Jarod,
Using Shannon's instructions, in combination with the README.TXT
distributed with CosignModule-1.0.0beta2.zip, I was able to get CoSign
for IIS7 installed. However, I am unable to access the environment
variables as noted in README.TXT:
COSIGN_FACTOR = <%=Request.ServerVariables("COSIGN_FACTOR") %><br />
COSIGN_SERVICE = <%=Request.ServerVariables("COSIGN_SERVICE") %><br />
REMOTE_REALM = <%=Request.ServerVariables("REMOTE_REALM") %><br />
REMOTE_USER = <%=Request.ServerVariables("REMOTE_USER") %><br />
The expected information is also not available in Request.Headers (as it
was under IIS6).
The behavior that I see differs based on the pipeline mode setting of
the application pool used to run ASP.NET.
When pipeline mode is "Integrated", I get a 500 error indicating "This
server variable cannot be modified during request execution."
When pipeline mode is "Classic", my test .aspx is rendered however the
aforementioned environment variables are not set (though the cookie is
visible).
In both cases I am redirected for login, authenticate successfully, and
am redirected back to my test application properly so I feel confident
that I've configured CosignModule correctly.
Do you, or anyone else on the list, have successful
CoSignModule-1.0.0beta2 deployments in production? Are they accessing
the four environment variables as expected? What about other
application development platforms (PHP, ColdFusion, etc.)?
Any insight would be much appreciated.
Thanks,
Darian
Jarod Malestein wrote:
> I'm glad you were able to find a solution, Shannon. Please feel free
> to add this information to the cosign wiki:
>
> http://webapps.itcs.umich.edu/cosign/
>
>
> Jarod
>
> On Nov 10, 2008, at 4:15 PM, Shannon Johnson wrote:
>
>> All,
>>
>> I eventually did get the Cosign module to work in IIS7. The 2 things
>> that tripped me up were the requirement to install the Visual C++
>> 2008 Redistributable (actually install it, not just copy the DLL’s),
>> and the Penn State certificate for the Cosign login server. In Penn
>> State’s case, we have a file called c33a80d4.0 that we used to have
>> to put in C:\Program Files\IISCosign\SSL\CA. However, the new
>> version doesn’t have or need that folder since it ties directly into
>> the Certificate Manager. The tricky part is having to rename the
>> c33a80d4.0 file to have a .pem extension, then import it into the
>> Certificate Manager (Local Computer Account), under Personal
>> Certificates.
>>
>> I have all this in an easy-to-follow 20 step text file if you’re
>> playing around with Server 2008 and need Cosign to work. It’s PSU-
>> centric, but should be easy to get working with other places. If
>> you’d like it, just let me know.
>>
>> Shannon
>>
>> -----------------------------------
>> Shannon Michael Johnson
>> Systems Administrator
>> College of Information Sciences and Technology
>> 321C IST Building
>> University Park, PA 16802
>> Phone: 814-865-9128
>> -----------------------------------
>>
>> From: Shannon Johnson
>> Sent: Tuesday, November 04, 2008 10:20 AM
>> To: '[email protected]'
>> Subject: Cosign on Windows Server 2008
>>
>> Hey all,
>>
>> I know the Cosign module for IIS7 is in beta, and I’m working on a
>> non-production, test box anyway. That said, I think there may be a
>> dependency “problem” with the Cosign module. I’m trying to get it
>> working in preparation of an eventual server upgrade (just to see if
>> it’s possible at the moment), and I’m seeing messages in the error
>> logs related to “Microsoft.VC90.CRT.Manifest”, which I understand is
>> part of Visual Studio /C++ 2008. Do I have to install the 32-bit
>> redistributable of that for the Cosign module to work?
>>
>> I’m sure I’m not the only person playing around with Server 2008, so
>> if anyone’s managed to get it working and has some tips, it’d be
>> appreciated. It’s a test box right now, but if I can get it working
>> without too much hassle, we may start hosting some unimportant sites
>> on it.
>>
>> Shannon
>>
>> -----------------------------------
>> Shannon Michael Johnson
>> Systems Administrator
>> College of Information Sciences and Technology
>> 321C IST Building
>> University Park, PA 16802
>> Phone: 814-865-9128
>> -----------------------------------
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win
>> great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in
>> the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________
>> Cosign-discuss mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Cosign-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/cosign-discuss
--
________________________________________________________________________
Darian Anthony Patrick
Senior Programmer Analyst, Application Security
Office of Information Systems & Computing Voice: (215) 573-1955
Networking & Telecommunications Unit E-mail: [email protected]
University of Pennsylvania Jabber/XMPP: [email protected]
---
CFC7 DF03 337E F7F6 1829 71ED 1038 88AF 3C88 E55C
________________________________________________________________________
------------------------------------------------------------------------------
Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA
-OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise
-Strategies to boost innovation and cut costs with open source participation
-Receive a $600 discount off the registration fee with the source code: SFAD
http://p.sf.net/sfu/XcvMzF8H
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
