Custom Query (4 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (1 - 3 of 4)

1 2
Ticket Resolution Summary Owner Reporter
#870 fixed [S] NOCS Attribute Authority address needs to be permanent hsnaith pjkersha

Reported by pjkersha, 13 years ago.

Description

#855 raised for the BADC applies to the other data providers.

Each Data Provider needs a permanent URI set aside for their Attribute Authority. MOLES [and CMSL] include the role name, Attribute Authority address tuple in their records. The latter should be fixed to avoid the need to have to change all data records should the Attribute Authority move location.

The address could be set up with a proxy e.g.

http://some-host-inside-firewall:51000/AttributeAuthority -> http://aa.data-provider-name.nerc.ac.uk

#1101 fixed [S] Update Paster templates for Security Installation pjkersha pjkersha

Reported by pjkersha, 11 years ago.

Description

The paster templates in ndg.security.server.paster_templates should be updated. Templates should exist for:

  1. Security services middleware stack: an ini file deploying in a pipeline these services mounted in a WSGI script running over SSL,
    • Attribute Authority
    • Authorization Service
    • Session Middleware
    • SSL Client Authentication
    • OpenID Relying Party
    • OpenID Provider
  2. Secured Application: the middleware to front a given application that needs securing,
    • Authentication Redirect Filter - redirects unauthenticated sessions to Security middleware stack above for SSL client authentication / OpenID Relying Party sign in
    • Authorisation Filter
    • Placeholder for application to be secured
  3. Secured application with OpenID Relying Party: where the application is running on another domain to the main services 1.) where no SSL certificate is available to host an OpenID Relying Party over SSL.
    • OpenID Relying Party
    • Authorisation Filter
    • Placeholder for application to be secured
  4. OpenID Relying Party and SSL Client Authentication filters running over SSL: where an application is running on a different domain to the main services 1.) but an SSL certificate is available for the domain,
    • SSL Client Authentication
    • OpenID Relying Party
  5. (Standalone Attribute Authority)
  6. (Standalone Authorization Service)
  7. (Standalone OpenID Provider)

Other possibilities in brackets.

#1122 fixed [S] Wrong format for Yadis XRDS additional service endpoints pjkersha pjkersha

Reported by pjkersha, 10 years ago.

Description

For ESGF, the XRDS document returned by the OpenID Provider returns additional service endpoints. These should be listed at the level of a single XRD element and not one per XRD element.

This is the current wrong way:

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
        <XRD>
                <Service priority="0">
                       <Type>http://specs.openid.net/auth/2.0/signon</Type>
                       <Type>http://openid.net/signon/1.0</Type>
                       <URI>https://openid.provider.somewhere.ac.uk</URI>
                       <LocalID>https://somewhere.ac.uk/openid/PJKershaw</LocalID>
                 </Service>
        </XRD>
        <XRD>
                 <Service priority="10">
                       <Type>urn:esg:security:myproxy-service</Type>
                       <URI>socket://myproxy-server.somewhere.ac.uk:7512</URI>
                       <LocalID>https://somewhere.ac.uk/openid/PJKershaw</LocalID>
                 </Service>
        </XRD>
        <XRD>
                 <Service priority="20">
                       <Type>urn:esg:security:attribute-service</Type>
                       <URI>https://attributeservice.somewhere.ac.uk</URI>
                       <LocalID>https://somewhere.ac.uk/openid/PJKershaw</LocalID>
                 </Service>
        </XRD>
</xrds:XRDS>

This is the correct way:

<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS xmlns:xrds="xri://$xrds" xmlns="xri://$xrd*($v*2.0)">
        <XRD>
                <Service priority="0">
                       <Type>http://specs.openid.net/auth/2.0/signon</Type>
                       <Type>http://openid.net/signon/1.0</Type>
                       <URI>https://openid.provider.somewhere.ac.uk</URI>
                       <LocalID>https://somewhere.ac.uk/openid/PJKershaw</LocalID>
                 </Service>
                 <Service priority="10">
                       <Type>urn:esg:security:myproxy-service</Type>
                       <URI>socket://myproxy-server.somewhere.ac.uk:7512</URI>
                       <LocalID>https://somewhere.ac.uk/openid/PJKershaw</LocalID>
                 </Service>
                 <Service priority="20">
                       <Type>urn:esg:security:attribute-service</Type>
                       <URI>https://attributeservice.somewhere.ac.uk</URI>
                       <LocalID>https://somewhere.ac.uk/openid/PJKershaw</LocalID>
                 </Service>
        </XRD>
</xrds:XRDS>
1 2
Note: See TracQuery for help on using queries.