source: trunk/ndg_oauth/ndg_oauth_server/development.ini @ 8057

Subversion URL: http://proj.badc.rl.ac.uk/svn/ndg-security/trunk/ndg_oauth/ndg_oauth_server/development.ini@8075
Revision 8057, 7.3 KB checked in by rwilkinson, 9 years ago (diff)

Added processing of MyProxy? certifcate requests as OAuth resource requests.
Added login form with Genshi rendering of all forms.
Added checking of scope in OAuth requests.

Line 
1#
2# NDG OAuth Server - Pylons development environment configuration
3#
4# The %(here)s variable will be replaced with the parent directory of this file
5#
6[DEFAULT]
7debug = true
8# Uncomment and replace with the address which should receive any error reports
9#email_to = you@yourdomain.com
10smtp_server = localhost
11error_email_from = paste@localhost
12
13beakerSessionKeyName = beaker.session.oauth2server
14
15[server:main]
16use = egg:Paste#http
17#host = 127.0.0.1
18host = 0.0.0.0
19port = 5000
20ssl_pem = %(here)s/host.pem
21
22[pipeline:main]
23pipeline = BeakerSessionFilter
24           repoze_who
25           AuthnForm
26           MyProxyClient
27           OAuth2Authz
28           OAuth2ServerFilterApp
29#           OAuth2Server
30
31# This filter sets up a server side session linked to a cookie.  The session
32# caches authentication and authorisation state information
33[filter:BeakerSessionFilter]
34paste.filter_app_factory = beaker.middleware:SessionMiddleware
35
36# Cookie name
37beaker.session.key = ndg.oauth.server.session
38
39# WSGI environ key name
40environ_key = %(beakerSessionKeyName)s
41beaker.session.secret = somesecret
42#beaker.cache.data_dir = %(here)s/authn/beaker/cache
43beaker.session.type = file
44beaker.session.data_dir = %(here)s/authn/beaker/sessions
45
46[filter:repoze_who]
47use = egg:repoze.who#config
48config_file = %(here)s/repoze_who.ini
49log_file = stdout
50log_level = debug
51
52[filter:AuthnForm]
53paste.filter_app_factory = ndg.oauth.server.wsgi.authentication_filter:AuthenticationFormMiddleware.filter_app_factory
54authenticationForm.base_url_path = /authentication
55authenticationForm.client_register=%(here)s/client_register.ini
56# If true, client authorization included on login form, otherwise the separate
57# client authorization form is always used.
58authenticationForm.combined_authorization = True
59authenticationForm.login_cancelled = %(here)s/ndg/oauth/server/templates/login_cancelled.html
60authenticationForm.login_form = %(here)s/ndg/oauth/server/templates/login_form.html
61authenticationForm.return_url_param = returnurl
62authenticationForm.session_key_name = %(beakerSessionKeyName)s
63# Authentication form configuration
64authenticationForm.layout.heading = OAuth Login
65authenticationForm.layout.title = OAuth Login
66authenticationForm.layout.rightLink = http://ceda.ac.uk/
67authenticationForm.layout.rightImage = /oas/layout/CEDA_RightButton60.png
68#authenticationForm.layout.rightImage = /layout/CEDA_RightButton60.png
69authenticationForm.layout.rightAlt = Centre for Environmental Data Archival
70authenticationForm.layout.footerText = This site is for test purposes only.
71authenticationForm.layout.helpIcon = /oas/layout/icons/help.png
72#authenticationForm.layout.helpIcon = /layout/icons/help.png
73
74[filter:MyProxyClient]
75paste.filter_app_factory = myproxy.server.wsgi.middleware:MyProxyClientMiddleware.filter_app_factory
76# Default environ key for MyProxy client
77# myproxy.client.clientEnvKeyName=myproxy.server.wsgi.middleware.MyProxyClientMiddleware.myProxyClient
78
79# MyProxy server which this MyProxy WSGI app is a client to.  Set here to the
80# fully qualified domain name or else set the MYPROXY_SERVER environment
81# variable.  See the documentation for the MyProxyClient egg for details
82myproxy.client.hostname = myproxy.ac.uk
83#myproxy.client.port = 7512
84
85# CA Certificate directory to enable this application to trust the MyProxy
86# server that it fronts e.g. set to /etc/grid-security/certificates.  For these
87# tests set to local ca directory
88myproxy.client.caCertDir = %(here)s/ca
89
90[filter:OAuth2Authz]
91# Authorization filter configuration options - defaults are commented out.
92paste.filter_app_factory = ndg.oauth.server.wsgi.authorization_filter:Oauth2AuthorizationMiddleware.filter_app_factory
93oauth2authorization.base_url_path=/client_authorization
94oauth2authorization.client_authorization_form=%(here)s/ndg/oauth/server/templates/auth_client_form.html
95#oauth2authorization.client_authorizations_key=client_authorizations
96oauth2authorization.client_register=%(here)s/client_register.ini
97oauth2authorization.session_key_name = %(beakerSessionKeyName)s
98#oauth2authorization.user_identifier_key=REMOTE_USER
99# Authorization form configuration
100oauth2authorization.layout.heading = OAuth Authorisation
101oauth2authorization.layout.title = OAuth Authorisation
102oauth2authorization.layout.rightLink = http://ceda.ac.uk/
103oauth2authorization.layout.rightImage = /layout/CEDA_RightButton60.png
104oauth2authorization.layout.rightAlt = Centre for Environmental Data Archival
105oauth2authorization.layout.footerText = This site is for test purposes only.
106oauth2authorization.layout.helpIcon = /layout/icons/help.png
107
108[app:OAuth2Server]
109paste.app_factory = ndg.oauth.server.wsgi.oauth2_server:Oauth2ServerMiddleware.app_factory
110
111# OAuth2 server configuration options - defaults are commented out.
112#oauth2server.access_token_lifetime=86400
113# Allowed values: myproxy (default) or bearer (which returns a UUID)
114#oauth2server.access_token_type=myproxy
115oauth2server.access_token_type=bearer
116#oauth2server.authorization_grant_lifetime=600
117oauth2server.base_url_path=/oauth
118#oauth2server.certificate_request_parameter=certificate_request
119# Allowed values: certificate (default) or none.
120#oauth2server.client_authentication_method=certificate
121oauth2server.client_authentication_method=none
122#oauth2server.client_authorization_url=client_authorization/authorize
123#oauth2server.client_authorizations_key=client_authorizations
124oauth2server.client_register=%(here)s/client_register.ini
125#oauth2server.myproxy_client_key=myproxy.server.wsgi.middleware.MyProxyClientMiddleware.myProxyClient
126oauth2server.myproxy_global_password=i93rRugz
127#oauth2server.session_key_name=beaker.session.oauth2server
128#oauth2server.user_identifier_key=REMOTE_USER
129
130# Configuration of access token cache
131oauth2server.cache.accesstokenregister.expire=86400
132oauth2server.cache.accesstokenregister.type=file
133oauth2server.cache.accesstokenregister.data_dir=%(here)s/authn/accesstokenregister
134# data_dir is used if lock_dir not set:
135#oauth2server.cache.accesstokenregister.lock_dir
136
137# Configuration of authorization grant cache
138oauth2server.cache.authorizationgrantregister.expire=86400
139oauth2server.cache.authorizationgrantregister.type=file
140oauth2server.cache.authorizationgrantregister.data_dir=%(here)s/authn/authorizationgrantregister
141# data_dir is used if lock_dir not set:
142#oauth2server.cache.authorizationgrantregister.lock_dir
143
144[filter-app:OAuth2ServerFilterApp]
145use = egg:Paste#httpexceptions
146next = cascade
147
148[composit:cascade]
149use = egg:Paste#cascade
150app1 = OAuth2Server
151app2 = StaticContent
152catch = 404
153
154[app:StaticContent]
155use = egg:Paste#static
156document_root = %(here)s/static
157
158# WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT*
159# Debug mode will enable the interactive debugging tool, allowing ANYONE to
160# execute malicious code after an exception is raised.
161#set debug = false
162
163
164# Logging configuration
165[loggers]
166keys = root, routes, ndgoauthserver
167
168[handlers]
169keys = console
170
171[formatters]
172keys = generic
173
174[logger_root]
175level = INFO
176handlers = console
177
178[logger_routes]
179level = INFO
180handlers =
181qualname = routes.middleware
182# "level = DEBUG" logs the route matched and routing variables.
183
184[logger_ndgoauthserver]
185level = DEBUG
186handlers =
187qualname = ndg.oauth.server
188
189[handler_console]
190class = StreamHandler
191args = (sys.stderr,)
192level = NOTSET
193formatter = generic
194
195[formatter_generic]
196format = %(asctime)s,%(msecs)03d %(levelname)-5.5s [%(name)s] [%(threadName)s] %(message)s
197datefmt = %H:%M:%S
Note: See TracBrowser for help on using the repository browser.