New ColdFusion CAS Client

classic Classic list List threaded Threaded
20 messages Options
Reply | Threaded
Open this post in threaded view
|

New ColdFusion CAS Client

John Watson-13
I wrote a new ColdFusion CAS client in order to take advantage of Single Sign Out and Attribute releasing. Since I use an Application.cfc in my applications, I figured it was time to for the existing client to be rewritten as a ColdFusion component (CFC) and now I'm ready to release it to the community.

I hope to hear feedback from the community and improvements/bug fixes are very welcome.

http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component

John Watson
Jr. Web Developer
University of California, Merced
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Scott Battaglia-2
John,

If you're interested in hosting/maintaining this in the Jasig SVN, please let us know.  There's also a community call that might be useful to join (we'll also be talking about a recent .NET client)

Cheers,
Scott


On Sat, May 2, 2009 at 1:27 AM, John Watson <[hidden email]> wrote:
I wrote a new ColdFusion CAS client in order to take advantage of Single Sign Out and Attribute releasing. Since I use an Application.cfc in my applications, I figured it was time to for the existing client to be rewritten as a ColdFusion component (CFC) and now I'm ready to release it to the community.

I hope to hear feedback from the community and improvements/bug fixes are very welcome.

http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component

John Watson
Jr. Web Developer
University of California, Merced
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Rhian  Resnick
John,

This is great, thanks for writing it, we were going to write one this
summer but will like adopt yours.

Thanks,

Rhian Resnick
Systems Analyst
Florida Tech

> On Sat, May 2, 2009 at 1:27 AM, John Watson <[hidden email]> wrote:
>
>> I wrote a new ColdFusion CAS client in order to take advantage of Single
>> Sign Out and Attribute releasing. Since I use an Application.cfc in my
>> applications, I figured it was time to for the existing client to be
>> rewritten as a ColdFusion component (CFC) and now I'm ready to release
>> it to
>> the community.
>>
>> I hope to hear feedback from the community and improvements/bug fixes
>> are
>> very welcome.
>>
>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>> John Watson
>> Jr. Web Developer
>> University of California, Merced
>>
>> --
>> You are currently subscribed to [hidden email] as:
>> [hidden email]
>>
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
> --
> You are currently subscribed to [hidden email] as:
> [hidden email]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user



--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

John Watson-13
In reply to this post by Scott Battaglia-2
Scott,

That would be very much appreciated. 

Sounds good. I will keep my eye on the Wiki page/mailing list for when it is scheduled.

Thank you,
John

On Sun, May 3, 2009 at 07:27, Scott Battaglia <[hidden email]> wrote:
John,

If you're interested in hosting/maintaining this in the Jasig SVN, please let us know.  There's also a community call that might be useful to join (we'll also be talking about a recent .NET client)

Cheers,
Scott


On Sat, May 2, 2009 at 1:27 AM, John Watson <[hidden email]> wrote:
I wrote a new ColdFusion CAS client in order to take advantage of Single Sign Out and Attribute releasing. Since I use an Application.cfc in my applications, I figured it was time to for the existing client to be rewritten as a ColdFusion component (CFC) and now I'm ready to release it to the community.

I hope to hear feedback from the community and improvements/bug fixes are very welcome.

http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component

John Watson
Jr. Web Developer
University of California, Merced
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Scott Battaglia-2
Ben just sent an email out today (I think, but I'm still functioning in a different time zone) about the community call.

Cheers,
Scott


On Mon, May 4, 2009 at 8:04 AM, John Watson <[hidden email]> wrote:
Scott,

That would be very much appreciated. 

Sounds good. I will keep my eye on the Wiki page/mailing list for when it is scheduled.

Thank you,
John

On Sun, May 3, 2009 at 07:27, Scott Battaglia <[hidden email]> wrote:
John,

If you're interested in hosting/maintaining this in the Jasig SVN, please let us know.  There's also a community call that might be useful to join (we'll also be talking about a recent .NET client)

Cheers,
Scott


On Sat, May 2, 2009 at 1:27 AM, John Watson <[hidden email]> wrote:
I wrote a new ColdFusion CAS client in order to take advantage of Single Sign Out and Attribute releasing. Since I use an Application.cfc in my applications, I figured it was time to for the existing client to be rewritten as a ColdFusion component (CFC) and now I'm ready to release it to the community.

I hope to hear feedback from the community and improvements/bug fixes are very welcome.

http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component

John Watson
Jr. Web Developer
University of California, Merced
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]

To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Xuejin Ruan
In reply to this post by John Watson-13
Hi John,

Thanks so much for sharing the Coldfusion CAS Client Component with the community.  I am new to CAS, but would like to explore the potential of using CAS as an SSO solution to our portal (which has Coldfusion as well as Java applications). This morning I was playing with CAS clients your wrote, and encountered some problem. I am wondering whether you could shed some lights on.

The following is my basic environment:
CAS server: 3.3.2
Coldfusion: 8
Tomcat: 6.0.18

I've downloaded cas server 3.3.2 and put the war file in Tomcat webapp directory. I also create a self-authored server certificate using Keytool. The CAS server is running fine. Then I download the cas.cfc component and put it in folder C:\ColdFusion8\CustomTags. I have a very simple application casTesting, which only has one file: index.cfm (output HelloWorld). I download Application.cfc and put in in the folder of casTesting. And I only made the following modification in Application.cfc:
  <cfset Variables.CAS_arguments = { cas_server = "https://<myServerName>:8443/cas",
                                     service = "http://<myServerName>:8500/casTesting",
                                     direct_forwarding = true } />

Then I tried to run the application: http://<myServerName>:8500/casTesting
It got redirected to the CAS login page. I typed login credentials, and after a long long while, it returned the following url:
http://<myServerName>:8500/casTesting?ticket=ST-4024-Or6y4zgpleq6MtM93qxr-cas

And the page says: Page not found, connection failure.

On Tomcat console window, it seems it is running a endless loop issueing ticket for the application until it timeouts.


If I tried page: http://<myServerName>:8500/casTesting   without having Application.cfc in the folder,  HelloWorld did get displayed correctly.

Am I missing something in the configuration?

Thanks!

Xuejin


John Watson-13 wrote
I wrote a new ColdFusion CAS client in order to take advantage of Single
Sign Out and Attribute releasing. Since I use an Application.cfc in my
applications, I figured it was time to for the existing client to be
rewritten as a ColdFusion component (CFC) and now I'm ready to release it to
the community.

I hope to hear feedback from the community and improvements/bug fixes are
very welcome.

http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
John Watson
Jr. Web Developer
University of California, Merced

--
You are currently subscribed to cas-user@lists.jasig.org as: lists@nabble.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

John Watson-13
Thank you for trying out the client.

I think the problem you're running into is ColdFusion's JRun server
does not trust your SSL cert that the tomcat server uses for CAS. So
when ColdFusion tries to contact your CAS server it's not actually
getting a response for CAS but rather an error about an invalid cert.
So the client gets stuck in an infinite loop trying to send user to
cas login, validate, fail validation, rinse and repeat.

In my test environment I created my own CA and I import my CA's cert
into all my different server's keystore so that any certs I sign are
automatically trusted.
I run CentOS and used these instructions:
http://dev.antoinesolutions.com/openssl

Then use: /opt/coldfusion8/runtime/jre/bin/keytool
To import the cert into: /opt/coldfusion8/runtime/jre/lib/security/cacerts
Detailed instructions:
http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore

Hope that solves your problem,

John

On Wed, May 13, 2009 at 12:18, Xuejin Ruan <[hidden email]> wrote:

>
> Hi John,
>
> Thanks so much for sharing the Coldfusion CAS Client Component with the
> community.  I am new to CAS, but would like to explore the potential of
> using CAS as an SSO solution to our portal (which has Coldfusion as well as
> Java applications). This morning I was playing with CAS clients your wrote,
> and encountered some problem. I am wondering whether you could shed some
> lights on.
>
> The following is my basic environment:
> CAS server: 3.3.2
> Coldfusion: 8
> Tomcat: 6.0.18
>
> I've downloaded cas server 3.3.2 and put the war file in Tomcat webapp
> directory. I also create a self-authored server certificate using Keytool.
> The CAS server is running fine. Then I download the cas.cfc component and
> put it in folder C:\ColdFusion8\CustomTags. I have a very simple application
> casTesting, which only has one file: index.cfm (output HelloWorld). I
> download Application.cfc and put in in the folder of casTesting. And I only
> made the following modification in Application.cfc:
>  <cfset Variables.CAS_arguments = { cas_server =
> "https://<myServerName>:8443/cas",
>                                     service =
> "http://<myServerName>:8500/casTesting",
>                                     direct_forwarding = true } />
>
> Then I tried to run the application: http://<myServerName>:8500/casTesting
> It got redirected to the CAS login page. I typed login credentials, and
> after a long long while, it returned the following url:
> http://<myServerName>:8500/casTesting?ticket=ST-4024-Or6y4zgpleq6MtM93qxr-cas
>
> And the page says: Page not found, connection failure.
>
> On Tomcat console window, it seems it is running a endless loop issueing
> ticket for the application until it timeouts.
>
>
> If I tried page: http://<myServerName>:8500/casTesting   without having
> Application.cfc in the folder,  HelloWorld did get displayed correctly.
>
> Am I missing something in the configuration?
>
> Thanks!
>
> Xuejin
>
>
>
> John Watson-13 wrote:
>>
>> I wrote a new ColdFusion CAS client in order to take advantage of Single
>> Sign Out and Attribute releasing. Since I use an Application.cfc in my
>> applications, I figured it was time to for the existing client to be
>> rewritten as a ColdFusion component (CFC) and now I'm ready to release it
>> to
>> the community.
>>
>> I hope to hear feedback from the community and improvements/bug fixes are
>> very welcome.
>>
>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>> John Watson
>> Jr. Web Developer
>> University of California, Merced
>>
>> --
>> You are currently subscribed to [hidden email] as:
>> [hidden email]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
> --
> View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Xuejin Ruan
Hi John,

Thanks so much for your reply. After I used keytool to create the self-authored server certificate, I did import it to all my different server's keystore, including coldfusion's keystore (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am wondering why Coldfusion's JRun server does not trust it. Did you do extra configuration for jrun.xml to enable SSL for Coldfusion?  I checked the log file of Tomcat, and Coldfusion, and couldn't find any hint why the infinite loop was there.

The following is the error message I got from Firefox browser (by the way, it is not cookie issue):
Redirect Loop      
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.    
The browser has stopped trying to retrieve the requested item. The site is redirecting the request in a way that will never complete.
    * Have you disabled or blocked cookies required by this site?
    * NOTE: If accepting the site's cookies does not resolve the problem, it is likely a server configuration issue and not your computer.

Thanks again for your time.

Xuejin


John Watson-13 wrote
Thank you for trying out the client.

I think the problem you're running into is ColdFusion's JRun server
does not trust your SSL cert that the tomcat server uses for CAS. So
when ColdFusion tries to contact your CAS server it's not actually
getting a response for CAS but rather an error about an invalid cert.
So the client gets stuck in an infinite loop trying to send user to
cas login, validate, fail validation, rinse and repeat.

In my test environment I created my own CA and I import my CA's cert
into all my different server's keystore so that any certs I sign are
automatically trusted.
I run CentOS and used these instructions:
http://dev.antoinesolutions.com/openssl

Then use: /opt/coldfusion8/runtime/jre/bin/keytool
To import the cert into: /opt/coldfusion8/runtime/jre/lib/security/cacerts
Detailed instructions:
http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore

Hope that solves your problem,

John

On Wed, May 13, 2009 at 12:18, Xuejin Ruan <xuejin.ruan@gmail.com> wrote:
>
> Hi John,
>
> Thanks so much for sharing the Coldfusion CAS Client Component with the
> community.  I am new to CAS, but would like to explore the potential of
> using CAS as an SSO solution to our portal (which has Coldfusion as well as
> Java applications). This morning I was playing with CAS clients your wrote,
> and encountered some problem. I am wondering whether you could shed some
> lights on.
>
> The following is my basic environment:
> CAS server: 3.3.2
> Coldfusion: 8
> Tomcat: 6.0.18
>
> I've downloaded cas server 3.3.2 and put the war file in Tomcat webapp
> directory. I also create a self-authored server certificate using Keytool.
> The CAS server is running fine. Then I download the cas.cfc component and
> put it in folder C:\ColdFusion8\CustomTags. I have a very simple application
> casTesting, which only has one file: index.cfm (output HelloWorld). I
> download Application.cfc and put in in the folder of casTesting. And I only
> made the following modification in Application.cfc:
>  <cfset Variables.CAS_arguments = { cas_server =
> "https://<myServerName>:8443/cas",
>                                     service =
> "http://<myServerName>:8500/casTesting",
>                                     direct_forwarding = true } />
>
> Then I tried to run the application: http://<myServerName>:8500/casTesting
> It got redirected to the CAS login page. I typed login credentials, and
> after a long long while, it returned the following url:
> http://<myServerName>:8500/casTesting?ticket=ST-4024-Or6y4zgpleq6MtM93qxr-cas
>
> And the page says: Page not found, connection failure.
>
> On Tomcat console window, it seems it is running a endless loop issueing
> ticket for the application until it timeouts.
>
>
> If I tried page: http://<myServerName>:8500/casTesting   without having
> Application.cfc in the folder,  HelloWorld did get displayed correctly.
>
> Am I missing something in the configuration?
>
> Thanks!
>
> Xuejin
>
>
>
> John Watson-13 wrote:
>>
>> I wrote a new ColdFusion CAS client in order to take advantage of Single
>> Sign Out and Attribute releasing. Since I use an Application.cfc in my
>> applications, I figured it was time to for the existing client to be
>> rewritten as a ColdFusion component (CFC) and now I'm ready to release it
>> to
>> the community.
>>
>> I hope to hear feedback from the community and improvements/bug fixes are
>> very welcome.
>>
>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>> John Watson
>> Jr. Web Developer
>> University of California, Merced
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> lists@nabble.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
> --
> View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: jwatson2@ucmerced.edu
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>

--
You are currently subscribed to cas-user@lists.jasig.org as: lists@nabble.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

John Watson-13
Odd, please dump out the response that the CAS server returns.

Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/>
after </cfhttp> in the "serviceValidate" function.

It will dump out the raw cas response and stop processing.

On Fri, May 15, 2009 at 12:11, Xuejin Ruan <[hidden email]> wrote:

>
> Hi John,
>
> Thanks so much for your reply. After I used keytool to create the
> self-authored server certificate, I did import it to all my different
> server's keystore, including coldfusion's keystore
> (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am wondering why
> Coldfusion's JRun server does not trust it. Did you do extra configuration
> for jrun.xml to enable SSL for Coldfusion?  I checked the log file of
> Tomcat, and Coldfusion, and couldn't find any hint why the infinite loop was
> there.
>
> The following is the error message I got from Firefox browser (by the way,
> it is not cookie issue):
> Redirect Loop
> Firefox has detected that the server is redirecting the request for this
> address in a way that will never complete.
> The browser has stopped trying to retrieve the requested item. The site is
> redirecting the request in a way that will never complete.
>    * Have you disabled or blocked cookies required by this site?
>    * NOTE: If accepting the site's cookies does not resolve the problem, it
> is likely a server configuration issue and not your computer.
>
> Thanks again for your time.
>
> Xuejin
>
>
>
> John Watson-13 wrote:
>>
>> Thank you for trying out the client.
>>
>> I think the problem you're running into is ColdFusion's JRun server
>> does not trust your SSL cert that the tomcat server uses for CAS. So
>> when ColdFusion tries to contact your CAS server it's not actually
>> getting a response for CAS but rather an error about an invalid cert.
>> So the client gets stuck in an infinite loop trying to send user to
>> cas login, validate, fail validation, rinse and repeat.
>>
>> In my test environment I created my own CA and I import my CA's cert
>> into all my different server's keystore so that any certs I sign are
>> automatically trusted.
>> I run CentOS and used these instructions:
>> http://dev.antoinesolutions.com/openssl
>>
>> Then use: /opt/coldfusion8/runtime/jre/bin/keytool
>> To import the cert into: /opt/coldfusion8/runtime/jre/lib/security/cacerts
>> Detailed instructions:
>> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
>>
>> Hope that solves your problem,
>>
>> John
>>
>> On Wed, May 13, 2009 at 12:18, Xuejin Ruan <[hidden email]> wrote:
>>>
>>> Hi John,
>>>
>>> Thanks so much for sharing the Coldfusion CAS Client Component with the
>>> community.  I am new to CAS, but would like to explore the potential of
>>> using CAS as an SSO solution to our portal (which has Coldfusion as well
>>> as
>>> Java applications). This morning I was playing with CAS clients your
>>> wrote,
>>> and encountered some problem. I am wondering whether you could shed some
>>> lights on.
>>>
>>> The following is my basic environment:
>>> CAS server: 3.3.2
>>> Coldfusion: 8
>>> Tomcat: 6.0.18
>>>
>>> I've downloaded cas server 3.3.2 and put the war file in Tomcat webapp
>>> directory. I also create a self-authored server certificate using
>>> Keytool.
>>> The CAS server is running fine. Then I download the cas.cfc component and
>>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple
>>> application
>>> casTesting, which only has one file: index.cfm (output HelloWorld). I
>>> download Application.cfc and put in in the folder of casTesting. And I
>>> only
>>> made the following modification in Application.cfc:
>>>  <cfset Variables.CAS_arguments = { cas_server =
>>> "https://<myServerName>:8443/cas",
>>>                                     service =
>>> "http://<myServerName>:8500/casTesting",
>>>                                     direct_forwarding = true } />
>>>
>>> Then I tried to run the application:
>>> http://<myServerName>:8500/casTesting
>>> It got redirected to the CAS login page. I typed login credentials, and
>>> after a long long while, it returned the following url:
>>> http://<myServerName>:8500/casTesting?ticket=ST-4024-Or6y4zgpleq6MtM93qxr-cas
>>>
>>> And the page says: Page not found, connection failure.
>>>
>>> On Tomcat console window, it seems it is running a endless loop issueing
>>> ticket for the application until it timeouts.
>>>
>>>
>>> If I tried page: http://<myServerName>:8500/casTesting   without having
>>> Application.cfc in the folder,  HelloWorld did get displayed correctly.
>>>
>>> Am I missing something in the configuration?
>>>
>>> Thanks!
>>>
>>> Xuejin
>>>
>>>
>>>
>>> John Watson-13 wrote:
>>>>
>>>> I wrote a new ColdFusion CAS client in order to take advantage of Single
>>>> Sign Out and Attribute releasing. Since I use an Application.cfc in my
>>>> applications, I figured it was time to for the existing client to be
>>>> rewritten as a ColdFusion component (CFC) and now I'm ready to release
>>>> it
>>>> to
>>>> the community.
>>>>
>>>> I hope to hear feedback from the community and improvements/bug fixes
>>>> are
>>>> very welcome.
>>>>
>>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>>>> John Watson
>>>> Jr. Web Developer
>>>> University of California, Merced
>>>>
>>>> --
>>>> You are currently subscribed to [hidden email] as:
>>>> [hidden email]
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> You are currently subscribed to [hidden email] as:
>>> [hidden email]
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>
>> --
>> You are currently subscribed to [hidden email] as:
>> [hidden email]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
> --
> View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Xuejin Ruan
Actually the endless loop comes before serviceValidate function was called. It seems it happen in the fuction "login". When I get to CAS login page, if I enter an incorrect credential, it correctly returns me the message "The credentials you provided cannot be determined to be authentic." But if I enter correct credential, then you will see from Tomcat console that it keeps generating tickets, until at last it says "Page not found" with the address bar showing the target page "http://dprg110.ad.co.pierce.wa.us:8500/casTesting/".  (there were occations I got a ticket appended at the end of the URL)

 <cffunction name="login" access="public" output="no" returntype="void" hint="Call CAS login page">
    <cfargument name="forceRenew" required="no" type="boolean" default="false" hint="Force them to provide primary authentication" />
    <cflocation url="#Variables.cas_server#login?service=#Variables.service##Iif(Variables.renew OR Arguments.forceRenew,DE('&renew=true'),DE(''))##Iif(Variables.gateway,DE('&gateway=true'),DE(''))#" addtoken="no" />
          </cffunction>

I did try adding cfabort after </cfhttp>, it seems never get there.

Thanks,

Xuejin



John Watson-13 wrote
Odd, please dump out the response that the CAS server returns.

Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/>
after </cfhttp> in the "serviceValidate" function.

It will dump out the raw cas response and stop processing.

On Fri, May 15, 2009 at 12:11, Xuejin Ruan <xuejin.ruan@gmail.com> wrote:
>
> Hi John,
>
> Thanks so much for your reply. After I used keytool to create the
> self-authored server certificate, I did import it to all my different
> server's keystore, including coldfusion's keystore
> (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am wondering why
> Coldfusion's JRun server does not trust it. Did you do extra configuration
> for jrun.xml to enable SSL for Coldfusion?  I checked the log file of
> Tomcat, and Coldfusion, and couldn't find any hint why the infinite loop was
> there.
>
> The following is the error message I got from Firefox browser (by the way,
> it is not cookie issue):
> Redirect Loop
> Firefox has detected that the server is redirecting the request for this
> address in a way that will never complete.
> The browser has stopped trying to retrieve the requested item. The site is
> redirecting the request in a way that will never complete.
>    * Have you disabled or blocked cookies required by this site?
>    * NOTE: If accepting the site's cookies does not resolve the problem, it
> is likely a server configuration issue and not your computer.
>
> Thanks again for your time.
>
> Xuejin
>
>
>
> John Watson-13 wrote:
>>
>> Thank you for trying out the client.
>>
>> I think the problem you're running into is ColdFusion's JRun server
>> does not trust your SSL cert that the tomcat server uses for CAS. So
>> when ColdFusion tries to contact your CAS server it's not actually
>> getting a response for CAS but rather an error about an invalid cert.
>> So the client gets stuck in an infinite loop trying to send user to
>> cas login, validate, fail validation, rinse and repeat.
>>
>> In my test environment I created my own CA and I import my CA's cert
>> into all my different server's keystore so that any certs I sign are
>> automatically trusted.
>> I run CentOS and used these instructions:
>> http://dev.antoinesolutions.com/openssl
>>
>> Then use: /opt/coldfusion8/runtime/jre/bin/keytool
>> To import the cert into: /opt/coldfusion8/runtime/jre/lib/security/cacerts
>> Detailed instructions:
>> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
>>
>> Hope that solves your problem,
>>
>> John
>>
>> On Wed, May 13, 2009 at 12:18, Xuejin Ruan <xuejin.ruan@gmail.com> wrote:
>>>
>>> Hi John,
>>>
>>> Thanks so much for sharing the Coldfusion CAS Client Component with the
>>> community.  I am new to CAS, but would like to explore the potential of
>>> using CAS as an SSO solution to our portal (which has Coldfusion as well
>>> as
>>> Java applications). This morning I was playing with CAS clients your
>>> wrote,
>>> and encountered some problem. I am wondering whether you could shed some
>>> lights on.
>>>
>>> The following is my basic environment:
>>> CAS server: 3.3.2
>>> Coldfusion: 8
>>> Tomcat: 6.0.18
>>>
>>> I've downloaded cas server 3.3.2 and put the war file in Tomcat webapp
>>> directory. I also create a self-authored server certificate using
>>> Keytool.
>>> The CAS server is running fine. Then I download the cas.cfc component and
>>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple
>>> application
>>> casTesting, which only has one file: index.cfm (output HelloWorld). I
>>> download Application.cfc and put in in the folder of casTesting. And I
>>> only
>>> made the following modification in Application.cfc:
>>>  <cfset Variables.CAS_arguments = { cas_server =
>>> "https://<myServerName>:8443/cas",
>>>                                     service =
>>> "http://<myServerName>:8500/casTesting",
>>>                                     direct_forwarding = true } />
>>>
>>> Then I tried to run the application:
>>> http://<myServerName>:8500/casTesting
>>> It got redirected to the CAS login page. I typed login credentials, and
>>> after a long long while, it returned the following url:
>>> http://<myServerName>:8500/casTesting?ticket=ST-4024-Or6y4zgpleq6MtM93qxr-cas
>>>
>>> And the page says: Page not found, connection failure.
>>>
>>> On Tomcat console window, it seems it is running a endless loop issueing
>>> ticket for the application until it timeouts.
>>>
>>>
>>> If I tried page: http://<myServerName>:8500/casTesting   without having
>>> Application.cfc in the folder,  HelloWorld did get displayed correctly.
>>>
>>> Am I missing something in the configuration?
>>>
>>> Thanks!
>>>
>>> Xuejin
>>>
>>>
>>>
>>> John Watson-13 wrote:
>>>>
>>>> I wrote a new ColdFusion CAS client in order to take advantage of Single
>>>> Sign Out and Attribute releasing. Since I use an Application.cfc in my
>>>> applications, I figured it was time to for the existing client to be
>>>> rewritten as a ColdFusion component (CFC) and now I'm ready to release
>>>> it
>>>> to
>>>> the community.
>>>>
>>>> I hope to hear feedback from the community and improvements/bug fixes
>>>> are
>>>> very welcome.
>>>>
>>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>>>> John Watson
>>>> Jr. Web Developer
>>>> University of California, Merced
>>>>
>>>> --
>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>> lists@nabble.com
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> jwatson2@ucmerced.edu
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> lists@nabble.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
> --
> View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: jwatson2@ucmerced.edu
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>

--
You are currently subscribed to cas-user@lists.jasig.org as: lists@nabble.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

John Watson-13
Correct, but serviceValidate is what calls login when it was unable to
verify the ST or extract a cas:user from the response (causing the
loop).

I'm hoping the response from the CAS server will shed some light on
why it can't do one or the other.

On Mon, May 18, 2009 at 16:17, Xuejin Ruan <[hidden email]> wrote:

>
> Actually the endless loop comes before serviceValidate function was called.
> It seems it happen in the fuction "login". When I get to CAS login page, if
> I enter an incorrect credential, it correctly returns me the message "The
> credentials you provided cannot be determined to be authentic." But if I
> enter correct credential, then you will see from Tomcat console that it
> keeps generating tickets, until at last it says "Page not found" with the
> address bar showing the target page
> "http://dprg110.ad.co.pierce.wa.us:8500/casTesting/".  (there were occations
> I got a ticket appended at the end of the URL)
>
>  <cffunction name="login" access="public" output="no" returntype="void"
> hint="Call CAS login page">
>    <cfargument name="forceRenew" required="no" type="boolean"
> default="false" hint="Force them to provide primary authentication" />
>    <cflocation
> url="#Variables.cas_server#login?service=#Variables.service##Iif(Variables.renew
> OR
> Arguments.forceRenew,DE('&renew=true'),DE(''))##Iif(Variables.gateway,DE('&gateway=true'),DE(''))#"
> addtoken="no" />
>          </cffunction>
>
> I did try adding cfabort after </cfhttp>, it seems never get there.
>
> Thanks,
>
> Xuejin
>
>
>
>
> John Watson-13 wrote:
>>
>> Odd, please dump out the response that the CAS server returns.
>>
>> Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/>
>> after </cfhttp> in the "serviceValidate" function.
>>
>> It will dump out the raw cas response and stop processing.
>>
>> On Fri, May 15, 2009 at 12:11, Xuejin Ruan <[hidden email]> wrote:
>>>
>>> Hi John,
>>>
>>> Thanks so much for your reply. After I used keytool to create the
>>> self-authored server certificate, I did import it to all my different
>>> server's keystore, including coldfusion's keystore
>>> (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am wondering why
>>> Coldfusion's JRun server does not trust it. Did you do extra
>>> configuration
>>> for jrun.xml to enable SSL for Coldfusion?  I checked the log file of
>>> Tomcat, and Coldfusion, and couldn't find any hint why the infinite loop
>>> was
>>> there.
>>>
>>> The following is the error message I got from Firefox browser (by the
>>> way,
>>> it is not cookie issue):
>>> Redirect Loop
>>> Firefox has detected that the server is redirecting the request for this
>>> address in a way that will never complete.
>>> The browser has stopped trying to retrieve the requested item. The site
>>> is
>>> redirecting the request in a way that will never complete.
>>>    * Have you disabled or blocked cookies required by this site?
>>>    * NOTE: If accepting the site's cookies does not resolve the problem,
>>> it
>>> is likely a server configuration issue and not your computer.
>>>
>>> Thanks again for your time.
>>>
>>> Xuejin
>>>
>>>
>>>
>>> John Watson-13 wrote:
>>>>
>>>> Thank you for trying out the client.
>>>>
>>>> I think the problem you're running into is ColdFusion's JRun server
>>>> does not trust your SSL cert that the tomcat server uses for CAS. So
>>>> when ColdFusion tries to contact your CAS server it's not actually
>>>> getting a response for CAS but rather an error about an invalid cert.
>>>> So the client gets stuck in an infinite loop trying to send user to
>>>> cas login, validate, fail validation, rinse and repeat.
>>>>
>>>> In my test environment I created my own CA and I import my CA's cert
>>>> into all my different server's keystore so that any certs I sign are
>>>> automatically trusted.
>>>> I run CentOS and used these instructions:
>>>> http://dev.antoinesolutions.com/openssl
>>>>
>>>> Then use: /opt/coldfusion8/runtime/jre/bin/keytool
>>>> To import the cert into:
>>>> /opt/coldfusion8/runtime/jre/lib/security/cacerts
>>>> Detailed instructions:
>>>> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
>>>>
>>>> Hope that solves your problem,
>>>>
>>>> John
>>>>
>>>> On Wed, May 13, 2009 at 12:18, Xuejin Ruan <[hidden email]>
>>>> wrote:
>>>>>
>>>>> Hi John,
>>>>>
>>>>> Thanks so much for sharing the Coldfusion CAS Client Component with the
>>>>> community.  I am new to CAS, but would like to explore the potential of
>>>>> using CAS as an SSO solution to our portal (which has Coldfusion as
>>>>> well
>>>>> as
>>>>> Java applications). This morning I was playing with CAS clients your
>>>>> wrote,
>>>>> and encountered some problem. I am wondering whether you could shed
>>>>> some
>>>>> lights on.
>>>>>
>>>>> The following is my basic environment:
>>>>> CAS server: 3.3.2
>>>>> Coldfusion: 8
>>>>> Tomcat: 6.0.18
>>>>>
>>>>> I've downloaded cas server 3.3.2 and put the war file in Tomcat webapp
>>>>> directory. I also create a self-authored server certificate using
>>>>> Keytool.
>>>>> The CAS server is running fine. Then I download the cas.cfc component
>>>>> and
>>>>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple
>>>>> application
>>>>> casTesting, which only has one file: index.cfm (output HelloWorld). I
>>>>> download Application.cfc and put in in the folder of casTesting. And I
>>>>> only
>>>>> made the following modification in Application.cfc:
>>>>>  <cfset Variables.CAS_arguments = { cas_server =
>>>>> "https://<myServerName>:8443/cas",
>>>>>                                     service =
>>>>> "http://<myServerName>:8500/casTesting",
>>>>>                                     direct_forwarding = true } />
>>>>>
>>>>> Then I tried to run the application:
>>>>> http://<myServerName>:8500/casTesting
>>>>> It got redirected to the CAS login page. I typed login credentials, and
>>>>> after a long long while, it returned the following url:
>>>>> http://<myServerName>:8500/casTesting?ticket=ST-4024-Or6y4zgpleq6MtM93qxr-cas
>>>>>
>>>>> And the page says: Page not found, connection failure.
>>>>>
>>>>> On Tomcat console window, it seems it is running a endless loop
>>>>> issueing
>>>>> ticket for the application until it timeouts.
>>>>>
>>>>>
>>>>> If I tried page: http://<myServerName>:8500/casTesting   without having
>>>>> Application.cfc in the folder,  HelloWorld did get displayed correctly.
>>>>>
>>>>> Am I missing something in the configuration?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Xuejin
>>>>>
>>>>>
>>>>>
>>>>> John Watson-13 wrote:
>>>>>>
>>>>>> I wrote a new ColdFusion CAS client in order to take advantage of
>>>>>> Single
>>>>>> Sign Out and Attribute releasing. Since I use an Application.cfc in my
>>>>>> applications, I figured it was time to for the existing client to be
>>>>>> rewritten as a ColdFusion component (CFC) and now I'm ready to release
>>>>>> it
>>>>>> to
>>>>>> the community.
>>>>>>
>>>>>> I hope to hear feedback from the community and improvements/bug fixes
>>>>>> are
>>>>>> very welcome.
>>>>>>
>>>>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>>>>>> John Watson
>>>>>> Jr. Web Developer
>>>>>> University of California, Merced
>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to [hidden email] as:
>>>>>> [hidden email]
>>>>>> To unsubscribe, change settings or access archives, see
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
>>>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> --
>>>>> You are currently subscribed to [hidden email] as:
>>>>> [hidden email]
>>>>> To unsubscribe, change settings or access archives, see
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>
>>>>
>>>> --
>>>> You are currently subscribed to [hidden email] as:
>>>> [hidden email]
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html
>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> You are currently subscribed to [hidden email] as:
>>> [hidden email]
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>
>> --
>> You are currently subscribed to [hidden email] as:
>> [hidden email]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
> --
> View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23607021.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Tillinghast, Andrew P.
In reply to this post by Xuejin Ruan
I had a similar problem when implementing a custom CAS/CF connection  
here. figured out that we had some code processing every url var and  
making them lower case, the lower case ticket strings failed to pass  
validate.

-Andrew

On May 18, 2009, at 7:17 PM, Xuejin Ruan wrote:

>
> Actually the endless loop comes before serviceValidate function was  
> called.
> It seems it happen in the fuction "login". When I get to CAS login  
> page, if
> I enter an incorrect credential, it correctly returns me the message  
> "The
> credentials you provided cannot be determined to be authentic." But  
> if I
> enter correct credential, then you will see from Tomcat console that  
> it
> keeps generating tickets, until at last it says "Page not found"  
> with the
> address bar showing the target page
> "http://dprg110.ad.co.pierce.wa.us:8500/casTesting/".  (there were  
> occations
> I got a ticket appended at the end of the URL)
>
> <cffunction name="login" access="public" output="no" returntype="void"
> hint="Call CAS login page">
>    <cfargument name="forceRenew" required="no" type="boolean"
> default="false" hint="Force them to provide primary authentication" />
>    <cflocation
> url="#Variables.cas_server#login?
> service=#Variables.service##Iif(Variables.renew
> OR
> Arguments
> .forceRenew
> ,DE
> ('&renew
> =true'),DE(''))##Iif(Variables.gateway,DE('&gateway=true'),DE(''))#"
> addtoken="no" />
>  </cffunction>
>
> I did try adding cfabort after </cfhttp>, it seems never get there.
>
> Thanks,
>
> Xuejin
>
>
>
>
> John Watson-13 wrote:
>>
>> Odd, please dump out the response that the CAS server returns.
>>
>> Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/>
>> after </cfhttp> in the "serviceValidate" function.
>>
>> It will dump out the raw cas response and stop processing.
>>
>> On Fri, May 15, 2009 at 12:11, Xuejin Ruan <[hidden email]>  
>> wrote:
>>>
>>> Hi John,
>>>
>>> Thanks so much for your reply. After I used keytool to create the
>>> self-authored server certificate, I did import it to all my  
>>> different
>>> server's keystore, including coldfusion's keystore
>>> (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am  
>>> wondering why
>>> Coldfusion's JRun server does not trust it. Did you do extra
>>> configuration
>>> for jrun.xml to enable SSL for Coldfusion?  I checked the log file  
>>> of
>>> Tomcat, and Coldfusion, and couldn't find any hint why the  
>>> infinite loop
>>> was
>>> there.
>>>
>>> The following is the error message I got from Firefox browser (by  
>>> the
>>> way,
>>> it is not cookie issue):
>>> Redirect Loop
>>> Firefox has detected that the server is redirecting the request  
>>> for this
>>> address in a way that will never complete.
>>> The browser has stopped trying to retrieve the requested item. The  
>>> site
>>> is
>>> redirecting the request in a way that will never complete.
>>>    * Have you disabled or blocked cookies required by this site?
>>>    * NOTE: If accepting the site's cookies does not resolve the  
>>> problem,
>>> it
>>> is likely a server configuration issue and not your computer.
>>>
>>> Thanks again for your time.
>>>
>>> Xuejin
>>>
>>>
>>>
>>> John Watson-13 wrote:
>>>>
>>>> Thank you for trying out the client.
>>>>
>>>> I think the problem you're running into is ColdFusion's JRun server
>>>> does not trust your SSL cert that the tomcat server uses for CAS.  
>>>> So
>>>> when ColdFusion tries to contact your CAS server it's not actually
>>>> getting a response for CAS but rather an error about an invalid  
>>>> cert.
>>>> So the client gets stuck in an infinite loop trying to send user to
>>>> cas login, validate, fail validation, rinse and repeat.
>>>>
>>>> In my test environment I created my own CA and I import my CA's  
>>>> cert
>>>> into all my different server's keystore so that any certs I sign  
>>>> are
>>>> automatically trusted.
>>>> I run CentOS and used these instructions:
>>>> http://dev.antoinesolutions.com/openssl
>>>>
>>>> Then use: /opt/coldfusion8/runtime/jre/bin/keytool
>>>> To import the cert into:
>>>> /opt/coldfusion8/runtime/jre/lib/security/cacerts
>>>> Detailed instructions:
>>>> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
>>>>
>>>> Hope that solves your problem,
>>>>
>>>> John
>>>>
>>>> On Wed, May 13, 2009 at 12:18, Xuejin Ruan <[hidden email]>
>>>> wrote:
>>>>>
>>>>> Hi John,
>>>>>
>>>>> Thanks so much for sharing the Coldfusion CAS Client Component  
>>>>> with the
>>>>> community.  I am new to CAS, but would like to explore the  
>>>>> potential of
>>>>> using CAS as an SSO solution to our portal (which has Coldfusion  
>>>>> as
>>>>> well
>>>>> as
>>>>> Java applications). This morning I was playing with CAS clients  
>>>>> your
>>>>> wrote,
>>>>> and encountered some problem. I am wondering whether you could  
>>>>> shed
>>>>> some
>>>>> lights on.
>>>>>
>>>>> The following is my basic environment:
>>>>> CAS server: 3.3.2
>>>>> Coldfusion: 8
>>>>> Tomcat: 6.0.18
>>>>>
>>>>> I've downloaded cas server 3.3.2 and put the war file in Tomcat  
>>>>> webapp
>>>>> directory. I also create a self-authored server certificate using
>>>>> Keytool.
>>>>> The CAS server is running fine. Then I download the cas.cfc  
>>>>> component
>>>>> and
>>>>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple
>>>>> application
>>>>> casTesting, which only has one file: index.cfm (output  
>>>>> HelloWorld). I
>>>>> download Application.cfc and put in in the folder of casTesting.  
>>>>> And I
>>>>> only
>>>>> made the following modification in Application.cfc:
>>>>>  <cfset Variables.CAS_arguments = { cas_server =
>>>>> "https://<myServerName>:8443/cas",
>>>>>                                     service =
>>>>> "http://<myServerName>:8500/casTesting",
>>>>>                                     direct_forwarding = true } />
>>>>>
>>>>> Then I tried to run the application:
>>>>> http://<myServerName>:8500/casTesting
>>>>> It got redirected to the CAS login page. I typed login  
>>>>> credentials, and
>>>>> after a long long while, it returned the following url:
>>>>> http://<myServerName>:8500/casTesting?ticket=ST-4024-
>>>>> Or6y4zgpleq6MtM93qxr-cas
>>>>>
>>>>> And the page says: Page not found, connection failure.
>>>>>
>>>>> On Tomcat console window, it seems it is running a endless loop
>>>>> issueing
>>>>> ticket for the application until it timeouts.
>>>>>
>>>>>
>>>>> If I tried page: http://<myServerName>:8500/casTesting   without  
>>>>> having
>>>>> Application.cfc in the folder,  HelloWorld did get displayed  
>>>>> correctly.
>>>>>
>>>>> Am I missing something in the configuration?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Xuejin
>>>>>
>>>>>
>>>>>
>>>>> John Watson-13 wrote:
>>>>>>
>>>>>> I wrote a new ColdFusion CAS client in order to take advantage of
>>>>>> Single
>>>>>> Sign Out and Attribute releasing. Since I use an  
>>>>>> Application.cfc in my
>>>>>> applications, I figured it was time to for the existing client  
>>>>>> to be
>>>>>> rewritten as a ColdFusion component (CFC) and now I'm ready to  
>>>>>> release
>>>>>> it
>>>>>> to
>>>>>> the community.
>>>>>>
>>>>>> I hope to hear feedback from the community and improvements/bug  
>>>>>> fixes
>>>>>> are
>>>>>> very welcome.
>>>>>>
>>>>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>>>>>> John Watson
>>>>>> Jr. Web Developer
>>>>>> University of California, Merced
>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to [hidden email] as:
>>>>>> [hidden email]
>>>>>> To unsubscribe, change settings or access archives, see
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
>>>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> --
>>>>> You are currently subscribed to [hidden email] as:
>>>>> [hidden email]
>>>>> To unsubscribe, change settings or access archives, see
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>
>>>>
>>>> --
>>>> You are currently subscribed to [hidden email] as:
>>>> [hidden email]
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html
>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> You are currently subscribed to [hidden email] as:
>>> [hidden email]
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>
>> --
>> You are currently subscribed to [hidden email] as:
>> [hidden email]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
> --
> View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23607021.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Xuejin Ruan
Hi Andrew,

Thanks for the reply. I was just trying to set up a very simple HelloWorld test, and there is no code making url var lower case. What is your working environment? I am just wondering whehter there is some weird Coldfusion set up in my local box. Do you need to configure JRun to enable SSL in your coldfusion server?

Best,

Xuejin


Andrew Tillinghast wrote
I had a similar problem when implementing a custom CAS/CF connection  
here. figured out that we had some code processing every url var and  
making them lower case, the lower case ticket strings failed to pass  
validate.

-Andrew

On May 18, 2009, at 7:17 PM, Xuejin Ruan wrote:

>
> Actually the endless loop comes before serviceValidate function was  
> called.
> It seems it happen in the fuction "login". When I get to CAS login  
> page, if
> I enter an incorrect credential, it correctly returns me the message  
> "The
> credentials you provided cannot be determined to be authentic." But  
> if I
> enter correct credential, then you will see from Tomcat console that  
> it
> keeps generating tickets, until at last it says "Page not found"  
> with the
> address bar showing the target page
> "http://dprg110.ad.co.pierce.wa.us:8500/casTesting/".  (there were  
> occations
> I got a ticket appended at the end of the URL)
>
> <cffunction name="login" access="public" output="no" returntype="void"
> hint="Call CAS login page">
>    <cfargument name="forceRenew" required="no" type="boolean"
> default="false" hint="Force them to provide primary authentication" />
>    <cflocation
> url="#Variables.cas_server#login?
> service=#Variables.service##Iif(Variables.renew
> OR
> Arguments
> .forceRenew
> ,DE
> ('&renew
> =true'),DE(''))##Iif(Variables.gateway,DE('&gateway=true'),DE(''))#"
> addtoken="no" />
>  </cffunction>
>
> I did try adding cfabort after </cfhttp>, it seems never get there.
>
> Thanks,
>
> Xuejin
>
>
>
>
> John Watson-13 wrote:
>>
>> Odd, please dump out the response that the CAS server returns.
>>
>> Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/>
>> after </cfhttp> in the "serviceValidate" function.
>>
>> It will dump out the raw cas response and stop processing.
>>
>> On Fri, May 15, 2009 at 12:11, Xuejin Ruan <xuejin.ruan@gmail.com> 
>> wrote:
>>>
>>> Hi John,
>>>
>>> Thanks so much for your reply. After I used keytool to create the
>>> self-authored server certificate, I did import it to all my  
>>> different
>>> server's keystore, including coldfusion's keystore
>>> (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am  
>>> wondering why
>>> Coldfusion's JRun server does not trust it. Did you do extra
>>> configuration
>>> for jrun.xml to enable SSL for Coldfusion?  I checked the log file  
>>> of
>>> Tomcat, and Coldfusion, and couldn't find any hint why the  
>>> infinite loop
>>> was
>>> there.
>>>
>>> The following is the error message I got from Firefox browser (by  
>>> the
>>> way,
>>> it is not cookie issue):
>>> Redirect Loop
>>> Firefox has detected that the server is redirecting the request  
>>> for this
>>> address in a way that will never complete.
>>> The browser has stopped trying to retrieve the requested item. The  
>>> site
>>> is
>>> redirecting the request in a way that will never complete.
>>>    * Have you disabled or blocked cookies required by this site?
>>>    * NOTE: If accepting the site's cookies does not resolve the  
>>> problem,
>>> it
>>> is likely a server configuration issue and not your computer.
>>>
>>> Thanks again for your time.
>>>
>>> Xuejin
>>>
>>>
>>>
>>> John Watson-13 wrote:
>>>>
>>>> Thank you for trying out the client.
>>>>
>>>> I think the problem you're running into is ColdFusion's JRun server
>>>> does not trust your SSL cert that the tomcat server uses for CAS.  
>>>> So
>>>> when ColdFusion tries to contact your CAS server it's not actually
>>>> getting a response for CAS but rather an error about an invalid  
>>>> cert.
>>>> So the client gets stuck in an infinite loop trying to send user to
>>>> cas login, validate, fail validation, rinse and repeat.
>>>>
>>>> In my test environment I created my own CA and I import my CA's  
>>>> cert
>>>> into all my different server's keystore so that any certs I sign  
>>>> are
>>>> automatically trusted.
>>>> I run CentOS and used these instructions:
>>>> http://dev.antoinesolutions.com/openssl
>>>>
>>>> Then use: /opt/coldfusion8/runtime/jre/bin/keytool
>>>> To import the cert into:
>>>> /opt/coldfusion8/runtime/jre/lib/security/cacerts
>>>> Detailed instructions:
>>>> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
>>>>
>>>> Hope that solves your problem,
>>>>
>>>> John
>>>>
>>>> On Wed, May 13, 2009 at 12:18, Xuejin Ruan <xuejin.ruan@gmail.com>
>>>> wrote:
>>>>>
>>>>> Hi John,
>>>>>
>>>>> Thanks so much for sharing the Coldfusion CAS Client Component  
>>>>> with the
>>>>> community.  I am new to CAS, but would like to explore the  
>>>>> potential of
>>>>> using CAS as an SSO solution to our portal (which has Coldfusion  
>>>>> as
>>>>> well
>>>>> as
>>>>> Java applications). This morning I was playing with CAS clients  
>>>>> your
>>>>> wrote,
>>>>> and encountered some problem. I am wondering whether you could  
>>>>> shed
>>>>> some
>>>>> lights on.
>>>>>
>>>>> The following is my basic environment:
>>>>> CAS server: 3.3.2
>>>>> Coldfusion: 8
>>>>> Tomcat: 6.0.18
>>>>>
>>>>> I've downloaded cas server 3.3.2 and put the war file in Tomcat  
>>>>> webapp
>>>>> directory. I also create a self-authored server certificate using
>>>>> Keytool.
>>>>> The CAS server is running fine. Then I download the cas.cfc  
>>>>> component
>>>>> and
>>>>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple
>>>>> application
>>>>> casTesting, which only has one file: index.cfm (output  
>>>>> HelloWorld). I
>>>>> download Application.cfc and put in in the folder of casTesting.  
>>>>> And I
>>>>> only
>>>>> made the following modification in Application.cfc:
>>>>>  <cfset Variables.CAS_arguments = { cas_server =
>>>>> "https://<myServerName>:8443/cas",
>>>>>                                     service =
>>>>> "http://<myServerName>:8500/casTesting",
>>>>>                                     direct_forwarding = true } />
>>>>>
>>>>> Then I tried to run the application:
>>>>> http://<myServerName>:8500/casTesting
>>>>> It got redirected to the CAS login page. I typed login  
>>>>> credentials, and
>>>>> after a long long while, it returned the following url:
>>>>> http://<myServerName>:8500/casTesting?ticket=ST-4024-
>>>>> Or6y4zgpleq6MtM93qxr-cas
>>>>>
>>>>> And the page says: Page not found, connection failure.
>>>>>
>>>>> On Tomcat console window, it seems it is running a endless loop
>>>>> issueing
>>>>> ticket for the application until it timeouts.
>>>>>
>>>>>
>>>>> If I tried page: http://<myServerName>:8500/casTesting   without  
>>>>> having
>>>>> Application.cfc in the folder,  HelloWorld did get displayed  
>>>>> correctly.
>>>>>
>>>>> Am I missing something in the configuration?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Xuejin
>>>>>
>>>>>
>>>>>
>>>>> John Watson-13 wrote:
>>>>>>
>>>>>> I wrote a new ColdFusion CAS client in order to take advantage of
>>>>>> Single
>>>>>> Sign Out and Attribute releasing. Since I use an  
>>>>>> Application.cfc in my
>>>>>> applications, I figured it was time to for the existing client  
>>>>>> to be
>>>>>> rewritten as a ColdFusion component (CFC) and now I'm ready to  
>>>>>> release
>>>>>> it
>>>>>> to
>>>>>> the community.
>>>>>>
>>>>>> I hope to hear feedback from the community and improvements/bug  
>>>>>> fixes
>>>>>> are
>>>>>> very welcome.
>>>>>>
>>>>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>>>>>> John Watson
>>>>>> Jr. Web Developer
>>>>>> University of California, Merced
>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>>>> lists@nabble.com
>>>>>> To unsubscribe, change settings or access archives, see
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
>>>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> --
>>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>>> jwatson2@ucmerced.edu
>>>>> To unsubscribe, change settings or access archives, see
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>
>>>>
>>>> --
>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>> lists@nabble.com
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html
>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> jwatson2@ucmerced.edu
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> lists@nabble.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
> --
> View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23607021.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: atilling@conncoll.edu
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


--
You are currently subscribed to cas-user@lists.jasig.org as: lists@nabble.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Xuejin Ruan
In reply to this post by John Watson-13
Hi John,

In my case it seems it never gets to serviceValidate. How to enable CAS server log to get more info about the communication between CAS server and Coldfusion Server?

I've tested CAS integrateion with Java application, Acegi security, and Spring Security, they all seems to at least working. But somehow I am stuck here trying to integrate CAS with our legacy Coldfusion apps.

Thanks,

Xuejin

John Watson-13 wrote
Correct, but serviceValidate is what calls login when it was unable to
verify the ST or extract a cas:user from the response (causing the
loop).

I'm hoping the response from the CAS server will shed some light on
why it can't do one or the other.

On Mon, May 18, 2009 at 16:17, Xuejin Ruan <xuejin.ruan@gmail.com> wrote:
>
> Actually the endless loop comes before serviceValidate function was called.
> It seems it happen in the fuction "login". When I get to CAS login page, if
> I enter an incorrect credential, it correctly returns me the message "The
> credentials you provided cannot be determined to be authentic." But if I
> enter correct credential, then you will see from Tomcat console that it
> keeps generating tickets, until at last it says "Page not found" with the
> address bar showing the target page
> "http://dprg110.ad.co.pierce.wa.us:8500/casTesting/".  (there were occations
> I got a ticket appended at the end of the URL)
>
>  <cffunction name="login" access="public" output="no" returntype="void"
> hint="Call CAS login page">
>    <cfargument name="forceRenew" required="no" type="boolean"
> default="false" hint="Force them to provide primary authentication" />
>    <cflocation
> url="#Variables.cas_server#login?service=#Variables.service##Iif(Variables.renew
> OR
> Arguments.forceRenew,DE('&renew=true'),DE(''))##Iif(Variables.gateway,DE('&gateway=true'),DE(''))#"
> addtoken="no" />
>          </cffunction>
>
> I did try adding cfabort after </cfhttp>, it seems never get there.
>
> Thanks,
>
> Xuejin
>
>
>
>
> John Watson-13 wrote:
>>
>> Odd, please dump out the response that the CAS server returns.
>>
>> Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/>
>> after </cfhttp> in the "serviceValidate" function.
>>
>> It will dump out the raw cas response and stop processing.
>>
>> On Fri, May 15, 2009 at 12:11, Xuejin Ruan <xuejin.ruan@gmail.com> wrote:
>>>
>>> Hi John,
>>>
>>> Thanks so much for your reply. After I used keytool to create the
>>> self-authored server certificate, I did import it to all my different
>>> server's keystore, including coldfusion's keystore
>>> (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am wondering why
>>> Coldfusion's JRun server does not trust it. Did you do extra
>>> configuration
>>> for jrun.xml to enable SSL for Coldfusion?  I checked the log file of
>>> Tomcat, and Coldfusion, and couldn't find any hint why the infinite loop
>>> was
>>> there.
>>>
>>> The following is the error message I got from Firefox browser (by the
>>> way,
>>> it is not cookie issue):
>>> Redirect Loop
>>> Firefox has detected that the server is redirecting the request for this
>>> address in a way that will never complete.
>>> The browser has stopped trying to retrieve the requested item. The site
>>> is
>>> redirecting the request in a way that will never complete.
>>>    * Have you disabled or blocked cookies required by this site?
>>>    * NOTE: If accepting the site's cookies does not resolve the problem,
>>> it
>>> is likely a server configuration issue and not your computer.
>>>
>>> Thanks again for your time.
>>>
>>> Xuejin
>>>
>>>
>>>
>>> John Watson-13 wrote:
>>>>
>>>> Thank you for trying out the client.
>>>>
>>>> I think the problem you're running into is ColdFusion's JRun server
>>>> does not trust your SSL cert that the tomcat server uses for CAS. So
>>>> when ColdFusion tries to contact your CAS server it's not actually
>>>> getting a response for CAS but rather an error about an invalid cert.
>>>> So the client gets stuck in an infinite loop trying to send user to
>>>> cas login, validate, fail validation, rinse and repeat.
>>>>
>>>> In my test environment I created my own CA and I import my CA's cert
>>>> into all my different server's keystore so that any certs I sign are
>>>> automatically trusted.
>>>> I run CentOS and used these instructions:
>>>> http://dev.antoinesolutions.com/openssl
>>>>
>>>> Then use: /opt/coldfusion8/runtime/jre/bin/keytool
>>>> To import the cert into:
>>>> /opt/coldfusion8/runtime/jre/lib/security/cacerts
>>>> Detailed instructions:
>>>> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
>>>>
>>>> Hope that solves your problem,
>>>>
>>>> John
>>>>
>>>> On Wed, May 13, 2009 at 12:18, Xuejin Ruan <xuejin.ruan@gmail.com>
>>>> wrote:
>>>>>
>>>>> Hi John,
>>>>>
>>>>> Thanks so much for sharing the Coldfusion CAS Client Component with the
>>>>> community.  I am new to CAS, but would like to explore the potential of
>>>>> using CAS as an SSO solution to our portal (which has Coldfusion as
>>>>> well
>>>>> as
>>>>> Java applications). This morning I was playing with CAS clients your
>>>>> wrote,
>>>>> and encountered some problem. I am wondering whether you could shed
>>>>> some
>>>>> lights on.
>>>>>
>>>>> The following is my basic environment:
>>>>> CAS server: 3.3.2
>>>>> Coldfusion: 8
>>>>> Tomcat: 6.0.18
>>>>>
>>>>> I've downloaded cas server 3.3.2 and put the war file in Tomcat webapp
>>>>> directory. I also create a self-authored server certificate using
>>>>> Keytool.
>>>>> The CAS server is running fine. Then I download the cas.cfc component
>>>>> and
>>>>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple
>>>>> application
>>>>> casTesting, which only has one file: index.cfm (output HelloWorld). I
>>>>> download Application.cfc and put in in the folder of casTesting. And I
>>>>> only
>>>>> made the following modification in Application.cfc:
>>>>>  <cfset Variables.CAS_arguments = { cas_server =
>>>>> "https://<myServerName>:8443/cas",
>>>>>                                     service =
>>>>> "http://<myServerName>:8500/casTesting",
>>>>>                                     direct_forwarding = true } />
>>>>>
>>>>> Then I tried to run the application:
>>>>> http://<myServerName>:8500/casTesting
>>>>> It got redirected to the CAS login page. I typed login credentials, and
>>>>> after a long long while, it returned the following url:
>>>>> http://<myServerName>:8500/casTesting?ticket=ST-4024-Or6y4zgpleq6MtM93qxr-cas
>>>>>
>>>>> And the page says: Page not found, connection failure.
>>>>>
>>>>> On Tomcat console window, it seems it is running a endless loop
>>>>> issueing
>>>>> ticket for the application until it timeouts.
>>>>>
>>>>>
>>>>> If I tried page: http://<myServerName>:8500/casTesting   without having
>>>>> Application.cfc in the folder,  HelloWorld did get displayed correctly.
>>>>>
>>>>> Am I missing something in the configuration?
>>>>>
>>>>> Thanks!
>>>>>
>>>>> Xuejin
>>>>>
>>>>>
>>>>>
>>>>> John Watson-13 wrote:
>>>>>>
>>>>>> I wrote a new ColdFusion CAS client in order to take advantage of
>>>>>> Single
>>>>>> Sign Out and Attribute releasing. Since I use an Application.cfc in my
>>>>>> applications, I figured it was time to for the existing client to be
>>>>>> rewritten as a ColdFusion component (CFC) and now I'm ready to release
>>>>>> it
>>>>>> to
>>>>>> the community.
>>>>>>
>>>>>> I hope to hear feedback from the community and improvements/bug fixes
>>>>>> are
>>>>>> very welcome.
>>>>>>
>>>>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>>>>>> John Watson
>>>>>> Jr. Web Developer
>>>>>> University of California, Merced
>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>>>> lists@nabble.com
>>>>>> To unsubscribe, change settings or access archives, see
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
>>>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> --
>>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>>> jwatson2@ucmerced.edu
>>>>> To unsubscribe, change settings or access archives, see
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>
>>>>
>>>> --
>>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>>> lists@nabble.com
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html
>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> You are currently subscribed to cas-user@lists.jasig.org as:
>>> jwatson2@ucmerced.edu
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>
>> --
>> You are currently subscribed to cas-user@lists.jasig.org as:
>> lists@nabble.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
> --
> View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23607021.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
>
> --
> You are currently subscribed to cas-user@lists.jasig.org as: jwatson2@ucmerced.edu
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>

--
You are currently subscribed to cas-user@lists.jasig.org as: lists@nabble.com
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Veli AKÇAKAYA-2
In reply to this post by John Watson-13
Hi John,

First of all thanks for new coldfusion CAS client. We use Coldfusion and CAS together in many projects. We have a problem about our current CAS client. We also tried the CAS client you’ve developed but we have the same problem with that too.

The problem is; The parameters sent to CAS before login are lost after login happenes. For example: http://www.abc.com/use_cas.cfm?name=veli&id=123 becomes: http://www.abc.com/use_cas.cfm?ticket=ST-78810-cXrMTVS2wfeIFGF4ga9E-cas after login. We can’t reach name and id parameters after login.
Do you have any suggestions about this?

Thanks,
Have a nice day.


John Watson wrote:
I wrote a new ColdFusion CAS client in order to take advantage of Single Sign Out and Attribute releasing. Since I use an Application.cfc in my applications, I figured it was time to for the existing client to be rewritten as a ColdFusion component (CFC) and now I'm ready to release it to the community.

I hope to hear feedback from the community and improvements/bug fixes are very welcome.

http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component

John Watson
Jr. Web Developer
University of California, Merced
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user

-- 
veli akçakaya
Sabancı University 
Information Technology

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Tillinghast, Andrew P.
In reply to this post by Xuejin Ruan
In our case both services, coldfusion and cas, are coming from a host  
with genuine SSL cert so we didn't have any issues with a self signed  
certificate.

We set up CF 7.0 with the old client and now CF 8.0 with the client.  
Before we tried the CF client we connected liferay as a client to our  
CAS server so we knew CAS was working.

-Andrew

On May 22, 2009, at 6:14 PM, Xuejin Ruan wrote:

>
> Hi Andrew,
>
> Thanks for the reply. I was just trying to set up a very simple  
> HelloWorld
> test, and there is no code making url var lower case. What is your  
> working
> environment? I am just wondering whehter there is some weird  
> Coldfusion set
> up in my local box. Do you need to configure JRun to enable SSL in  
> your
> coldfusion server?
>
> Best,
>
> Xuejin
>
>
>
> Andrew Tillinghast wrote:
>>
>> I had a similar problem when implementing a custom CAS/CF connection
>> here. figured out that we had some code processing every url var and
>> making them lower case, the lower case ticket strings failed to pass
>> validate.
>>
>> -Andrew
>>
>> On May 18, 2009, at 7:17 PM, Xuejin Ruan wrote:
>>
>>>
>>> Actually the endless loop comes before serviceValidate function was
>>> called.
>>> It seems it happen in the fuction "login". When I get to CAS login
>>> page, if
>>> I enter an incorrect credential, it correctly returns me the message
>>> "The
>>> credentials you provided cannot be determined to be authentic." But
>>> if I
>>> enter correct credential, then you will see from Tomcat console that
>>> it
>>> keeps generating tickets, until at last it says "Page not found"
>>> with the
>>> address bar showing the target page
>>> "http://dprg110.ad.co.pierce.wa.us:8500/casTesting/".  (there were
>>> occations
>>> I got a ticket appended at the end of the URL)
>>>
>>> <cffunction name="login" access="public" output="no"  
>>> returntype="void"
>>> hint="Call CAS login page">
>>>   <cfargument name="forceRenew" required="no" type="boolean"
>>> default="false" hint="Force them to provide primary  
>>> authentication" />
>>>   <cflocation
>>> url="#Variables.cas_server#login?
>>> service=#Variables.service##Iif(Variables.renew
>>> OR
>>> Arguments
>>> .forceRenew
>>> ,DE
>>> ('&renew
>>> =true'),DE(''))##Iif(Variables.gateway,DE('&gateway=true'),DE(''))#"
>>> addtoken="no" />
>>>  </cffunction>
>>>
>>> I did try adding cfabort after </cfhttp>, it seems never get there.
>>>
>>> Thanks,
>>>
>>> Xuejin
>>>
>>>
>>>
>>>
>>> John Watson-13 wrote:
>>>>
>>>> Odd, please dump out the response that the CAS server returns.
>>>>
>>>> Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/>
>>>> after </cfhttp> in the "serviceValidate" function.
>>>>
>>>> It will dump out the raw cas response and stop processing.
>>>>
>>>> On Fri, May 15, 2009 at 12:11, Xuejin Ruan <[hidden email]>
>>>> wrote:
>>>>>
>>>>> Hi John,
>>>>>
>>>>> Thanks so much for your reply. After I used keytool to create the
>>>>> self-authored server certificate, I did import it to all my
>>>>> different
>>>>> server's keystore, including coldfusion's keystore
>>>>> (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am
>>>>> wondering why
>>>>> Coldfusion's JRun server does not trust it. Did you do extra
>>>>> configuration
>>>>> for jrun.xml to enable SSL for Coldfusion?  I checked the log file
>>>>> of
>>>>> Tomcat, and Coldfusion, and couldn't find any hint why the
>>>>> infinite loop
>>>>> was
>>>>> there.
>>>>>
>>>>> The following is the error message I got from Firefox browser (by
>>>>> the
>>>>> way,
>>>>> it is not cookie issue):
>>>>> Redirect Loop
>>>>> Firefox has detected that the server is redirecting the request
>>>>> for this
>>>>> address in a way that will never complete.
>>>>> The browser has stopped trying to retrieve the requested item. The
>>>>> site
>>>>> is
>>>>> redirecting the request in a way that will never complete.
>>>>>   * Have you disabled or blocked cookies required by this site?
>>>>>   * NOTE: If accepting the site's cookies does not resolve the
>>>>> problem,
>>>>> it
>>>>> is likely a server configuration issue and not your computer.
>>>>>
>>>>> Thanks again for your time.
>>>>>
>>>>> Xuejin
>>>>>
>>>>>
>>>>>
>>>>> John Watson-13 wrote:
>>>>>>
>>>>>> Thank you for trying out the client.
>>>>>>
>>>>>> I think the problem you're running into is ColdFusion's JRun  
>>>>>> server
>>>>>> does not trust your SSL cert that the tomcat server uses for CAS.
>>>>>> So
>>>>>> when ColdFusion tries to contact your CAS server it's not  
>>>>>> actually
>>>>>> getting a response for CAS but rather an error about an invalid
>>>>>> cert.
>>>>>> So the client gets stuck in an infinite loop trying to send  
>>>>>> user to
>>>>>> cas login, validate, fail validation, rinse and repeat.
>>>>>>
>>>>>> In my test environment I created my own CA and I import my CA's
>>>>>> cert
>>>>>> into all my different server's keystore so that any certs I sign
>>>>>> are
>>>>>> automatically trusted.
>>>>>> I run CentOS and used these instructions:
>>>>>> http://dev.antoinesolutions.com/openssl
>>>>>>
>>>>>> Then use: /opt/coldfusion8/runtime/jre/bin/keytool
>>>>>> To import the cert into:
>>>>>> /opt/coldfusion8/runtime/jre/lib/security/cacerts
>>>>>> Detailed instructions:
>>>>>> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
>>>>>>
>>>>>> Hope that solves your problem,
>>>>>>
>>>>>> John
>>>>>>
>>>>>> On Wed, May 13, 2009 at 12:18, Xuejin Ruan  
>>>>>> <[hidden email]>
>>>>>> wrote:
>>>>>>>
>>>>>>> Hi John,
>>>>>>>
>>>>>>> Thanks so much for sharing the Coldfusion CAS Client Component
>>>>>>> with the
>>>>>>> community.  I am new to CAS, but would like to explore the
>>>>>>> potential of
>>>>>>> using CAS as an SSO solution to our portal (which has Coldfusion
>>>>>>> as
>>>>>>> well
>>>>>>> as
>>>>>>> Java applications). This morning I was playing with CAS clients
>>>>>>> your
>>>>>>> wrote,
>>>>>>> and encountered some problem. I am wondering whether you could
>>>>>>> shed
>>>>>>> some
>>>>>>> lights on.
>>>>>>>
>>>>>>> The following is my basic environment:
>>>>>>> CAS server: 3.3.2
>>>>>>> Coldfusion: 8
>>>>>>> Tomcat: 6.0.18
>>>>>>>
>>>>>>> I've downloaded cas server 3.3.2 and put the war file in Tomcat
>>>>>>> webapp
>>>>>>> directory. I also create a self-authored server certificate  
>>>>>>> using
>>>>>>> Keytool.
>>>>>>> The CAS server is running fine. Then I download the cas.cfc
>>>>>>> component
>>>>>>> and
>>>>>>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple
>>>>>>> application
>>>>>>> casTesting, which only has one file: index.cfm (output
>>>>>>> HelloWorld). I
>>>>>>> download Application.cfc and put in in the folder of casTesting.
>>>>>>> And I
>>>>>>> only
>>>>>>> made the following modification in Application.cfc:
>>>>>>> <cfset Variables.CAS_arguments = { cas_server =
>>>>>>> "https://<myServerName>:8443/cas",
>>>>>>>                                    service =
>>>>>>> "http://<myServerName>:8500/casTesting",
>>>>>>>                                    direct_forwarding = true } />
>>>>>>>
>>>>>>> Then I tried to run the application:
>>>>>>> http://<myServerName>:8500/casTesting
>>>>>>> It got redirected to the CAS login page. I typed login
>>>>>>> credentials, and
>>>>>>> after a long long while, it returned the following url:
>>>>>>> http://<myServerName>:8500/casTesting?ticket=ST-4024-
>>>>>>> Or6y4zgpleq6MtM93qxr-cas
>>>>>>>
>>>>>>> And the page says: Page not found, connection failure.
>>>>>>>
>>>>>>> On Tomcat console window, it seems it is running a endless loop
>>>>>>> issueing
>>>>>>> ticket for the application until it timeouts.
>>>>>>>
>>>>>>>
>>>>>>> If I tried page: http://<myServerName>:8500/casTesting   without
>>>>>>> having
>>>>>>> Application.cfc in the folder,  HelloWorld did get displayed
>>>>>>> correctly.
>>>>>>>
>>>>>>> Am I missing something in the configuration?
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> Xuejin
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> John Watson-13 wrote:
>>>>>>>>
>>>>>>>> I wrote a new ColdFusion CAS client in order to take  
>>>>>>>> advantage of
>>>>>>>> Single
>>>>>>>> Sign Out and Attribute releasing. Since I use an
>>>>>>>> Application.cfc in my
>>>>>>>> applications, I figured it was time to for the existing client
>>>>>>>> to be
>>>>>>>> rewritten as a ColdFusion component (CFC) and now I'm ready to
>>>>>>>> release
>>>>>>>> it
>>>>>>>> to
>>>>>>>> the community.
>>>>>>>>
>>>>>>>> I hope to hear feedback from the community and improvements/bug
>>>>>>>> fixes
>>>>>>>> are
>>>>>>>> very welcome.
>>>>>>>>
>>>>>>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>>>>>>>> John Watson
>>>>>>>> Jr. Web Developer
>>>>>>>> University of California, Merced
>>>>>>>>
>>>>>>>> --
>>>>>>>> You are currently subscribed to [hidden email] as:
>>>>>>>> [hidden email]
>>>>>>>> To unsubscribe, change settings or access archives, see
>>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> View this message in context:
>>>>>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
>>>>>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> You are currently subscribed to [hidden email] as:
>>>>>>> [hidden email]
>>>>>>> To unsubscribe, change settings or access archives, see
>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to [hidden email] as:
>>>>>> [hidden email]
>>>>>> To unsubscribe, change settings or access archives, see
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html
>>>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> --
>>>>> You are currently subscribed to [hidden email] as:
>>>>> [hidden email]
>>>>> To unsubscribe, change settings or access archives, see
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>
>>>>
>>>> --
>>>> You are currently subscribed to [hidden email] as:
>>>> [hidden email]
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23607021.html
>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> You are currently subscribed to [hidden email] as:
>>> [hidden email]
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>> --
>> You are currently subscribed to [hidden email] as:
>> [hidden email]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
> --
> View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23678691.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user


--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

Veli AKÇAKAYA-2
In reply to this post by Veli AKÇAKAYA-2
Hi All,

Is there anybody having the same problem?

Have a nice day.

Veli AKÇAKAYA wrote:
Hi John,

First of all thanks for new coldfusion CAS client. We use Coldfusion and CAS together in many projects. We have a problem about our current CAS client. We also tried the CAS client you’ve developed but we have the same problem with that too.

The problem is; The parameters sent to CAS before login are lost after login happenes. For example: http://www.abc.com/use_cas.cfm?name=veli&id=123 becomes: http://www.abc.com/use_cas.cfm?ticket=ST-78810-cXrMTVS2wfeIFGF4ga9E-cas after login. We can’t reach name and id parameters after login.
Do you have any suggestions about this?

Thanks,
Have a nice day.


John Watson wrote:
I wrote a new ColdFusion CAS client in order to take advantage of Single Sign Out and Attribute releasing. Since I use an Application.cfc in my applications, I figured it was time to for the existing client to be rewritten as a ColdFusion component (CFC) and now I'm ready to release it to the community.

I hope to hear feedback from the community and improvements/bug fixes are very welcome.

http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component

John Watson
Jr. Web Developer
University of California, Merced
-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
-- 
veli akçakaya
Sabancı University 
Information Technology

-- 
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

John Watson-13
In reply to this post by Veli AKÇAKAYA-2
It's good to hear that others are finding use in it.

Currently, the client only remembers the original URL in the
"validate" function. I hope to have some free time next week to add
some debugging/logging code, so at the same time I will add the
functionality to retain the original URL parameters as well.

Regards,

John


2009/5/25 Veli AKÇAKAYA <[hidden email]>:

> Hi John,
>
> First of all thanks for new coldfusion CAS client. We use Coldfusion and CAS
> together in many projects. We have a problem about our current CAS client.
> We also tried the CAS client you’ve developed but we have the same problem
> with that too.
>
> The problem is; The parameters sent to CAS before login are lost after login
> happenes. For example: http://www.abc.com/use_cas.cfm?name=veli&id=123
> becomes:
> http://www.abc.com/use_cas.cfm?ticket=ST-78810-cXrMTVS2wfeIFGF4ga9E-cas
> after login. We can’t reach name and id parameters after login.
> Do you have any suggestions about this?
>
> Thanks,
> Have a nice day.
>
>
> John Watson wrote:
>
> I wrote a new ColdFusion CAS client in order to take advantage of Single
> Sign Out and Attribute releasing. Since I use an Application.cfc in my
> applications, I figured it was time to for the existing client to be
> rewritten as a ColdFusion component (CFC) and now I'm ready to release it to
> the community.
> I hope to hear feedback from the community and improvements/bug fixes are
> very welcome.
> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
> John Watson
> Jr. Web Developer
> University of California, Merced
>
> --
> You are currently subscribed to [hidden email] as:
> [hidden email]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
> --
> veli akçakaya
> Sabancı University
> Information Technology
>
> --
> You are currently subscribed to [hidden email] as:
> [hidden email]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

John Watson-13
In reply to this post by Xuejin Ruan
The process the client takes is:
1. User requests a page
2. In onRequestStart, Application.cfc asks the CAS client to validate
the user using "validate"
3. In validate, the client checks if the user is already logged in or
if the ST URL parameter exists
4a. If not logged in and no ST parameter is present, send the user to
CAS to login
4b. If not logged in and ST parameter is present, run
"serviceValidate" using the provided ST
4c. If logged in, immediately continue into the CF application
5a. If the ST is verified, it then sets the username attribute
(effectively logging the user into the application)
5b. If the ST is not verified, username stays blank
6a. If username is still blank, send user back to CAS login
6b. If username is not blank, continue into the CF application

Steps 3,4,6 takes place in "validate"
Steps 5 takes place in "serviceValidate"

What I think is happening with your application is the loop is
occurring after logging into CAS in this way:
1,2,3,4b,5b,6a

And this loop would be happening if the client is unable to verify the
ST with the CAS server. I'm hoping the response from the CAS server
will shed light onto the cause of the failure to validate the ST.

Regards,

John

On Fri, May 22, 2009 at 15:21, Xuejin Ruan <[hidden email]> wrote:

>
> Hi John,
>
> In my case it seems it never gets to serviceValidate. How to enable CAS
> server log to get more info about the communication between CAS server and
> Coldfusion Server?
>
> I've tested CAS integrateion with Java application, Acegi security, and
> Spring Security, they all seems to at least working. But somehow I am stuck
> here trying to integrate CAS with our legacy Coldfusion apps.
>
> Thanks,
>
> Xuejin
>
>
> John Watson-13 wrote:
>>
>> Correct, but serviceValidate is what calls login when it was unable to
>> verify the ST or extract a cas:user from the response (causing the
>> loop).
>>
>> I'm hoping the response from the CAS server will shed some light on
>> why it can't do one or the other.
>>
>> On Mon, May 18, 2009 at 16:17, Xuejin Ruan <[hidden email]> wrote:
>>>
>>> Actually the endless loop comes before serviceValidate function was
>>> called.
>>> It seems it happen in the fuction "login". When I get to CAS login page,
>>> if
>>> I enter an incorrect credential, it correctly returns me the message "The
>>> credentials you provided cannot be determined to be authentic." But if I
>>> enter correct credential, then you will see from Tomcat console that it
>>> keeps generating tickets, until at last it says "Page not found" with the
>>> address bar showing the target page
>>> "http://dprg110.ad.co.pierce.wa.us:8500/casTesting/".  (there were
>>> occations
>>> I got a ticket appended at the end of the URL)
>>>
>>>  <cffunction name="login" access="public" output="no" returntype="void"
>>> hint="Call CAS login page">
>>>    <cfargument name="forceRenew" required="no" type="boolean"
>>> default="false" hint="Force them to provide primary authentication" />
>>>    <cflocation
>>> url="#Variables.cas_server#login?service=#Variables.service##Iif(Variables.renew
>>> OR
>>> Arguments.forceRenew,DE('&renew=true'),DE(''))##Iif(Variables.gateway,DE('&gateway=true'),DE(''))#"
>>> addtoken="no" />
>>>          </cffunction>
>>>
>>> I did try adding cfabort after </cfhttp>, it seems never get there.
>>>
>>> Thanks,
>>>
>>> Xuejin
>>>
>>>
>>>
>>>
>>> John Watson-13 wrote:
>>>>
>>>> Odd, please dump out the response that the CAS server returns.
>>>>
>>>> Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/>
>>>> after </cfhttp> in the "serviceValidate" function.
>>>>
>>>> It will dump out the raw cas response and stop processing.
>>>>
>>>> On Fri, May 15, 2009 at 12:11, Xuejin Ruan <[hidden email]>
>>>> wrote:
>>>>>
>>>>> Hi John,
>>>>>
>>>>> Thanks so much for your reply. After I used keytool to create the
>>>>> self-authored server certificate, I did import it to all my different
>>>>> server's keystore, including coldfusion's keystore
>>>>> (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am wondering
>>>>> why
>>>>> Coldfusion's JRun server does not trust it. Did you do extra
>>>>> configuration
>>>>> for jrun.xml to enable SSL for Coldfusion?  I checked the log file of
>>>>> Tomcat, and Coldfusion, and couldn't find any hint why the infinite
>>>>> loop
>>>>> was
>>>>> there.
>>>>>
>>>>> The following is the error message I got from Firefox browser (by the
>>>>> way,
>>>>> it is not cookie issue):
>>>>> Redirect Loop
>>>>> Firefox has detected that the server is redirecting the request for
>>>>> this
>>>>> address in a way that will never complete.
>>>>> The browser has stopped trying to retrieve the requested item. The site
>>>>> is
>>>>> redirecting the request in a way that will never complete.
>>>>>    * Have you disabled or blocked cookies required by this site?
>>>>>    * NOTE: If accepting the site's cookies does not resolve the
>>>>> problem,
>>>>> it
>>>>> is likely a server configuration issue and not your computer.
>>>>>
>>>>> Thanks again for your time.
>>>>>
>>>>> Xuejin
>>>>>
>>>>>
>>>>>
>>>>> John Watson-13 wrote:
>>>>>>
>>>>>> Thank you for trying out the client.
>>>>>>
>>>>>> I think the problem you're running into is ColdFusion's JRun server
>>>>>> does not trust your SSL cert that the tomcat server uses for CAS. So
>>>>>> when ColdFusion tries to contact your CAS server it's not actually
>>>>>> getting a response for CAS but rather an error about an invalid cert.
>>>>>> So the client gets stuck in an infinite loop trying to send user to
>>>>>> cas login, validate, fail validation, rinse and repeat.
>>>>>>
>>>>>> In my test environment I created my own CA and I import my CA's cert
>>>>>> into all my different server's keystore so that any certs I sign are
>>>>>> automatically trusted.
>>>>>> I run CentOS and used these instructions:
>>>>>> http://dev.antoinesolutions.com/openssl
>>>>>>
>>>>>> Then use: /opt/coldfusion8/runtime/jre/bin/keytool
>>>>>> To import the cert into:
>>>>>> /opt/coldfusion8/runtime/jre/lib/security/cacerts
>>>>>> Detailed instructions:
>>>>>> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
>>>>>>
>>>>>> Hope that solves your problem,
>>>>>>
>>>>>> John
>>>>>>
>>>>>> On Wed, May 13, 2009 at 12:18, Xuejin Ruan <[hidden email]>
>>>>>> wrote:
>>>>>>>
>>>>>>> Hi John,
>>>>>>>
>>>>>>> Thanks so much for sharing the Coldfusion CAS Client Component with
>>>>>>> the
>>>>>>> community.  I am new to CAS, but would like to explore the potential
>>>>>>> of
>>>>>>> using CAS as an SSO solution to our portal (which has Coldfusion as
>>>>>>> well
>>>>>>> as
>>>>>>> Java applications). This morning I was playing with CAS clients your
>>>>>>> wrote,
>>>>>>> and encountered some problem. I am wondering whether you could shed
>>>>>>> some
>>>>>>> lights on.
>>>>>>>
>>>>>>> The following is my basic environment:
>>>>>>> CAS server: 3.3.2
>>>>>>> Coldfusion: 8
>>>>>>> Tomcat: 6.0.18
>>>>>>>
>>>>>>> I've downloaded cas server 3.3.2 and put the war file in Tomcat
>>>>>>> webapp
>>>>>>> directory. I also create a self-authored server certificate using
>>>>>>> Keytool.
>>>>>>> The CAS server is running fine. Then I download the cas.cfc component
>>>>>>> and
>>>>>>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple
>>>>>>> application
>>>>>>> casTesting, which only has one file: index.cfm (output HelloWorld). I
>>>>>>> download Application.cfc and put in in the folder of casTesting. And
>>>>>>> I
>>>>>>> only
>>>>>>> made the following modification in Application.cfc:
>>>>>>>  <cfset Variables.CAS_arguments = { cas_server =
>>>>>>> "https://<myServerName>:8443/cas",
>>>>>>>                                     service =
>>>>>>> "http://<myServerName>:8500/casTesting",
>>>>>>>                                     direct_forwarding = true } />
>>>>>>>
>>>>>>> Then I tried to run the application:
>>>>>>> http://<myServerName>:8500/casTesting
>>>>>>> It got redirected to the CAS login page. I typed login credentials,
>>>>>>> and
>>>>>>> after a long long while, it returned the following url:
>>>>>>> http://<myServerName>:8500/casTesting?ticket=ST-4024-Or6y4zgpleq6MtM93qxr-cas
>>>>>>>
>>>>>>> And the page says: Page not found, connection failure.
>>>>>>>
>>>>>>> On Tomcat console window, it seems it is running a endless loop
>>>>>>> issueing
>>>>>>> ticket for the application until it timeouts.
>>>>>>>
>>>>>>>
>>>>>>> If I tried page: http://<myServerName>:8500/casTesting   without
>>>>>>> having
>>>>>>> Application.cfc in the folder,  HelloWorld did get displayed
>>>>>>> correctly.
>>>>>>>
>>>>>>> Am I missing something in the configuration?
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> Xuejin
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> John Watson-13 wrote:
>>>>>>>>
>>>>>>>> I wrote a new ColdFusion CAS client in order to take advantage of
>>>>>>>> Single
>>>>>>>> Sign Out and Attribute releasing. Since I use an Application.cfc in
>>>>>>>> my
>>>>>>>> applications, I figured it was time to for the existing client to be
>>>>>>>> rewritten as a ColdFusion component (CFC) and now I'm ready to
>>>>>>>> release
>>>>>>>> it
>>>>>>>> to
>>>>>>>> the community.
>>>>>>>>
>>>>>>>> I hope to hear feedback from the community and improvements/bug
>>>>>>>> fixes
>>>>>>>> are
>>>>>>>> very welcome.
>>>>>>>>
>>>>>>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>>>>>>>> John Watson
>>>>>>>> Jr. Web Developer
>>>>>>>> University of California, Merced
>>>>>>>>
>>>>>>>> --
>>>>>>>> You are currently subscribed to [hidden email] as:
>>>>>>>> [hidden email]
>>>>>>>> To unsubscribe, change settings or access archives, see
>>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> View this message in context:
>>>>>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
>>>>>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> You are currently subscribed to [hidden email] as:
>>>>>>> [hidden email]
>>>>>>> To unsubscribe, change settings or access archives, see
>>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> You are currently subscribed to [hidden email] as:
>>>>>> [hidden email]
>>>>>> To unsubscribe, change settings or access archives, see
>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html
>>>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>>>
>>>>>
>>>>> --
>>>>> You are currently subscribed to [hidden email] as:
>>>>> [hidden email]
>>>>> To unsubscribe, change settings or access archives, see
>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>>
>>>>
>>>> --
>>>> You are currently subscribed to [hidden email] as:
>>>> [hidden email]
>>>> To unsubscribe, change settings or access archives, see
>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23607021.html
>>> Sent from the CAS Users mailing list archive at Nabble.com.
>>>
>>>
>>> --
>>> You are currently subscribed to [hidden email] as:
>>> [hidden email]
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>
>> --
>> You are currently subscribed to [hidden email] as:
>> [hidden email]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>>
>
> --
> View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23678695.html
> Sent from the CAS Users mailing list archive at Nabble.com.
>
>
> --
> You are currently subscribed to [hidden email] as: [hidden email]
> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
>

--
You are currently subscribed to [hidden email] as: [hidden email]
To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
Reply | Threaded
Open this post in threaded view
|

Re: New ColdFusion CAS Client

raman@vin65.com
This post has NOT been accepted by the mailing list yet.
6-7 years later, I am running into the same issue here.

Have there been any resolutions in the meantime?