Penn Computing

Penn Computing
Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn
ISC Networking & Telecommunications
Penn WebLogin
Help
Application Development
WebLogin Management Console
Screen Guidance
Documentation
Websec Conversion
Conversion steps
Migration Dashboard
Websec protected static pages
Help with conversion
Quick Links
Initiate a session
Terminate a session
Related topics
WebLogin vs Shibboleth
User Guide
About WebLogin
WebLogin screens

Penn WebLogin

Campus Announcement re Transition to Penn WebLogin
Penn WebLogin, a more secure and reliable central PennKey authentication process for restricting access to web applications and static web pages, is being phased in across the University. A number of web resources have already moved to Penn WebLogin, and the rest will move by December, 2009.

Everyone who uses, develops, or manages PennKey-protected web resources is or will be affected in some way by the transition to Penn WebLogin.

When you log in to a PennKey-protected web resource that has converted to Penn WebLogin,you will be creat ing a 10-hour WebLogin session that provides access to many PennKey-protected web resources without requiring you to log in for each one. When you finish working, it’s essential that you log out to terminate the session and ensure that no one else can access protected web resources in your name. See About Penn WebLogin for more information.

Web content providers: The effect on you will vary, depending on where your Penn-Key protected web pages reside. See more information.

Application developers/owners, vendors, contractors: You will need to transition your PennKey-protected applications to WebLogin by the end of December. Evolving guidance, documentation, and other information is available on this web site.
Penn WebLogin is the central PennKey authentication process for restricting access to web applications and static web pages. Penn WebLogin uses CoSign, a collaborative secure single sign-on (SSO) web authentication system. Penn WebLogin replaces Websec as our PennKey authentication mechanism. The target date for retiring Websec is December 2009.

One of the key benefits of Penn WebLogin is ongoing performance and security reviews. It is expected that upgrades and patches will be made available periodically. These upgrades are provided from the core WebLogin development team and have undergone rigorous testing. Although not all upgrades address critical security concerns, best practices recommend that application providers maintain the most current releases of patches and filter version. ISC will provide periodic upgrade/release information to the registered owner/developer as entered in the WebLogin Management Console. It is critical to keep application owner/developer contact information updated. Please use the WebLogin Management Console to upgrade the application owner/developer information.

Current Service Status

9/1/2009 - The WebLogin service has been upgraded so that it now supports CoSign 2 and CoSign 3. CoSign 3 addresses a security vulnerability and we do recommend that applications already registered should upgrade to CoSign 3 as soon as possible. We will discontinue support for CoSign 2 on December 21, 2009.
More details...
top

Information Systems and Computing
University of Pennsylvania
Comments & Questions
Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania