pubcookie

We need to get a verisign server cert for the login server.

https://onsite.verisign.com/UniversityofAlabamaatBirminghamITInfrastructureServicesGlobalServer/serverEnroll.htm

We need to customize the login page to match UAB. This should look about like what https://metric.it.uab.edu/weblogin looks like. Specifically we need to get the BlazerID logo in place, change "Username" to "BlazerID" and make sure the other text is intelligent (eg. no acme.edu).

[phpwiki]
The Enterprise domain is a registry setting in the Application Server which determines the cookie domain.

Case 1
__The Enterprise domain of the application server(polka.it.uab.edu) is set to .it.uab.edu__

*The user requests for the WebApp resource on the application server.

*But the application server doesnt see the “granting cookie” so it sets the “pre-session” cookie (scoped to application server) and the “granting_request” cookie __(domain= .it.uab.edu)__. It also sends a redirect page back to the user along with these cookies.

*The user is redirected to the login server along with the granting request cookie. (Since the “granting request” cookie is scoped to __.it.uab.edu__ which is the same subdomain as the login server __(metric.it.uab.edu)__, the login server accepts it)

[phpwiki]
In the WebApp, each of the Logout folders have been configured with a Logout_Action registry setting by example.reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PubcookieFilter\Webapp\app-only-logout]
"Logout_Action"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PubcookieFilter\Webapp\app-and-redirect-logout]
"Logout_Action"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PubcookieFilter\Webapp\app-and-clearlogin-logout]
"Logout_Action"=dword:00000003

The details of the three logout folders are as below:

We got our IIS server pubcookie enabled today. We had to deal with similar cert format issues as with the login server. Also had to adjust some of the instructutions.

Followup posts for the openssl controls and updates to iis install instructions are needed.

I resolved the remaining problems with the certificate formats and configuration and now the test login server is operational. Getting to this point promises to make supporting a robust configuration possible.

Tomorrow I'll post some documentation about openssl. The key is: read the man pages.

[phpwiki]These are the instructions for UAB Web application administrators for adding Pubcookie support to their Apache server.

First all, user should check the [system requirements | http://pubcookie.org/docs/install-mod_pubcookie-3.0.html], and download [Pubcookie 3.0.0 | http://pubcookie.org/downloads.html]
software. The instruction to install the mod_pubcookie can be found [here | http://pubcookie.org/docs/install-mod_pubcookie-3.0.html].

For UAB, we need to change in the Pubcookie 3.0.0 Apache Module Installation Guide.
*Configure Pubcookie Config File (config): set the keymgt_uri value to "https://weblogin.ac.uab.edu:2222"

We need an IIS install to test the ISAPI filter. We should make sure to use compatible versions.

[phpwiki]
Included on this page:

* Objectives
* Prerequisites
* Download and Unzip Win32 Distribution
* Verify SSL Private Key Size (1024 bits required)
* Export SSL Cert and Private Key
* Setup Supporting Files and Registry Settings
* Request Encryption Key (Using Keyclient.exe)
* Add PubcookieFilter.dll to Your Website
* Test Pubcookie (with sample WebApp)

__Objectives__