Penn Computing

Penn Computing

Computing Menu Computing A-Z
Computing Home Information Systems & Computing Penn


This feature allows a service to demand re-authentication when the time of last authentication on has become too old. The directive allows the application admin to specify:

CosignAuthenticationLifetime #

Where # is an integer value representing number of seconds. If the user has not authenticated to within this timeframe then they will be forced to re-authenticate.

When to use CosignAuthenticationLifetime

This functionality is different than the existing re-authentication functionality. It forces user re-authentication conditionally, as opposed to always forcing re-authentication on initial sign-in to a specific application. The condition is based on the specific amount of time (lifetime) in seconds since the last authentication has occurred.

In addition, a re-authentication will be forced after the time has elapsed within the application (e.g. the authentication will continue to expire after the specified time).


The following requirements must be met in order to take advantage of this functionality:

  1. You are using the Apache2 CoSign filter.
  2. You have your application already working with CoSign authentication.
  3. You have downloaded the mod_cosign filter from the Weblogin Management Console (WMC) and it is dated 20130523 or later (this will be the timestamp on the actual bundle, not the date you downloaded the file).
  4. You are NOT using a mod_cosign filter from (the public project).

              < VirtualHost YOUR_VIRTUAL_HOST >
              ServerName "YOUR_HOSTNAME"
              CosignProtected on
              CosignService YOUR_COSIGN_SERVICE
              CosignAuthenticationLifetime 300

Service Alerts


Information Systems and Computing
University of Pennsylvania
Comments & Questions

Penn Computing University of Pennsylvania
Information Systems and Computing, University of Pennsylvania