PINEDA Julieta wrote:
Just to clarify:
We are upgrading the central server to Cosign 3. Our clients won't
upgraded at this time, but need to be made compatible with the cosign
v.3 servers.
In order to have v2 compatibiltiy, using the example from my previous
message, the weblogin server's cosign.conf will need a "2" instead of
"0", that is:
service
cosign-somedepartment\.ed\.ac\.ukhttps://somedepartment.ed.ac.uk/cosign/valid
2 example\.ed\.ac\.uk
This will enable v2 redirects for the service "cosign-somedepartment"
and will allow a filter using a certificate with the CN
"example.ed.ac.uk" to CHECk cookies for the service "cosign-somedepartment."
We have also tried tried splitting cosign to give a separated install
for each of the sites that require to use iiscosign:
* individual iiscosign directories of the form iiscosign_{site} Each of
these with their own set of dlls, configs, ssl certs, logs and cookiedb.
* configure the cosign.dll.config file in each directory to point at its
own logs, certs, cookies etc
* configured iis to use the iiscosign.dll in the directory of choice
But it doesn't work!
IIS does not seem to care what you put in the iiscosign.config file, it
looks in c:\program files\iiscosign\ssl for certs, \logs for all logs
and \cookiedb for cookies. This seems to point to there being registry
entries that are overridding anything found in the configs.
Correct, this will not work. The iiscosign filter is designed to be
loaded as a global module, it is monolithic across all of IIS 6 and only
one instance of the filter should be loaded. The only config file that
will be read is the one specified in the registry key:
HKLM\SOFTWARE\Univeristy of Michigan\ITCS\Cosign\ConfigFile
We also fear that this solution can potentially be a strain on server
resources.
Julieta.
PINEDA Julieta wrote:
We are in the process of upgrading to Cosign 3. I have one question
about the upgrade for IIS:
Some of our servers serve multiples URLs. I'm not sure if we need to
specify a .cert and .key for each of the virtual hosts (I understand
that we may have to do that for V3?), and how to do that
Are there directives like<ChainFilePath> and<PrivateKeyFilePath> for
each<Service>?
Thank you!
Julieta.
------------------------------------------------------------------------------
OpenSolaris 2009.06 is a cutting edge operating system for enterprises
looking to deploy the next generation of Solaris that includes the latest
innovations from Sun and the OpenSource community. Download a copy and
enjoy capabilities such as Networking, Storage and Virtualization.
Go to: http://p.sf.net/sfu/opensolaris-get
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
