ColdFusion CAS Client Component
This ColdFusion CAS client is written as a component (CFC) and meant to be saved as an object in the Session scope. The included example is an Application.cfc, but it can be used with an Application.cfm with some work.
This was written/tested in ColdFusion 8 with CAS Server 3.3.x
Features
- CAS 2.0 Protocol (except proxying - in future)
- Attributes (based on the JA-SIG CAS Client for Java 3.1)
- Single Sign Out
Files
Configuration
Place cas.cfc in cf_root/CustomTags (IE: /opt/coldfusion8/CustomTags )
Use Application.cfc as a base or reference for configuring your application
CAS Arguments
Argument |
Required |
Default |
Purpose |
---|---|---|---|
cas_server |
Yes |
 |
URL for the CAS server (Ex. https://cas.school.edu/cas) |
service |
Yes |
 |
URL for the service (Ex. http://someapp.school.edu/app) |
final_page |
No |
 |
Final redirection page after CAS logout, blank means no redirection |
direct_forwarding |
No |
False |
After successful authentication, redirect user to their originally intended page |
default_page |
No |
/ |
If "direct_forwarding" is disabled, redirect user to this page |
gateway |
No |
False |
Enable gatewaying |
gateway_page |
No |
/index.cfm |
Page to send user to after being gatewayed and not being authenticated |
renew |
No |
False |
Require primary authentication on CAS (disable single sign on) |
Usage
Session.CFCAS.validate("requestedPage")
Validates the user is logged in, if not send to CAS login or validate ST
If "direct_forwarding" is enabled, the user is sent to "requestedPage" after authentication
Session.CFCAS.getUsername()
Returns the value of of cas:user after a successful authentication
Session.CFCAS.getAllAttributes()
Returns a struct of all the cas:attributes included in the ST validation response
Session.CFCAS.getAttribute("name")
Returns the value of the requested attribute or "" if it doesn't exist
Session.CFCAS.login("forceRenew")
Sends the user to the CAS login page.
If "renew" in the CAS arguments or "forceRenew" is true, it will require the user to input their primary credentials
Session.CFCAS.logout()
Sends the user to the CAS logout page.
Note: Does not log user out of the application (unless single sign out is enabled in the CAS server)
Session.CFCAS.invalidate()
Invalidates the CAS session for this application, but does not destroy session variables
Session.CFCAS.isLogoutRequest()
Checks if the current request is a Single Sign Out request and destroys the corresponding session
Session.CFCAS.serviceTicketValidate("service_ticket")
Validates the provided ST and sets the user and attributes if successful