wiki:ndg_security/Installation

ndg_security Installation

Code can be installed from the NDG distributions repository. To install e.g.

$ pip install -f http://ndg.nerc.ac.uk/dist/ ndg_security

To pick up unit and integration tests:

$ pip install -f http://ndg.nerc.ac.uk/dist/ ndg_security_test

Other dependencies:

$ pip install ndg_xacml psycopg2 Genshi

Nb. the --proxy <url> setting may be needed if your site is behind a HTTP proxy.

A full set of configuration instructions will follow soon (as of writing 07/01/11).

Server-side

Paste templates

These can be used to create configuration settings for NDG Security components

  1. Generic Secured Application - creates an ini file containing settings for security filters to secure a generic HTTP application.
  2. Relying Party Authentication Services - creates an ini file for authentication services needed by 1. This is run as independent application running under HTTPS under the same server. It enables clients to authenticate with the secured application using OpenID or SSL client authentication
  3. OpenID Provider
  4. SAML Attribute Service
  5. SAML Authorisation Service? - in file for authorisation service. This is compliant with the ESGF interface and runs a XACML-based policy engine
  6. All Services configuration

For server side components, the recommended configuration is with mod_wsgi with Apache2:

Apache2 and mod_wsgi configuration

See wiki:ndg_security/Installation/Apache2.