Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Accounts
Network, Phone & TV
Software
Email, Calendar, Mobile
Secure Your Computer
Clusters & Printing
Web Services
Web Login / WebISO
Pubcookie (WebISO)
About Pubcookie (WebISO)
Installing Pubcookie: Apache
Installing Pubcookie: Windows
Academic Technology Services
Technical Support & Services
Training & Education
Campus Partners
Information Security Office (ISO)
Media Technology Services

About PubCookie (WebISO)

WebISO is an authentication service provided by Computing Services. Pubcookie was developed by the University of Washington.

Pubcookie verifies usernames and passwords with backend authentication services. It issues cookies to users to provide single sign-on functionality and to application servers to provide authentication information. We use Pubcookie at Carnegie Mellon University to authenticate users who are using Kerberos. Pubcookie is often referred to as "WebISO", the Internet2 working group for "web initial sign-on".

Computing Services supports Pubcookie for Andrew Linux/Solaris. However, we offer support on a best effort basis for all other operating systems. 

How Pubcookie Works

When a user attempts to access a web resource protected by Pubcookie for the first time, the web server will redirect the user to a login server that is operated by Computing Services. This login server prompts the user to enter their user ID and password. If the username and password are valid, the login server will issue a cookie to the user's web browser. The user is then redirected back to the protected resource.

The user's browser presents the cookie to the web server containing the protected resource, which then validates the cookie. The web server or the web application can then determine if the user should be allowed to view the resource based on the user ID.

Further visits to protected pages don't require the user to log in again, until the user quits the web browser entirely, the login cookie expires (12 hours after the initial login) or logs out by visiting https://webiso.andrew.cmu.edu/logout.cgi.