ColdFusion CAS Client Component

This ColdFusion CAS client is written as a component (CFC) and meant to be saved as an object in the Session scope. The included example is an Application.cfc, but it can be used with an Application.cfm with some work.

This was written/tested in ColdFusion 8 with CAS Server 3.3.x

Features

  • CAS 2.0 Protocol (except proxying - in future)
  • Attributes (based on the JA-SIG CAS Client for Java 3.1)
  • Single Sign Out

Files

cas.cfc
Application.cfc

Configuration

Place cas.cfc in cf_root/CustomTags (IE: /opt/coldfusion8/CustomTags )
Use Application.cfc as a base or reference for configuring your application

CAS Arguments

Argument

Required

Default

Purpose

cas_server

Yes

 

URL for the CAS server (Ex.

https://cas.school.edu/cas

)

service

Yes

 

URL for the service (Ex.

http://someapp.school.edu/app

)

final_page

No

 

Final redirection page after CAS logout, blank means no redirection

direct_forwarding

No

False

After successful authentication, redirect user to their originally intended page

default_page

No

/

If "direct_forwarding" is disabled, redirect user to this page

gateway

No

False

Enable gatewaying

gateway_page

No

/index.cfm

Page to send user to after being gatewayed and not being authenticated

renew

No

False

Require primary authentication on CAS (disable single sign on)

Usage

Session.CFCAS.validate("requestedPage")

Validates the user is logged in, if not send to CAS login or validate ST
If "direct_forwarding" is enabled, the user is sent to "requestedPage" after authentication

Session.CFCAS.getUsername()

Returns the value of of cas:user after a successful authentication

Session.CFCAS.getAllAttributes()

Returns a struct of all the cas:attributes included in the ST validation response

Session.CFCAS.getAttribute("name")

Returns the value of the requested attribute or "" if it doesn't exist

Session.CFCAS.login("forceRenew")

Sends the user to the CAS login page.
If "renew" in the CAS arguments or "forceRenew" is true, it will require the user to input their primary credentials

Session.CFCAS.logout()

Sends the user to the CAS logout page.
Note: Does not log user out of the application (unless single sign out is enabled in the CAS server)

Session.CFCAS.invalidate()

Invalidates the CAS session for this application, but does not destroy session variables

Session.CFCAS.isLogoutRequest()

Checks if the current request is a Single Sign Out request and destroys the corresponding session

Session.CFCAS.serviceTicketValidate("service_ticket")

Validates the provided ST and sets the user and attributes if successful