source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/server.ini @ 7077

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/server.ini@7077
Revision 7077, 4.8 KB checked in by pjkersha, 11 years ago (diff)
  • Property svn:keywords set to Id
Line 
1#
2# NDG Security pyDAP version 3.0 Test configuration
3#
4# NERC DataGrid
5#
6# Author: P J Kershaw
7#
8# Date: 15/05/09
9#
10# Copyright: STFC 2009
11#
12# Licence: BSD - see top level directory for details
13#
14# The %(here)s variable will be replaced with the parent directory of this
15# file
16#
17[DEFAULT]
18testConfigDir = %(here)s/../../config
19beakerSessionKeyName = beaker.session.ndg.security
20
21[server:main]
22use = egg:Paste#http
23# Change to 0.0.0.0 to make public
24host = 127.0.0.1
25port = 8001
26
27# Composite to enable templates to pick up static content
28[composit:cascade]
29use = egg:Paste#cascade
30app1 = staticLayout
31app2 = pydap
32catch = 404
33
34# Layout folder contains stylesheet and graphics for templates
35[app:staticLayout]
36use = egg:Paste#static
37document_root = %(here)s/layout
38
39# pyDAP Application
40[app:pydap]
41use = egg:pydap#server
42root = %(here)s/data
43templates = %(here)s/template
44x-wsgiorg.throw_errors = 0
45
46# Pipeline to with security filters to protect the pyDAP application
47[pipeline:main]
48pipeline = BeakerSessionFilter AuthenticationFilter AuthorizationFilter cascade
49
50
51[filter:BeakerSessionFilter]
52paste.filter_app_factory = beaker.middleware:SessionMiddleware
53
54# Cookie name
55beaker.session.key = ndg.security.session
56
57# WSGI environ key name
58environ_key = %(beakerSessionKeyName)s
59beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
60beaker.cache.data_dir = %(here)s/authn/beaker/cache
61beaker.session.data_dir = %(here)s/authn/beaker/sessions
62
63#beaker.session.cookie_domain = .localhost
64
65[filter:AuthenticationFilter]
66paste.filter_app_factory = ndg.security.server.wsgi.authn:AuthenticationMiddleware
67prefix = authN.
68
69# Set redirect for OpenID Relying Party in the Security Services app instance
70#authN.redirectURI = https://localhost:7443/verify
71authN.redirectURI = https://localhost/verify
72
73# Default URI to return to if middleware wasn't able to set via HTTP_REFERER or
74# passed return to query argument
75authN.sessionHandler.defaultLogoutReturnToURI = https://localhost:7443/
76
77# AuthKit Set-up
78authkit.setup.method=cookie
79
80# This cookie name and secret MUST agree with the name used by the security web
81# services app
82authkit.cookie.name=ndg.security.auth
83authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
84authkit.cookie.signoutpath = /logout
85
86# Disable inclusion of client IP address from cookie signature due to
87# suspected problem with AuthKit setting it when a HTTP Proxy is in place
88authkit.cookie.includeip = False
89
90#authkit.cookie.params.expires = 2
91#authkit.cookie.params.domain = .localhost
92
93# environ key name for beaker session
94authkit.session.middleware = %(beakerSessionKeyName)s
95
96
97[filter:AuthorizationFilter]
98paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory
99prefix = authz.
100authz.pepResultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware
101authz.pepResultHandler.staticContentDir = %(here)s/pep_result_handler
102authz.pepResultHandler.baseURL = http://localhost:8001
103authz.pepResultHandler.heading = Access Denied
104authz.pepResultHandler.messageTemplate = Access is forbidden for this resource:<div id="accessDeniedMessage">$pdpResponseMsg</div>Please check with your site administrator that you have the required access privileges.
105authz.pepResultHandler.footerText = This site is for test purposes only.
106authz.pepResultHandler.rightLink = http://ceda.ac.uk/
107authz.pepResultHandler.rightImage = %(authz.pepResultHandler.baseURL)s/layout/CEDA_RightButton60.png
108authz.pepResultHandler.rightAlt = Centre for Environmental Data Archival
109authz.pepResultHandler.helpIcon = %(authz.pepResultHandler.baseURL)s/layout/icons/help.png
110
111policy.filePath = %(here)s/authz/policy.xml
112
113# Settings for Policy Information Point used by the Policy Decision Point to
114# retrieve subject attributes from the Attribute Authority associated with the
115# resource to be accessed
116
117# If omitted, DN of SSL Cert is used
118pip.attributeQuery.issuerName = 
119pip.attributeQuery.subjectIdFormat = urn:esg:openid
120pip.attributeQuery.clockSkewTolerance = 0.
121pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string
122pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca
123pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt
124pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key
125
126
127# Logging configuration
128[loggers]
129keys = root, ndg
130
131[handlers]
132keys = console,logfile
133
134[formatters]
135keys = generic
136
137[logger_root]
138level = INFO
139handlers = console
140
141[logger_ndg]
142level = DEBUG
143handlers = logfile
144qualname = ndg
145
146[handler_console]
147class = StreamHandler
148args = (sys.stderr,)
149level = NOTSET
150formatter = generic
151
152[handler_logfile]
153class = handlers.RotatingFileHandler
154level=NOTSET
155formatter=generic
156args=(os.path.join('./', 'log', 'server.log'), 'a', 100000, 10)
157
158[formatter_generic]
159format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] %(message)s
160datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.