def test_sp_metadata(): mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["6"]) assert len(mds.keys()) == 1 assert mds.keys() == ['urn:mace:umu.se:saml:roland:sp'] assert _eq(mds['urn:mace:umu.se:saml:roland:sp'].keys(), ['entity_id', '__class__', 'spsso_descriptor']) req = mds.attribute_requirement('urn:mace:umu.se:saml:roland:sp') print req assert len(req["required"]) == 3 assert len(req["optional"]) == 1 assert req["optional"][0]["name"] == 'urn:oid:2.5.4.12' assert req["optional"][0]["friendly_name"] == 'title' assert _eq([n["name"] for n in req["required"]], [ 'urn:oid:2.5.4.4', 'urn:oid:2.5.4.42', 'urn:oid:0.9.2342.19200300.100.1.3' ]) assert _eq([n["friendly_name"] for n in req["required"]], ['surName', 'givenName', 'mail'])
def test_metadata_file(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["8"]) print len(mds.keys()) assert len(mds.keys()) == 560
def test_metadata_file(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["8"]) print(len(mds.keys())) assert len(mds.keys()) == 560
def test_switch_1(): mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["5"]) assert len(mds.keys()) > 160 idps = mds.with_descriptor("idpsso") print(idps.keys()) idpsso = mds.single_sign_on_service( 'https://aai-demo-idp.switch.ch/idp/shibboleth') assert len(idpsso) == 1 print(idpsso) assert destinations(idpsso) == [ 'https://aai-demo-idp.switch.ch/idp/profile/SAML2/Redirect/SSO'] assert len(idps) > 30 aas = mds.with_descriptor("attribute_authority") print(aas.keys()) aad = aas['https://aai-demo-idp.switch.ch/idp/shibboleth'] print(aad.keys()) assert len(aad["attribute_authority_descriptor"]) == 1 assert len(aad["idpsso_descriptor"]) == 1 sps = mds.with_descriptor("spsso") dual = [eid for eid, ent in idps.items() if eid in sps] print(len(dual)) assert len(dual) == 0
def test_switch_1(): mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["5"]) assert len(mds.keys()) > 160 idps = mds.with_descriptor("idpsso") print(idps.keys()) idpsso = mds.single_sign_on_service( 'https://aai-demo-idp.switch.ch/idp/shibboleth') assert len(idpsso) == 1 print(idpsso) assert destinations(idpsso) == [ 'https://aai-demo-idp.switch.ch/idp/profile/SAML2/Redirect/SSO'] assert len(idps) > 30 aas = mds.with_descriptor("attribute_authority") print(aas.keys()) aad = aas['https://aai-demo-idp.switch.ch/idp/shibboleth'] print(aad.keys()) assert len(aad["attribute_authority_descriptor"]) == 1 assert len(aad["idpsso_descriptor"]) == 1 sps = mds.with_descriptor("spsso") dual = [eid for eid, ent in idps.items() if eid in sps] print(len(dual)) assert len(dual) == 0
def test_load_local_dir(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["9"]) print mds assert len(mds) == 3 # Three sources assert len(mds.keys()) == 4 # number of idps
def test_load_extern_incommon(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["10"]) print(mds) assert mds assert len(mds.keys())
def test_load_external(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["10"]) print(mds) assert len(mds) == 1 # One source assert len(mds.keys()) > 1 # number of idps
def test_load_local_dir(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["9"]) print(mds) assert len(mds) == 3 # Three sources assert len(mds.keys()) == 4 # number of idps
def __init__(self, idp_conf, logger, conf, publicKey, privateKey, metadataList): """ Constructor. Initiates the class. :param logger: Logger to be used when something needs to be logged. :param conf: idp_proxy_conf see IdpProxy/conig/idp_proxy_conf.example.py :param key: A RSA key to be used for encryption. :param metadataList: A list of metadata files. [{"local": ["swamid-1.0.xml"]}, {"local": ["sp.xml"]}] :raise: """ if (logger is None) or (conf is None) or (publicKey is None)or (privateKey is None): raise ValueError( "A new instance must include a value for logger, conf and key.") #Public key to be used for encryption. self.publicKey = publicKey self.privateKey = privateKey #Used for presentation of mako files. self.lookup = TemplateLookup( directories=[MetadataGeneration.CONST_STATIC_MAKO + 'templates', MetadataGeneration.CONST_STATIC_MAKO + 'htdocs'], module_directory='modules', input_encoding='utf-8', output_encoding='utf-8') #The logger. self.logger = logger #A list of all social services used by this IdPproxy. self.socialServiceKeyList = [] #A list of all service providers used by this sp. self.spKeyList = [] for key in conf: self.socialServiceKeyList.append(conf[key]["name"]) try: xmlsec_path = get_xmlsec_binary(["/opt/local/bin"]) except: try: xmlsec_path = get_xmlsec_binary(["/usr/local/bin"]) except: self.logger.info('Xmlsec must be installed! Tries /usr/bin/xmlsec1.') xmlsec_path = '/usr/bin/xmlsec1' self.xmlsec_path = xmlsec_path config = Config() config.disable_ssl_certificate_validation = True config.key_file = idp_conf["key_file"] config.cert_file = idp_conf["cert_file"] config.xmlsec_binary = idp_conf["xmlsec_binary"] config.debug = idp_conf["debug"] for metadata in metadataList: mds = MetadataStore(MetadataGeneration.CONST_ONTS.values(), MetadataGeneration.CONST_ATTRCONV, config) mds.imp(metadata) for entityId in mds.keys(): self.spKeyList.append(entityId)
def test_load_external(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["10"]) print(mds) assert len(mds) == 1 # One source assert len(mds.keys()) > 1 # number of idps
def test_example(): mds = MetadataStore(list(ONTS.values()), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["4"]) assert len(list(mds.keys())) == 1 idps = mds.with_descriptor("idpsso") assert list(idps.keys()) == ["http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php"] certs = mds.certs("http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php", "idpsso", "signing") assert len(certs) == 1
def test_load_extern_incommon(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["10"]) print(mds) assert mds assert len(mds.keys())
def test_sp_metadata(): mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["6"]) assert len(mds.keys()) == 1 assert mds.keys() == ['urn:mace:umu.se:saml:roland:sp'] assert _eq(mds['urn:mace:umu.se:saml:roland:sp'].keys(), ['entity_id', '__class__', 'spsso_descriptor']) req = mds.attribute_requirement('urn:mace:umu.se:saml:roland:sp') print req assert len(req["required"]) == 3 assert len(req["optional"]) == 1 assert req["optional"][0]["name"] == 'urn:oid:2.5.4.12' assert req["optional"][0]["friendly_name"] == 'title' assert _eq([n["name"] for n in req["required"]], ['urn:oid:2.5.4.4', 'urn:oid:2.5.4.42', 'urn:oid:0.9.2342.19200300.100.1.3']) assert _eq([n["friendly_name"] for n in req["required"]], ['surName', 'givenName', 'mail'])
def test_example(): mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["4"]) assert len(mds.keys()) == 1 idps = mds.with_descriptor("idpsso") assert list(idps.keys()) == [ 'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php'] certs = mds.certs( 'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php', "idpsso", "signing") assert len(certs) == 1
def test_load_string(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["11"]) # print(mds) assert len(mds.keys()) == 1 idps = mds.with_descriptor("idpsso") assert list(idps.keys()) == [ 'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php'] certs = mds.certs( 'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php', "idpsso", "signing") assert len(certs) == 1
def test_load_string(): sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ONTS.values(), ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["11"]) print(mds) assert len(mds.keys()) == 1 idps = mds.with_descriptor("idpsso") assert list(idps.keys()) == [ 'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php'] certs = mds.certs( 'http://xenosmilus.umdc.umu.se/simplesaml/saml2/idp/metadata.php', "idpsso", "signing") assert len(certs) == 1
def test_load_external(mock_request): filepath = os.path.join(TESTS_DIR, "remote_data/InCommon-metadata-export.xml") with open(filepath) as fd: data = fd.read() mock_request.return_value.ok = True mock_request.return_value.status_code = 200 mock_request.return_value.content = data sec_config.xmlsec_binary = sigver.get_xmlsec_binary(["/opt/local/bin"]) mds = MetadataStore(ATTRCONV, sec_config, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["10"]) print(mds) assert len(mds) == 1 # One source assert len(mds.keys()) > 1 # number of idps
def test_sp_metadata(): mds = MetadataStore(ONTS.values(), ATTRCONV, xmlsec_path, disable_ssl_certificate_validation=True) mds.imp(METADATACONF["6"]) assert len(mds.keys()) == 1 assert mds.keys() == ['urn:mace:umu.se:saml:roland:sp'] assert _eq(mds['urn:mace:umu.se:saml:roland:sp'].keys(), [ 'entity_id', '__class__', 'spsso_descriptor']) req = mds.attribute_requirement('urn:mace:umu.se:saml:roland:sp') print req assert len(req["required"]) == 3 assert len(req["optional"]) == 1 assert req["optional"][0]["name"] == 'urn:oid:2.5.4.12' assert req["optional"][0]["friendly_name"] == 'title' assert _eq([n["name"] for n in req["required"]],['urn:oid:2.5.4.4', 'urn:oid:2.5.4.42', 'urn:oid:0.9.2342.19200300.100.1.3']) assert _eq([n["friendly_name"] for n in req["required"]], ['surName', 'givenName', 'mail']) ##def test_import_external_metadata(xmlsec): ## md = metadata.MetaData(xmlsec,attrconv=ATTRCONV) ## mds.import_external_metadata(KALMAR2_URL, KALMAR2_CERT) ## ## print len(mds.entity) ## assert len(mds.entity) > 20 ## idps = dict([ ## (id,ent["idpsso"]) for id,ent in mds.entity.items() if "idpsso" in ent]) ## print idps.keys() ## assert len(idps) > 1 ## assert "https://idp.umu.se/saml2/idp/metadata.php" in idps # ## ------------ Constructing metadata ---------------------------------------- # #def test_construct_contact(): # c = make_instance(mds.ContactPerson, { # "given_name":"Roland", # "sur_name": "Hedberg", # "email_address": "*****@*****.**", # }) # print c # assert c.given_name.text == "Roland" # assert c.sur_name.text == "Hedberg" # assert c.email_address[0].text == "*****@*****.**" # assert _eq(c.keyswv(), ["given_name","sur_name","email_address"]) # # #def test_construct_organisation(): # c = make_instance( mds.Organization, { # "organization_name": ["Example Co.", # {"text":"Exempel AB", "lang":"se"}], # "organization_url": "http://www.example.com/" # }) # # assert _eq(c.keyswv(), ["organization_name","organization_url"]) # assert len(c.organization_name) == 2 # org_names = [on.text for on in c.organization_name] # assert _eq(org_names,["Exempel AB","Example Co."]) # assert len(c.organization_url) == 1 # #def test_construct_entity_descr_1(): # ed = make_instance(mds.EntityDescriptor, # {"organization": { # "organization_name":"Catalogix", # "organization_url": "http://www.catalogix.se/"}, # "entity_id": "urn:mace:catalogix.se:sp1", # }) # # assert ed.entity_id == "urn:mace:catalogix.se:sp1" # org = ed.organization # assert org # assert _eq(org.keyswv(), ["organization_name","organization_url"]) # assert len(org.organization_name) == 1 # assert org.organization_name[0].text == "Catalogix" # assert org.organization_url[0].text == "http://www.catalogix.se/" # #def test_construct_entity_descr_2(): # ed = make_instance(mds.EntityDescriptor, # {"organization": { # "organization_name":"Catalogix", # "organization_url": "http://www.catalogix.se/"}, # "entity_id": "urn:mace:catalogix.se:sp1", # "contact_person": { # "given_name":"Roland", # "sur_name": "Hedberg", # "email_address": "*****@*****.**", # } # }) # # assert _eq(ed.keyswv(), ["entity_id", "contact_person", "organization"]) # assert ed.entity_id == "urn:mace:catalogix.se:sp1" # org = ed.organization # assert org # assert _eq(org.keyswv(), ["organization_name", "organization_url"]) # assert len(org.organization_name) == 1 # assert org.organization_name[0].text == "Catalogix" # assert org.organization_url[0].text == "http://www.catalogix.se/" # assert len(ed.contact_person) == 1 # c = ed.contact_person[0] # assert c.given_name.text == "Roland" # assert c.sur_name.text == "Hedberg" # assert c.email_address[0].text == "*****@*****.**" # assert _eq(c.keyswv(), ["given_name","sur_name","email_address"]) # #def test_construct_key_descriptor(): # cert = "".join(_read_lines("test.pem")[1:-1]).strip() # spec = { # "use": "signing", # "key_info" : { # "x509_data": { # "x509_certificate": cert # } # } # } # kd = make_instance(mds.KeyDescriptor, spec) # assert _eq(kd.keyswv(), ["use", "key_info"]) # assert kd.use == "signing" # ki = kd.key_info # assert _eq(ki.keyswv(), ["x509_data"]) # assert len(ki.x509_data) == 1 # data = ki.x509_data[0] # assert _eq(data.keyswv(), ["x509_certificate"]) # assert data.x509_certificate # assert len(data.x509_certificate.text.strip()) == len(cert) # #def test_construct_key_descriptor_with_key_name(): # cert = "".join(_read_lines("test.pem")[1:-1]).strip() # spec = { # "use": "signing", # "key_info" : { # "key_name": "example.com", # "x509_data": { # "x509_certificate": cert # } # } # } # kd = make_instance(mds.KeyDescriptor, spec) # assert _eq(kd.keyswv(), ["use", "key_info"]) # assert kd.use == "signing" # ki = kd.key_info # assert _eq(ki.keyswv(), ["x509_data", "key_name"]) # assert len(ki.key_name) == 1 # assert ki.key_name[0].text.strip() == "example.com" # assert len(ki.x509_data) == 1 # data = ki.x509_data[0] # assert _eq(data.keyswv(), ["x509_certificate"]) # assert data.x509_certificate # assert len(data.x509_certificate.text.strip()) == len(cert) # #def test_construct_AttributeAuthorityDescriptor(): # aad = make_instance( # mds.AttributeAuthorityDescriptor, { # "valid_until": time_util.in_a_while(30), # 30 days from now # "id": "aad.example.com", # "protocol_support_enumeration": SAML2_NAMESPACE, # "attribute_service": { # "binding": BINDING_SOAP, # "location": "http://example.com:6543/saml2/aad", # }, # "name_id_format":[ # NAMEID_FORMAT_TRANSIENT, # ], # "key_descriptor": { # "use": "signing", # "key_info" : { # "key_name": "example.com", # } # } # }) # # print aad # assert _eq(aad.keyswv(),["valid_until", "id", "attribute_service", # "name_id_format", "key_descriptor", # "protocol_support_enumeration"]) # assert time_util.str_to_time(aad.valid_until) # assert aad.id == "aad.example.com" # assert aad.protocol_support_enumeration == SAML2_NAMESPACE # assert len(aad.attribute_service) == 1 # atsr = aad.attribute_service[0] # assert _eq(atsr.keyswv(),["binding", "location"]) # assert atsr.binding == BINDING_SOAP # assert atsr.location == "http://example.com:6543/saml2/aad" # assert len(aad.name_id_format) == 1 # nif = aad.name_id_format[0] # assert nif.text.strip() == NAMEID_FORMAT_TRANSIENT # assert len(aad.key_descriptor) == 1 # kdesc = aad.key_descriptor[0] # assert kdesc.use == "signing" # assert kdesc.key_info.key_name[0].text.strip() == "example.com" # #STATUS_RESULT = """<?xml version='1.0' encoding='UTF-8'?> #<ns0:Status xmlns:ns0="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><ns0:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:UnknownPrincipal" /></ns0:StatusCode><ns0:StatusMessage>Error resolving principal</ns0:StatusMessage></ns0:Status>""" # #def test_status(): # input = { # "status_code": { # "value": samlp.STATUS_RESPONDER, # "status_code": # { # "value": samlp.STATUS_UNKNOWN_PRINCIPAL, # }, # }, # "status_message": "Error resolving principal", # } # status_text = "%s" % make_instance( samlp.Status, input) # assert status_text == STATUS_RESULT # #def test_attributes(): # required = ["surname", "givenname", "edupersonaffiliation"] # ra = metadata.do_requested_attribute(required, ATTRCONV, "True") # print ra # assert ra # assert len(ra) == 3 # for i in range(3): # assert isinstance(ra[i], mds.RequestedAttribute) # assert ra[i].name_format == NAME_FORMAT_URI # assert ra[i].attribute_value == [] # assert ra[i].is_required == "True" # assert ra[0].friendly_name == "surname" # assert ra[0].name == 'urn:oid:2.5.4.4' # #def test_extend(): # md = metadata.MetaData(attrconv=ATTRCONV) # mds.import_metadata(_fix_valid_until(_read_file("extended.xml")), "-") # # signcerts = mds.certs("https://coip-test.sunet.se/shibboleth", "signing") # assert len(signcerts) == 1 # enccerts = mds.certs("https://coip-test.sunet.se/shibboleth", "encryption") # assert len(enccerts) == 1 # assert signcerts[0] == enccerts[0] # #def test_ui_info(): # md = metadata.MetaData(attrconv=ATTRCONV) # mds.import_metadata(_fix_valid_until(_read_file("idp_uiinfo.xml")), "-") # loc = mds.single_sign_on_services_with_uiinfo( # "http://example.com/saml2/idp.xml") # assert len(loc) == 1 # assert loc[0][0] == "http://example.com/saml2/" # assert len(loc[0][1]) == 1 # ui_info = loc[0][1][0] # print ui_info # assert ui_info.description[0].text == "Exempel bolag" # #def test_pdp(): # md = metadata.MetaData(attrconv=ATTRCONV) # mds.import_metadata(_fix_valid_until(_read_file("pdp_meta.xml")), "-") # # assert md # # pdps = mds.pdp_services("http://www.example.org/pysaml2/") # # assert len(pdps) == 1 # pdp = pdps[0] # assert len(pdp.authz_service) == 1 # assert pdp.authz_service[0].location == "http://www.example.org/pysaml2/authz" # assert pdp.authz_service[0].binding == BINDING_SOAP # endpoints = mds.authz_service("http://www.example.org/pysaml2/") # assert len(endpoints) == 1 # assert endpoints[0] == "http://www.example.org/pysaml2/authz"
def initAuthApp(self, application, metadataList, conf, secretFile, configfilePath=None): """ Will add authentication middleware to the WSGI application. :param self: :param application: Function for main WSGI application :rtype : PluggableAuthenticationMiddleware :return: """ self.CONST_SETUP = "/setup" self.CONST_SETUPSERVICE = "/setup/service" self.CONST_SETUPSTYLES = "/setup/styles" self.CONST_SAVESECRET = "/setup/SaveSecret" self.CONST_SETUPABOUT = "/setup/about" self.CONST_SETUPLOGUT = "/setup/logout" self.CONST_SESSION_USER = "******" self.CONST_KEY = "key" self.CONST_SECRET = "secret" if configfilePath is None: self.CONST_ROOT = os.path.dirname(os.path.abspath(__file__)) else: self.CONST_ROOT = configfilePath self.CONST_AUTH_FILE = IdpSetupSp._instance.CONST_ROOT + "/auth.json" self.CONST_STATIC_FILE = IdpSetupSp._instance.CONST_ROOT + "/files/static/" self.CONST_STATIC_MAKO = IdpSetupSp._instance.CONST_ROOT + "/files/mako/" self.CONST_LOOKUP = TemplateLookup(directories=[self.CONST_STATIC_MAKO + 'templates', self.CONST_STATIC_MAKO + 'htdocs'], module_directory=self.CONST_STATIC_MAKO + 'modules', input_encoding='utf-8', output_encoding='utf-8') self.CONST_ONTS = { saml.NAMESPACE: saml, mdui.NAMESPACE: mdui, mdattr.NAMESPACE: mdattr, dri.NAMESPACE: dri, ui.NAMESPACE: ui, idpdisc.NAMESPACE: idpdisc, md.NAMESPACE: md, xmldsig.NAMESPACE: xmldsig, xmlenc.NAMESPACE: xmlenc } self.CONST_ATTRCONV = attribute_converter.ac_factory("attributemaps") try: xmlsec_path = get_xmlsec_binary(["/opt/local/bin"]) except: try: xmlsec_path = get_xmlsec_binary(["/usr/local/bin"]) except: xmlsec_path = '/usr/bin/xmlsec1' for metadata in metadataList: mds = MetadataStore(self.CONST_ONTS.values(), self.CONST_ATTRCONV, xmlsec_path, disable_ssl_certificate_validation=True) mds.imp(metadata) for entityId in mds.keys(): self.spKeyList.append(entityId) for key in conf: self.socialServiceKeyList.append(conf[key]["name"]) self.secretFile = secretFile currentPath = os.path.dirname(os.path.abspath(__file__)) lib_path = os.path.abspath(self.CONST_ROOT) sys.path.append(lib_path) DeclarativeAuth.getInstance(self.CONST_AUTH_FILE) app_with_auth = make_middleware_with_config(application, {"here": "."}, self.CONST_ROOT+'/who.ini', log_file=self.CONST_ROOT+"/repoze_who.log") return app_with_auth