ColdFusion client script
Christian Stuck of Westminster Choir College contributed this information about authentication of ColdFusion applications on the CAS Mailman list:
This is a simple CAS script we developed to replace an existing simple login script for a problem solving ColdFusion application we have. This is not very elegant (esp. not with XML), but it will get the job done. You will have to go through and change some variables, along with the SQL statement:
<!--- // Login.cfm
// ColdFusion MX 6.1 code that uses CAS 2.0
// Christian Stuck
// stuckc@rider.edu
// Westminster Choir College
// Princeton, New Jersey --->
<cflock scope="Session" type="ReadOnly" timeout="30" throwontimeout="no">
<cfset
MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",DE(""
))>
<cfset
MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Session.
MM_UserAuthorization",DE(""))>
</cflock>
<!--- // Insert name of CAS Server at your location --->
<cfset CAS_Server = "https://yourserver/cas/">
<!--- // Insert public name of IIS Server hosting this script
// Note: CGI.HTTP_HOST or anything based on
// the HTTP "Host" header should NOT be used; this header is supplied by
// the client and isn't trusted. --->
<cfset MyServer = "https://yourserver/yourwebapp/">
<!--- See if already logged on --->
<cfif MM_Username EQ "">
<!--- Check for ticket returned by CAS redirect --->
<cfset ticket=Iif(IsDefined("URL.ticket"),"URL.ticket",DE(""))>
<cfif ticket EQ "">
<!--- No session, no ticket, Redirect to CAS Logon page --->
<cfset casurl = #CAS_Server# & "login?" & "service=" & #MyServer# &
"/login.cfm">
<cflocation url="#casurl#" addtoken="no">
<cfelse>
<!--- Back from CAS, validate ticket and get userid --->
<cfset casurl = #CAS_Server# & "serviceValidate?ticket=" & #URL.ticket# &
"&" & "service=" & MyServer & "/login.cfm">
<!--- http.open("GET",url,false); // HTTP transaction to CAS server
http.send(); --->
<cfhttp url="#casurl#" method="get"></cfhttp>
<cfset objXML = xmlParse(cfhttp.filecontent)>
<cfset SearchResults = XmlSearch(objXML,
"cas:serviceResponse/cas:authenticationSuccess/cas:user")>
<cfif NOT ArrayIsEmpty(SearchResults)>
<cfset NetId = #SearchResults[1].XmlText#>
<cfelse>
<cfset casurl = #CAS_Server# & "login?" & "service=" & #MyServer# &
"/psal/casexample.cfm">
<cflocation url="#casurl#" addtoken="no">
</cfif></cfif></cfif>
<cfset MM_redirectLoginSuccess="index.cfm">
<cfset MM_redirectLoginFailed="accessdenied.cfm">
<!--- Your SQL Statement to access authorized user table/view --->
<cfquery name="MM_rsUser" datasource="#DATASOURCE#">
SELECT netId, universityId, firstName, lastName
FROM Person WHERE netId='#NetId#'
</cfquery>
<!--- If the user was found in the authorized user table/view, proceed --->
<cfif MM_rsUser.RecordCount NEQ 0>
<cftry>
<cflock scope="Session" timeout="30" type="Exclusive">
<cfset Session.MM_Username=MM_rsUser.NetId>
<cfset Session.MM_universityId=MM_rsUser.universityId>
<cfset Session.MM_firstName=MM_rsUser.firstName>
<cfset Session.MM_lastName=MM_rsUser.lastName>
<cfset Session.MM_UserAuthorization="">
</cflock>
<cfif IsDefined("URL.accessdenied") AND true>
<cfset MM_redirectLoginSuccess=URL.accessdenied>
</cfif>
<cflocation url="#MM_redirectLoginSuccess#" addtoken="no">
<cfcatch type="Lock">
<!--- code for handling timeout of cflock --->
</cfcatch>
</cftry>
</cfif>
<!--- If the user was not found in the authorized user table/view, deny
access --->
<cflocation url="#MM_redirectLoginFailed#" addtoken="no">
This way of authenticating also requires you to have a script named
Application.cfm with the following line:
<cfapplication name="Name of Application" clientmanagement="yes"
sessionmanagement="yes" setclientcookies="yes" setdomaincookies="no"
loginstorage="session">
What does this script do? How do you consume its output? Well,
It sets the authenticated username from the XML response
( #SearchResults[1].XmlText# )
in the NetId variable.
<cfset NetId = #SearchResults[1].XmlText#>
It then sets the Session variable of MM_UserName to this NetId variable so that all ColdFusion pages in the application can access it.
<cfset Session.MM_UserName=NetId />