Changeset 6866
- Timestamp:
- 17/05/10 11:39:55 (11 years ago)
- Location:
- TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap
- Files:
-
- 14 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap
-
Property
svn:ignore
set to
authn*
-
Property
svn:ignore
set to
-
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/authz/policy.xml
r5293 r6866 1 1 <?xml version="1.0" encoding="UTF-8"?> 2 <Policy PolicyId="pyDAP" xmlns="urn:ndg:security:authz:1. 0:policy">2 <Policy PolicyId="pyDAP" xmlns="urn:ndg:security:authz:1.1:policy"> 3 3 <Description>Restrict access for Authorization integration tests</Description> 4 4 … … 6 6 <URIPattern>^/sample.*$</URIPattern> 7 7 <Attributes> 8 <Attribute>urn:siteA:security:authz:1.0:attr:staff</Attribute> 8 <Attribute> 9 <Name>urn:siteA:security:authz:1.0:attr:staff</Name> 10 <AttributeAuthorityURI>https://localhost:7443/AttributeAuthority</AttributeAuthorityURI> 11 </Attribute> 9 12 </Attributes> 10 <AttributeAuthority>11 <!-- <uri>https://localhost/AttributeAuthority</uri>12 -->13 <uri>http://localhost:7443/AttributeAuthority</uri>14 </AttributeAuthority>15 13 </Target> 16 14 <Target> 17 15 <URIPattern>^/sresa1b_ncar_ccsm3_0_run1_200001.*$</URIPattern> 18 16 <Attributes> 19 <Attribute>urn:siteA:security:authz:1.0:attr:staff</Attribute> 20 <Attribute>urn:siteA:security:authz:1.0:attr:keepout</Attribute> 17 <Attribute> 18 <Name>urn:siteA:security:authz:1.0:attr:staff</Name> 19 <AttributeAuthorityURI>https://localhost:7443/AttributeAuthority</AttributeAuthorityURI> 20 </Attribute> 21 <Attribute> 22 <Name>urn:siteA:security:authz:1.0:attr:keepout</Name> 23 <AttributeAuthorityURI>https://localhost:7443/AttributeAuthority</AttributeAuthorityURI> 24 </Attribute> 21 25 </Attributes> 22 <AttributeAuthority> 23 <!-- <uri>https://localhost/AttributeAuthority</uri> 24 --> 25 <uri>http://localhost:7443/AttributeAuthority</uri> 26 </AttributeAuthority> 26 27 27 </Target> 28 28 </Policy> -
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/log
-
Property
svn:ignore
set to
server.log*
-
Property
svn:ignore
set to
-
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/integration/dap/server.ini
r5315 r6866 15 15 # file 16 16 # 17 [DEFAULT] 18 testConfigDir = %(here)s/../../config 19 beakerSessionKeyName = beaker.session.ndg.security 20 17 21 [server:main] 18 22 use = egg:Paste#http … … 42 46 # Pipeline to with security filters to protect the pyDAP application 43 47 [pipeline:main] 44 pipeline = AuthenticationFilter AuthorizationFilter cascade 48 pipeline = BeakerSessionFilter AuthenticationFilter AuthorizationFilter cascade 49 50 51 [filter:BeakerSessionFilter] 52 paste.filter_app_factory = beaker.middleware:SessionMiddleware 53 54 # Cookie name 55 beaker.session.key = ndg.security.session 56 57 # WSGI environ key name 58 environ_key = %(beakerSessionKeyName)s 59 beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW 60 beaker.cache.data_dir = %(here)s/authn/beaker/cache 61 beaker.session.data_dir = %(here)s/authn/beaker/sessions 62 63 #beaker.session.cookie_domain = .localhost 45 64 46 65 [filter:AuthenticationFilter] … … 49 68 50 69 # Set redirect for OpenID Relying Party in the Security Services app instance 51 #authN.redirectURI = https://localhost /verify52 authN.redirectURI = http ://localhost:7443/verify70 #authN.redirectURI = https://localhost:7443/verify 71 authN.redirectURI = https://localhost/verify 53 72 54 # Beaker Session set-up 55 beaker.session.key = ndg.security.session 56 beaker.session.secret = rBIvKXLa+REYB8pM/8pdPoorVpKQuaOW 57 beaker.cache.data_dir = %(here)s/authn/beaker/pki/cache 58 beaker.session.data_dir = %(here)s/authn/beaker/sessions 59 beaker.session.cookie_expires = True 73 # Default URI to return to if middleware wasn't able to set via HTTP_REFERER or 74 # passed return to query argument 75 authN.sessionHandler.defaultLogoutReturnToURI = https://localhost:7443/ 60 76 61 77 # AuthKit Set-up 62 78 authkit.setup.method=cookie 63 79 64 # This cookie name and secret MUST agree with the name used by the security 65 # webservices app80 # This cookie name and secret MUST agree with the name used by the security web 81 # services app 66 82 authkit.cookie.name=ndg.security.auth 67 83 authkit.cookie.secret=9wvZObs9anUEhSIAnJNoY2iJq59FfYZr … … 72 88 authkit.cookie.includeip = False 73 89 90 #authkit.cookie.params.expires = 2 91 #authkit.cookie.params.domain = .localhost 92 93 # environ key name for beaker session 94 authkit.session.middleware = %(beakerSessionKeyName)s 95 96 74 97 [filter:AuthorizationFilter] 75 paste.filter_app_factory=ndg.security.server.wsgi.authz: AuthorizationMiddleware.filter_app_factory98 paste.filter_app_factory=ndg.security.server.wsgi.authz:SAMLAuthorizationMiddleware.filter_app_factory 76 99 prefix = authz. 100 authz.pepResultHandler = ndg.security.server.wsgi.authz.result_handler.genshi.GenshiPEPResultHandlerMiddleware 101 authz.pepResultHandler.staticContentDir = %(here)s/pep_result_handler 102 authz.pepResultHandler.baseURL = http://localhost:8001 103 authz.pepResultHandler.heading = Access Denied 104 authz.pepResultHandler.messageTemplate = Access is forbidden for this resource:<div id="accessDeniedMessage">$pdpResponseMsg</div>Please check with your site administrator that you have the required access privileges. 105 authz.pepResultHandler.footerText = This site is for test purposes only. 106 authz.pepResultHandler.rightLink = http://ceda.ac.uk/ 107 authz.pepResultHandler.rightImage = %(authz.pepResultHandler.baseURL)s/layout/CEDA_RightButton60.png 108 authz.pepResultHandler.rightAlt = Centre for Environmental Data Archival 109 authz.pepResultHandler.helpIcon = %(authz.pepResultHandler.baseURL)s/layout/icons/help.png 110 77 111 policy.filePath = %(here)s/authz/policy.xml 78 112 … … 80 114 # retrieve subject attributes from the Attribute Authority associated with the 81 115 # resource to be accessed 82 pip.sslCACertFilePathList=83 116 84 # List of CA certificates used to verify the signatures of 85 # Attribute Certificates retrieved 86 pip.caCertFilePathList=%(here)s/pki/ca/ndg-test-ca.crt 117 # If omitted, DN of SSL Cert is used 118 pip.attributeQuery.issuerName = 119 pip.attributeQuery.subjectIdFormat = urn:esg:openid 120 pip.attributeQuery.clockSkewTolerance = 0. 121 pip.attributeQuery.queryAttributes.0 = urn:siteA:security:authz:1.0:attr, , http://www.w3.org/2001/XMLSchema#string 122 pip.attributeQuery.sslCACertDir=%(testConfigDir)s/ca 123 pip.attributeQuery.sslCertFilePath=%(testConfigDir)s/pki/test.crt 124 pip.attributeQuery.sslPriKeyFilePath=%(testConfigDir)s/pki/test.key 87 125 88 #89 # WS-Security Settings for call to Session Manager90 91 # Signature of an outbound message92 93 # Certificate associated with private key used to sign a message. The sign94 # method will add this to the BinarySecurityToken element of the WSSE header.95 # binSecTokValType attribute must be set to 'X509' or 'X509v3' ValueType.96 # As an alternative, use signingCertChain - see below...97 98 # PEM encode cert99 pip.wssecurity.signingCertFilePath=%(here)s/pki/wsse-server.crt100 101 # PEM encoded private key file102 pip.wssecurity.signingPriKeyFilePath=%(here)s/pki/wsse-server.key103 104 # Password protecting private key. Leave blank if there is no password.105 pip.wssecurity.signingPriKeyPwd=106 107 # For signature verification. Provide a space separated list of file paths108 pip.wssecurity.caCertFilePathList=%(here)s/pki/ca/ndg-test-ca.crt109 110 # ValueType for the BinarySecurityToken added to the WSSE header111 pip.wssecurity.reqBinSecTokValType=X509v3112 113 # Add a timestamp element to an outbound message114 pip.wssecurity.addTimestamp=True115 126 116 127 # Logging configuration
Note: See TracChangeset
for help on using the changeset viewer.