Thanks Jarod! This looks like just what I need. I'll go study now... K.C.
On Mon, Mar 30, 2009 at 6:25 PM, Jarod Malestein <[email protected]> wrote: > > Cosign supports proxy cookies. A cosign filter can request service cookies > on behalf of a user. This must be configured centrally: > > For version 2.x.x, a line such as this will enable proxy cookie retrieval: > > service webapp.example.org P /etc/cosign/webapp.proxy > > > In 3.x.x this is changed to: > > proxy [SSL certificate common name] /path/to/proxyfile > > > webapp.proxy would be a file specifying the hostnames and service names that > webapp.example.org can retrieve proxy cookies for: > > webapp2.example.org cosign-webapp2 > mail.example.org cosign-mail > > > On the filter side, you need to tell the filter to RETRieve the proxy > cookies: > CosignGetProxyCookies on > > IISCosign and JavaCosign also support proxy cookie retrieval. > > > > Jarod > > > On Mar 30, 2009, at 5:08 PM, Kevin Coffman wrote: > >> Hi Folks, >> The situation I am in is that a user goes to server A (cosign >> protected) and then selects an option to cause a redirect to server B >> (also cosign protected). Server B then wants to transfer files from >> server A to itself "on behalf of the user". My first thought was to >> have server A supply the cosign cookie to server B (via information in >> the redirect), but if I recall correctly the cookies are tied to an IP >> address, and therefore this wouldn't work. Am I remembering that >> correctly? >> >> I am aware of the proxy service that cosignd provides which delegates >> a user's Kerberos credentials to a cosign-protected server to perform >> actions on a user's behalf. This assumes that the end service >> requires Kerberos authentication. I'm in a situation where I have two >> cosign-protected servers and want to be able to proxy from one server >> to the other. Is this possible? >> >> Thanks for any pointers! >> K.C. >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> Cosign-discuss mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/cosign-discuss >> >> > > ------------------------------------------------------------------------------ _______________________________________________ Cosign-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/cosign-discuss
