I hope Konstantin is wrong, but he may well be right.
What I really want is several websites with separate domains running on a
single IIS7 server.
Since these websites (not subsites) have separate domains, I need to have
separate SSL certs in order to avoid bad cert warnings for visitors. I have the
websites bound to separate IP addresses.
I'd love to be able to set this up with separate certs and cosign-services,
since I have the certificates, and the services are set up already. In fact,
the reason that I have all of that set up already is because these sites used
to run exactly like this, separately but on the same IIS server. The difference
was that the IIS server that used to do this was an IIS 6 server.
One day, during the Thanksgiving holiday, that IIS6 setup just stopped working
and ever since I've been performing upgrades and various workarounds to get
back to a stable place. Lately, I've had multiple sites setup as subsites, but
pretty soon, that is not going to fly anymore. Some of these sites are going to
need nice looking domain names, and we can't have users getting bad certificate
warnings.
I have one other possible strategy. I wonder if it is possible to get the
cosign team to put in exceptions, so that all of my domains (probably with
separate IPs and SSL certificates) could authenticate to the same cosign
service. That might be a great way to accomplish what I need.
Thanks for your responses. I'll let you know if I have any developments.
--Brian
From: Englund, Louis
Sent: Tuesday, March 15, 2011 9:32 AM
To: Voyk, Konstantin; Lee, Brian; [email protected]
Cc: Rolston, Timothy
Subject: RE: [Cosign-discuss] cosign module faulting
Konstantin,
I believe it may be just a case of semantics, but you are correct. I did not
notice if that was an issue for Brian, but I can say that with the LSAIT cosign
enabled IIS7 sites/webapps (which were working in the last 24 hours) are set up
as webapps/v-directories under the main "Default Web site" and the individual
apps/sub-sites that need CoSign enabled have the following in their web.config
file:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<cosign>
<protected status="on" />
<compatibilityMode mode="true" />
</cosign>
</system.webServer>
</configuration>
Parent sites/apps that do not need to be CoSign protected do not have this
CoSign insert.
Sincerely,
Louis Englund
Humility is not thinking less of yourself but thinking of yourself less. --C.S.
Lewis
Database Administrator Senior - LSA Information Technology
734 647 8345-W | [email protected]<mailto:[email protected]>
University of Michigan | College of Literature, Science & Arts | 500 South
State St | Ann Arbor, MI 48109
From: Voyk, Konstantin
Sent: Tuesday, March 15, 2011 9:24 AM
To: Englund, Louis; Lee, Brian; [email protected]
Cc: Rolston, Timothy
Subject: RE: [Cosign-discuss] cosign module faulting
You cannot to have two cosign protected web sites but you can have many web
apps protected within web site. Cosign module settings allow you specify one
service/certificate per iis in the applicationHost.config
Sincerely,
Konstantin Voyk
Law School Information Technology
From: Englund, Louis [mailto:[email protected]]
Sent: Tuesday, March 15, 2011 8:56 AM
To: Lee, Brian; [email protected]
Cc: Rolston, Timothy
Subject: Re: [Cosign-discuss] cosign module faulting
I am also getting this now on our lsa-webapps2 (QA) server.
Was there a solution/resolution sent out that I may have missed?
Sincerely,
Louis Englund
Humility is not thinking less of yourself but thinking of yourself less. --C.S.
Lewis
Database Administrator Senior - LSA Information Technology
734 647 8345-W | [email protected]<mailto:[email protected]>
University of Michigan | College of Literature, Science & Arts | 500 South
State St | Ann Arbor, MI 48109
From: Lee, Brian [mailto:[email protected]]
Sent: Monday, March 14, 2011 12:11 PM
To: [email protected]
Subject: [Cosign-discuss] cosign module faulting
Hi,
I have an IIS7 server running a cosign protected website successfully, but now
I'm trying to add a second cosign protected website (veterans_test_separated)
to the same webserver.
The second site works fine (correct SSL cert) until I turn on cosign
protection. With cosign protected status="on",visiting
https://veterans.onsp.umich.edu/test.html brings up a weblogin screen. After
correctly providing credentials, I get "Internet Explorer cannot display the
webpage." I also get the following error in the webserver event log:
Faulting application name: w3wp.exe, version: 7.5.7600.16385, time stamp:
0x4a5bd0eb
Faulting module name: CosignModule.dll, version: 0.0.0.0, time stamp: 0x4ce43995
Exception code: 0xc0000417
Fault offset: 0x000000000001d7d4
Faulting process id: 0x8d0
Faulting application start time: 0x01cbe2618d55bff0
Faulting application path: c:\windows\system32\inetsrv\w3wp.exe
Faulting module path: c:\windows\system32\inetsrv\CosignModule.dll
Report Id: cb2ad3e8-4e54-11e0-8f8f-00155d73e80a
I've been banging my head on this for a while and would really appreciate any
help.
--Brian
Here is my web.config file in the veterans_test directory:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<sessionState mode="InProc" timeout="6000" />
<compilation debug="true">
<assemblies>
<add
assembly="System.DirectoryServices,Version=1.0.3300.0,
Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a" />
</assemblies>
</compilation>
</system.web>
<system.webServer>
<cosign>
<webloginServer name="weblogin.umich.edu"
loginUrl="https://weblogin.umich.edu/?"; port="6663"
postErrorRedirectUrl="https://weblogin.umich.edu/post_error.html"; />
<crypto certificateCommonName="veterans.onsp.umich.edu" />
<cookieDb directory="C:\inetpub\temp\Cosign Cookie DB\"
expireTime="120" />
<proxyCookies directory="C:\inetpub\temp\Cosign Proxy DB" />
<validation validReference="https?://.*umich\.edu(/.*)?"
errorRedirectUrl="https://weblogin.umich.edu/cosign/validation_error.html"; />
<cookies secure="true" httpOnly="true" />
<service name="cosign-veterans.onsp" />
<protected status="on" />
</cosign>
<handlers>
<add name="Cosign Validation" path="/cosign/valid*" verb="*"
modules="Cosign" resourceType="Unspecified" />
</handlers>
<modules>
<add name="Cosign" />
</modules>
<httpErrors>
<error statusCode="503" path="/503.html" responseMode="ExecuteURL"
/>
</httpErrors>
<defaultDocument>
<files>
<add value="index.aspx" />
</files>
</defaultDocument>
</system.webServer>
<location path="veterans_test_separated/cosign/valid">
<system.webServer>
<cosign>
<protected
status="off" />
</cosign>
</system.webServer>
</location>
</configuration>
If it would be helpful, I can provide my applicationHost.config file as well.
--Brian
------------------------------------------------------------------------------
Colocation vs. Managed Hosting
A question and answer guide to determining the best fit
for your organization - today and in the future.
http://p.sf.net/sfu/internap-sfd2d
_______________________________________________
Cosign-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/cosign-discuss
