I agree that the cosign documentation is not exactly helpful for cosign newbies. I built cosign once a couple years ago and need to get it installed again. I don't remember the exact steps so I am having to go through old email messages and the various wiki page instructions attempting to glean the information necessary to build cosign on Leopard Server. This is a rather time-consuming process.
There actually is an excellent example of documentation for installing webauth on the Stanford University Mac OS X blog written by Noah Abrahamson. It is not exactly specific to cosign but they are similar in many ways. You might want to check out the following web pages: http://www.stanford.edu/services/webauth/features.html - see especially WebAuth vs. Cosign http://www.stanford.edu/group/macosxsig/blog/2008/04/building_webauth_on_leopard_se.html - details the steps to configure apache, webauth, ssl and so on. This is the sort of documentation that users of cosign would find extremely helpful. Just my 2ยข. Joy Denton Desktop Support Specialist University of Michigan Science Learning Center 930 N. University 1720 Chemistry Ann Arbor, MI 48109 http://www.lsa.umich.edu/slc/ -----Original Message----- From: Mark Montague [mailto:markm...@umich.edu] Sent: Friday, February 27, 2009 10:35 AM To: Bob Radvanovsky Cc: cosign-discuss@lists.sourceforge.net Subject: Re: [Cosign-discuss] This friggin' sucks.... I won't repeat anything Wes has said. Please read his message. Also, note that I just run the production cosign servers for the University of Michigan, I'm not one of the cosign developers/maintainers. On Thu, Feb 26, 2009 8:37 PM, Bob Radvanovsky <rsrad...@unixworks.net> wrote: > (2) I have Red Hat Enterprise Linux 5.3 loaded on it WITH EVERYTHING LOADED. > I chose the "Use Everything" option. > (3) I have downloaded OpenSSL 0.9.8. configured, compiled and installed. > (4) I have downloaded Apache 2.0.63, configured, compiled and installed. > If you are using RHEL 5.3, why are you not using the default versions of OpenSSL and Apache HTTPD that Red Hat installs by default when you select "Web server" on the "Package Selection" screen during installation? It's possible and supported to do what you're doing, but it increases the number of things you have to get right for everything to work properly. > There are MULTIPLE instructions for installing this software. There are > multiple methods for utilizing whatever path you choose. > Yes. That's called flexibility. There is no one-size-fits-all configuration. Still, while I think the various instructions can be explained more and generally improved (as Trek has said), all of the sets of instructions have the same basic steps. If you're confused and just want a single set of instructions, the README (for setting up the filters) and README.weblogin (for setting up the central weblogin servers) files that are included with the distributions are the authoritative references. > If I understand this correctly, this is to be the "front door" for a portal > server that, based on the user's ID and password, and based upon their rights > granted, would grant them permissions of various levels of applications based > from their login ID and password authentication. Right? > cosign is a web single-sign-on solution for an enterprise environment. While it can be used to provide authentication for a web server that runs portlets (just as it can be used to provide authentication for most web servers), cosign has no special support for portal APIs. Note that an assumption behind cosign is that you'll have enough web servers to protect that setting up and maintaining a central weblogin server is a relatively small marginal cost. Finally, cosign merely makes sure people are who they say they are. It does not deal in permissions (authorization) -- you can use whatever authorization solution you want in conjunction with cosign. Depending on your needs, you may choose LDAP (e.g., mod_authnz_ldap for Apache HTTPD), a global database (MySQL or Oracle), one or more web-application-specific databases, Unix groups (via PAM or NIS+), or so on. Mark Montague ITCS Web/Database Team The University of Michigan markm...@umich.edu ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
