The cosign development team is pleased to announce the availability of cosign 3.1.0.
Cosign 3.1.0 adds cookie rekeying during initial validation of a service cookie; support for limiting redirections after logout; setting ticket lifetimes; and a number of features and fixes, listed below. * Download <https://sourceforge.net/projects/cosign/files/cosign/cosign-3.1.0/cosign-3.1.0.tar.gz/download> * Checksums SHA256(cosign-3.1.0.tar.gz)= 650ccd7c18887a85f09927830099b67eda2bf25f2e645b6f6494b0fea12e0444 SHA1(cosign-3.1.0.tar.gz)= 10cbb42f0822d97c2b5226ed8e32537dd4932529 RIPEMD160(cosign-3.1.0.tar.gz)= 1c2d5d3892090d6d4a249edf509952362de3827e * Rekeying Cosign 3.1.0 rekeys the service cookie generated by the cgi during the validation of the cookie and service URL. After generating and registering a new service cookie, the cosign.cgi redirects the browser to the service's validation URL, e.g.: https://service.example.edu/cosign/valid?cosign-service=<cookie>&https://service.example.edu/ The cosign filter checks the service cookie with the weblogin server, and also instructs it to rekey the cookie if the check succeeds. If the check succeeds, the weblogin server generates a new service cookie and renames the original to the new value, returning the new cookie, along with user information, to the filter. The filter then sets this new cookie in the user's browser. NOTE: cosignd must be upgraded to 3.1.0 before rekeying will work. cosignd and mod_cosign 3.1.0 are backward-compatible with cosign 3.0.x. * Logout redirection Cosign 3.1.0 adds the cosignlogoutregex option to cosign.conf for the logout cgi. This option can be used by the weblogin administrators to limit what URLs the logout cgi considers safe for redirection after a user logs out. The value can be set at configuration time (--with-cosignlogoutregex='regex') or in cosign.conf (cosignlogoutregex https?://.*). * Git tag signing I've tagged cosign-3.1.0 in the git repository and signed the tag with GPG. You may verify the tag with the public key for [email protected], available on pgp.mit.edu and keyserver.pgp.com. Please report bugs on the SF.net tracker. Thanks for your support of cosign. andrew -- Changes since 3.0.2: * all: Cookie rekeying in apache and lighttpd filters. * daemon: add banner capability list to work around hardcoded protocol version. * filters: add capability list parsing. * filters: add REKEY command. * cgi: catch NULL return value from snet_getline_multi when storing krb tickets. * cgi: add cosignprincipal config option. Based on a patch from matt at linuxbox dot com. * cgi: add cosignstoretickets and cosignticketlifetime config options. * cgi: add cosignlogoutregex config option. * common: fix: --enable-mysql's optional path argument was ignored. Based on a patch from jorj at isc dot upenn dot edu. * common: Adopt autoheader conventions in build. * common: Handle NetBSD's krb5 pathing in configure script. Report from nmadura at umich dot edu. * filters: [Patch 2801877]: Support multi-cert PEMs. Patch from fedora dot dm0 at gmail dot com. * filters: IP checking now defaults to "never". * filters: [Request 2748342]: Allow CosignService value to start with "cosign-". * filters: fix length passed to strncasecmp when checking cookie prefix in filters. * filters: fix regression in return value check for ap_pregcomp. Report from jorj at isc dot upenn dot edu. * lighttpd filter: fix size checks when copying into sinfo struct. * build: Make LIBS environment available to apxs for compiling. * Additional build modifications to clean up git detritus. ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
