cosign-announce at umich.edu
cosign release and update announcements
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IISCosign 1.1.0 RC1 available for download


Very important thing I forgot to mention: since this is a release candidate do not forget to backup your IISCosign folder! In particular, the cosign.dll.config file and the contents of the /SSL folder!

--Jarod Malestein
--University of Michigan
--IT Central Services

--On Monday, September 13, 2004 3:55 PM -0400 Jarod Malestein <jarod@xxxxxxxxx> wrote:


Release Candidate 1 for IISCosign version 1.1.0 is now available.  We'd
like to receive feedback, complaints, test reports, and bugs.  Please
give this a spin and let us know what you think!  If there's anything
we've left out or a promised or omitted feature you're waiting for,
please let us know.

Download here:
<http://weblogin.org/>

Previous versions available here:
<http://www.umich.edu/~umweb/software/cosign/download.html>

--Jarod Malestein
--University of Michigan
--IT Central Services

Changes in IISCosign 1.1.0:

+ You can now specify allowUnauthenticatedAccess to <Protected/> pages.
Example:

<Protected allowUnauthenticatedAccess="TRUE">/MySweetWebApp</Protected>

What?  Yes, now you can have a folder or web page(s) that can be accessed
by both logged in and non-logged in users.  If the user is logged in, the
HTTP_REMOTE_USER, HTTP_REMOTE_REALM, and HTTP_COSIGN_SERVICE variables
will be available.  If the user is not logged in, he is not redirected
and only the HTTP_COSIGN_SERVICE variable is available.

+ Log file locking issue circumvented.  This prevented multiple instances
of the filter from being instantiated in IIS 6.0.  Unfortunately,
multiple log files are not created.  This will be corrected.

+ <HttpsOnly /> option added. Default is TRUE. Set to FALSE to allow
users to access cosign-protected pages without a secure connection.
Example:

<HttpsOnly>FALSE</HttpsOnly>

+ Corrected bug that would protect something like "/studentsAndStaff" if
"/students" was protected.  Then broke it, fixed it, broke it, fixed it.
This is something you may want to double-check.

+ Extra info put into log file.  Please provide feedback on what you
would and wouldn't like to have in the cosign log file.

+ Https redirect bug fixed.

+ Specifying web sites by their IIS description rather than DNS name is
now an option.
Change your <Service /> tag as follows:

<Service IISDescription="IISCosign web site">cosign-service-name
...
</Service>

You can use either the original websitename item to refer to the DNS name
or the new IISDescription. If both are present, IISCosign first looks for
IISDescription and will ignore websitename.

For the curious parties, the "IISDescription" is compared to the
ServerComment for the web site in the IIS metabase.

+ You can now limit the log file size. Change your <LogFilePath> to look
like this:

<LogFilePath fileSizeInKB="4096">C:\Program
Files\CosignFilter\Logs</LogFilePath>


What's on the roadmap (in no particular order):

- Creating multiple cosign log files when multiple instances of the
filter are loaded.
- A logging level option.  Something like "normal/debug/trace."
- Implementing Apache-style on/off cosign protection mechanism.  This
would allow something like "/foo" to be protected and "/foo/bar" to be
unprotected.  As IISCosign stands now, "/foo", by default, will also
protect "/foo/bar".
- And, of course, rolling in contributions from other organizations.