About PubCookie (WebISO)
WebISO is an authentication service provided by Computing Services. Pubcookie was developed by the University of Washington.
Pubcookie verifies usernames and passwords with backend authentication services. It issues cookies to users to provide single sign-on functionality and to application servers to provide authentication information. We use Pubcookie at Carnegie Mellon University to authenticate users who are using Kerberos. Pubcookie is often referred to as "WebISO", the Internet2 working group for "web initial sign-on".
Computing Services supports Pubcookie for Andrew Linux/Solaris. However, we offer support on a best effort basis for all other operating systems.
How Pubcookie Works
When a user attempts to access a web resource protected by Pubcookie for the first time, the web server will redirect the user to a login server that is operated by Computing Services. This login server prompts the user to enter their user ID and password. If the username and password are valid, the login server will issue a cookie to the user's web browser. The user is then redirected back to the protected resource.
The user's browser presents the cookie to the web server containing the protected resource, which then validates the cookie. The web server or the web application can then determine if the user should be allowed to view the resource based on the user ID.
Further visits to protected pages don't require the user to log in again, until the user quits the web browser entirely, the login cookie expires (12 hours after the initial login) or logs out by visiting https://webiso.andrew.cmu.edu/logout.cgi.