This ColdFusion CAS client is written as a component (CFC) and meant to be saved as an object in the Session scope. The included example is an Application.cfc, but it can be used with an Application.cfm with some work.

This was written/tested in ColdFusion 8 with CAS Server 3.3.x

Features

CAS 2.0 Protocol (except proxying - in future)
Attributes (based on the JA-SIG CAS Client for Java 3.1)
Single Sign Out

Files

cas.cfc
Application.cfc

Configuration

Place cas.cfc in cf_root/CustomTags (IE: /opt/coldfusion8/CustomTags )
Use Application.cfc as a base or reference for configuring your application

CAS Arguments

Argument	Required	Default	Purpose
cas_server	Yes		URL for the CAS server (Ex. https://cas.school.edu/cas )
service	Yes		URL for the service (Ex. http://someapp.school.edu/app )
final_page	No		Final redirection page after CAS logout, blank means no redirection
direct_forwarding	No	False	After successful authentication, redirect user to their originally intended page
default_page	No	/	If "direct_forwarding" is disabled, redirect user to this page
gateway	No	False	Enable gatewaying
gateway_page	No	/index.cfm	Page to send user to after being gatewayed and not being authenticated
renew	No	False	Require primary authentication on CAS (disable single sign on)

Usage

Session.CFCAS.validate("requestedPage")

Validates the user is logged in, if not send to CAS login or validate ST
If "direct_forwarding" is enabled, the user is sent to "requestedPage" after authentication

Session.CFCAS.getUsername()

Returns the value of of cas:user after a successful authentication

Session.CFCAS.getAllAttributes()

Returns a struct of all the cas:attributes included in the ST validation response

Session.CFCAS.getAttribute("name")

Returns the value of the requested attribute or "" if it doesn't exist

Sends the user to the CAS login page.
If "renew" in the CAS arguments or "forceRenew" is true, it will require the user to input their primary credentials

Session.CFCAS.logout()

Sends the user to the CAS logout page.
Note: Does not log user out of the application (unless single sign out is enabled in the CAS server)

Session.CFCAS.invalidate()

Invalidates the CAS session for this application, but does not destroy session variables

Session.CFCAS.isLogoutRequest()

Checks if the current request is a Single Sign Out request and destroys the corresponding session

Session.CFCAS.serviceTicketValidate("service_ticket")

Validates the provided ST and sets the user and attributes if successful

Browser not supported