cosign: open source web single sign-on

about cosign

cosign is an open source project originally designed to provide the University of Michigan with a secure single sign-on web authentication system. cosign is part of the National Science Foundation Middleware Initiative (NMI) EDIT software release.

cosign is used around the world by educational institutions, research and financial organizations, and various other web entities.

cosign features

• Passwords, if used, are sent only to the central weblogin service over SSL.
• Users need only authenticate once per session to access any number of cosign-protected campus sites.
• Optional per-service re-authentication.
• A compromised service host (see the overview) does not represent a compromise of the cosign system as a whole.
• x509 users needn't enter a password to authenticate.
• SPNEGO logins supported.
• Multi-factor authentication.
• The cosign 'friend' system allows non umich users to authenticate using self-created, centrally-administered guest accounts.
• Trusted systems can request Kerberos credentials from central server for N-Tier authentication (e.g. IMAP, LDAP, Oracle, etc.).
• There are no domain cookies used in this system.
• Sessions have both idle and hard timeouts.
• Users can logout of all cosign-protected services by visiting a single URL.

cosign resources

• cosign discussion mailing list
• cosign announcements mailing list
• cosign wiki

additional cosign downloads

• cosign WordPress plugin
• cosign Drupal module
• cosign authentication API for PHP

cosign support

cosign is an open source project and does not offer direct support. Many support issues can quickly be resolved with a message to the cosign-discuss list.

Organizations requiring direct support for a cosign deployment are encouraged to contact the cosign development team.