CoSign: Collaborative Single Sign-On  

cosign-discuss at
general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

re: cosign and shibboleth

(Had to get cosign-discuss reset back to "anyone-can-post-to-it)

Here's my (rough) notes on when I did it some months ago.

I've attached the actual MS-Word document as well as
including a cut-paste of its contents.  Hopefully
you can view the doc since the indentation gets lost
in a cut-paste...  (I've added some of the indentation
and white-space back in)

Once you've already gotten the pre-requisites working,
it's around fifteen minutes of effort.  Trying to get
anything working in one flying leap is ... just asking
for it.

Marrying Cosign and Shibboleth

Shibboleth provides the underpinnings for an Authorization framework for
web-based (and increasingly non web-based) services that can be used both
within an institution and between institutions.  It is designed so that each
institution can continue using its existing Authentication infrastructure with
the institution?s Origin.  This paper documents the pre-requisites and changes
needed to use Cosign for Authentication with an institution?s Shibboleth


This document focuses on the changes needed to marry two already functioning
services together, leaving it to the Cosign and Shibboleth documentation to
detail how to bring themselves up.  Below are those aspects of the two systems
that a successful marriage depends upon.

Shibboleth Origin
Chapters 3 & 4 (from
Chap 3 lists the following five requirements
   Apache 1.3.26+
   Tomcat 4.1.18-24 LE Java server and above
   Sun J2SE JDK v1.4.1_01 and above
   mod_jk or mod_jk2
   Shib Origin 1.0+
   An enterprise authentication mechanism
      Mod_cosign for downloads and documentation

Cosign weblogin service
Not changed in anyway.  The above Shibb origin is simply yet another
Cosign-dependent web-server.


Once you have the pre-requisites in place, marrying the two is simply a matter
of having all references to the location of the Origin?s Handle Service (HS) be
protected by Cosign.  The five lines below demonstrate how it?s implemented at a
large institution.

Shibboleth Origin

   Httpd.conf (or equiv)
        <IfModule mod_cosign.c>
            <Location /shibboleth/HS>
                CosignProtected On

Attachment: Marrying Cosign and Shibboleth.doc
Description: MS-Word document

Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010