CoSign: Collaborative Single Sign-On  
AnnouncementsDiscussion
 

cosign-discuss at umich.edu
general discussion of cosign development and deployment
 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cosign and Squid?




> squid has an authentication extension architecture, so it might be  
> possible to add the equivalent of mod_cosign to squid.  Can you say  
> more about what you're trying to do?

Pretty much the same as the forwarded message you have below.

  * User sets up their browser to use the squid proxy
  * User requests a page (cnn.com)
  * Squid's mod_cosign authenticator validates cookies or causes
    redirects to weblogin sign on, etc, just like normal websites.

> Somewhat related, we received a patch from OpenSourcery that they did  
> for Reed College.  It changes mod_cosign so that apache2 can be used  
> as a cosign-protected proxy.  While we haven't yet tested it, it  
> seems pretty reasonable.  See below.

If they were able to get it to work with Apache2, that would seem to
indicate that the browser functionality is there.  That was my biggest
question.

I haven't investigated squid's authentication system yet -- it could be
as basic as OK/ERR, in which case it would require patching to support
sending the redirects.  If anyone's looked into this, let me know.  Else
I'll try to take a look at it next week.


-- 
Brian Hatch                  This is the Postfix program at Rinat.
   Systems and                The message returned below could not
   Security Engineer          be delivered because Edwin will no
http://www.ifokr.org/bri/     longer answer requests from Brian
                              when he should be home.
Every message PGP signed

Attachment: signature.asc
Description: Digital signature


 
Copyright © 2002 - 2004 Regents of the University of Michigan :  Page last updated 15-December-2010