler.pip.attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.crt 
    126 authz.ctx_handler.pip.attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.key 
    127 authz.ctx_handler.pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca 
     149authz.ctx_handler.pip.attributeQuery.sslCertFilePath = %(testConfigDir)s/pki/localhost.crt 
     150authz.ctx_handler.pip.attributeQuery.sslPriKeyFilePath = %(testConfigDir)s/pki/localhost.key 
     151authz.ctx_handler.pip.attributeQuery.sslCACertDir = %(testConfigDir)s/pki/ca 
    128152 
    129153 
Note: See TracChangeset for help on using the changeset viewer.