Version 2 (modified by dabantz@…, 12 years ago) (diff) |
---|
IAM / Projects / Shibboleth / Service Candidates / MyHousing (Adirondack)
Correspondence with Adirondack indicates they can rely on CAS for authN. Adirondack provided a file implementing CAS authentication. This file replaces the stock distribution file login_student.cfm:
On Tue, 15 Mar 2011, at 10:51 , Michael J. Sale <msale@…> wrote:
... I have attached the CAS authentication script which would replace your current myhousing/security/login_student_local.cfm file. I have also attached a login failure page for your convenience. The CAS script is pretty well commented, but please feel free to ask for any clarification you might need.
Thanks again, Michael J. Salé | Director, Implementation & Training Services Adirondack Solutions, Inc. P: 908.725.8869 x202 | F: 866.523.7270 email: msale@…
<!------------------------------------------------------------------------------ TITLE: Central Authentication Server Authentication - CAS/Jasig CREATED: 10/19/10 SUMMARY: Authenticates student against CAS. -------------------------------------------------------------------------------> <CFPARAM name="Session.StudentNumber" default=""> <CFLOCK scope="Session" type="ReadOnly" timeout="30" throwontimeout="no"> <CFSET MM_Username=Iif(IsDefined("Session.MM_Username"),"Session.MM_Username",DE(""))> <CFSET MM_UserAuthorization=Iif(IsDefined("Session.MM_UserAuthorization"),"Session.MM_UserAuthorization",DE(""))> </CFLOCK> <!--- Insert name of CAS Server at your location ---> <CFSET CAS_Server = "https://casserver.school.edu/cas/"> <!--- Insert public name of IIS Server hosting this script Note: CGI.HTTP_HOST or anything based on the HTTP "Host" header should NOT be used; this header is supplied by the client and isn't trusted. ---> <CFSET MyServer = "https://housingserver.school.edu/myhousing/security/"> <!--- See if already logged on ---> <CFIF MM_Username EQ ""> <!--- Check for ticket returned by CAS redirect ---> <CFSET ticket=Iif(IsDefined("URL.ticket"),"URL.ticket",DE(""))> <CFIF ticket EQ ""> <!--- No session, no ticket, Redirect to CAS Logon page ---> <CFSET casurl = #CAS_Server# & "login?" & "service=" & #MyServer# & "login_student_local.cfm"> <CFLOCATION url="#casurl#" addtoken="no"> <CFELSE> <!--- Back from CAS, validate ticket and get userid ---> <CFSET casurl = #CAS_Server# & "validate?ticket=" & #URL.ticket# & "&" & "service=" & MyServer & "login_student_local.cfm"> <CFHTTP url="#casurl#" method="get"></CFHTTP> <CFSET answer = findnocase("yes", cfhttp.filecontent)> <CFIF answer IS 1> <CFSET thing = cfhttp.filecontent> <CFSET thing = replace(thing, "yes", "")> <CFELSE> <CFSET session.message = "You could not be logged in."> <CFLOCATION url="login_student_url.cfm"> </CFIF> <CFSET NetId = #lcase(thing)#> <CFSET Session.NetID = #lcase(thing)#> <!--- You can set the Session.StudentNumber to a field returned from CAS, or see below to do a crosswalk lookup.---> <!---<CFSET Session.StudentNumber = #Refer to the variable here coing back from CAS#> ---> <!--- If Session.StudentNumber is empty at the point, something went wrong. ---> <CFIF Session.StudentNumber EQ ""> <CFLOCATION url="accessdenied.cfm"> <CFELSE> <!--- Else, send them on their way. ---> <CFLOCATION url="../index.cfm"> </CFIF> </CFIF> </CFIF> <!--- If you need to perform a crosswalk lookup, do it here to set StudentNumber. If you are returning the student's ID from CAS, you can set Session.StudentNumber to that field. ---> <!--- <CFQUERY datasource="A_CROSSWALK_SOURCE" name="qGetID"> SELECT SOMETHING FROM ATABLE WHERE ID = '#Session.NetID#' </CFQUERY> <CFIF NOT qGetID.RecordCount> <CFLOCATION url="accessdenied.cfm"> <CFELSE> <CFSET Session.StudentNumber = qGetID.StudentNumber> <CFLOCATION url="../index.cfm" addtoken="no"> </CFIF> --->