Projects / cosign


cosign is a Web single sign on system that allows users to authenticate once per session and access any protected Web resources at the institution. If used, passwords are sent only to a single, central URL. Sessions have both idle and hard timeouts, and users can logout of all protected services by visiting a single URL. The use of public key cryptography ensures that a compromise of a protected Web server has no impact on the security of other participating servers.

Operating Systems

Recent releases

  •  14 Dec 2005 22:27

    Release Notes: Support for n-tier cosign proxy authentication. Logging with summary statistics. Runtime configurable. Better integration with Apache AuthZ. The ability to force re-authentication on a per-service basis. Updated documentation. DB hashing support.

    •  05 Feb 2004 01:35

      Release Notes: This release adds full support for multiple, replicated weblogin servers, 'friend' guest accounts, more flexible authentication options for the Web login server, and a number of minor fixes to the Apache 1.3.x filter. The authentication filter for IIS is nearing 1.0 release status, the Java servlet filter is in production testing now, and an Apache 2.0 filter is nearing completion.

      •  24 Apr 2003 10:12

        Release Notes: This release works with Apache 1.3.x, IIS, and all standard Web browsers with or without Javascript.


        Project Spotlight


        A Fluent OpenStack client API for Java.


        Project Spotlight

        TurnKey TWiki Appliance

        A TWiki appliance that is easy to use and lightweight.