Revision as of 09:49, 17 November 2006

Cosign CGIs

Cosign has two CGIs: cosign.cgi and logout.

cosign.cgi

cosign.cgi, the "login" CGI, is responsible for logging users into and out of the central Cosign server. It is also responsible for registering each service a user logs into; this action ties the user's central login cookie to their session on individual application servers, such as a web mail client, web directory client, or CourseTools environment. The prototype CGI was built to use Kerberos V/GSSAPI to authenticate the user. Guest accounts via Cosign Friend and a MySQL database are also supported, as is authentication with Apache's BasicAuth and x.509 certificates. Cosign 2.x supports external authenticators with a new API, which enables the CGI to use an arbitrary login method by calling out to an external program.

The CGI also has the ability to prompt the user to re-enter their password in order to access any service that has registered for re-authentication. This means that before the CGI will REGISTER a service cookie for a service configured for re-authentication, the user must successfully authenticate again. This is considered more secure and gives a slightly better assurance that users are in fact who they claim to be.

Logout

The logout CGI is responsible for logging users out of the central cosign server. Once a logout has been verified, the logout CGI clobbers the login cookie by writing a cookie with the value null and setting the cookie's expiration date to a time in the past. Since all state is maintained centrally, the user is immediately logged out of all applications visited during the current session, with one notable exception:

Due to the implementation of data caching in the filters, the most recent application a user has visited will still report the user as being logged in for the duration of cache time (default is 60 seconds). In order to avoid this lag, a local logout script can be run on the application server to expire the local cosign-service cookie. This marks the user as logged out locally and can then redirect the user to the central logout script. After the logout has been verified, the user is truly logged out of all Cosign-protected services.

CGI Templates

The templates used by Cosign CGIs fall into two broad categories: dynamic and static.

Dynamic Pages

The tables below list the required fields for dynamically-generated Cosign pages. They are dynamic in that the variable $l in the template for reauth.html will be replaced by the CGI with the login name of the currently logged-in user. Fields like verify in verify-logout.html are required, but their value can be determined on a per-installation basis.

Page Name		login.html
draws the login screen for initial logins using cosign.cgi
Method	post	Action	/cosign-bin/cosign.cgi

Value	Form Field Name	Description
$t		the page title, e.g. CoSign: $t
$r	ref	URL to redirect upon successful login
$c	service	the service cookie received on the query string
$f	required	required factors from filter via query string
$d		required factors already satisfied via CHECK
$l	login	the user id of the person attempting to login
	password	field for user to enter their password

Page Name		error.html
reports any non-retryable errors from cosign.cgi
Method	n/a	Action	n/a

Value	Form Field Name	Description
$t		the page title, e.g. CoSign: $t
$e		field to print relevant error message

Page Name		login_error.html
draws login screen when a retryable error is encountered by cosign.cgi
Method	post	Action	/cosign-bin/cosign.cgi

Value	Form Field Name	Description
$t		the page title, e.g. CoSign: $t
$r	ref	URL to redirect upon successful login
$c	service	the service cookie received on the query string
$f	required	required factors from filter via query string
$d		required factors already satisfied via CHECK
$l	login	the user id of the person attempting to login
	password
$e		field to print relevant error message

Page Name		verify-logout.html
draws logout confirmation screen
Method	post	Action	/cosign-bin/logout

Value	Form Field Name	Description
$t		the page title, e.g. CoSign: $t
$u	url	URL to redirect upon successful logout
Logout	verify	submit button

Page Name		reauth.html
draws login screen for re-authentication
Method	post	Action	/cosign-bin/cosign.cgi
Method	post	Action	/cosign-bin/logout

Value	Form Field Name	Description
$t		the page title, e.g. CoSign: $t
$r	ref	URL to redirect upon successful login
$r	url	URL to redirect upon successful logout
$c	service	the service cookie received on the query string
$f	required	required factors from cgi’s reauth config
$l	login	the user id of the person attempting to login
	password	field for user to enter their password
true	reauth	flag for CGI
true	verify	flag for CGI

Static Pages

The following pages are required by cosign.cgi but have no dynamically-generated content:

post_error.html – The filter will redirect users to this page should a REGISTER be required during a POST. Cosign does not currently support REGISTERing through a POST, and as such, a user’s data would be lost. Instead, the user sees a splash page that tells them that their changes were not saved, informs them of ways to avoid the problem in the future, and gives a link to the login page.
looping.html – The cosign.cgi CGI redirects a user to this page when a browser loop is detected. These are caused by ill-configured filters or badly-behaving browsers. This page has some helpful text to inform the user of possible causes of the loop and how to contact support staff.
/services/ – By default, a successful login with no referrer destination URL will be redirected to https://weblogin.example.com/services/. This is called the “service menu” and it is an ideal jumping-off point for listing your institution’s Cosign-protected services.

More information:

--John 16:50, 14 November 2006 (EST)

cosign wiki:CosignCGIs

From cosign wiki

Revision as of 09:49, 17 November 2006

Contents

Cosign CGIs

cosign.cgi

Logout

CGI Templates

Dynamic Pages

Static Pages

More information:

Views

Personal tools

Navigation

Search

Toolbox

@@ Line 21: / Line 21: @@
 the variable <tt>$l</tt> in the template for reauth.html will be replaced by the CGI with the login name of the currently logged-in user. Fields like <tt>verify</tt> in verify-logout.html are required, but their value can be determined on a per-installation basis.
-<table border="1" bordercolor="#000000" cellpadding="8" cellspacing="0" width="665">
+	<table style="border: 2px solid black; font-family: Arial, Helvetica, sans-serif; border-collapse: collapse; margin: 1.6em 0 1.6em 0;">
-  <tr valign="TOP">
+		<tr>
-    <td colspan="2" width="274">
+			<td width="209" colspan="2" style="font-weight: bold; border: 1px solid black;">Page Name</td>
-      <p class="western">
+			<td width="269" colspan="2" style="border: 1px solid black;">login.html</td>
-        <font color="#000000"><font face="serif"><b>Page Name</b></font></font>
+		</tr>
-      </p>
+		<tr>
+			<td width="479" colspan="4" style="border: 1px solid black;">draws the login screen for initial logins using cosign.cgi</td>
-    </td>
+		</tr>
-    <td width="357">
+		<tr>
-      <p class="western">
+			<td width="71" style="font-weight: bold; border: 1px solid black;">Method</td>
-        <font color="#000000"><font face="serif">login.html</font></font>
+			<td width="138" style="border: 1px solid black;">post</td>
-      </p>
+			<td width="72" style="font-weight: bold; border: 1px solid black;">Action</td>
-    </td>
+			<td width="197" style="border: 1px solid black;">/cosign-bin/cosign.cgi</td>
-  </tr>
+		</tr>
-  <tr>
+		<tr>
+			<td width="71" style="border: 1px solid black;">&nbsp;</td>
-    <td colspan="3" valign="TOP" width="647">
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-      <p class="western">
+			<td width="269" colspan="2" style="border: 1px solid black;">&nbsp;</td>
-        <font color="#000000"><font face="serif">draws the login screen for
+		</tr>
-        initial logins using cosign.cgi</font></font>
+		<tr>
-      </p>
+			<td width="71" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Value</td>
-    </td>
+			<td width="138" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Form Field Name</td>
-  </tr>
+			<td width="269" colspan="2" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Description</td>
-  <tr valign="TOP">
+		</tr>
-    <td width="82">
+		<tr>
+			<td width="71" style="border: 1px solid black;">$t</td>
-      <p class="western">
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-        <font color="#000000"><font face="serif"><b>Action</b></font></font>
+			<td width="269" colspan="2" style="border: 1px solid black;">the page title, e.g. CoSign: $t</td>
-      </p>
+		</tr>
-    </td>
+		<tr>
-    <td width="176">
+			<td width="71" style="border: 1px solid black;">$r</td>
-      <p class="western">
+			<td width="138" style="border: 1px solid black;">ref</td>
-        <font color="#000000"><font face="serif">post</font></font>
+			<td width="269" colspan="2" style="border: 1px solid black;">URL to redirect upon successful login</td>
-      </p>
+		</tr>
+		<tr>
-    </td>
+			<td width="71" style="border: 1px solid black;">$c</td>
-    <td width="357">
+			<td width="138" style="border: 1px solid black;">service</td>
-      <p class="western">
+			<td width="269" colspan="2" style="border: 1px solid black;">the service cookie received on the
-        <font color="#000000"><font face="serif">/cosign-bin/cosign.cgi</font></font>
+				query string</td>
-      </p>
+		</tr>
-    </td>
+		<tr>
-  </tr>
+			<td width="71" style="border: 1px solid black;">$f</td>
-  <tr valign="TOP">
+			<td width="138" style="border: 1px solid black;">required</td>
+			<td width="269" colspan="2" style="border: 1px solid black;">required factors from filter via query string</td>
-    <td width="82">
+		</tr>
-      <p class="western">
+		<tr>
-        <br/>
+			<td width="71" style="border: 1px solid black;">$d</td>
-      </p>
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-    </td>
+			<td width="269" colspan="2" style="border: 1px solid black;">required factors already satisfied via CHECK</td>
-    <td width="176">
+		</tr>
-      <p class="western">
+		<tr>
-        <br/>
+			<td width="71" style="border: 1px solid black;">$l</td>
-      </p>
+			<td width="138" style="border: 1px solid black;">login</td>
+			<td width="269" colspan="2" style="border: 1px solid black;">the user id of the person attempting to
-    </td>
+				login</td>
-    <td width="357">
+		</tr>
-      <p class="western">
+		<tr>
-        <br/>
+			<td width="71" style="border: 1px solid black;">&nbsp;</td>
-      </p>
+			<td width="138" style="border: 1px solid black;">password</td>
-    </td>
+			<td width="269" colspan="2" style="border: 1px solid black;">field for user to enter their password</td>
-  </tr>
+		</tr>
-  <tr valign="TOP">
+	</table>
-    <td width="82">
+	<table style="border: 2px solid black; font-family: Arial, Helvetica, sans-serif; border-collapse: collapse; margin: 1.6em 0 1.6em 0;">
+		<tr>
-      <p class="western">
+			<td width="209" colspan="2" style="font-weight: bold; border: 1px solid black;">Page Name</td>
-        <font color="#000000"><font face="serif"><b>Value</b></font></font>
+			<td width="269" colspan="2" style="border: 1px solid black;">error.html</td>
-      </p>
+		</tr>
-    </td>
+		<tr>
-    <td width="176">
+			<td width="479" colspan="4" style="border: 1px solid black;">reports any non-retryable errors from cosign.cgi</td>
-      <p class="western">
+		</tr>
-        <font color="#000000"><font face="serif"><b>Form Field
+		<tr>
-        Name</b></font></font>
+			<td width="71" style="font-weight: bold; border: 1px solid black;">Method</td>
-      </p>
+			<td width="138">n/a</td>
+			<td width="72" style="font-weight: bold; border: 1px solid black;">Action</td>
-    </td>
+			<td width="197">n/a</td>
-    <td width="357">
+		</tr>
-      <p class="western">
+		<tr>
-        <font color="#000000"><font face="serif"><b>Description</b></font></font>
+			<td width="71" style="border: 1px solid black;">&nbsp;</td>
-      </p>
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-    </td>
+			<td width="269" colspan="2" style="border: 1px solid black;">&nbsp;</td>
-  </tr>
+		</tr>
-  <tr valign="TOP">
+		<tr>
+			<td width="71" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Value</td>
-    <td width="82">
+			<td width="138" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Form Field Name</td>
-      <p class="western">
+			<td width="269" colspan="2" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Description</td>
-        <font color="#000000"><font face="serif">$t</font></font>
+		</tr>
-      </p>
+		<tr>
-    </td>
+			<td width="71" style="border: 1px solid black;">$t</td>
-    <td width="176">
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-      <p class="western">
+			<td width="269" colspan="2" style="border: 1px solid black;">the page title, e.g. CoSign: $t</td>
-        <br/>
+		</tr>
+		<tr>
-      </p>
+			<td width="71" style="border: 1px solid black;">$e</td>
-    </td>
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-    <td width="357">
+			<td width="269" colspan="2" style="border: 1px solid black;">field to print relevant error message</td>
-      <p class="western">
+		</tr>
-        <font color="#000000"><font face="serif">the page title, e.g. CoSign:
+	</table>
-        $t</font></font>
+	<table style="border: 2px solid black; font-family: Arial, Helvetica, sans-serif; border-collapse: collapse; margin: 1.6em 0 1.6em 0;">
-      </p>
+		<tr>
-    </td>
+			<td width="209" colspan="2" style="font-weight: bold; border: 1px solid black;">Page Name</td>
-  </tr>
+			<td width="269" colspan="2" style="border: 1px solid black;">login_error.html</td>
+		</tr>
-  <tr valign="TOP">
+		<tr>
-    <td width="82">
+			<td width="479" colspan="4" style="border: 1px solid black;">draws login screen when a retryable error is encountered
-      <p class="western">
+					by cosign.cgi</td>
-        <font color="#000000"><font face="serif">$r</font></font>
+		</tr>
-      </p>
+		<tr>
-    </td>
+			<td width="71" style="font-weight: bold; border: 1px solid black;">Method</td>
-    <td width="176">
+			<td width="138" style="border: 1px solid black;">post</td>
-      <p class="western">
+			<td width="72" style="font-weight: bold; border: 1px solid black;">Action</td>
+			<td width="197">/cosign-bin/cosign.cgi</td>
-        <font color="#000000"><font face="serif">referrer</font></font>
+		</tr>
-      </p>
+		<tr>
-    </td>
+			<td width="71" style="border: 1px solid black;">&nbsp;</td>
-    <td width="357">
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-      <p class="western">
+			<td width="269" colspan="2" style="border: 1px solid black;">&nbsp;</td>
-        <font color="#000000"><font face="serif">URL to redirect upon successful
+		</tr>
-        login</font></font>
+		<tr>
-      </p>
+			<td width="71" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Value</td>
-    </td>
+			<td width="138" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Form Field Name</td>
+			<td width="269" colspan="2" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Description</td>
-  </tr>
+		</tr>
-  <tr valign="TOP">
+		<tr>
-    <td width="82">
+			<td width="71" style="border: 1px solid black;">$t</td>
-      <p class="western">
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-        <font color="#000000"><font face="serif">$c</font></font>
+			<td width="269" colspan="2" style="border: 1px solid black;">the page title, e.g. CoSign: $t</td>
-      </p>
+		</tr>
-    </td>
+		<tr>
-    <td width="176">
+			<td width="71" style="border: 1px solid black;">$r</td>
+			<td width="138" style="border: 1px solid black;">ref</td>
-      <p class="western">
+			<td width="269" colspan="2" style="border: 1px solid black;">URL to redirect upon successful login</td>
-        <font color="#000000"><font face="serif">service</font></font>
+		</tr>
-      </p>
+		<tr>
-    </td>
+			<td width="71" style="border: 1px solid black;">$c</td>
-    <td width="357">
+			<td width="138" style="border: 1px solid black;">service</td>
-      <p class="western" style="MARGIN-LEFT:0.4in; TEXT-INDENT:-0.4in; MARGIN-BOTTOM:0in">
+			<td width="269" colspan="2" style="border: 1px solid black;">the service cookie received on the
-        <font color="#000000"><font face="serif">the service cookie received on
+				query string</td>
-        the </font></font>
+		</tr>
-      </p>
+		<tr>
+			<td width="71" style="border: 1px solid black;">$f</td>
-      <p class="western">
+			<td width="138" style="border: 1px solid black;">required</td>
-        <font color="#000000"><font face="serif">query string</font></font>
+			<td width="269" colspan="2" style="border: 1px solid black;">required factors from filter via query string</td>
-      </p>
+		</tr>
-    </td>
+		<tr>
-  </tr>
+			<td width="71" style="border: 1px solid black;">$d</td>
-  <tr valign="TOP">
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-    <td width="82">
+			<td width="269" colspan="2" style="border: 1px solid black;">required factors already satisfied via CHECK</td>
-      <p class="western">
+		</tr>
+		<tr>
-        <font color="#000000"><font face="serif">$f</font></font>
+			<td width="71" style="border: 1px solid black;">$l</td>
-      </p>
+			<td width="138" style="border: 1px solid black;">login</td>
-    </td>
+			<td width="269" colspan="2" style="border: 1px solid black;">the user id of the person attempting to
-    <td width="176">
+				login</td>
-      <p class="western">
+		</tr>
-        <br/>
+		<tr>
-      </p>
+			<td width="71" style="border: 1px solid black;">&nbsp;</td>
-    </td>
+			<td width="138" style="border: 1px solid black;">password</td>
+			<td width="269" colspan="2" style="border: 1px solid black;">&nbsp;</td>
-    <td width="357">
+		</tr>
-      <p class="western" style="MARGIN-LEFT:0.4in; TEXT-INDENT:-0.4in">
+		<tr>
-        <font color="#000000"><font face="serif">required factors from filter
+			<td width="71" style="border: 1px solid black;">$e</td>
-        via query string</font></font>
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-      </p>
+			<td width="269" colspan="2" style="border: 1px solid black;">field to print relevant error message</td>
-    </td>
+		</tr>
-  </tr>
+	</table>
-  <tr valign="TOP">
+	<table style="border: 2px solid black; font-family: Arial, Helvetica, sans-serif; border-collapse: collapse; margin: 1.6em 0 1.6em 0;">
-    <td width="82">
+		<tr>
+			<td width="209" colspan="2" style="font-weight: bold; border: 1px solid black;">Page Name</td>
-      <p class="western">
+			<td width="269" colspan="2" style="border: 1px solid black;">verify-logout.html</td>
-        <font color="#000000"><font face="serif">$d</font></font>
+		</tr>
-      </p>
+		<tr>
-    </td>
+			<td width="479" colspan="4" style="border: 1px solid black;">draws logout confirmation screen</td>
-    <td width="176">
+		</tr>
-      <p class="western">
+		<tr>
-        <br/>
+			<td width="71" style="font-weight: bold; border: 1px solid black;">Method</td>
-      </p>
+			<td width="138" style="border: 1px solid black;">post</td>
+			<td width="72" style="font-weight: bold; border: 1px solid black;">Action</td>
-    </td>
+			<td width="197">/cosign-bin/logout</td>
-    <td width="357">
+		</tr>
-      <p class="western" style="MARGIN-LEFT:0.4in; TEXT-INDENT:-0.4in">
+		<tr>
-        <font color="#000000"><font face="serif">required factors already
+			<td width="71" style="border: 1px solid black;">&nbsp;</td>
-        satisfied via CHECK</font></font>
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-      </p>
+			<td width="269" colspan="2" style="border: 1px solid black;">&nbsp;</td>
-    </td>
+		</tr>
-  </tr>
+		<tr>
-  <tr valign="TOP">
+			<td width="71" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Value</td>
+			<td width="138" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Form Field Name</td>
-    <td width="82">
+			<td width="269" colspan="2" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Description</td>
-      <p class="western">
+		</tr>
-        <font color="#000000"><font face="serif">$l</font></font>
+		<tr>
-      </p>
+			<td width="71" style="border: 1px solid black;">$t</td>
-    </td>
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-    <td width="176">
+			<td width="269" colspan="2" style="border: 1px solid black;">the page title, e.g. CoSign: $t</td>
-      <p class="western">
+		</tr>
-        <font color="#000000"><font face="serif">login</font></font>
+		<tr>
+			<td width="71" style="border: 1px solid black;">$u</td>
-      </p>
+			<td width="138" style="border: 1px solid black;">url</td>
-    </td>
+			<td width="269" colspan="2" style="border: 1px solid black;">URL to redirect upon successful logout</td>
-    <td width="357">
+		</tr>
-      <p class="western" style="MARGIN-BOTTOM:0in">
+		<tr>
-        <font color="#000000"><font face="serif">the user id of the person
+			<td width="71" style="border: 1px solid black;">Logout</td>
-        attempting to</font></font>
+			<td width="138" style="border: 1px solid black;">verify</td>
-      </p>
+			<td width="269" colspan="2" style="border: 1px solid black;">submit button</td>
-      <p class="western">
+		</tr>
-        <font color="#000000"><font face="serif">login</font></font>
+	</table>
+	<table style="border: 2px solid black; font-family: Arial, Helvetica, sans-serif; border-collapse: collapse; margin: 1.6em 0 1.6em 0;">
-      </p>
+		<tr>
-    </td>
+			<td width="209" colspan="2" style="font-weight: bold; border: 1px solid black;">Page Name</td>
-  </tr>
+			<td width="269" colspan="2" style="border: 1px solid black;">reauth.html</td>
-  <tr valign="TOP">
+		</tr>
-    <td width="82">
+		<tr>
-      <p class="western">
+			<td width="479" colspan="4" style="border: 1px solid black;">draws login screen for re-authentication</td>
-        <br/>
+		</tr>
-      </p>
+		<tr>
-    </td>
+			<td width="71" style="font-weight: bold; border: 1px solid black;">Method</td>
+			<td width="138" style="border: 1px solid black;">post</td>
-    <td width="176">
+			<td width="72" style="font-weight: bold; border: 1px solid black;">Action</td>
-      <p class="western">
+			<td width="197">/cosign-bin/cosign.cgi</td>
-        <font color="#000000"><font face="serif">password</font></font>
+		</tr>
-      </p>
+		<tr>
-    </td>
+			<td width="71" style="font-weight: bold; border: 1px solid black;">Method</td>
-    <td width="357">
+			<td width="138" style="border: 1px solid black;">post</td>
-      <p class="western">
+			<td width="72" style="font-weight: bold; border: 1px solid black;">Action</td>
-        <font color="#000000"><font face="serif">field for user to enter their
+			<td width="197" style="border: 1px solid black;">/cosign-bin/logout</td>
-        password</font></font>
+		</tr>
+		<tr>
-      </p>
+			<td width="71" style="border: 1px solid black;">&nbsp;</td>
-    </td>
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-  </tr>
+			<td width="269" colspan="2" style="border: 1px solid black;">&nbsp;</td>
-  <tr valign="TOP">
+		</tr>
-    <td width="82">
+		<tr>
-      <p class="western">
+			<td width="71" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Value</td>
-        <font color="#000000"><font face="serif">$e</font></font>
+			<td width="138" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Form Field Name</td>
-      </p>
+			<td width="269" colspan="2" style="font-weight: bold; border: 1px solid black; border-width: 2px 1px 2px 1px;">Description</td>
+		</tr>
-    </td>
+		<tr>
-    <td width="176">
+			<td width="71" style="border: 1px solid black;">$t</td>
-      <p class="western">
+			<td width="138" style="border: 1px solid black;">&nbsp;</td>
-        <br/>
+			<td width="269" colspan="2" style="border: 1px solid black;">the page title, e.g. CoSign: $t</td>
-      </p>
+		</tr>
-    </td>
+		<tr>
-    <td width="357">
+			<td width="71" style="border: 1px solid black;">$r</td>
-      <p class="western">
+			<td width="138" style="border: 1px solid black;">ref</td>
-        <font color="#000000"><font face="serif">optional "error" field to add
+			<td width="269" colspan="2" style="border: 1px solid black;">URL to redirect upon successful login</td>
-        helpful text</font></font>
+		</tr>
+		<tr>
-      </p>
+			<td width="71" style="border: 1px solid black;">$r</td>
-    </td>
+			<td width="138" style="border: 1px solid black;">url</td>
-  </tr>
+			<td width="269" colspan="2" style="border: 1px solid black;">URL to redirect upon successful logout</td>
-</table>
+		</tr>
+		<tr>
-<table border="1" bordercolor="#000000" cellpadding="8" cellspacing="0" width="665">
+			<td width="71" style="border: 1px solid black;">$c</td>
+			<td width="138" style="border: 1px solid black;">service</td>
-  <tr valign="TOP">
+			<td width="269" colspan="2" style="border: 1px solid black;">the service cookie received on the
-    <td colspan="2" width="274">
+				query string</td>
-      <p class="western">
+		</tr>
-        <font color="#000000"><font face="serif"><b>Page Name</b></font></font>
+		<tr>
-      </p>
+			<td width="71" style="border: 1px solid black;">$f</td>
-    </td>
+			<td width="138" style="border: 1px solid black;">required</td>
-    <td width="357">
+			<td width="269" colspan="2" style="border: 1px solid black;">required factors from cgi’s reauth config</td>
-      <p class="western">
+		</tr>
+		<tr>
-        <font color="#000000"><font face="serif">error.html</font></font>
+			<td width="71" style="border: 1px solid black;">$l</td>
-      </p>
+			<td width="138" style="border: 1px solid black;">login</td>
-    </td>
+			<td width="269" colspan="2" style="border: 1px solid black;">the user id of the person attempting to
-  </tr>
+				login</td>
-  <tr>
+		</tr>
-    <td colspan="3" valign="TOP" width="647">
+		<tr>
-      <p class="western">
+			<td width="71" style="border: 1px solid black;">&nbsp;</td>
-        <font color="#000000"><font face="serif">reports any non-retryable
+			<td width="138" style="border: 1px solid black;">password</td>
-        errors from cosign.cgi</font></font>
+			<td width="269" colspan="2" style="border: 1px solid black;">field for user to enter their password</td>
+		</tr>
-      </p>
+		<tr>
-    </td>
+			<td width="71" style="border: 1px solid black;">true</td>
-  </tr>
+			<td width="138" style="border: 1px solid black;">reauth</td>
-  <tr valign="TOP">
+			<td width="269" colspan="2" style="border: 1px solid black;">flag for CGI</td>
-    <td width="82">
+		</tr>
-      <p class="western">
+		<tr>
-        <font color="#000000"><font face="serif"><b>Action</b></font></font>
+			<td width="71" style="border: 1px solid black;">true</td>
-      </p>
+			<td width="138" style="border: 1px solid black;">verify</td>
+			<td width="269" colspan="2" style="border: 1px solid black;">flag for CGI</td>
-    </td>
+		</tr>
-    <td width="176">
+	</table>
-      <p class="western">
-        <font color="#000000"><font face="serif">n/a</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">n/a</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Value</b></font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Form Field
-        Name</b></font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Description</b></font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$t</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">the page title, e.g. CoSign:
-        $t</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$e</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">field to print relevant error
-        message</font></font>
-      </p>
-    </td>
-  </tr>
-</table>
-<table border="1" bordercolor="#000000" cellpadding="8" cellspacing="0" width="665">
-  <tr valign="TOP">
-    <td colspan="2" width="274">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Page Name</b></font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">login_error.html</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr>
-    <td colspan="3" valign="TOP" width="647">
-      <p class="western">
-        <font color="#000000"><font face="serif">draws login screen when a
-        retryable error is encountered by cosign.cgi</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Action</b></font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">post</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">/cosign-bin/cosign.cgi</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Value</b></font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Form Field
-        Name</b></font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Description</b></font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$t</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">the page title, e.g. CoSign:
-        $t</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$r</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">referrer</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">URL to redirect upon successful
-        login</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$c</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">service</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western" style="MARGIN-LEFT:0.4in; TEXT-INDENT:-0.4in; MARGIN-BOTTOM:0in">
-        <font color="#000000"><font face="serif">the service cookie received on
-        the </font></font>
-      </p>
-      <p class="western">
-        <font color="#000000"><font face="serif">query string</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$f</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western" style="MARGIN-LEFT:0.4in; TEXT-INDENT:-0.4in">
-        <font color="#000000"><font face="serif">required factors from filter
-        via query string</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$d</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western" style="MARGIN-LEFT:0.4in; TEXT-INDENT:-0.4in">
-        <font color="#000000"><font face="serif">required factors already
-        satisfied via CHECK</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$l</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">login</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western" style="MARGIN-BOTTOM:0in">
-        <font color="#000000"><font face="serif">the user id of the person
-        attempting to</font></font>
-      </p>
-      <p class="western">
-        <font color="#000000"><font face="serif">login</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">password</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$e</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">field to print relevant error
-        message</font></font>
-      </p>
-    </td>
-  </tr>
-</table>
-<table border="1" bordercolor="#000000" cellpadding="8" cellspacing="0" width="665">
-  <tr valign="TOP">
-    <td colspan="2" width="274">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Page Name</b></font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">verify-logout.html</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr>
-    <td colspan="3" valign="TOP" width="647">
-      <p class="western">
-        <font color="#000000"><font face="serif">draws login screen when a
-        retryable error is encountered by cosign.cgi</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Action</b></font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">post</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">/cosign-bin/logout</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Value</b></font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Form Field
-        Name</b></font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Description</b></font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$t</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">the page title, e.g. CoSign:
-        $t</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$u</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">url</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">URL to redirect upon successful
-        login</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">Logout</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">verify</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">submit button</font></font>
-      </p>
-    </td>
-  </tr>
-</table>
-<table border="1" bordercolor="#000000" cellpadding="8" cellspacing="0" width="665">
-  <tr valign="TOP">
-    <td colspan="2" width="274">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Page Name</b></font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">reauth.html</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr>
-    <td colspan="3" valign="TOP" width="647">
-      <p class="western">
-        <font color="#000000"><font face="serif">draws login screen for
-        re-authentication</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Action</b></font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">post</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">/cosign-bin/cosign.cgi</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Action</b></font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">post</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font face="serif"><font color="#000000">/cosign-bin/logout</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Value</b></font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Form Field
-        Name</b></font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif"><b>Description</b></font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$t</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">the page title, e.g. CoSign:
-        $t</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$r</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">referrer</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">URL to redirect upon successful
-        login</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font face="serif"><font color="#000000">$u</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">url</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font face="serif"><font color="#000000">URL to redirect upon successful
-        logout</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$c</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">service</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western" style="MARGIN-LEFT:0.4in; TEXT-INDENT:-0.4in; MARGIN-BOTTOM:0in">
-        <font color="#000000"><font face="serif">the service cookie received on
-        the </font></font>
-      </p>
-      <p class="western" style="MARGIN-LEFT:0.4in; TEXT-INDENT:-0.4in">
-        <font color="#000000"><font face="serif">query string</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$f</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western" style="MARGIN-LEFT:0.4in; TEXT-INDENT:-0.4in">
-        <font color="#000000"><font face="serif">required factors from cgi’s
-        reauth config</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">$l</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">login</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western" style="MARGIN-BOTTOM:0in">
-        <font color="#000000"><font face="serif">the user id of the person
-        attempting to</font></font>
-      </p>
-      <p class="western">
-        <font color="#000000"><font face="serif">login</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <br/>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">password</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">field for user to enter their
-        password</font></font>
-      </p>
-    </td>
-  </tr>
-  <tr valign="TOP">
-    <td width="82">
-      <p class="western">
-        <font color="#000000"><font face="serif">true</font></font>
-      </p>
-    </td>
-    <td width="176">
-      <p class="western">
-        <font color="#000000"><font face="serif">reauth</font></font>
-      </p>
-    </td>
-    <td width="357">
-      <p class="western">
-        <font color="#000000"><font face="serif">flag for CGI</font></font>
-      </p>
-    </td>
-  </tr>
-</table>
 ===Static Pages===