Re: [KCFusion] Implementing an Enterprise Single Login

Fri, 19 Apr 2002 22:44:01 -0700

By the way, if you insist on using Cookies accross multiple sub-domains SetDomainCookies="Yes", i.e xxx.domain.com, ttt.domain.com, etc.. if your talking about different domains, i.e www.xxx.com & www.yyy.com, you won't be SetdomainCookies won't work





At 09:25 AM 4/20/2002 +0400, you wrote:
We are using LDAP at work to perform similar user validation,
I would recomend using Client Variables instead of cookies.I don't see why you would want to use java servlets for this process, heres sample code:

1) In your index.cfm file include this or similar code:
<cfif NOT Isdefined("client.validated") OR 0>
<CFINCLUDE template="Security.cfm">
</cfif>

2) In security.cfm Include this or similar code:

<cfif Isdefined("client.validated")>
        <cfif client.validated EQ  "success">
                <cfelse>
                <cflocation url="login.cfm">
        </cfif>
<cfelse>
        <cflocation url="login.cfm">
</cfif>

<cflocation url="index.cfm">

3) In login.cfm include this or similar Code:
<HTML>
<HEAD>
        <TITLE>Content Administrator</TITLE>

</HEAD>

<BODY>

<cfif IsDefined("url.success") is "true">
        Please enter the correct login.<br> Check Your Username and Password.<br>
</cfif>

<cfif IsDefined("client.validated")>
                <CFSET Temp = DeleteClientVariable("validated")>
                <CFSET Temp = DeleteClientVariable("name")>
                <CFSET Temp = DeleteClientVariable("alias")>
                <CFSET Temp = DeleteClientVariable("email")>
                <cfset client.alias=0>

                <strong>Logout Successful</strong><br>
                </center>
</cfif>


<FORM action="ldapauth.cfm" Method=post>

<table border="0">
        <tr>
                <td align="center">                                             
        <table width="100%" cellpadding="4" cellspacing="0"  border="0">
                <tr>
                        <td valign="top"><Div id="normal"><b>LDAP Alias :</B></td>
                        <td valign="top" ><input type="text" Name="alias" size="28"></td></tr>
                <tr>    
                        <td><Div id="normal"><b>Password : </B></td>
                        <td><INPUT type=password name="password"  size="28"></td>
                </tr>
        </table>
<br>

<INPUT type=submit name=cmdSubmit value="Log In">

</FORM>

                </td>
        </tr>
</table>

</body>
</html>

4) In ldapauth.cfm, use this or similar code:

<cfif FORM.password is "">
                <cflocation url="login.cfm?success=false">
</cfif>

<cftry>

<CFLDAP
        name="Getdn"
        action="QUERY"
        filter="(alias=#form.alias#)"
        attributes="cn,dn, mail"
        server="ldap.whatever.com"
        START="o=whatever,c=an"
        scope="subtree" timeout="50">
 
 <CFLDAP
        NAME="ChkPwd2"
        SERVER="ldap.whatever.com"
        ACTION="QUERY"
        ATTRIBUTES="dn"
        SCOPE="SubTree"
        username="#Getdn.dn#"
        password="#form.Password#"
        MAXROWS=2
        START="o=whatever,c=an">
        
                <cfcatch type="Any">
                        <cflocation url="login.cfm?success=false">
                </cfcatch>
</cftry>
<cfif Getdn.cn eq "">
                        <cflocation url="login.cfm?success=false">
</cfif>


<html>
<head>
        <title>LDAP Authentication</title>
</head>

<body>
<cfoutput>
<cfset client.alias=#form.alias#>
<cfset client.name=Left(#Getdn.cn#,Find(",",#Getdn.cn#)-1)>
<cfset client.email=#Getdn.mail#>
<cfset client.validated="success">
<cflocation url="index.cfm">
</cfoutput>

</body>
</html>
 
Hope this helps



At 04:32 PM 4/17/2002 -0500, you wrote:
We are attempting to implement a solution that will allow a user to enter our web "portal", log-on, and ,based on that log-on (verified in the LDAP directory), utilize any one of many secure applications.  On the front side of things, we plan to set a cookie that will stay with the user throughout the session.  My question is then how, as one of those many secure sites, can I decipher the cookie and read the authentication information to determine that the user is in fact valid.  Any ideas?  We've thrown around the idea of using a Java Servlet to do the decode, and then set the ColdFusion session variables accordingly.  This is new territory for me, so any help that could be provided would be greatly appreciated.

Nicole L. Safley
Database Programmer/Analyst
Administrative Systems Project
University of Missouri-Columbia
[EMAIL PROTECTED]
(573) 882-6284
 

Richard Morrison
Cold Fusion Programmer (SDS),
Schlumberger
 DRILLING SERVICES
P.O.Box 9261, Dubai. United Arab Emirates
Direct: 971 4 306 7127, Fax: 971 4 331 3614
Mobile: 971 50 62 10 869 .
=========================================================================
I understand that U.S. trade regulations prohibit certain transfers of U.S. technology technical data or software to U.S. embargoed states.
I am aware of Schlumberger's Trade Control Policy and the OFS Export Administration procedures with respect to U.S. embargoed states
and confirm that this transmission does not cause a prohibited transfer of technology technical data or software.
=========================================================================

Richard Morrison
Cold Fusion Programmer (SDS),
Schlumberger
 DRILLING SERVICES
P.O.Box 9261, Dubai. United Arab Emirates
Direct: 971 4 306 7127, Fax: 971 4 331 3614
Mobile: 971 50 62 10 869 .
=========================================================================
I understand that U.S. trade regulations prohibit certain transfers of U.S. technology technical data or software to U.S. embargoed states.
I am aware of Schlumberger's Trade Control Policy and the OFS Export Administration procedures with respect to U.S. embargoed states
and confirm that this transmission does not cause a prohibited transfer of technology technical data or software.
=========================================================================

Reply via email to