Generic Secured Application

This page describes the installation process for securing some WSGI based application with NDG Security middleware.

Steps assume root privileges.

Create virtualenv

  1. Create virtualenv:
    $ pip install virtualenv
  2. Create virtualenv:
    $ virtualenv --no-site-packages /usr/local/myapp
  3. Activate environment
    $ . /usr/local/myapp/bin/activate

Set-up Security Packages

  1. Install the required packages:
    $ cd /usr/local/myapp
    $ pip install -f ndg_security_server ndg_saml ndg_xacml

Set-up Configuration Files

Care should be taken if installing this alongside existing configuration for the application to be secured. The best approach is to set paster to install to a neighbouring directory and then copy over the required files and merge in the security ini file with those of the app (if one exists for the latter).

  1. Create configuration:
    $ paster create -t ndgsecurity_securedapp
    Enter the required information when prompted accepting defaults if acceptable. For the project name, entering 'etc' will set-up the configuration files in a etc sub-directory under /usr/local/myapp.
  1. Install keys to /usr/local/myapp/etc/pki/ca:

2.1 Copy key to directory:

$ cp TERENASSLCA.crt /usr/local/myapp/etc/pki/ca

2.2 Create the hash:

$ cd /usr/local/myapp/etc/pki/ca
$ openssl x509 -noout -in TERENASSLCA.crt -hash

2.3 Rename the key using the hash:

$ mv TERENASSLCA.crt d9be2151.0

2.4 Do the same for other keys in the chain.