Hi, Bob -- [email protected] is a world-wide mailing list. Please direct University of Michigan specific questions to [EMAIL PROTECTED] or [EMAIL PROTECTED] With that said, although you couch your questions in U-M specific terms below, it is really a generic question.
The short answer to your question is that your PHP web application should not do any redirects. Everything will be taken care of for you by the cosign filter that you install on your web server (in the case of PHP running under Apache HTTPD, this would be mod_cosign that you would install and configure). The only thing your code will need to do is to check the value of the REMOTE_USER environment variable in order to learn the authenticated user's identity. More specifically, when a user hits a URI that you have designated (in your Apache HTTPD configuration) as being cosign-protected, the cosign filter will automatically redirect them to your institution's central weblogin server, authenticate them, and then redirect them back to the URL that they were originally trying to visit. Instructions on how to build, install, and configure the cosign filter for Apache HTTPD, including a U-M specific configuration example, are available here: http://webapps.itcs.umich.edu/cosign/index.php/Cosign_Wiki:CosignInstallation#Building_and_Installing_the_Filter Please let us know (or use one of the other email addresses above) if you have any questions. Mark Montague ITCS Web/Database Production Team The University of Michigan [EMAIL PROTECTED] On Thu, Feb 7, 2008 2:01 PM, Bob Riddle <[EMAIL PROTECTED]> wrote: > I have a php application that I would like to use > http://weblogin.umich.edu for institutional authentication (Cosign using > Kerberos). I've been staring at the weblogin.org site and at the Cosign > wiki looking for an example of how to do this. > > I know that you can redirect to > http://weblogin.umich.edu/?cosign-<something>;&http://<return to this > url> but I'm hoping to find documentation and and example of how to do > this. I really don't need a service ticket returned, just the user name > (uniqname) from a successful "login" to pass on to the php application > so I can use the existing authorization scheme used by this application. > > Any pointers and suggestions are appreciated (even if accompanied by > ranting!). > > Thanks! > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
