Ignore:
Timestamp:
16/08/10 16:35:11 (11 years ago)
Author:
pjkersha
Message:

Incomplete - task 2: XACML-Security Integration

  • integrating XACML context handler with authorisation service.
Location:
TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test
Files:
1 added
3 edited

Legend:

Unmodified
Added
Removed
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/config/authorisationservice/authorisation-service.ini

    r7257 r7330  
    4040prefix = authz. 
    4141authz.queryInterfaceKeyName = AUTHZ_DECISION_QUERY_FUNC 
    42 authz.policyFilePath = %(here)s/policy.xml 
     42 
    4343authz.xacmlContext.assertionLifetime = 86400 
     44 
     45# 
     46# XACML Context handler manages PEP (Policy Information Point) requests and the  
     47# PDP's (Policy Decison Point's) interface to the PIP (Policy Information Point) 
     48#  
     49 
     50# XACML Policy file 
     51authz.ctx_handler.policyFilePath = %(here)s/policy.xml 
     52 
     53# Settings for SAML authorisation decision response to a Policy Enforcement Point 
     54# making a decision query 
     55authz.ctx_handler.issuerName = O=NDG, OU=Security, CN=localhost 
     56authz.ctx_handler.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName 
     57authz.ctx_handler.assertionLifetime = 86400 
     58 
     59# 
     60# Policy Information Point interface settings 
     61# 
     62# The Context handler is a client to the PIP, passing on attribute queries  
     63# on behalf of the PDP onwards to the PIP 
     64 
     65#  
     66# Attribute ID -> Attribute Authority mapping file.  The PIP, on receipt of a  
     67# query from the XACML context handler, checks the attribute(s) being queried  
     68# for and looks up this mapping to determine which attribute authority to query  
     69# to find out if the subject has the attribute in their entitlement 
     70authz.ctx_handler.pip.mappingFilePath = %(here)s/pip-mapping.txt 
     71 
     72# The attribute ID of the subject value to extract from the XACML request 
     73# context and pass in the SAML attribute query 
     74authz.ctx_handler.pip.subjectAttributeId = urn:esg:openid 
     75 
     76# The context handler  
     77authz.ctx_handler.pip.attributeQuery.issuerName = %(authz.ctx_handler.issuerName)s 
     78authz.ctx_handler.pip.attributeQuery.issuerFormat = %(authz.ctx_handler.issuerFormat)s 
     79 
     80# These settings configure SSL mutual authentication for the query to the SAML Attribute Authority 
     81authz.ctx_handler.pip.attributeQuery.sslCertFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.crt 
     82authz.ctx_handler.pip.attributeQuery.sslPriKeyFilePath = $NDGSEC_TEST_CONFIG_DIR/pki/localhost.key 
     83authz.ctx_handler.pip.attributeQuery.sslCACertDir = $NDGSEC_TEST_CONFIG_DIR/ca 
     84 
    4485 
    4586# Logging configuration 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/xacml/saml_ctx_handler.cfg

    r7327 r7330  
    1616saml_ctx_handler.policyFilePath = $NDGSEC_TEST_CONFIG_DIR/authorisationservice/policy.xml 
    1717 
     18# Details for SAML authorisation decision response to a Policy Enforcement Point 
     19# making a decision query 
     20saml_ctx_handler.issuerName = O=NDG, OU=Security, CN=localhost 
     21saml_ctx_handler.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName 
     22saml_ctx_handler.assertionLifetime = 86400 
     23 
     24# 
     25# Policy Information Point interface settings 
     26# 
     27# The Context handler is a client to the PIP, passing on attribute queries  
     28# on behalf of the PDP onwards to the PIP 
     29 
     30#  
    1831# Attribute ID -> Attribute Authority mapping file.  The PIP, on receipt of a  
    1932# query from the XACML context handler, checks the attribute(s) being queried  
     
    2639saml_ctx_handler.pip.subjectAttributeId = urn:esg:openid 
    2740 
    28 saml_ctx_handler.pip.attributeQuery.issuerName = O=NDG, OU=Security, CN=localhost 
    29 saml_ctx_handler.pip.attributeQuery.issuerFormat = urn:oasis:names:tc:SAML:1.1:nameid-format:x509SubjectName 
     41# The context handler  
     42saml_ctx_handler.pip.attributeQuery.issuerName = %(saml_ctx_handler.issuerName)s 
     43saml_ctx_handler.pip.attributeQuery.issuerFormat = %(saml_ctx_handler.issuerFormat)s 
    3044 
    3145# These settings configure SSL mutual authentication for the query to the SAML Attribute Authority 
  • TI12-security/trunk/NDGSecurity/python/ndg_security_test/ndg/security/test/unit/xacml/test_saml_ctx_handler.py

    r7327 r7330  
    5252        self.assert_(handler) 
    5353        self.assert_(handler.pip.attributeQuery) 
     54        self.assert_(handler.policyFilePath) 
     55        self.assert_(handler.issuerName) 
     56        self.assert_(handler.issuerFormat) 
     57        self.assert_(handler.assertionLifetime) 
    5458         
    5559if __name__ == "__main__": 
Note: See TracChangeset for help on using the changeset viewer.