- Status/Last Update (2019-03-11)
- ✔ Available
- Current Changes under Test
- Revised 2FA (Duo) authentication
This service is to allow ITS WebAccess support to do testing prior to deploying on the production systems. Possible areas of testing include changes to:
- operating system (service updates)
- support applications (e.g., web server)
- CoSign software
- html changes (e.g., new small-display friendly layout)
- configuration changes (e.g., networking — IPv6)
We’d like for those of you who have test/development systems for your WebAccess-protected content, to have those systems use this QA service: this will help broaden the test coverage of changes, and get feedback on potential problems. The login URL is
Announcements about changes or outages will be done via the WebAccess Yammer group. Additionally, any long term or planned outages will be listed at the top of this page.
Questions/Help is the same as for production: Please mention the QA service in your message.
Differences from/Similarities to Production
Other than the DNS names (see below), the only notable visual difference is a graphic image on the web pages.
The QA service uses the same registration database as the production service, so there aren’t any registration requests “just for the QA service”. It provides the same logins (Access and FPS accounts), and the same session lengths.
It’s intended to have the service available 24×7, excluding outages for changes.
There are only two servers instead of four, to conserve resources/maintenance overhead, but still be able to test interactions between the service’s systems, and have Cosign filters use more than one system for connections. The ITS firewall page will be updated with the IP addresses of the systems; until then, you can do a DNS look-up of the name below to find the addresses.
Using the QA Service
To modify your Cosign filter’s configuration (after saving it!), change:
- URL references of
- Cosign Hostname
- Apache: CosignHostname connect.webaccess.psu.edu
- CosignModule: <webloginServer … name=connect.webaccess.psu.edu …>
- IISCosign: <DNSName>connect.webaccess.psu.edu</DNSName>
Then delete any cosign cookie files currently stored on your web server, and restart your web server.
The corresponding login page is Penn State WebAccess Secure Login, which resembles the production page except for the thumbprint graphic.
The certificate for
cosign-filter.aittest.psu.edu is signed by the InCommon/Comodo CA: you’ll need to have a copy of its Root CA’s (AddTrust External CA Root) certificate installed. A copy of that certificate is available.