Changeset 7845


Ignore:
Timestamp:
25/01/11 17:12:39 (8 years ago)
Author:
pjkersha
Message:

Incomplete - task 16: NDG Security 2.x.x - incl. updated Paster templates

  • fixed yadis template syntax
  • updating securedapp template.
Location:
TI12-security/trunk/NDGSecurity/python
Files:
12 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/Makefile

    r7843 r7845  
    2626USERDB_FILEPATH = ${TEST_CONFIG_SRC_DIR}${USERDB_FILENAME} 
    2727 
    28  
    2928# OpenID Provider Specific Settings 
    3029OP_SERVER_YADIS_TMPL_SRC_FILENAME = serveryadis.xml 
    3130OP_YADIS_TMPL_SRC_FILENAME = yadis.xml 
     31 
    3232 
    3333# Generic Services Template Settings 
     
    4242SERVICE_PKI_DEST_DIR = ${SERVICE_DEST_DIR}pki/ 
    4343SERVICE_CA_DEST_DIR = ${SERVICE_PKI_DEST_DIR}ca/ 
     44SERVICE_LOG_DEST_DIR = ${SERVICE_DEST_DIR}log/ 
     45SERVICE_LOG_FILEPATH = ${SERVICE_LOG_DEST_DIR}service.log 
    4446SERVICE_SURPLUS_FILES = README __init__.* attributeinterface.* securedapp.* \ 
    45         securityservicesapp.* request-filter.xml pep_result_handler *.pyc \ 
    46         authn/* openidprovider/associations/  openidprovider/beaker/ \ 
     47        request-filter.xml pep_result_handler *.pyc authn/* \ 
     48        openidprovider/associations/  openidprovider/beaker/ \ 
    4749        openidprovider/README openidprovider/nonces/ openidprovider/temp/ \ 
    4850        openidrelyparty/store/ openidrelyparty/__init__.* \ 
    49         pip-session-cache/* 
     51        pip-session-cache/* log 
    5052SERVICE_OP_DIRNAME = openidprovider/ 
    5153SERVICE_OP_DIR = ${SERVICE_DEST_DIR}${SERVICE_OP_DIRNAME} 
     
    6870                rm -rf ${SERVICE_DEST_DIR}$$i ; \ 
    6971        done ; 
     72        # Make an empty log file so that log directory is included in egg 
     73        @-echo Make log directory ... 
     74        mkdir ${SERVICE_DEST_DIR}log 
     75        touch ${SERVICE_LOG_FILEPATH} 
    7076        @-echo Making substitutions for ini file template variables ... 
    7177        sed -e s/'portNum = .*'/'portNum = %%\{portNumber}'/ \ 
     
    8692        rm -f ${SERVICE_INI_FILEPATH_TMP} 
    8793        @-echo Making substitutions for OpenID Provider Yadis templates ... 
    88         @-echo Removing unneeded XRD entries ... 
    89         sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<XRD>'/d \ 
    90         -e s/'<XRD>'/'%%\{serveryadisExtraXrdEntries}\n    <XRD>'/ \ 
     94        sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<\/Service>'/d \ 
     95        -e s/'<\/XRD>'/'    %%\{serveryadisExtraServiceEndpoints}\n    <\/XRD>'/ \ 
    9196                ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP} > \ 
    9297                ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH} 
    9398        rm -f ${SERVICE_OP_SERVER_YADIS_TMPL_FILEPATH_TMP} 
    94         sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<XRD>'/d \ 
    95         -e s/'<XRD>'/'%%\{yadisExtraXrdEntries}\n    <XRD>'/ \ 
    96                 ${SERVICE_OP_YADIS_TMPL_FILEPATH_TMP} > \ 
    97                 ${SERVICE_OP_YADIS_TMPL_FILEPATH} 
     99        sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<\/Service>'/d \ 
     100        -e s/'<\/XRD>'/'    %%\{yadisExtraServiceEndpoints}\n    <\/XRD>'/ \ 
     101                ${SERVICE_OP_YADIS_TMPL_FILEPATH_TMP} > ${SERVICE_OP_YADIS_TMPL_FILEPATH} 
    98102        rm -f ${SERVICE_OP_YADIS_TMPL_FILEPATH_TMP} 
    99103        @-echo 
     
    113117        rm -rf ${SERVICE_DEST_DIR} 
    114118 
     119 
     120# Secured Application Template Settings 
     121SECUREDAPP_SRC_DIRNAME = full_system/ 
     122SECUREDAPP_DEST_DIRNAME = securedapp/ 
     123SECUREDAPP_SRC_DIR = ${INTEGRATION_TEST_DIR}${SECUREDAPP_SRC_DIRNAME} 
     124SECUREDAPP_DEST_DIR = ${DEST_DIR}${SECUREDAPP_DEST_DIRNAME} 
     125SECUREDAPP_SRC_INI_FILENAME = securedapp.ini 
     126SECUREDAPP_SRC_INI_FILEPATH = ${SECUREDAPP_SRC_DIR}${SECUREDAPP_SRC_INI_FILENAME} 
     127SECUREDAPP_INI_FILEPATH_TMP = ${SECUREDAPP_DEST_DIR}${SECUREDAPP_SRC_INI_FILENAME} 
     128SECUREDAPP_INI_TMPL_FILEPATH = ${SECUREDAPP_DEST_DIR}service.ini_tmpl 
     129SECUREDAPP_PKI_DEST_DIR = ${SECUREDAPP_DEST_DIR}pki/ 
     130SECUREDAPP_CA_DEST_DIR = ${SECUREDAPP_PKI_DEST_DIR}ca/ 
     131SECUREDAPP_LOG_DEST_DIR = ${SECUREDAPP_DEST_DIR}log/ 
     132SECUREDAPP_LOG_FILEPATH = ${SECUREDAPP_LOG_DEST_DIR}service.log 
     133SECUREDAPP_SURPLUS_FILES = README __init__.* attributeinterface.* \ 
     134        securityservicesapp.* *.pyc authn/* openidprovider/ openidrelyparty/store/ \ 
     135        openidrelyparty/__init__.* pip-session-cache/ log/ policy.xml 
     136SECUREDAPP_REQUEST_FILTER_FILENAME = request-filter.xml 
     137SECUREDAPP_REQUEST_FILTER_TMPL_FILENAME = ${SECUREDAPP_REQUEST_FILTER_FILENAME}_tmpl 
     138SECUREDAPP_REQUEST_FILTER_FILEPATH = ${SECUREDAPP_SRC_DIR}${SECUREDAPP_REQUEST_FILTER_FILENAME} 
     139SECUREDAPP_REQUEST_FILTER_TMPL_FILEPATH = ${SECUREDAPP_DEST_DIR}${SECUREDAPP_REQUEST_FILTER_TMPL_FILENAME} 
     140         
     141securedapp_tmpl: ${SECUREDAPP_SRC_DIR} 
     142        @-echo Preparing Secured Application template ... 
     143        @-echo 
     144        @-echo Copying configuration files ... 
     145        @-cp -r ${SECUREDAPP_SRC_DIR} ${SECUREDAPP_DEST_DIR} 2> /dev/null 
     146        @-echo Clear out SVN directories ... 
     147        @-find ${SECUREDAPP_DEST_DIR} -name ".svn" -print | xargs /bin/rm -rf 
     148        @-echo Remove unneeded files ... 
     149        for i in ${SECUREDAPP_SURPLUS_FILES} ; do \ 
     150                rm -rf ${SECUREDAPP_DEST_DIR}$$i ; \ 
     151        done ; 
     152        # Make an empty log file so that log directory is included in egg 
     153        @-echo Make log directory ... 
     154        mkdir ${SECUREDAPP_LOG_DEST_DIR} 
     155        touch ${SECUREDAPP_LOG_FILEPATH} 
     156        @-echo Making substitutions for ini file template variables ... 
     157        sed -e s/'port = .*'/'port = %%\{portNumber}'/ \ 
     158        -e s/'# Revision:.*'//g \ 
     159        -e s/'authN.redirectURI = .*'/'authN.redirectURI = %%{authnRedirectURI}'/ \ 
     160        -e s/'pep.authzServiceURI = .*'/'pep.authzServiceURI = %%{authzServiceURI}'/ \ 
     161    -e s/'pep\.authzDecisionQuery\.issuerName = .*'/'pep\.authzDecisionQuery\.issuerName = %%\{authzDecisionQueryIssuerName}'/ \ 
     162    -e s/'pep\.authzDecisionQuery\.issuerFormat = .*'/'pep\.authzDecisionQuery\.issuerFormat = %%\{authzDecisionQueryIssuerFormat}'/ \ 
     163        -e s/'authkit\.cookie\.secret =.*'/'authkit\.cookie\.secret = %%\{authkitCookieSecret}'/ \ 
     164        -e s/'beaker\.session\.secret =.*'/'beaker\.session\.secret = %%\{beakerSessionCookieSecret}'/ \ 
     165        -e s/'authkit.openid.session.secret = .*'/'authkit.openid.session.secret = %%\{openidRelyingPartyCookieSecret}'/ \ 
     166        -e s/'testConfigDir = .*'// \ 
     167        -e s/testConfigDir/here/g \ 
     168        -e s/\(os\.path\.join\(\'%\(here\)s\'/\(os.path.join\(\'%%\{outputDir}\'/ \ 
     169                ${SECUREDAPP_INI_FILEPATH_TMP} > ${SECUREDAPP_INI_TMPL_FILEPATH} 
     170        rm -f ${SECUREDAPP_INI_FILEPATH_TMP} 
     171        @-echo "Make template for ${SECUREDAPP_REQUEST_FILTER_FILENAME} ..." 
     172        sed -r -e s/'http:\/\/localhost:7080'/'%%\{baseURI}'/ \ 
     173                ${SECUREDAPP_REQUEST_FILTER_FILEPATH} > ${SECUREDAPP_REQUEST_FILTER_TMPL_FILEPATH} 
     174        @-echo 
     175        @-echo Create PKI directory and copying files ... 
     176        -mkdir ${SECUREDAPP_PKI_DEST_DIR} 
     177        cp ${SERVER_CERT_SRC_FILEPATH} ${SECUREDAPP_PKI_DEST_DIR} 
     178        cp ${SERVER_KEY_SRC_FILEPATH} ${SECUREDAPP_PKI_DEST_DIR} 
     179        -mkdir ${SECUREDAPP_CA_DEST_DIR} 
     180        cp ${CA_SRC_DIR}* ${SECUREDAPP_CA_DEST_DIR} 
     181        @-echo 
     182        @-echo Done. 
     183         
     184securedapp_tmpl_clean: 
     185        @-echo Clearing Secured App template ... 
     186        rm -rf ${SECUREDAPP_DEST_DIR} 
    115187 
    116188# Authorisation Service Template Settings 
     
    125197AUTHZ_SERVICE_PKI_DEST_DIR = ${AUTHZ_SERVICE_DEST_DIR}pki/ 
    126198AUTHZ_SERVICE_CA_DEST_DIR = ${AUTHZ_SERVICE_PKI_DEST_DIR}ca/ 
     199AUTHZ_SERVICE_LOG_DEST_DIR = ${AUTHZ_SERVICE_DEST_DIR}log/ 
     200AUTHZ_SERVICE_LOG_FILEPATH = ${AUTHZ_SERVICE_LOG_DEST_DIR}service.log 
    127201 
    128202 
     
    146220        rm -f ${AUTHZ_SERVICE_INI_FILEPATH_TMP} 
    147221        @-echo 
     222        # Make an empty log file so that log directory is included in egg 
    148223        @-echo Make log directory ... 
    149         -mkdir ${AUTHZ_SERVICE_DEST_DIR}log 
     224        mkdir ${AUTHZ_SERVICE_DEST_DIR}log 
     225        touch ${AUTHZ_SERVICE_LOG_FILEPATH} 
    150226        @-echo Create PKI directory and copying files ... 
    151227        mkdir -p ${AUTHZ_SERVICE_CA_DEST_DIR} 
     
    174250ATTR_SERVICE_PKI_DEST_DIR = ${ATTR_SERVICE_DEST_DIR}pki/ 
    175251ATTR_SERVICE_CA_DEST_DIR = ${ATTR_SERVICE_PKI_DEST_DIR}ca/ 
     252ATTR_SERVICE_LOG_DEST_DIR = ${ATTR_SERVICE_DEST_DIR}log/ 
     253ATTR_SERVICE_LOG_FILEPATH = ${ATTR_SERVICE_LOG_DEST_DIR}service.log 
    176254 
    177255 
     
    201279        -mkdir ${ATTR_SERVICE_CA_DEST_DIR} 
    202280        cp ${CA_SRC_DIR}* ${ATTR_SERVICE_CA_DEST_DIR} 
     281        # Make an empty log file so that log directory is included in egg 
    203282        @-echo Make log directory ... 
    204         -mkdir ${ATTR_SERVICE_DEST_DIR}log 
     283        mkdir ${ATTR_SERVICE_DEST_DIR}log 
     284        touch ${ATTR_SERVICE_LOG_FILEPATH} 
    205285        @-echo Copying test SQLite user database ... 
    206286        cp ${USERDB_FILEPATH} ${ATTR_SERVICE_DEST_DIR} 
     
    230310OP_YADIS_TMPL_FILEPATH_TMP = ${OP_TMPL_DIR}yadis.xml 
    231311OP_YADIS_TMPL_FILEPATH = ${OP_YADIS_TMPL_FILEPATH_TMP}_tmpl 
     312OP_LOG_DEST_DIR = ${OP_DEST_DIR}log/ 
     313OP_LOG_FILEPATH = ${OP_LOG_DEST_DIR}service.log 
    232314 
    233315 
     
    237319        @-echo Copying templates, CSS and graphics and ini file ... 
    238320        mkdir ${OP_DEST_DIR} 
    239         mkdir ${OP_DEST_DIR}log 
     321        mkdir ${OP_LOG_DEST_DIR} 
     322        touch ${OP_LOG_FILEPATH} 
    240323        @-echo Copying files ... 
    241324        for i in ${OP_CONFIG_FILES} ; do \ 
     
    253336        rm -f ${OP_INI_FILEPATH_TMP} 
    254337        @-echo Making substitutions for Yadis templates ... 
    255         sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<XRD>'/d \ 
    256         -e s/'<XRD>'/'%%\{serveryadisExtraXrdEntries}\n    <XRD>'/ \ 
    257                 ${OP_SERVER_YADIS_TMPL_FILEPATH_TMP} > \ 
    258                 ${OP_SERVER_YADIS_TMPL_FILEPATH} 
     338        sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<\/Service>'/d \ 
     339        -e s/'<\/XRD>'/'    %%\{serveryadisExtraServiceEndpoints}\n    <\/XRD>'/ \ 
     340                ${OP_SERVER_YADIS_TMPL_FILEPATH_TMP} > ${OP_SERVER_YADIS_TMPL_FILEPATH} 
    259341        rm -f ${OP_SERVER_YADIS_TMPL_FILEPATH_TMP} 
    260         sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<XRD>'/d \ 
    261         -e s/'<XRD>'/'%%\{yadisExtraXrdEntries}\n    <XRD>'/ \ 
    262                 ${OP_YADIS_TMPL_FILEPATH_TMP} > \ 
    263                 ${OP_YADIS_TMPL_FILEPATH} 
     342        sed -r -e /'<Service priority=\"(1|19|30|20)\">'/,/'<\/Service>'/d \ 
     343        -e s/'<\/XRD>'/'    %%\{yadisExtraServiceEndpoints}\n    <\/XRD>'/ \ 
     344                ${OP_YADIS_TMPL_FILEPATH_TMP} > ${OP_YADIS_TMPL_FILEPATH} 
    264345        rm -f ${OP_YADIS_TMPL_FILEPATH_TMP} 
    265346        @-echo 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/paster_templates/template.py

    r7842 r7845  
    3333    '$' variables used for other purposes.""" 
    3434    delimiter = "%%" 
     35     
    3536     
    3637class TemplateBase(Template): 
     
    5657@type _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL: ndg.security.server.paster_templates.template.DoublePercentTemplate 
    5758""" 
    58 _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL = DoublePercentTemplate("""<XRD> 
    59         <Service priority="10"> 
     59_MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL = DoublePercentTemplate("""<Service priority="10"> 
    6060            <Type>urn:esg:security:myproxy-service</Type> 
    6161            <URI>%%{myproxyServerURI}</URI> 
    6262            <LocalID>$user_url</LocalID> 
    6363        </Service> 
    64     </XRD> 
    6564""") 
    6665 
     
    7069@type _ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL: ndg.security.server.paster_templates.template.DoublePercentTemplate 
    7170""" 
    72 _ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL = DoublePercentTemplate("""<XRD> 
    73         <Service priority="20"> 
     71_ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL = DoublePercentTemplate("""<Service priority="20"> 
    7472            <Type>urn:esg:security:attribute-service</Type> 
    7573            <Type>urn:esg:security:attribute-service</Type> 
     
    7775            <LocalID>$user_url</LocalID> 
    7876        </Service> 
    79     </XRD> 
    8077""") 
    8178 
     
    8683@type _MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL: ndg.security.server.paster_templates.template.DoublePercentTemplate 
    8784""" 
    88 _MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL = DoublePercentTemplate("""<XRD> 
    89         <Service priority="10"> 
     85_MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL = DoublePercentTemplate("""<Service priority="10"> 
    9086            <Type>urn:esg:security:myproxy-service</Type> 
    9187            <URI>%%{myproxyServerURI}</URI> 
    9288        </Service> 
    93     </XRD> 
    9489""") 
    9590 
     
    10095@type _ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL: ndg.security.server.paster_templates.template.DoublePercentTemplate 
    10196""" 
    102 _ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL = DoublePercentTemplate("""<XRD> 
    103         <Service priority="20"> 
     97_ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL = DoublePercentTemplate("""<Service priority="20"> 
    10498            <Type>urn:esg:security:attribute-service</Type> 
    10599            <URI>%%{attributeServiceURI}</URI> 
    106100        </Service> 
    107     </XRD> 
    108101""") 
    109102 
     
    209202            vars['portNumber'] = '' 
    210203             
    211         vars['yadisExtraXrdEntries'] = '' 
    212         vars['serveryadisExtraXrdEntries'] = '' 
     204        vars['yadisExtraServiceEndpoints'] = '' 
     205        vars['serveryadisExtraServiceEndpoints'] = '' 
    213206         
    214207        attributeServiceURI = vars['baseURI'] + vars[ 
     
    218211        if vars['includeAttributeServiceInYadis']: 
    219212            # yadis.xml_tmpl entry 
    220             vars['yadisExtraXrdEntries' 
     213            vars['yadisExtraServiceEndpoints' 
    221214                 ] += _ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL.substitute( 
    222215                        attributeServiceURI=attributeServiceURI) 
    223216 
    224217            # serveryadis.xml_tmpl entry 
    225             vars['serveryadisExtraXrdEntries' 
     218            vars['serveryadisExtraServiceEndpoints' 
    226219                 ] += _ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL.substitute( 
    227220                        attributeServiceURI=attributeServiceURI) 
     
    232225        if vars['myproxyServerURI']: 
    233226            # yadis.xml_tmpl entry 
    234             vars['yadisExtraXrdEntries' 
     227            vars['yadisExtraServiceEndpoints' 
    235228                 ] += _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL.substitute( 
    236229                            myproxyServerURI=vars['myproxyServerURI'])         
    237230             
    238             vars['serveryadisExtraXrdEntries' 
     231            vars['serveryadisExtraServiceEndpoints' 
    239232                 ] += _MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL.substitute( 
    240233                        myproxyServerURI=vars['myproxyServerURI']) 
     
    247240    """Create a template for a secured application with authentication and 
    248241    authorisation filters""" 
     242    DEFAULT_PORT = 7080 
     243    DEFAULT_AUTHN_REDIRECT_URI = 'https://localhost:7443/verify' 
     244    DEFAULT_AUTHZ_SERVICE_URI = 'https://localhost:7443/AuthorisationService' 
     245    DEFAULT_ISSUER_NAME = 'O=NDG, OU=Security, CN=localhost' 
     246    DEFAULT_ISSUER_FORMAT = Issuer.X509_SUBJECT 
    249247     
    250248    _template_dir = 'secured_application' 
     
    253251        'authentication and authorisation filters') 
    254252    vars = [ 
    255         var('hostname',  
    256             ('Virtual host name to mount services on'), 
    257             default=_hostname), 
     253        var('portNumber', 
     254            'Port number for service to listen on [applies to running with ' 
     255            'paster ONLY]', 
     256            default=DEFAULT_PORT), 
    258257 
    259258        var('authkitCookieSecret',  
     
    265264        var('beakerSessionSecret',  
    266265            'Cookie secret for keeping security session state', 
    267             default=base64.b64encode(os.urandom(32))[:32]) 
     266            default=base64.b64encode(os.urandom(32))[:32]), 
     267 
     268        var('authnRedirectURI',  
     269            ('endpoint hosting OpenID Relying Party and/or SSL authentication ' 
     270             'interface'), 
     271            default=DEFAULT_AUTHN_REDIRECT_URI), 
     272 
     273        var('authzServiceURI',  
     274            ('endpoint authorisation service which this app is secured with'), 
     275            default=DEFAULT_AUTHZ_SERVICE_URI), 
     276             
     277        var('authzDecisionQueryIssuerName',  
     278            ('ID of this service used in SAML authorisation queries'), 
     279            default=DEFAULT_ISSUER_NAME), 
     280 
     281        var('authzDecisionQueryIssuerFormat',  
     282            ('Format of authzDecisionQueryIssuerName string; if using the ' 
     283             'default, ensure that the issuerName value is a correctly ' 
     284             'formatted X.509 Subject Name'), 
     285            default=DEFAULT_ISSUER_FORMAT) 
    268286    ] 
    269287 
     
    422440 
    423441        # Set Yadis XRDS entries 
    424         vars['yadisExtraXrdEntries'] = '' 
    425         vars['serveryadisExtraXrdEntries'] = '' 
     442        vars['yadisExtraServiceEndpoints'] = '' 
     443        vars['serveryadisExtraServiceEndpoints'] = '' 
    426444         
    427445        # Attribute Service entry added if an endpoint was specified 
    428446        if vars['attributeServiceURI']: 
    429447            # yadis.xml_tmpl entry 
    430             vars['yadisExtraXrdEntries' 
     448            vars['yadisExtraServiceEndpoints' 
    431449                 ] += _ATTRIBUTE_SERVICE_LOCALID_XRD_ENTRY_TMPL.substitute( 
    432450                        attributeServiceURI=vars['attributeServiceURI']) 
    433451 
    434452            # serveryadis.xml_tmpl entry 
    435             vars['serveryadisExtraXrdEntries' 
     453            vars['serveryadisExtraServiceEndpoints' 
    436454                 ] += _ATTRIBUTE_SERVICE_NONLOCALID_XRD_ENTRY_TMPL.substitute( 
    437455                        attributeServiceURI=vars['attributeServiceURI']) 
     
    441459        if vars['myproxyServerURI']: 
    442460            # yadis.xml_tmpl entry 
    443             vars['yadisExtraXrdEntries' 
     461            vars['yadisExtraServiceEndpoints' 
    444462                 ] += _MYPROXY_SERVER_LOCALID_XRD_ENTRY_TMPL.substitute( 
    445463                            myproxyServerURI=vars['myproxyServerURI'])         
    446464             
    447             vars['serveryadisExtraXrdEntries' 
     465            vars['serveryadisExtraServiceEndpoints' 
    448466                 ] += _MYPROXY_SERVER_NONLOCALID_XRD_ENTRY_TMPL.substitute( 
    449467                        myproxyServerURI=vars['myproxyServerURI']) 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/openid/provider/renderinginterface/genshi/templates/serveryadis.xml

    r7822 r7845  
    66            <URI>socket://myproxy-server.somewhere.ac.uk:7512</URI> 
    77        </Service> 
    8     </XRD> 
    9     <XRD> 
    108        <Service priority="20"> 
    119            <Type>urn:esg:security:attribute-service</Type> 
    1210            <URI>https://attributeservice.somewhere.ac.uk</URI> 
    1311        </Service> 
    14     </XRD> 
    15     <XRD> 
    1612        <Service priority="0"> 
    1713            <Type>$openid20type</Type> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_server/ndg/security/server/wsgi/openid/provider/renderinginterface/genshi/templates/yadis.xml

    r7822 r7845  
    77            <LocalID>$user_url</LocalID> 
    88        </Service> 
    9     </XRD> 
    10     <XRD> 
    119        <Service priority="20"> 
    1210            <Type>urn:esg:security:attribute-service</Type> 
     
    1412            <LocalID>$user_url</LocalID> 
    1513        </Service> 
    16     </XRD> 
    17     <XRD> 
    1814        <Service priority="30"> 
    1915            <Type>urn:esg:security:attribute-service</Type> 
     
    2117            <LocalID>$user_url</LocalID> 
    2218        </Service> 
    23     </XRD> 
    24     <XRD> 
    2519        <Service priority="19"> 
    2620            <Type>urn:esg:security:attribute-service</Type> 
     
    2822            <LocalID>$user_url</LocalID> 
    2923        </Service> 
    30     </XRD> 
    31     <XRD> 
    3224        <Service priority="0"> 
    3325            <Type>$openid20type</Type> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/openidprovider/templates/serveryadis.xml

    r7822 r7845  
    66            <URI>socket://myproxy-server.somewhere.ac.uk:7512</URI> 
    77        </Service> 
    8     </XRD> 
    9     <XRD> 
    108        <Service priority="20"> 
    119            <Type>urn:esg:security:attribute-service</Type> 
    1210            <URI>https://localhost:7443/AttributeAuthority</URI> 
    1311        </Service> 
    14     </XRD> 
    15     <XRD> 
    1612        <Service priority="0"> 
    1713            <Type>$openid20type</Type> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/openidprovider/templates/yadis.xml

    r7822 r7845  
    77            <LocalID>$user_url</LocalID> 
    88        </Service> 
    9     </XRD> 
    10     <XRD> 
    119        <Service priority="20"> 
    1210            <Type>urn:esg:security:attribute-service</Type> 
     
    1412            <LocalID>$user_url</LocalID> 
    1513        </Service> 
    16     </XRD> 
    17     <XRD> 
    1814        <Service priority="30"> 
    1915            <Type>urn:esg:security:attribute-service</Type> 
     
    2117            <LocalID>$user_url</LocalID> 
    2218        </Service> 
    23     </XRD> 
    24     <XRD> 
    2519        <Service priority="19"> 
    2620            <Type>urn:esg:security:attribute-service</Type> 
     
    2822            <LocalID>$user_url</LocalID> 
    2923        </Service> 
    30     </XRD> 
    31     <XRD> 
    3224        <Service priority="0"> 
    3325            <Type>$openid20type</Type> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securedapp.ini

    r7824 r7845  
    11# 
    2 # NDG Security AuthZ WSGI Testing environment configuration.  This ini file 
    3 # defines the configuration for a an application to be secured.  Security 
    4 # filters placed in front of the application in the WSGI pipeline act as 
    5 # client to security services running on a separate application stack.  - See 
    6 # securityservices.ini 
     2# Description: NDG Security AuthZ WSGI Testing environment configuration.  This  
     3# ini file defines the configuration for a an application to be secured.   
     4# Security filters placed in front of the application in the WSGI pipeline act  
     5# as client to security services running on a separate application stack.  - See 
     6# securityservices.ini / ndgsecurity_services template 
    77# 
    88# NERC DataGrid 
     
    1212# Date: 01/07/09 
    1313# 
    14 # Copyright: STFC 2009 
     14# Copyright: STFC 2011 
    1515# 
    16 # Licence: BSD - See top-level LICENCE file for licence details 
     16# Licence: BSD 
    1717# 
    1818# The %(here)s variable will be replaced with the parent directory of this file 
    1919# 
    2020[DEFAULT] 
     21beakerSessionKeyName = beaker.session.ndg.security 
    2122testConfigDir = %(here)s/../../config 
    22 beakerSessionKeyName = beaker.session.ndg.security 
    2323 
    2424[server:main] 
     
    6767# This cookie name and secret MUST agree with the name used by the security web 
    6868# services app 
    69 authkit.cookie.name=ndg.security.auth 
    70 authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr 
     69authkit.cookie.name = ndg.security.auth 
     70authkit.cookie.secret = 9wvZObs9anUEhSIAnJNoY2iJq59FfYZr 
    7171authkit.cookie.signoutpath = /logout 
    7272 
     
    119119pep.authzDecisionQuery.clockSkewTolerance = 0. 
    120120pep.authzDecisionQuery.sslCACertDir=%(testConfigDir)s/pki/ca 
    121 pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 
    122 pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 
     121pep.authzDecisionQuery.sslCertFilePath=%(testConfigDir)s/pki/localhost.crt 
     122pep.authzDecisionQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/localhost.key 
    123123 
    124124# Logging configuration 
     
    127127 
    128128[handlers] 
    129 keys = console 
     129keys = console, logfile 
    130130 
    131131[formatters] 
     
    151151datefmt = %Y-%m-%d-%H:%M:%S 
    152152 
     153[handler_logfile] 
     154class = handlers.RotatingFileHandler 
     155level=NOTSET 
     156formatter=generic 
     157args=(os.path.join('%(here)s', 'log', 'service.log'), 'a', 50000, 2) 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securedapp.py

    r7077 r7845  
    225225    def filter_app_factory(cls, app, globalConfig, **localConfig): 
    226226        return cls(app, globalConfig, **localConfig) 
    227      
     227 
     228 
     229INI_FILENAME = 'securedapp.ini' 
     230    
    228231# To start run  
    229232# $ paster serve services.ini or run this file as a script 
    230233# $ ./securedapp.py [port #] 
    231 if __name__ == '__main__': 
    232     import sys 
    233     import os 
    234     from os.path import dirname, abspath 
    235     import logging 
    236     logging.basicConfig(level=logging.DEBUG) 
    237  
    238     if len(sys.argv) > 1: 
    239         port = int(sys.argv[1]) 
    240     else: 
    241         port = 7080 
    242          
    243     cfgFilePath = os.path.join(dirname(abspath(__file__)), 'securedapp.ini') 
    244          
    245     from paste.httpserver import serve 
    246     from paste.deploy import loadapp 
    247     from paste.script.util.logging_config import fileConfig 
     234if __name__ == '__main__':  
     235    import optparse    
     236    from os import path 
     237    from ndg.security.server.utils.paste_utils import PasteDeployAppServer 
    248238     
    249     fileConfig(cfgFilePath) 
    250     app = loadapp('config:%s' % cfgFilePath) 
    251     serve(app, host='0.0.0.0', port=port) 
     239    cfgFilePath = path.join(path.dirname(path.abspath(__file__)), INI_FILENAME) 
     240         
     241    parser = optparse.OptionParser() 
     242    parser.add_option("-p", 
     243                      "--port", 
     244                      dest="port", 
     245                      default=7080, 
     246                      type='int', 
     247                      help="port number to run under") 
     248 
     249    parser.add_option("-c", 
     250                      "--conf", 
     251                      dest="configFilePath", 
     252                      default=cfgFilePath, 
     253                      help="Configuration file path") 
     254     
     255    opt = parser.parse_args()[0] 
     256 
     257    server = PasteDeployAppServer(cfgFilePath=opt.configFilePath,  
     258                                  port=opt.port)  
     259    server.start() 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/full_system/securityservices.ini

    r7827 r7845  
    1 # 
    2 # Title:        NERC DataGrid Security Paste INI file template for all services 
    31# 
    42# Description:  Paste configuration for combined SAML Attribute Authority and  
     
    2321hostname = localhost 
    2422scheme = https 
    25 baseURI = %(scheme)s://%(hostname)s:%(portNum)s/ 
    26 openIDProviderIDBase = openid/ 
     23baseURI = %(scheme)s://%(hostname)s:%(portNum)s 
     24openIDProviderIDBase = /openid/ 
    2725 
    2826# The default OpenID set in the Relying Party form text field.  As shown it is 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/openidprovider.ini

    r7796 r7845  
    187187level=NOTSET 
    188188formatter=generic 
    189 args=(os.path.join('%(here)s', 'log', 'openidprovider.log'), 'a', 100000, 10) 
     189args=(os.path.join('%(here)s', 'log', 'service.log'), 'a', 100000, 10) 
    190190 
    191191[formatter_generic] 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/templates/serveryadis.xml

    r7822 r7845  
    66            <URI>socket://myproxy-server.somewhere.ac.uk:7512</URI> 
    77        </Service> 
    8     </XRD> 
    9     <XRD> 
    108        <Service priority="20"> 
    119            <Type>urn:esg:security:attribute-service</Type> 
    1210            <URI>https://localhost:7443/AttributeAuthority</URI> 
    1311        </Service> 
    14     </XRD> 
    15     <XRD> 
    1612        <Service priority="0"> 
    1713            <Type>$openid20type</Type> 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidprovider/templates/yadis.xml

    r7822 r7845  
    77            <LocalID>$user_url</LocalID> 
    88        </Service> 
    9     </XRD> 
    10     <XRD> 
    119        <Service priority="20"> 
    1210            <Type>urn:esg:security:attribute-service</Type> 
     
    1412            <LocalID>$user_url</LocalID> 
    1513        </Service> 
    16     </XRD> 
    17     <XRD> 
    1814        <Service priority="30"> 
    1915            <Type>urn:esg:security:attribute-service</Type> 
     
    2117            <LocalID>$user_url</LocalID> 
    2218        </Service> 
    23     </XRD> 
    24     <XRD> 
    2519        <Service priority="19"> 
    2620            <Type>urn:esg:security:attribute-service</Type> 
     
    2822            <LocalID>$user_url</LocalID> 
    2923        </Service> 
    30     </XRD> 
    31     <XRD> 
    3224        <Service priority="0"> 
    3325            <Type>$openid20type</Type> 
Note: See TracChangeset for help on using the changeset viewer.