Cosign supports proxy cookies. A cosign filter can request service cookies on behalf of a user. This must be configured centrally:
For version 2.x.x, a line such as this will enable proxy cookie retrieval: service webapp.example.org P /etc/cosign/webapp.proxy In 3.x.x this is changed to: proxy [SSL certificate common name] /path/to/proxyfile webapp.proxy would be a file specifying the hostnames and service names that webapp.example.org can retrieve proxy cookies for: webapp2.example.org cosign-webapp2 mail.example.org cosign-mail On the filter side, you need to tell the filter to RETRieve the proxy cookies: CosignGetProxyCookies on IISCosign and JavaCosign also support proxy cookie retrieval. Jarod On Mar 30, 2009, at 5:08 PM, Kevin Coffman wrote: > Hi Folks, > The situation I am in is that a user goes to server A (cosign > protected) and then selects an option to cause a redirect to server B > (also cosign protected). Server B then wants to transfer files from > server A to itself "on behalf of the user". My first thought was to > have server A supply the cosign cookie to server B (via information in > the redirect), but if I recall correctly the cookies are tied to an IP > address, and therefore this wouldn't work. Am I remembering that > correctly? > > I am aware of the proxy service that cosignd provides which delegates > a user's Kerberos credentials to a cosign-protected server to perform > actions on a user's behalf. This assumes that the end service > requires Kerberos authentication. I'm in a situation where I have two > cosign-protected servers and want to be able to proxy from one server > to the other. Is this possible? > > Thanks for any pointers! > K.C. > > ------------------------------------------------------------------------------ > _______________________________________________ > Cosign-discuss mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/cosign-discuss > > ------------------------------------------------------------------------------ _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
