source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/authz_lite/securedapp.ini @ 7077

#
# NDG Security AuthZ WSGI Testing environment configuration.  This ini file
# defines the configuration for a an application to be secured.  Security
# filters placed in front of the application in the WSGI pipeline act as
# client to security services running on a separate application stack.  - See
# securityservices.ini
#
# NERC DataGrid
#
# Author: P J Kershaw
#
# Date: 01/07/09
#
# Copyright: STFC 2009
#
# Licence: BSD - See top-level LICENCE file for licence details
#
# The %(here)s variable will be replaced with the parent directory of this file
#
[DEFAULT]
testConfigDir = %(here)s/../../config
beakerSessionKeyName = beaker.session.ndg.security

[server:main]
use = egg:Paste#http
host = 0.0.0.0
port = 7080

[pipeline:main]
pipeline = BeakerSessionFilter 
                   AuthenticationFilter 
                   AuthorizationFilter 
                   AuthZTestApp

[app:AuthZTestApp]
paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory


[filter:BeakerSessionFilter]
paste.filter_app_factory = beaker.middleware:SessionMiddleware

# Cookie name
beaker.session.key = ndg.security.session

# WSGI environ key name
environ_key = %(beakerSessionKeyName)s
beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
beaker.cache.data_dir = %(here)s/authn/beaker/cache
beaker.session.data_dir = %(here)s/authn/beaker/sessions

#beaker.session.cookie_domain = .localhost

[filter:AuthenticationFilter]
paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
prefix = authN.

# Set redirect for OpenID Relying Party in the Security Services app instance
authN.redirectURI = https://localhost:7443/verify

# Default URI to return to if middleware wasn't able to set via HTTP_REFERER or
# passed return to query argument
authN.sessionHandler.defaultLogoutReturnToURI = https://localhost:7443/

# AuthKit Set-up
authkit.setup.method=cookie

# This cookie name and secret MUST agree with the name used by the security web
# services app
authkit.cookie.name=ndg.security.auth
authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
authkit.cookie.signoutpath = /logout

# Disable inclusion of client IP address from cookie signature due to 
# suspected problem with AuthKit setting it when a HTTP Proxy is in place
authkit.cookie.includeip = False

#authkit.cookie.params.expires = 2
#authkit.cookie.params.domain = .localhost

# environ key name for beaker session
authkit.session.middleware = %(beakerSessionKeyName)s

[filter:AuthorizationFilter]
paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory
prefix = authz.
authz.pepResultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware
authz.pepResultHandler.staticContentDir = %(here)s/pep_result_handler
authz.pepResultHandler.baseURL = http://localhost:7080
authz.pepResultHandler.heading = Access Denied
authz.pepResultHandler.messageTemplate = Access is forbidden for this resource:<div id="accessDeniedMessage">$pdpResponseMsg</div>Please check with your site administrator that you have the required access privileges.
authz.pepResultHandler.footerText = This site is for test purposes only.
authz.pepResultHandler.rightLink = http://ceda.ac.uk/
authz.pepResultHandler.rightImage = %(authz.pepResultHandler.baseURL)s/layout/CEDA_RightButton60.png
authz.pepResultHandler.rightAlt = Centre for Environmental Data Archival
authz.pepResultHandler.helpIcon = %(authz.pepResultHandler.baseURL)s/layout/icons/help.png

policy.filePath = %(here)s/policy.xml

# Settings for Policy Information Point used by the Policy Decision Point to
# retrieve subject attributes from the Attribute Authority associated with the
# resource to be accessed

# If omitted, DN of SSL Cert is used
pip.attributeQuery.issuerName = 
pip.attributeQuery.subjectIdFormat = urn:esg:openid
pip.attributeQuery.clockSkewTolerance = 0.
pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string
pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca
pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt
pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key

# Logging configuration
[loggers]
keys = root, ndg

[handlers]
keys = console

[formatters]
keys = generic

[logger_root]
level = INFO
handlers = console

[logger_ndg]
level = DEBUG
handlers =
qualname = ndg

[handler_console]
class = StreamHandler
args = (sys.stderr,)
level = NOTSET
formatter = generic

[formatter_generic]
format = %(asctime)s.%(msecs)03d %(levelname)-5.5s [%(name)s:%(lineno)s] %(message)s
datefmt = %Y-%m-%d-%H:%M:%S