CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Design question

No, it is not the case that all https pages must be authenticated. All authenticated pages must be https, but that's not the same thing.

The CosignProtected (on/off) directive in conjunction with Location and Directory directives can be used to selectively protect and unprotect arbitrary portions of the https uri space. So turning off cosign protection for a page called, for example, 'registration' might look like this:

    <Location /registration/>
        <IfModule mod_cosign.c>
            CosignProtected Off

or like this:

    <Directory /home/sitemaker/public_html/registration/>
        <IfModule mod_cosign.c>
            CosignProtected Off


On Mar 18, 2004, at 7:31 PM, Jonathan Maybaum wrote:

Cosign group,
Is it correct that your implementation requires that all https pages must be authenticated? If so, this presents a problem. We had a page where people were able to register for a conference (including sending credit card info). Since anyone is permitted to register, the page was https, but did not require authentication. Now, apparently, the Cosign filter will not allow us to have such a page. Is that right?


... "In, as you say, the mud." ...


Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010