Context Navigation

saml_pip.cfg @ 7358

Visit:

Revision 7358, 1.4 KB checked in by pjkersha, 10 years ago (diff)

Incomplete - task 2: XACML-Security Integration

added caching capability to Policy Information Point. This enables the PIP to retrieve previously cached assertions from an Attribute Authority optimising performance. Caching is done with beaker.session but instead of indexing based on a cookie, it's based on the subject Id i.e. for ESG, a user's OpenID.

Line
1	#
2	# NDG Security XACML Policy Information Point configuration file
3	#
4	# NERC DataGrid
5	#
6	# Author: P J Kershaw
7	#
8	# Date: 11/08/10
9	#
10	# Copyright: STFC 2010
11	#
12	# Licence: BSD - See top-level LICENCE file for licence details
13	#
14	# $Id$
15	[DEFAULT]
16	# Attribute ID -> Attribute Authority mapping file. The PIP, on receipt of a
17	# query from the XACML context handler, checks the attribute(s) being queried
18	# for and looks up this mapping to determine which attribute authority to query
19	# to find out if the subject has the attribute in their entitlement
20	saml_pip.mappingFilePath = %(here)s/pip-mapping.txt
21
22	# Cache assertions retrieved from the Attribute Authority to optimise performance
23	saml_pip.sessionCacheDataDir = %(here)s/query-results-cache
24
25	# The attribute ID of the subject value to extract from the XACML request
26	# context and pass in the SAML attribute query
27	saml_pip.subjectAttributeId = urn:esg:openid
28
29	saml_pip.attributeQuery.issuerName = O=NDG, OU=Security, CN=localhost
30	saml_pip.attributeQuery.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName
31
32	# These settings configure SSL mutual authentication for the query to the SAML
33	# Attribute Authority
34	saml_pip.attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.crt
35	saml_pip.attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.key
36	saml_pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca

Note: See TracBrowser for help on using the repository browser.