weblogin

We need to set up the login server for the beta service. This machine should simply house the login server and nothing else. Instructions and stuff can go on a diffent machine.

We need to test the per-application custom logout message feature that is part of the login server. We need to determine if this is a service we want to provide to application writers on campus.

We need to get a verisign server cert for the login server.

https://onsite.verisign.com/UniversityofAlabamaatBirminghamITInfrastructureServicesGlobalServer/serverEnroll.htm

We need to customize the login page to match UAB. This should look about like what https://metric.it.uab.edu/weblogin looks like. Specifically we need to get the BlazerID logo in place, change "Username" to "BlazerID" and make sure the other text is intelligent (eg. no acme.edu).

[phpwiki]
The Enterprise domain is a registry setting in the Application Server which determines the cookie domain.

Case 1
__The Enterprise domain of the application server(polka.it.uab.edu) is set to .it.uab.edu__

*The user requests for the WebApp resource on the application server.

*But the application server doesnt see the “granting cookie” so it sets the “pre-session” cookie (scoped to application server) and the “granting_request” cookie __(domain= .it.uab.edu)__. It also sends a redirect page back to the user along with these cookies.

*The user is redirected to the login server along with the granting request cookie. (Since the “granting request” cookie is scoped to __.it.uab.edu__ which is the same subdomain as the login server __(metric.it.uab.edu)__, the login server accepts it)

[phpwiki]
In the WebApp, each of the Logout folders have been configured with a Logout_Action registry setting by example.reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PubcookieFilter\Webapp\app-only-logout]
"Logout_Action"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PubcookieFilter\Webapp\app-and-redirect-logout]
"Logout_Action"=dword:00000002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PubcookieFilter\Webapp\app-and-clearlogin-logout]
"Logout_Action"=dword:00000003

The details of the three logout folders are as below:

We got our IIS server pubcookie enabled today. We had to deal with similar cert format issues as with the login server. Also had to adjust some of the instructutions.

Followup posts for the openssl controls and updates to iis install instructions are needed.

I resolved the remaining problems with the certificate formats and configuration and now the test login server is operational. Getting to this point promises to make supporting a robust configuration possible.

Tomorrow I'll post some documentation about openssl. The key is: read the man pages.

[phpwiki]These are the instructions for UAB Web application administrators for adding Pubcookie support to their Apache server.

First all, user should check the [system requirements | http://pubcookie.org/docs/install-mod_pubcookie-3.0.html], and download [Pubcookie 3.0.0 | http://pubcookie.org/downloads.html]
software. The instruction to install the mod_pubcookie can be found [here | http://pubcookie.org/docs/install-mod_pubcookie-3.0.html].

For UAB, we need to change in the Pubcookie 3.0.0 Apache Module Installation Guide.
*Configure Pubcookie Config File (config): set the keymgt_uri value to "https://weblogin.ac.uab.edu:2222"