cosign is a Web single sign on system that allows users to authenticate once per session and access any protected Web resources at the institution. If used, passwords are sent only to a single, central URL. Sessions have both idle and hard timeouts, and users can logout of all protected services by visiting a single URL. The use of public key cryptography ensures that a compromise of a protected Web server has no impact on the security of other participating servers.
|Tags||Internet Web Security|
|Operating Systems||Unix Windows|
Release Notes: Support for n-tier cosign proxy authentication. Logging with summary statistics. Runtime configurable. Better integration with Apache AuthZ. The ability to force re-authentication on a per-service basis. Updated documentation. DB hashing support.
Release Notes: This release adds full support for multiple, replicated weblogin servers, 'friend' guest accounts, more flexible authentication options for the Web login server, and a number of minor fixes to the Apache 1.3.x filter. The authentication filter for IIS is nearing 1.0 release status, the Java servlet filter is in production testing now, and an Apache 2.0 filter is nearing completion.