The cosign development team is pleased to announce the availability of cosign 3.1.0rc1, a release candidate for 3.1.0.
Cosign 3.1.0rc1 adds cookie rekeying during initial validation of a service cookie; support for limiting redirections after logout; setting ticket lifetimes; and a number of features and fixes, listed below. * Download <https://sourceforge.net/projects/cosign/files/cosign-dev/cosign-3.1.0rc1/cosign-3.1.0rc1.tar.gz/download > * Checksums RIPEMD160(cosign-3.1.0rc1.tar.gz)= 52536c6e70b8bcb91f28ba5a431458236a9ad176 SHA1(cosign-3.1.0rc1.tar.gz)= 0edb756015df88eac85b86c6de6e4087e0acbd35 MD5(cosign-3.1.0rc1.tar.gz)= 070e67b0fcd4170f3653b2803b01dd81 * Rekeying Cosign 3.1.0rc1 rekeys the service cookie generated by the cgi during the validation of the cookie and service URL. After generating and registering a new service cookie, the cosign.cgi redirects the browser to the service's validation URL, e.g.: https://service.example.edu/cosign/valid?cosign- service=<cookie>&https://service.example.edu/ The cosign filter checks the service cookie with the weblogin server, and also instructs it to rekey the cookie if the check succeeds. If the check succeeds, the weblogin server generates a new service cookie and renames the original to the new value, returning the new cookie, along with user information, to the filter. The filter then sets this new cookie in the user's browser. * Logout redirection Cosign 3.1.0rc1 adds the cosignlogoutregex option to cosign.conf for the logout cgi. This option can be used by the weblogin administrators to limit what URLs the logout cgi considers safe for redirection after a user logs out. The value can be set at configuration time (--with- cosignlogoutregex='regex') or in cosign.conf (cosignlogoutregex https?://.*). * Git tag signing I've tagged cosign-3.1.0rc1 in the git repository and signed the tag with GPG. You may verify the tag with the public key for [email protected] , available on pgp.mit.edu. Please report bugs on the SF.net tracker. Thanks for your support of cosign. andrew -- Changes in cosign 3.1.0rc1: * all: Cookie rekeying in apache and lighttpd filters. * cgi: catch NULL return value from snet_getline_multi when storing krb tickets. * cgi: add cosignprincipal config option. Based on a patch from matt at linuxbox dot com. * cgi: add cosignstoretickets and cosignticketlifetime config options. * cgi: add cosignlogoutregex config option. * common: fix: --enable-mysql's optional path argument was ignored. Based on a patch from jorj at isc dot upenn dot edu. * common: Adopt autoheader conventions in build. * common: Handle NetBSD's krb5 pathing in configure script. Report from nmadura at umich dot edu. * filters: [Patch 2801877]: Support multi-cert PEMs. Patch from fedora dot dm0 at gmail dot com. * filters: IP checking now defaults to "never". * filters: [Request 2748342]: Allow CosignService value to start with "cosign-". * filters: fix length passed to strncasecmp when checking cookie prefix in filters. * filters: fix regression in return value check for ap_pregcomp. Report from jorj at isc dot upenn dot edu. * Additional build modifications to clean up git detritus. ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
