Re: [Cosign-discuss] Question about multiple factors

Mon, 18 Jul 2011 11:00:52 -0700 

All excellent suggestions. Thanks so much!!

Nick

On Sat, Jul 16, 2011 at 3:45 PM, Mark Montague <m...@catseye.org> wrote:

> On July 15, 2011 4:12 , "Bennett, Steve" <s.benn...@lancaster.ac.uk>
> wrote:
>
>> I solved the problem by intercepting the browser redirection between
>> authentication and validation. I altered the cosign configuration so
>> that the validation URL for a service was changed from something like:
>>     
>> https://webapp.domain.edu/**cosign/valid<https://webapp.domain.edu/cosign/valid>
>> to something like:
>>     https://messageapp.domain.edu?**https://webapp.domain.edu/**
>> cosign/valid<https://messageapp.domain.edu?https://webapp.domain.edu/cosign/valid>
>> The service at messageapp.domain.edu (itself a cosign webapp) looks at
>> the users identity and decides what messages to display, and eventually
>> forwards the browser on to the "real" webapp.
>>
>
> I like this solution a lot -- it is easier to set up and less intrusive
> than the one I suggested.  The only advantage to involving factors (that I
> can think of) is that it puts control of whether or not to display a form or
> a message in the hands of the person administering the cosign-protected
> service:  the factor can be required (or not) on a per-service or even
> per-page basis; but hopefully most institutions would not need this sort of
> granular control, and so I think your solution is definitely the better one.
>
>
> --
>  Mark Montague
>  m...@catseye.org
>
>


-- 
Nick Ragusa
Associate Director, Networks and Systems
Brandeis University

------------------------------------------------------------------------------
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide.  Store less, Store more with what you own, Move data to 
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________
Cosign-discuss mailing list
Cosign-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/cosign-discuss

Reply via email to