The part of the system that runs on your website is the CoSign filter. This filter contacts the main CoSign servers to validate login sessions and restrict access to those parts of your site you wish to protect. It does not provide any authorization (who can do what), just authentication. (It checks that someone trying to access your system has an active Access Account.)
Authorization can be done by server-side programming (CGI’s, ASP, etc.) or basic directives. On Apache, the filter is an alternative to Basic Authentication with dbm or password files.
Filters are available for Apache (1 & 2), IIS (5/6, and 7-8.5) and Tomcat servers.
CoSign strongly recommends (enforces on IIS) the use of a secure (SSL/TLS) web server to prevent outside theft of your service’s cookies. It also requires use of a certificate for communication between the filter and the CoSign servers; the one you have for secure browsing can usually be used for this back-end communication (more on that later).