Context Navigation

source: TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini @ 7077

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/openidrelyingparty_withapp/securedapp.ini@7077

Visit:

Revision 7077, 6.2 KB checked in by pjkersha, 11 years ago (diff)

Property svn:keywords set to `Id`

Line
1	#
2	# NDG Security AuthZ WSGI Testing environment configuration. This ini file
3	# defines the configuration for a an application to be secured. Security
4	# filters placed in front of the application in the WSGI pipeline act as
5	# client to security services running on a separate application stack. - See
6	# securityservices.ini
7	#
8	# NERC DataGrid
9	#
10	# Author: P J Kershaw
11	#
12	# Date: 01/07/09
13	#
14	# Copyright: STFC 2009
15	#
16	# Licence: BSD - See top-level LICENCE file for licence details
17	#
18	# The %(here)s variable will be replaced with the parent directory of this file
19	#
20	[DEFAULT]
21	portNum = 7080
22	hostname = localhost
23	scheme = http
24	baseURI = %(scheme)s://%(hostname)s:%(portNum)s
25	openIDProviderIDBase = /openid
26	openIDProviderIDSelectURI = http://localhost:7443%(openIDProviderIDBase)s
27	testConfigDir = %(here)s/../../config
28	beakerSessionKeyName = beaker.session.ndg.security
29
30	# Logout URI used by AuthKit and SessionHandlerMiddleware
31	globalSignoutPath = /logout
32
33	[server:main]
34	use = egg:Paste#http
35	host = 0.0.0.0
36	port = 7080
37
38	[pipeline:main]
39	pipeline = BeakerSessionFilter
40	OpenIDRelyingPartyFilter
41	SessionHandlerFilter
42	AuthorizationFilter
43	AuthZTestApp
44
45	[app:AuthZTestApp]
46	paste.app_factory = ndg.security.test.integration:AuthZTestApp.app_factory
47
48	[filter:BeakerSessionFilter]
49	paste.filter_app_factory = beaker.middleware:SessionMiddleware
50
51	# Cookie name
52	beaker.session.key = ndg.security.session
53
54	# WSGI environ key name
55	environ_key = %(beakerSessionKeyName)s
56	beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW
57	beaker.cache.data_dir = %(here)s/authn/beaker/cache
58	beaker.session.data_dir = %(here)s/authn/beaker/sessions
59
60	# Handle setting of session cookie following sign-in
61	[filter:SessionHandlerFilter]
62	paste.filter_app_factory = ndg.security.server.wsgi.authn:SessionHandlerMiddleware.filter_app_factory
63	sessionhandler.signoutPath = %(globalSignoutPath)s
64	sessionhandler.sessionKey = %(beakerSessionKeyName)s
65
66	[filter:OpenIDRelyingPartyFilter]
67	paste.filter_app_factory =
68	ndg.security.server.wsgi.openid.relyingparty:OpenIDRelyingPartyMiddleware.filter_app_factory
69
70	openid.relyingparty.baseURL = %(authkit.openid.baseurl)s
71	openid.relyingparty.certFilePath = %(testConfigDir)s/pki/localhost.crt
72	openid.relyingparty.priKeyFilePath = %(testConfigDir)s/pki/localhost.key
73	openid.relyingparty.priKeyPwd =
74	openid.relyingparty.caCertDirPath = %(testConfigDir)s/ca
75	openid.relyingparty.providerWhitelistFilePath =
76	openid.relyingparty.signinInterfaceMiddlewareClass = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.BuffetSigninTemplate
77	openid.relyingparty.signinInterface.templatePackage = ndg.security.server.wsgi.openid.relyingparty.signin_interface.buffet.templates
78	openid.relyingparty.signinInterface.staticContentRootDir = %(here)s/openidrelyingparty/public
79	openid.relyingparty.signinInterface.baseURL = %(openid.relyingparty.baseURL)s
80	openid.relyingparty.signinInterface.initialOpenID = %(openIDProviderIDSelectURI)s
81	openid.relyingparty.signinInterface.leftLogo = %(openid.relyingparty.signinInterface.baseURL)s/layout/NERC_Logo.gif
82	openid.relyingparty.signinInterface.leftAlt = Natural Environment Research Council
83	openid.relyingparty.signinInterface.ndgLink = http://ndg.nerc.ac.uk/
84	openid.relyingparty.signinInterface.ndgImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/ndg_logo_circle.gif
85	openid.relyingparty.signinInterface.disclaimer = This site is for test purposes only and is under active development.
86	openid.relyingparty.signinInterface.stfcLink = http://www.stfc.ac.uk/
87	openid.relyingparty.signinInterface.stfcImage = %(openid.relyingparty.signinInterface.baseURL)s/layout/stfc-circle-sm.gif
88	openid.relyingparty.signinInterface.helpIcon = %(openid.relyingparty.signinInterface.baseURL)s/layout/icons/help.png
89
90	cache_dir = %(here)s/data
91
92	# AuthKit Set-up
93	authkit.setup.method=openid, cookie
94
95	# This cookie name and secret MUST agree with the name used by the
96	# Authentication Filter used to secure a given app
97	authkit.cookie.name=ndg.security.authkit
98
99	authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr
100	authkit.cookie.signoutpath = %(globalSignoutPath)s
101
102	# Disable inclusion of client IP address from cookie signature due to
103	# suspected problem with AuthKit setting it when a HTTP Proxy is in place
104	authkit.cookie.includeip = False
105
106	authkit.openid.path.signedin=/
107	authkit.openid.path.verify=/openid/verify
108	authkit.openid.path.process=/openid/process
109	authkit.openid.store.type=file
110	authkit.openid.store.config=%(here)s/openidrelyingparty/store
111	authkit.openid.session.key = authkit_openid
112	authkit.openid.session.secret = random string
113
114	# Key name for dereferencing beaker.session object held in environ
115	authkit.openid.session.middleware = %(beakerSessionKeyName)s
116
117	authkit.openid.baseurl = %(baseURI)s
118
119
120	[filter:AuthorizationFilter]
121	paste.filter_app_factory=ndg.security.server.wsgi.authz:AuthorizationMiddleware.filter_app_factory
122	prefix = authz.
123	policy.filePath = %(here)s/policy.xml
124
125	# Settings for Policy Information Point used by the Policy Decision Point to
126	# retrieve subject attributes from the Attribute Authority associated with the
127	# resource to be accessed
128	pip.sslCACertFilePathList=
129
130	# List of CA certificates used to verify the signatures of
131	# Attribute Certificates retrieved
132	pip.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
133
134	#
135	# WS-Security Settings for call to Attribute Authority to retrieve user
136	# attributes
137
138	# Signature of an outbound message
139
140	# Certificate associated with private key used to sign a message. The sign
141	# method will add this to the BinarySecurityToken element of the WSSE header.
142	# binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.
143	# As an alternative, use signingCertChain - see below...
144
145	# PEM encode cert
146	pip.wssecurity.signingCertFilePath=%(testConfigDir)s/pki/wsse-server.crt
147
148	# PEM encoded private key file
149	pip.wssecurity.signingPriKeyFilePath=%(testConfigDir)s/pki/wsse-server.key
150
151	# Password protecting private key. Leave blank if there is no password.
152	pip.wssecurity.signingPriKeyPwd=
153
154	# For signature verification. Provide a space separated list of file paths
155	pip.wssecurity.caCertFilePathList=%(testConfigDir)s/ca/ndg-test-ca.crt
156
157	# ValueType for the BinarySecurityToken added to the WSSE header
158	pip.wssecurity.reqBinSecTokValType=X509v3
159
160	# Add a timestamp element to an outbound message
161	pip.wssecurity.addTimestamp=True

Note: See TracBrowser for help on using the repository browser.

Download in other formats: