CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Restricting access

On Mon, 23 Feb 2004 memo@xxxxxxxxxxxx wrote:

Is there a way to restrict access to our cosign server to certain groups
within UM? We want to distribute the School of Information's configuration
of Mulberry via our Cosign enabled web server but we don't want our alumni
to be able get the software since they aren't covered under the site
license. Is this something Cosign can handle? If not how can we further
restrict access beyond Cosign?

Just restrict access as you normally would without cosign.

For example, to have Apache do the authorization for you,
add a directive to the appropriate Directory context in http.conf,
or to the appropriate .htaccess file such as
    require group list-of-people-I-like
The file containing the definition of the group can be
defined by AuthDBGroupFile (if you're using mod_auth_db),
AuthDBMGroupFile (mod_auth_dbm), or AuthGroupFile (mod_auth).

Or you can do authorization under apache using LDAP groups
(mod_ldap) or groups defined in MySQL databases, to name just
a few possibilities.

If you are writing active content (for example, a PHP page),
cosign puts the name of the user into the REMOTE_USER environment
variable.  Your page should use this variable when doing its
authorization checks.

                Mark Montague
                LS&A Information Technology

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010