Registering a Service
Who Can Register a Service
- The kadmin key contact for a domain is already authorized to register services for that domain.
- The kadmin key contact can grant you delegate access for a domain using WMC.
- If you are not the kadmin key contact and you have not been granted delegate access, your kadmin key contact can register the service on your behalf.
- Start the WMC application
by going to https://weblogin.pennkey.upenn.edu/provision.
You will be required to authenticate with your PennKey and Password.
The upper right hand corner of the WMC main page provides information about the user and menus for WMC navigation.
The next line contains links to the WMC menus:
Service Registration - Management of your services User Management - Management of your delegated users Settings - Management of your personal settings Logout - Logout of WMC. Please always be sure to logout when you have finished.
The third line contains the list of actions appropriate for the menu selected.
- Modify personal settings
The first time you use WMC the Settings -> Modify screen is displayed by default. You will be asked for your email address, Jabber (Instant Messaging) address, and notification preferences. WMC will send you email and/or Jabber messages when new certificates are issued for your services.
- Create new registration
To register a new service, select Service Registration -> Create New Registration.
Complete the following fields:
- Name: Select the domain for your service from your list of authorized domain(s), and then type in a string to describe the service that you are protecting. This string is an alphanumeric with a maximum length of 25 characters. You may also use an underscore (_) in your string. The combination of the domain, the specified string, and an issuance integer assigned by WMC will be your CoSign service name and will be used when configuring your web server for WebLogin.
Select the server platform on which you will run your service from the list of
- Apache1/Apache2 - For apache deployments in a Unix or Linux Environment.
- IIS6/IIS7 - For Internet Information Services deployments on a Windows environment.
- JEE - For Apache Tomcat deployments
- Protocol Version: Select a version of CoSign.
- Validation Handler URL: Type in the full URL of the Validation Handler that you will configure for your web server. The Validation Handler is a virtual location that exists only in your web server configuration and is used by WebLogin to validate the service cookie. See installation documentation for your platform for more details. Validation Handler URLs usually end with "/cosign/valid", for example: https://mycosignservice.upenn.edu/cosign/valid
- Expiration: Type in the date after which the registration will no longer be valid. Defaults to 2 years in the future. You may set this expiration date to any date up to October 20th, 2018; after that date, ISC will have to re-issue a new root certificate and all services will have to be reconfigured.
- Developer Email: Enter the owner of the service. This is used for communication purposes, and cosign updates. It is best to provide the e-mail for your team's list if one is available. This reduces the risk of having a single point of contact for your service (specifically, for notification about the expiration of your certificate.)
- Require Re-Authn: Check this box if you want to force users to re-authenticate when accessing this service (thereby, opting this service out of single-sign on). This might be useful if your service interacts with particularly sensitive information.
- Additional Information: Please provide some additional information about your service in this text box. Some things to consider include: Purpose of Service, Department the service is under, and if the service is test/staging/production.
- Receive successful registration message
WMC will send notification via email and/or Jabber according to your personal settings preferences that your configuration bundle is ready to download. Once you receive that notification, you can return to the WMC application and choose Service Registration -> List to see your list of services. Choose the new service registration.
- Download your config bundle
From the View Service Registration screen select your platform from the Download config bundle: select list at the bottom of the screen. This will immediately start the downloading of the bundle. The zip file that you will receive contains the certificates that are required to configure your web server, platform-specific filters and other files. See installation documentation for your platform for details on handling the zip file.
NOTE: Your platform selection does not have to match the platform registered for this service. The platform registration is for record keeping only. You may wish to migrate a service from one platform to another and you can opt to download the bundle for any supported platform. If your platform has changed, we do ask that you consider modifying your service registration so that we have a truer picture of the use of this service.
Upon submitting the registration request, a message will be displayed indicating that the submission was successful and providing the registration details.