Enabling Cosign and Weblogin authentication on WHE

Tags Web

You can request that the University of Michigan's Weblogin system known as Cosign be enabled on your site. By default Cosign is not enabled, but you can request that it be enabled by sending an email to lsait-infrastructure@umich.edu or as part of your original request.

Cosign is being deprecated in favor of Shibboleth. These instructions will soon be revised.

Directory or Single Page

If you want to use Cosign to protect just part of your site, you can make use of a .htaccess file in the required directory. To do this, create or modify a file named .htaccess file inside the directory you want to Cosign. You can do this via the file manager or via ssh. The file must be named .htaccess (the period is required). In the example shown below, any access to pages within the same directory will be behind Cosign:

CosignProtected On
AuthType Cosign
Require valid-user

To protect an individual file or page, you can modify your .htaccess file in the same directory and call out the specific file you want to protect:

Files "file_name.html"
CosignProtected On
AuthType Cosign
Require valid-user

You can also use Cosign to only allow a certain MCommunity group to access your site or a page. The .htaccess configuration for that would be something similar to the following:

CosignProtected On
AuthType Cosign
AuthLDAPURL ldap://ldap.umich.edu
Require ldap-group cn=MCommunity Group Name,ou=User Groups,ou=Groups,dc=umich,dc=edu

If your MCommunity group's name has a space in it, use the same name (with spaces) for this line. Do not replace spaces with periods, hyphens or underscores.

Full Site Cosign

If you want your full website protected so that only University of Michigan affiliated people can access your site, please let us know that intent in your initial request your initial request for your site. On the backend of the system we will enable this feature for every page on your site.

Application Integrated Cosign

Some applications such as Wordpress can use Cosign to replace their built-in login/authentication mechanism. Configuration for application integration varies from application to application. For many applications additional plugins are needed to support Cosign. LSA Technology Services has experience helping with setting up Cosign for Wordpress but may not be able to help you get Cosign integrated to other applications.


Article ID: 1666
Wed 5/27/20 9:56 AM
Mon 8/31/20 7:49 AM