Odd, please dump out the response that the CAS server returns. Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/> after </cfhttp> in the "serviceValidate" function.
It will dump out the raw cas response and stop processing. On Fri, May 15, 2009 at 12:11, Xuejin Ruan <[email protected]> wrote: > > Hi John, > > Thanks so much for your reply. After I used keytool to create the > self-authored server certificate, I did import it to all my different > server's keystore, including coldfusion's keystore > (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am wondering why > Coldfusion's JRun server does not trust it. Did you do extra configuration > for jrun.xml to enable SSL for Coldfusion? I checked the log file of > Tomcat, and Coldfusion, and couldn't find any hint why the infinite loop was > there. > > The following is the error message I got from Firefox browser (by the way, > it is not cookie issue): > Redirect Loop > Firefox has detected that the server is redirecting the request for this > address in a way that will never complete. > The browser has stopped trying to retrieve the requested item. The site is > redirecting the request in a way that will never complete. > * Have you disabled or blocked cookies required by this site? > * NOTE: If accepting the site's cookies does not resolve the problem, it > is likely a server configuration issue and not your computer. > > Thanks again for your time. > > Xuejin > > > > John Watson-13 wrote: >> >> Thank you for trying out the client. >> >> I think the problem you're running into is ColdFusion's JRun server >> does not trust your SSL cert that the tomcat server uses for CAS. So >> when ColdFusion tries to contact your CAS server it's not actually >> getting a response for CAS but rather an error about an invalid cert. >> So the client gets stuck in an infinite loop trying to send user to >> cas login, validate, fail validation, rinse and repeat. >> >> In my test environment I created my own CA and I import my CA's cert >> into all my different server's keystore so that any certs I sign are >> automatically trusted. >> I run CentOS and used these instructions: >> http://dev.antoinesolutions.com/openssl >> >> Then use: /opt/coldfusion8/runtime/jre/bin/keytool >> To import the cert into: /opt/coldfusion8/runtime/jre/lib/security/cacerts >> Detailed instructions: >> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore >> >> Hope that solves your problem, >> >> John >> >> On Wed, May 13, 2009 at 12:18, Xuejin Ruan <[email protected]> wrote: >>> >>> Hi John, >>> >>> Thanks so much for sharing the Coldfusion CAS Client Component with the >>> community. I am new to CAS, but would like to explore the potential of >>> using CAS as an SSO solution to our portal (which has Coldfusion as well >>> as >>> Java applications). This morning I was playing with CAS clients your >>> wrote, >>> and encountered some problem. I am wondering whether you could shed some >>> lights on. >>> >>> The following is my basic environment: >>> CAS server: 3.3.2 >>> Coldfusion: 8 >>> Tomcat: 6.0.18 >>> >>> I've downloaded cas server 3.3.2 and put the war file in Tomcat webapp >>> directory. I also create a self-authored server certificate using >>> Keytool. >>> The CAS server is running fine. Then I download the cas.cfc component and >>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple >>> application >>> casTesting, which only has one file: index.cfm (output HelloWorld). I >>> download Application.cfc and put in in the folder of casTesting. And I >>> only >>> made the following modification in Application.cfc: >>> <cfset Variables.CAS_arguments = { cas_server = >>> "https://<myServerName>:8443/cas", >>> service = >>> "http://<myServerName>:8500/casTesting", >>> direct_forwarding = true } /> >>> >>> Then I tried to run the application: >>> http://<myServerName>:8500/casTesting >>> It got redirected to the CAS login page. I typed login credentials, and >>> after a long long while, it returned the following url: >>> http://<myServerName>:8500/casTesting?ticket=ST-4024-Or6y4zgpleq6MtM93qxr-cas >>> >>> And the page says: Page not found, connection failure. >>> >>> On Tomcat console window, it seems it is running a endless loop issueing >>> ticket for the application until it timeouts. >>> >>> >>> If I tried page: http://<myServerName>:8500/casTesting without having >>> Application.cfc in the folder, HelloWorld did get displayed correctly. >>> >>> Am I missing something in the configuration? >>> >>> Thanks! >>> >>> Xuejin >>> >>> >>> >>> John Watson-13 wrote: >>>> >>>> I wrote a new ColdFusion CAS client in order to take advantage of Single >>>> Sign Out and Attribute releasing. Since I use an Application.cfc in my >>>> applications, I figured it was time to for the existing client to be >>>> rewritten as a ColdFusion component (CFC) and now I'm ready to release >>>> it >>>> to >>>> the community. >>>> >>>> I hope to hear feedback from the community and improvements/bug fixes >>>> are >>>> very welcome. >>>> >>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component >>>> John Watson >>>> Jr. Web Developer >>>> University of California, Merced >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>> >>> -- >>> View this message in context: >>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html >>> Sent from the CAS Users mailing list archive at Nabble.com. >>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > > -- > View this message in context: > http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html > Sent from the CAS Users mailing list archive at Nabble.com. > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
