MTU Initial Sign-On (ISO)

MTU Initial Sign-On is an authentication and authorization system for the web. The sole purpose of the system is to provide a central authentication place for MTU's web community. Any Apache web server can protect content with provided MTU ISO Apache modules and a few specific directive settings for that module.

Notice February 2011: The MTU ISO cookie signing cert expired on February 16th 2011. ITSS cut over to a new cert on February 15th at noon. If you support a web site using MTU ISO and have not installed the new certificate users will be unable to authenticate to your site. We have prepared a tool for your use to update and begin using the new cert. The script can be downloaded using the DOWNLOAD links to the right of its description. Please download the script to the server that houses your webdata that is ISO protected. After downloading the script it will have to have it's permissions changed so that it can be executed. 'chmod 755 append_to_old_certs.sh'

Script to update your certs

append_to_old_certs.sh DOWNLOAD append_to_old_certs.sh
  • Should be invoked as "./append_to_old_certs.sh PATH_TO_WEBDATA >> log"
    PATH_TO_WEBDATA will be scanned recursively
    PATH_TO_WEBDATA should contain any webdata or config files (you can run it multiple times for multiple locations)
  • This script appends the new certificate to the end of the certificate bundles it finds
    First it checks to see if the file contains only the old cert
  • The log file should be checked afterwards. If this script found a cert bundle that didn't exactly match the old cert then the file will need to be checked by hand. It lists the instructions to do this.

If you had run the script find_conf_files.sh prior to the February switchover so that your webserver used an alternate port, the script below (revert_conf_files.sh) will revert the changes. Note: A web server restart will likely be necessary after reverting the changes. You will want to revert the changes as some firewalls will not allow users to access the ISO system on the alternate port (11443).

Script to revert changes to the ISO port

revert_conf_files.sh DOWNLOAD revert_conf_files.sh
  • Should be invoked as "./find_conf_files.sh PATH_TO_WEBDATA >> log"
    PATH_TO_WEBDATA will be scanned recursively

    PATH_TO_WEBDATA should contain any webdata, config files, or .htaccess files (you can run it multiple times for multiple locations)

  • This script changes lines in the config file that start with:

    MTUISOAuthenticateURI https://www.login.mtu.edu:11443/tools/public/login/index.cgi

    To point at port 443:

    MTUISOAuthenticateURI https://www.login.mtu.edu/tools/public/login/index.cgi

  • If this script finds files to change it will let the user know that they need to restart their webserver
  • The log file should be checked afterwards to see what was changed and to see if a restart of the web service is necessary.