Using Web-Authenticated Resources
Weblogin is a web page (and the software behind it) that allows you to log in once to gain access to a variety of protected U-M web resources, including Wolverine Access, MFile, the MCommunity Directory, CTools, and more.
After logging in with your uniqname and UMICH password, you can use most of the weblogin-protected resources without having to log in again (except those that require re-authenticationsee Re-Authentication below). Weblogin-protected resources are listed on the Authenticated Resources page.
IMPORTANT! To protect your privacy and personal information, be sure to logout when you have finished using these resources.
Weblogin is U-M's implementation of Cosign software. Cosign was developed at U-M. For technical information about Cosign and how it works, see the Cosign web pages.
There are two ways to log in using weblogin:
Log in to any weblogin resource (such as the MCommunity Directory or Wolverine Access), and you will be directed to the weblogin page, where you can log in with your uniqname and UMICH password.
Use your web browser to connect directly to the weblogin page, then log in with your uniqname and UMICH password.
You will then be automatically logged in to all weblogin resources (except those for which the service provider requires re-authentication. For example, if you log in to use Wolverine Access and then go to MFile, you won't need to log in again.
Logging in with weblogin gives you access to a large number of protected web services. To prevent unauthorized access (such as the ability to access and change your e-mail, student or staff record, MCommunity Directory profile and much more) remember to log out when you are finished.
Click the logout link in any U-M weblogin-protected application to log out of all U-M weblogin-protected applications.
Confirm that you really do want to log out.
TIP: In most web browsers, you can simply press the Return or Enter key to select the Logout option instead of clicking the button.
For added security, quit your web browser after logging out.
Some U-M web applications and resources require re-authentication for access. This happens when the service provider requires an additional layer of security. If you use a U-M web application that requires re-authentication, you will need to authenticate with your uniqname and password immediately before using the applicationeven if you have already logged in using weblogin.
If you are using a wireless connection to the Internet and your IP address changes, you will be prompted to re-authenticate. This is likely to happen when you carry your laptop computer from one wireless location to another.
You will see a web re-authentication page similar to the one shown below. (The message in red will vary depending on the reason you are being prompted to re-authenticate.) Enter your password, then click the Re-Authenticate button.
You password is secure when you use weblogin—as long as you remember to log out when you are finished. Weblogin provides Kerberos credentials from a central server when appropriate. The only place your password is ever sent is to the central weblogin service, and it is sent over SSL (Secure Socket Layer).
SSL encryption ensures that your password cannot be stolen. Look for the "https" at the beginning of the URL and the lock icon in a corner of your browser window to let you know when SSL is being used. Some web browsers, such as Internet Explorer and Firefox, display a lock in the lower right corner. Others, such as Safari, display it in the upper right corner. Other browsers may vary in where they display the lock.
You may notice that weblogin requires your web browser to accept a cookie. This need not concern you because weblogin uses only session cookies (cookies that expire when you quit your browser); weblogin does not use domain cookies. To ensure that all cookies related to your weblogin session expire, log out when you are finished and quit/exit your web browser.
Weblogin session cookies expire on their own after 12 hours or after 2 hours of no activity between your computer and any Cosign-protected site. Quitting your web browser causes the session cookies to expire. Logging out also makes the cookies expire, and, in addition, deletes credentials from the server. To protect the security of your online identity and data, log out when you are finished using Cosign-protected sites.
For a general definition of session cookies, see Webopedia.
For a technical overview of how weblogin (using Cosign) works, see the Cosign Overview page.
Log out. Whenever you log into something, make sure you log out when you are finished so that others cannot gain unauthorized access to your records by using your machine.
Check for SSL. Look for the "https" at the beginning of the web address and a lock icon in a corner of your browser window to let you know when SSL (Secure Socket Layer) is being used. You should never give your password to any site that is not using SSL encryption.
Use U-M passwords only with U-M services. You should never give your UMICH password to any web server that is not at umich.edu.
Choose a secure password. Choose a password that is difficult to guess. See Choosing and Changing a Safe and Secure UMICH Password (R1162) for details.
Keep your password secret. Never tell anyone your password, not even the people who help you with computing. No reputable computer support person will ever ask you for your password. Do not write down your password and leave it where others can see it.
Cosign software for weblogin is available on the Cosign website.
Contact the ITS Service Center for assistance or to have your weblogin-protected resource added to the list of available resources.
Visit ITS's Information System to obtain ITS computer documentation and other resources. A list of relevant documents follows:
The ITS Service Center provides a variety of computing help resources.
For further help with this or any other topic, call 734-764-HELP  or submit an online service request.