Table of Contents
Advertisement
Cosign Authentication
Figure 6-10: New Cosign Server Page
Cosign client web servers do not need to run SSL; sniffed cookies will compromise only
the non-SSL-protected service, not the entire Cosign infrastructure. Cosign is compatible
with common SSL accelerators and clustering load balancers.
All Cosign client web servers use a central Cosign server to authenticate users. The
central Cosign server runs a daemon and several CGIs. The central Cosign server in turn
authenticates users against Kerberos 5. Kerberos tickets can be passed back to the
Cosign client web servers.
Note: You may need to set up the BSC to communicate with a Cosign authentication
server over Secure Sockets Layer (SSL). To do so, you must first upload the appropriate
certificate(s) to the BSC as described in "Configuring External Server Authentication Over
SSL" on page 10-21 before following the steps in this section to set up the Cosign
authentication server.
To configure an external Cosign authentication server and define the rules used for
authentication:
6-25
BlueSecure™ Controller Setup and Administration Guide
Advertisement
Table of Contents
