Planning a Move Away from Cosign
The university is moving away from the use of Cosign authentication and toward more modern, flexible, supportable alternatives, such as Shibboleth. Once widely used across higher education, Cosign is now used by only a handful of universities, and the open source community that once developed and maintained it has dwindled.
If you are considering using Cosign for a new app or service, please consider using Shibboleth instead.
If your service currently uses Cosign, please be reassured that you will be given plenty of time and support to make the transition to something else. The university has not yet set a date for retiring Cosign.
A Careful Transition
There are more than 1,600 services at U-M that use Cosign authentication, so moving away from Cosign will take time and a lot of collaboration. ITS will work with people across the university to develop transition plans that minimize disruption and respect unit and university needs.
- Simplify the environment (spring/summer 2020). The current U-M Shibboleth configuration incorporates a step that uses Cosign. To simplify things in preparation for reduced use of Cosign, that step will be removed. The only change users might notice as a result of this is a small change in the URL for the U-M Weblogin page. While it will still begin with weblogin.umich.edu, references to Cosign in later parts of the URL will be replaced with Shibboleth.
- Upgrade Shibboleth environment (spring/summer 2020). The software and hardware in the U-M Shibboleth environment are being upgraded in anticipation of increased use as services move from Cosign to Shibboleth.
- Extend Shibboleth to the cloud (summer 2020). Shibboleth environment, currently maintained only in U-M data centers, will be extended to the cloud to offer redundancy and performance improvement.
- Pilot unit transitions (fall 2020/winter 2021). Members of the ITS Identity and Access Management team will be available to work with unit staff who would like to help develop and pilot a process to migrate apps that currently use Cosign to Shibboleth. Working together, we plan to build a repeatable migration process for others to follow.
If you'd like to work with us on this important effort or provide input, please send email to firstname.lastname@example.org.