Recent changes to feature-requests

Additional Cosign*Factor directives (satisfy, deny)

Liam Hoekenga — Thu, 12 Feb 2015 20:18:28 -0000

I would like to see two additional mod_cosign directives..

CosignSatisfyFactor - allow any of the listed factors access
CosignDenyFactor - deny access to the people authenticated with that factor

Honor subject alternate names during validation

Anonymous — Thu, 15 Jan 2015 22:25:53 -0000

If one certificate is used for multiple sites, typically new rules need to be created to allow for each of the names in the subject alternate names. During validation, if the subject alternate names were checked during validation, new rules would not have to be created to match the CN with names already in the subject alternate names list.

Allow use of CosignProtected with LocationMatch in mod_cosign / apache httpd

Liam Hoekenga — Wed, 19 Nov 2014 14:37:00 -0000

I would like to be able to invoke CosignProtected / CosignRequireFactor in conjunction with the Apache HTTPd LocationMatch directive. Specifically, I would like to be able to trigger cosign with query string arguments.

use case - cosign is protecting our peoplesoft system. It generates some pretty ugly URLs. I would like to be able to trigger CosignRequireFactor for any URL that contains the "EMPLOYEE_SELF_SERVICE" in the query string.

IIS Module - Allow more specific certificate selection

Anonymous — Wed, 30 Jul 2014 17:49:01 -0000

Please allow to select a specific certificate in the MY store instead of using the CN to select. If multiple certs are in the MY store with the same CN it seems that the Cosign module picks the first one it finds - which isn't always the correct cert.

Maybe selection by serial number instead of CN would be better, or another unique certificate attribute?

#13 allow friend tablespace to be specified in config

Andrew Mortensen — Tue, 14 Jan 2014 17:46:30 -0000

The branch to test is called "friend-db-name", and the new cosign.conf key is "mysqldbname", as in:

set mysqldbname cosignfriend

#13 allow friend tablespace to be specified in config

Andrew Mortensen — Tue, 14 Jan 2014 17:44:53 -0000

Preliminary patch up at my github fork of the cosign source:

https://github.com/moretension/cosign.git

Please test and report with results. You will need to run autoconf to regenerate the configure scripts.

#13 allow friend tablespace to be specified in config

Andrew Mortensen — Tue, 14 Jan 2014 16:53:51 -0000

assigned_to: Andrew Mortensen

allow friend tablespace to be specified in config

Liam Hoekenga — Tue, 14 Jan 2014 16:52:30 -0000

You can specify all of the mysql connection information for Friend (db host, user, pw) except for the database name (which is assumed to be "friend"). It would be nice if you could set the db name in config.

allow friend tablespace to be specified in config

Liam Hoekenga — Tue, 14 Jan 2014 16:52:30 -0000

Ticket 13 has been modified: allow friend tablespace to be specified in config
Edited By: Andrew Mortensen (fitterhappier)
Owner updated: None => u'fitterhappier'

Interstitial destination during login sequence

Liam Hoekenga — Thu, 21 Feb 2013 19:28:38 -0000

It would be helpful if Cosign could be configured to pass through a waypoint between logging in and being sent on to requested service. Maybe that page shows up in a foreground layer while the requested is loaded in the background. Potential use? MOTD or system notices?

Specifically, we're looking to deploy a self service password management system that has webservices that provide things like password expiry warnings, or reminded to set challenge/response questions. It seems like an appropriate time to display those messages would be during the login process.