Thanks all, who helped me. :)
Seems like I found solution that works well and ready to share it with
everybody.
Matanya Elchanani:
> We had a few applications that had the same requirement of being
> "Cosigned" while allowing both non-authenticated and authenticated
> access. What we ended up doing is securing a specific path (like /login)
> on the application server with "CosignAllowPublicAccess Off" and placing
> a simple redirect script that will redirect the user back to the calling
> page. The application itself is secured using "CosignAllowPublicAccess
> On". Anonymous access will work because of the "CosignAllowPublicAccess
> On". When a user requests authentication, the application should simply
> send the user to the /login/... redirect script, this will cause the
> user to be again redirected to weblogin.domain1 (if she does not have a
> Cosign session already active), and eventually be redirected back to the
> calling application authentication page, but this time with REMOTE_USER
> set.
>
I thought about this way, but it demands to do very big changes of site code,
so
I tried to make php-code to work like mod_cosign does. Here code, that works in
my sites (it's just sample, but I hope it can be easily incorporated):
============
index.php:
============
header("Cache-Control: no-cache, must-revalidate");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
echo '<hr><a href="http://forum.domain2.net/login.php";>Login</a>';
echo '<br><a href="http://forum.domain2.net/logout.php";>Logout</a>';
============
login.php:
============
$cosign_url = "https://weblogin.domain1.net/";;
$service_name = "forum.domain2.net";
$service_url = "http://forum.domain2.net/";;
$sample_string =
"0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
$cookie_name = "cosign-" . $service_name;
$cookie_data = '';
for ($i=0;$i<125;$i++) {
$cookie_data .= $sample_string[mt_rand(1,62)];
}
setcookie( $cookie_name, $cookie_data );
$dest_url = $cosign_url . "?" . $cookie_name . "=" . $cookie_data . ";&" .
$service_url;
header( "Location: $dest_url" );
exit;
============
logout.php (almost unchanged code from cosign distribution)
============
$cosign_url = "https://weblogin.domain1.net/";;
$service_name = "forum.domain2.net";
$service_url = "http://forum.domain2.net/";;
$central = $cosign_url . "cosign-bin/logout?" . $service_url;
setcookie( $_SERVER[ 'COSIGN_SERVICE' ], "null", time()-1, '/', "", 1 );
header( "Location: $central" );
exit;
-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
