What is Penn Weblogin / Cosign?

Introduction

"WebSec," the ISC-developed mechanism underlying login to PennKey-protected, web-based applications and services, is being replaced by Penn Weblogin (CoSign), an authentication mechanism widely used in the education and research communities. The implementation of Weblogin will enable other changes such as password/passphrase enhancements and "two-factor" login.

Single Sign-on

One major advantage of Weblogin over WebSec is single sign-on. By signing in once, you will authenticate yourself for all web applications that use Weblogin. For example, if you sign in to change your account password and then go to U@Penn, you will automatically be logged in. Initially it may be a little disconcerting to not need to login for each application, but it won't take long before you are grateful not to need to type in login credentials all the time.

How can I use it for my web applications?

See the How to use PennKey Account for Authentication Answers article for more information.

Why didn't the logout button log me out immediately?

There may be a brief time after you click the logout button before you are actually logged out. This is to reduce load on the server and will never be more than a few minutes. Closing your browser will log you out immediately, so you can always close your browser to avoid the logout delay.

Why the Change?

  1. Weblogin provides single sign-on (as explained above).
  2. Weblogin allows for future implementation of two-factor-login. Two-factor-login will introduce the use of "one-time use" PINs to supplement reusable PennKey passwords for accessing applications or services identified as requiring a higher degree of security. PINs will be generated on small, portable devices that can be attached to a key chain. Each time the owner of one of the devices logs in to an application requiring two-factor login, he or she will need to enter the number currently showing on the device, in addition to their PennKey and password. One-time use PINs are impossible to guess, and their use prevents unauthorized access to applications even when an individual's password has been compromised.
  3. Weblogin allows for future implementation of federated identity management. With the increase in institutional collaboration and state and federal E-Government initiatives, Penn's authentication infrastructure must be able to support federated identity management with other institutions.
  4. Weblogin is a more broadly used, more secure standard than the current WebSec system, which was developed in-house.

 

Source: http://www.upenn.edu/computing/pennkey/strengthen-pennkey/

© Computing and Educational Technology Services | Report a Problem
cets@seas.upenn.edu | 215.898.4707