CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cosign or IP-based access control

On Jan 18, 2005, at 11:33 PM, Jim Zajkowski wrote:

I'll give it a whirl when I get a chance.

Well I wasn't quite able to get it to work using AuthType Cosign and Require valid-user under Apache 2; it continually gave me this error:

configuration error: couldn't check user. No user file?

I already have stuff plugged into apache 2, not to mention that it is vendor supplied, so downgrading to 1.3 to try it was not what I wanted to spend the rest of the day on.

Instead I resorted to that swiss army knife of apache, mod_rewrite. Note that our intranet is being served by a local Zope/Plone install; some variation would be required for other setups.

# if they are building-local, let them in
RewriteEngine On
RewriteCond %{REMOTE_ADDR} 141\.211\.182\.* [OR]
RewriteCond %{REMOTE_ADDR} 141\.211\.183\.* [OR]
RewriteCond %{REMOTE_ADDR} 141\.211\.74\.*
RewriteRule ^/(.*)$1 [P]

# if not, hand them to cosign
RewriteRule ^/(.*) /cosign/$1 [PT]

# auth to cosign
<Location /cosign/>
  Options FollowSymLinks
  CosignProtected On
  RewriteEngine On

  # deny cosign friends
  RewriteCond %{ENV:REMOTE_REALM} friend
  RewriteRule ^/(.*) /$1 [F,L]

# otherwise rewrite them to the intranet
RewriteRule ^/var/www/html/intranet/(.*)$1 [P]



Jim Zajkowski          OpenPGP 0x21135C3
System Administrator  8A9E 1DDF 944D 83C3 AEAB  8F74 8697 A823 2113 5C53
UM Life Sciences Institute

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010