wiki:MyHousing

Version 2 (modified by dabantz@…, 12 years ago) (diff)

--

IAM / Projects / Shibboleth / Service Candidates / MyHousing (Adirondack)

Correspondence with Adirondack indicates they can rely on CAS for authN. Adirondack provided a file implementing CAS authentication. This file replaces the stock distribution file login_student.cfm:

On Tue, 15 Mar 2011, at 10:51 , Michael J. Sale <msale@…> wrote:

... I have attached the CAS authentication script which would replace your current myhousing/security/login_student_local.cfm file. I have also attached a login failure page for your convenience. The CAS script is pretty well commented, but please feel free to ask for any clarification you might need.

Thanks again, Michael J. Salé | Director, Implementation & Training Services Adirondack Solutions, Inc. P: 908.725.8869 x202 | F: 866.523.7270 email: msale@…

<!------------------------------------------------------------------------------
TITLE:    Central Authentication Server Authentication - CAS/Jasig
CREATED:  10/19/10
SUMMARY:  Authenticates student against CAS.
------------------------------------------------------------------------------->

<CFPARAM name="Session.StudentNumber" default="">

<CFLOCK scope="Session" type="ReadOnly" timeout="30" throwontimeout="no">
	<CFSET MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",DE(""))>
	<CFSET MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Session.MM_UserAuthorization",DE(""))>
</CFLOCK>

<!--- Insert name of CAS Server at your location --->
<CFSET CAS_Server = "https://casserver.school.edu/cas/">

<!--- Insert public name of IIS Server hosting this script
Note: CGI.HTTP_HOST or anything based on the HTTP "Host" header should NOT be used; 
this header is supplied by the client and isn't trusted. --->
<CFSET MyServer = "https://housingserver.school.edu/myhousing/security/">

<!--- See if already logged on --->
<CFIF MM_Username EQ "">
	<!--- Check for ticket returned by CAS redirect --->
	<CFSET ticket=Iif(IsDefined("URL.ticket"),"URL.ticket",DE(""))>
	<CFIF ticket EQ "">
  		<!--- No session, no ticket, Redirect to CAS Logon page --->
  		<CFSET casurl = #CAS_Server# & "login?" & "service=" & #MyServer# & "login_student_local.cfm">
	  	<CFLOCATION url="#casurl#" addtoken="no">
	<CFELSE>
		<!--- Back from CAS, validate ticket and get userid --->
		<CFSET casurl = #CAS_Server# & "validate?ticket=" & #URL.ticket# & "&" & "service=" & MyServer & "login_student_local.cfm">
		<CFHTTP url="#casurl#" method="get"></CFHTTP>
		<CFSET answer = findnocase("yes", cfhttp.filecontent)>
	
		<CFIF answer IS 1>
			<CFSET thing = cfhttp.filecontent>
			<CFSET thing = replace(thing, "yes", "")>
		<CFELSE>
			<CFSET session.message = "You could not be logged in.">
	 		<CFLOCATION url="login_student_url.cfm">
		</CFIF>
	
		<CFSET NetId = #lcase(thing)#>
		<CFSET Session.NetID = #lcase(thing)#>
		
		<!--- You can set the Session.StudentNumber to a field returned from CAS,
		or see below to do a crosswalk lookup.--->
		<!---<CFSET Session.StudentNumber = #Refer to the variable here coing back from CAS#> --->
		
		<!--- If Session.StudentNumber is empty at the point, something went wrong. --->
		<CFIF Session.StudentNumber EQ "">
			<CFLOCATION url="accessdenied.cfm">
		<CFELSE>
			<!--- Else, send them on their way. --->
			<CFLOCATION url="../index.cfm">
		</CFIF>
	</CFIF>
</CFIF>

<!--- If you need to perform a crosswalk lookup, do it here to set StudentNumber.
If you are returning the student's ID from CAS, you can set Session.StudentNumber to that field. --->
<!---
<CFQUERY datasource="A_CROSSWALK_SOURCE" name="qGetID">
	SELECT SOMETHING
	FROM ATABLE
	WHERE ID = '#Session.NetID#'
</CFQUERY>

<CFIF NOT qGetID.RecordCount>
	<CFLOCATION url="accessdenied.cfm">
<CFELSE>
	<CFSET Session.StudentNumber = qGetID.StudentNumber>
	<CFLOCATION url="../index.cfm" addtoken="no">
</CFIF>
--->