wiki:MyHousing
Last modified 7 years ago Last modified on 11/12/13 09:10:23

IAM / Projects / Shibboleth / Service Candidates / MyHousing (Adirondack)

SAML / Shibboleth

On Tue, 12 Nov 2013, at 05:08 , Michael J. Sale <msale@…> wrote:

Hi David

We are looking to join InCommon but have not yet been able to dedicate the resources needed to undertake the task of writing SAML and Shibb interfaces. Currently we support direct sign-on from Banner Self-Service (which I how I think we have it setup now in test UA Online). We also support LDAP, Active Directory and CAS. The direct sign-on from Self-Service works pretty well with Banner schools and we could stick to that if you like, or explore something else.

Thanks for reaching out!

Mike

-- Michael J. Salé | Director of Implementation, Training, and Hosted Services Adirondack Solutions, Inc. http://www.adirondacksolutions.com

Phone/Fax: 866.523.7270 Email: msale@…

CAS

Correspondence with Adirondack indicates they can rely on CAS for authN. Adirondack provided a file implementing CAS authentication. This file replaces the stock distribution file login_student.cfm:

On Tue, 15 Mar 2011, at 10:51 , Michael J. Sale <msale@…> wrote:

... I have attached the CAS authentication script which would replace your current myhousing/security/login_student_local.cfm file. I have also attached a login failure page for your convenience. The CAS script is pretty well commented, but please feel free to ask for any clarification you might need.

Thanks again, Michael J. Salé | Director, Implementation & Training Services Adirondack Solutions, Inc. P: 908.725.8869 x202 | F: 866.523.7270 email: msale@…

<!------------------------------------------------------------------------------
TITLE:    Central Authentication Server Authentication - CAS/Jasig
CREATED:  10/19/10
SUMMARY:  Authenticates student against CAS.
------------------------------------------------------------------------------->

<CFPARAM name="Session.StudentNumber" default="">

<CFLOCK scope="Session" type="ReadOnly" timeout="30" throwontimeout="no">
	<CFSET MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",DE(""))>
	<CFSET MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Session.MM_UserAuthorization",DE(""))>
</CFLOCK>

<!--- Insert name of CAS Server at your location --->
<CFSET CAS_Server = "https://casserver.school.edu/cas/">

<!--- Insert public name of IIS Server hosting this script
Note: CGI.HTTP_HOST or anything based on the HTTP "Host" header should NOT be used; 
this header is supplied by the client and isn't trusted. --->
<CFSET MyServer = "https://housingserver.school.edu/myhousing/security/">

<!--- See if already logged on --->
<CFIF MM_Username EQ "">
	<!--- Check for ticket returned by CAS redirect --->
	<CFSET ticket=Iif(IsDefined("URL.ticket"),"URL.ticket",DE(""))>
	<CFIF ticket EQ "">
  		<!--- No session, no ticket, Redirect to CAS Logon page --->
  		<CFSET casurl = #CAS_Server# & "login?" & "service=" & #MyServer# & "login_student_local.cfm">
	  	<CFLOCATION url="#casurl#" addtoken="no">
	<CFELSE>
		<!--- Back from CAS, validate ticket and get userid --->
		<CFSET casurl = #CAS_Server# & "validate?ticket=" & #URL.ticket# & "&" & "service=" & MyServer & "login_student_local.cfm">
		<CFHTTP url="#casurl#" method="get"></CFHTTP>
		<CFSET answer = findnocase("yes", cfhttp.filecontent)>
	
		<CFIF answer IS 1>
			<CFSET thing = cfhttp.filecontent>
			<CFSET thing = replace(thing, "yes", "")>
		<CFELSE>
			<CFSET session.message = "You could not be logged in.">
	 		<CFLOCATION url="login_student_url.cfm">
		</CFIF>
	
		<CFSET NetId = #lcase(thing)#>
		<CFSET Session.NetID = #lcase(thing)#>
		
		<!--- You can set the Session.StudentNumber to a field returned from CAS,
		or see below to do a crosswalk lookup.--->
		<!---<CFSET Session.StudentNumber = #Refer to the variable here coing back from CAS#> --->
		
		<!--- If Session.StudentNumber is empty at the point, something went wrong. --->
		<CFIF Session.StudentNumber EQ "">
			<CFLOCATION url="accessdenied.cfm">
		<CFELSE>
			<!--- Else, send them on their way. --->
			<CFLOCATION url="../index.cfm">
		</CFIF>
	</CFIF>
</CFIF>

<!--- If you need to perform a crosswalk lookup, do it here to set StudentNumber.
If you are returning the student's ID from CAS, you can set Session.StudentNumber to that field. --->
<!---
<CFQUERY datasource="A_CROSSWALK_SOURCE" name="qGetID">
	SELECT SOMETHING
	FROM ATABLE
	WHERE ID = '#Session.NetID#'
</CFQUERY>

<CFIF NOT qGetID.RecordCount>
	<CFLOCATION url="accessdenied.cfm">
<CFELSE>
	<CFSET Session.StudentNumber = qGetID.StudentNumber>
	<CFLOCATION url="../index.cfm" addtoken="no">
</CFIF>
--->