Cosign has been the university’s secure, single sign-on, web authentication system for more than 20 years. Originally designed at U-M, the open source software was once widely used across higher education. Now only a handful of universities still use Cosign, and the open source community that once maintained and developed it has dwindled.
Since ITS began preparing for the retirement of Cosign in 2018, the number of U-M applications using Cosign has decreased from 1,600 to less than 600. By retiring Cosign, U-M will move towards more modern, flexible, supportable alternatives, such as Shibboleth.
Toolkit - Resources to switch from Cosign to Shibboleth
If your service currently uses Cosign, plan to move to Shibboleth by June 2023. Shibboleth can be set up to use either Security Assertion Markup Language (SAML) or OpenID Connect (OIDC), two industry standard protocols.
Join us at a Cosign Retirement Drop-in Session on Oct. 4, Oct. 18, or Nov. 8 for a presentation about the different options followed with Q&A to help you ensure a smooth transition off of Cosign.
- If your systems are hosted on servers provided by the ITS Web Hosting service, you will receive specific instructions in October 2022, to use a new self-service application to provision your systems to OIDC.
- If you host systems on your own servers, refer to the following resources:
Although ITS can identify traffic from applications using Cosign, we are unable to identify the specific applications or departments that own them. Please help us in communicating the retirement details and support resources to others who may be using Cosign for authentication. To make this easier, please use and customize the resources available in the Cosign Retirement communications toolkit.
Cosign will continue to function throughout the duration of the retirement timeline through the decommission date.
|May 7, 2022 (Complete)||Self-service for installing Cosign with new applications ended.|
|End of September 2022||Units attest to discontinuing or creating plans to discontinue using Cosign by June 2023, per the FY22 Internal Controls certification process.|
|Fall or Winter 2022||Technical change removes Shibboleth’s reliance on Cosign. Currently Shibboleth uses Cosign for authentication. More detail will be shared.|
|June 2023||Units discontinue using Cosign.|
|TBD after June 2023||Decommission servers and fully retire service.|
Subscribe to Retirement Project emails
Don’t miss Cosign retirement news by joining Single Sign On Notify, a self-joinable MCommunity group. The retirement project will continue to communicate future drop-in sessions, project impacts, and reminders to broad groups within the Michigan IT community.
Send email to the Cosign Retirement team at email@example.com.