You are here
What is Cosign?
Cosign is a single sign-on (SSO) web login technology developed at the University of Michigan. It uses a centralised sign-on mechanism to authenticate users: for Informatics users, this means authenticating to web sites using your Kerberos principal.
Cosign uses login and service cookies to manage the authorization for a cosign-protected website. More detailed information about the design of Cosign can be found on the Cosign website.
Many websites in Informatics use Cosign authentication for protected or restricted-access pages.
How do I use Cosign/weblogin.inf.ed.ac.uk?
When you visit an Informatics website that's Cosign protected, you'll be redirected to https://weblogin.inf.ed.ac.uk for authentication. If you're using Firefox on a DICE machine, authentication will happen automatically - using your existing Kerberos credentials - and you'll then be returned to the Cosign-protected site.
For other web browsers and operating systems, you'll be prompted for your Informatics username and password, and then returned to the originating Cosign-protected site on successful authentication.
To help us maintain the security of our systems you should regularly review the logs for your recent Cosign login activity.
Cosign and SPNEGO
Our Cosign service supports SPNEGO 'Integrated Authentication' on selected browsers. This allows Kerberos-capable machines to authenticate to Cosign without the user having to enter their credentials by hand. No configuration is required on the server side to take advantage of this, but see Cosign and SPNEGO for the browser configuration required.
Cosign and iFriend
Cosign can be used by people with iFriend accounts. See iFriend accounts.
Using Cosign to restrict access - example
The groups and homepages web servers are configured to use Cosign so, should you want to, you can use the facility to restrict access to your pages to particular DICE users (or groups of users).
Example: create an
.htaccess file containing the following:
CosignProtected On AuthType Cosign Require user alice bob
Now, only users 'alice' and 'bob' are authorised to see the contents of the https:// URL which references that
.htaccess file, .
(Note that, if anyone visits the corresponding http:// URL, they will receive a "401-Authorization Required" message - or a similar message, depending on the exact configuration of the web server - in their browser.)