In our case both services, coldfusion and cas, are coming from a host
with genuine SSL cert so we didn't have any issues with a self signed
certificate.
We set up CF 7.0 with the old client and now CF 8.0 with the client.
Before we tried the CF client we connected liferay as a client to our
CAS server so we knew CAS was working.
-Andrew
On May 22, 2009, at 6:14 PM, Xuejin Ruan wrote:
Hi Andrew,
Thanks for the reply. I was just trying to set up a very simple
HelloWorld
test, and there is no code making url var lower case. What is your
working
environment? I am just wondering whehter there is some weird
Coldfusion set
up in my local box. Do you need to configure JRun to enable SSL in
your
coldfusion server?
Best,
Xuejin
Andrew Tillinghast wrote:
I had a similar problem when implementing a custom CAS/CF connection
here. figured out that we had some code processing every url var and
making them lower case, the lower case ticket strings failed to pass
validate.
-Andrew
On May 18, 2009, at 7:17 PM, Xuejin Ruan wrote:
Actually the endless loop comes before serviceValidate function was
called.
It seems it happen in the fuction "login". When I get to CAS login
page, if
I enter an incorrect credential, it correctly returns me the message
"The
credentials you provided cannot be determined to be authentic." But
if I
enter correct credential, then you will see from Tomcat console that
it
keeps generating tickets, until at last it says "Page not found"
with the
address bar showing the target page
"http://dprg110.ad.co.pierce.wa.us:8500/casTesting/";. (there were
occations
I got a ticket appended at the end of the URL)
<cffunction name="login" access="public" output="no"
returntype="void"
hint="Call CAS login page">
<cfargument name="forceRenew" required="no" type="boolean"
default="false" hint="Force them to provide primary
authentication" />
<cflocation
url="#Variables.cas_server#login?
service=#Variables.service##Iif(Variables.renew
OR
Arguments
.forceRenew
,DE
('&renew
=true'),DE(''))##Iif(Variables.gateway,DE('&gateway=true'),DE(''))#"
addtoken="no" />
</cffunction>
I did try adding cfabort after </cfhttp>, it seems never get there.
Thanks,
Xuejin
John Watson-13 wrote:
Odd, please dump out the response that the CAS server returns.
Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/>
after </cfhttp> in the "serviceValidate" function.
It will dump out the raw cas response and stop processing.
On Fri, May 15, 2009 at 12:11, Xuejin Ruan <[email protected]>
wrote:
Hi John,
Thanks so much for your reply. After I used keytool to create the
self-authored server certificate, I did import it to all my
different
server's keystore, including coldfusion's keystore
(C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am
wondering why
Coldfusion's JRun server does not trust it. Did you do extra
configuration
for jrun.xml to enable SSL for Coldfusion? I checked the log file
of
Tomcat, and Coldfusion, and couldn't find any hint why the
infinite loop
was
there.
The following is the error message I got from Firefox browser (by
the
way,
it is not cookie issue):
Redirect Loop
Firefox has detected that the server is redirecting the request
for this
address in a way that will never complete.
The browser has stopped trying to retrieve the requested item. The
site
is
redirecting the request in a way that will never complete.
* Have you disabled or blocked cookies required by this site?
* NOTE: If accepting the site's cookies does not resolve the
problem,
it
is likely a server configuration issue and not your computer.
Thanks again for your time.
Xuejin
John Watson-13 wrote:
Thank you for trying out the client.
I think the problem you're running into is ColdFusion's JRun
server
does not trust your SSL cert that the tomcat server uses for CAS.
So
when ColdFusion tries to contact your CAS server it's not
actually
getting a response for CAS but rather an error about an invalid
cert.
So the client gets stuck in an infinite loop trying to send
user to
cas login, validate, fail validation, rinse and repeat.
In my test environment I created my own CA and I import my CA's
cert
into all my different server's keystore so that any certs I sign
are
automatically trusted.
I run CentOS and used these instructions:
http://dev.antoinesolutions.com/openssl
Then use: /opt/coldfusion8/runtime/jre/bin/keytool
To import the cert into:
/opt/coldfusion8/runtime/jre/lib/security/cacerts
Detailed instructions:
http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
Hope that solves your problem,
John
On Wed, May 13, 2009 at 12:18, Xuejin Ruan
<[email protected]>
wrote:
Hi John,
Thanks so much for sharing the Coldfusion CAS Client Component
with the
community. I am new to CAS, but would like to explore the
potential of
using CAS as an SSO solution to our portal (which has Coldfusion
as
well
as
Java applications). This morning I was playing with CAS clients
your
wrote,
and encountered some problem. I am wondering whether you could
shed
some
lights on.
The following is my basic environment:
CAS server: 3.3.2
Coldfusion: 8
Tomcat: 6.0.18
I've downloaded cas server 3.3.2 and put the war file in Tomcat
webapp
directory. I also create a self-authored server certificate
using
Keytool.
The CAS server is running fine. Then I download the cas.cfc
component
and
put it in folder C:\ColdFusion8\CustomTags. I have a very simple
application
casTesting, which only has one file: index.cfm (output
HelloWorld). I
download Application.cfc and put in in the folder of casTesting.
And I
only
made the following modification in Application.cfc:
<cfset Variables.CAS_arguments = { cas_server =
"https://<myServerName>:8443/cas",
service =
"http://<myServerName>:8500/casTesting",
direct_forwarding = true } />
Then I tried to run the application:
http://<myServerName>:8500/casTesting
It got redirected to the CAS login page. I typed login
credentials, and
after a long long while, it returned the following url:
http://<myServerName>:8500/casTesting?ticket=ST-4024-
Or6y4zgpleq6MtM93qxr-cas
And the page says: Page not found, connection failure.
On Tomcat console window, it seems it is running a endless loop
issueing
ticket for the application until it timeouts.
If I tried page: http://<myServerName>:8500/casTesting without
having
Application.cfc in the folder, HelloWorld did get displayed
correctly.
Am I missing something in the configuration?
Thanks!
Xuejin
John Watson-13 wrote:
I wrote a new ColdFusion CAS client in order to take
advantage of
Single
Sign Out and Attribute releasing. Since I use an
Application.cfc in my
applications, I figured it was time to for the existing client
to be
rewritten as a ColdFusion component (CFC) and now I'm ready to
release
it
to
the community.
I hope to hear feedback from the community and improvements/bug
fixes
are
very welcome.
http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
John Watson
Jr. Web Developer
University of California, Merced
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
View this message in context:
http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
View this message in context:
http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
View this message in context:
http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23607021.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
View this message in context:
http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23678691.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
