Custom Query (4 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (1 - 3 of 4)

1 2
Ticket Resolution Summary Owner Reporter
#1131 fixed Error in AuthorisationService when calling from GridFTP SAML callout pjkersha spascoe

Reported by spascoe, 9 years ago.

Description

The apache error log shows the following when I configure the GridFTP SAML callout to contact hyttps://sandstorm.ceda.ac.uk/AuthorisationService/1/. So far I have not been able to capture the request but this looks like an internal error that should be trapped.

[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207] client denied by server configuration: /srv/www/vhosts/sandstorm.ceda.ac.uk/htdocs/
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207] mod_wsgi (pid=3535): Exception occurred processing WSGI script '/srv/www/vhosts/sandstorm.ceda.ac.uk/wsgi-scripts/authorisationservice_dap.wsgi'.
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207] Traceback (most recent call last):
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207]   File "/usr/local/ndg-security/eggs/ndg_security_server-2.2.0-py2.6.egg/ndg/security/server/wsgi/authz/service.py", line 122, in __call__
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207]     return self._app(environ, start_response)
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207]   File "/usr/local/ndg-security/eggs/ndg_saml-0.5.5-py2.6.egg/ndg/saml/saml2/binding/soap/server/wsgi/queryinterface.py", line 402, in __call__
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207]     samlQuery = self.deserialise(queryElem)
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207]   File "/usr/local/ndg-security/eggs/ndg_saml-0.5.5-py2.6.egg/ndg/saml/xml/etree.py", line 1832, in fromXML
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207]     action = ActionElementTree.fromXML(childElem)
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207]   File "/usr/local/ndg-security/eggs/ndg_saml-0.5.5-py2.6.egg/ndg/saml/xml/etree.py", line 1710, in fromXML
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207]     action.namespace = namespace
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207]   File "/usr/local/ndg-security/eggs/ndg_saml-0.5.5-py2.6.egg/ndg/saml/saml2/core.py", line 2891, in _setNamespace
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207]     self.__actionTypes.keys())
[Fri Oct 14 16:15:49 2011] [error] [client 130.246.191.207] TypeError: not enough arguments for format string
#870 fixed [S] NOCS Attribute Authority address needs to be permanent hsnaith pjkersha

Reported by pjkersha, 13 years ago.

Description

#855 raised for the BADC applies to the other data providers.

Each Data Provider needs a permanent URI set aside for their Attribute Authority. MOLES [and CMSL] include the role name, Attribute Authority address tuple in their records. The latter should be fixed to avoid the need to have to change all data records should the Attribute Authority move location.

The address could be set up with a proxy e.g.

http://some-host-inside-firewall:51000/AttributeAuthority -> http://aa.data-provider-name.nerc.ac.uk

#1101 fixed [S] Update Paster templates for Security Installation pjkersha pjkersha

Reported by pjkersha, 11 years ago.

Description

The paster templates in ndg.security.server.paster_templates should be updated. Templates should exist for:

  1. Security services middleware stack: an ini file deploying in a pipeline these services mounted in a WSGI script running over SSL,
    • Attribute Authority
    • Authorization Service
    • Session Middleware
    • SSL Client Authentication
    • OpenID Relying Party
    • OpenID Provider
  2. Secured Application: the middleware to front a given application that needs securing,
    • Authentication Redirect Filter - redirects unauthenticated sessions to Security middleware stack above for SSL client authentication / OpenID Relying Party sign in
    • Authorisation Filter
    • Placeholder for application to be secured
  3. Secured application with OpenID Relying Party: where the application is running on another domain to the main services 1.) where no SSL certificate is available to host an OpenID Relying Party over SSL.
    • OpenID Relying Party
    • Authorisation Filter
    • Placeholder for application to be secured
  4. OpenID Relying Party and SSL Client Authentication filters running over SSL: where an application is running on a different domain to the main services 1.) but an SSL certificate is available for the domain,
    • SSL Client Authentication
    • OpenID Relying Party
  5. (Standalone Attribute Authority)
  6. (Standalone Authorization Service)
  7. (Standalone OpenID Provider)

Other possibilities in brackets.

1 2
Note: See TracQuery for help on using queries.