PHP Cosign Filter InstallationValidation ServiceIf you want to use V3 protocol, setup validation service first:
Filter Setup
UsageEach page that is protected by Cosign must call cosign_auth() function at the beginning:<?php // Some Web page in PHP require_once("cosign.php"); if (cosign_auth()) { // Authentication OK echo "Authenticated as ".$_SERVER['REMOTE_USER']." Function cosign_auth(array, boolean): The first argument is configuration options array. Your script can localy change any configuration option from cosign_config.php. The second argument can suppress internal ob_start() in cosign_auth(), if your script is doing it: <?php // Some Web page with ob_start() ob_start(); require_once("cosign.php"); ... if (cosign_auth(array(), false)) { ... ... ?> After setup verification and testing, change CosignFilterDebug to false to suppress debug logging. SECURITY NOTICEFilter Certificate file has to be readable by Web server executing PHP scripts. That means, any user PHP script on this Web server can read this Certificate file (and its private key). Don't use Web server certificate as Cosign Filter Certificate! If Cosign Filter Certificate is used only for cosign client verification, its disclosure should be probably harmless. |