Shibboleth and coldfusion

352 views
Skip to first unread message

Alli

unread,
Feb 3, 2015, 2:16:11 PM2/3/15
to tac...@googlegroups.com

Does anyone have experience using shibboleth and coldfusion?

 

We’re looking into using SSO for one of our sites but I have no experience with it. I’m working with someone on campus but he doesn’t know coldfusion.

 

Primarily, I’m interested in how to access the shibboleth variables being passed along.

 

Any help is appreciated,

Alli

 



Alli Hearne                                        
Asst. Network Administrator    
University of North Carolina      
Dept. of Family Medicine

 

David E. Crawford

unread,
Feb 3, 2015, 2:55:24 PM2/3/15
to tac...@googlegroups.com
It kind of all depends. In most cases the Shibboleth variables are set as Environment variables or can be set as HTTP Headers. So accessing the shibboleth values is as simple as accessing a CGI variable.

DEC
=============
Dave Crawford, PMP
Sent from my iPhone
--
Upcoming events: http://www.meetup.com/Triangle-Area-ColdFusion-Users-Group/
Follow us on Twitter: @tacfug
---
You received this message because you are subscribed to the Google Groups "TACFUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tacfug+un...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

John Gerald

unread,
Oct 24, 2016, 1:09:18 PM10/24/16
to TACFUG
Alli,

I have just started a new SSO project for one of my customers on CF10. I found your post and wondered if you have resolved the issue with parsing the SAMLResponse from the Shibboleth header file being sent from the IDP?
I have tried many solutions but the getHTTPRequestData has a known bug that has been documented for a while and I am simply not finding any solution.

Please let me know if you were able to resolve this and if so how.

Thanks
John Gerald
NetHomeFX

David E. Crawford

unread,
Oct 24, 2016, 1:32:30 PM10/24/16
to tac...@googlegroups.com
The easiest way with CF in my experience is to have shibboleth parse the assertion and then have CF leverage HTTP header variables generated by shibboleth. While it is not impossible to parse an assertion with CF, it isn't the easiest tool for the job.


DEC
=============
Dave Crawford, PMP
Sent from my iPhone
--

Jim Priest

unread,
Oct 24, 2016, 1:32:37 PM10/24/16
to tac...@googlegroups.com
Hopefully maybe Byron or someone else from UNC will chip in. I know we were successfully using Shibboleth out there at one time. 

Jim



--
Upcoming events: http://www.meetup.com/Triangle-Area-ColdFusion-Users-Group/
Follow us on Twitter: @tacfug
---
You received this message because you are subscribed to the Google Groups "TACFUG" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tacfug+unsubscribe@googlegroups.com.

Alli

unread,
Oct 25, 2016, 7:31:59 AM10/25/16
to tac...@googlegroups.com

John,

We had to put this project on indefinite hold while we focused on other projects, so the answer is no.

We hope to pick this project up in the near future. I was able to get a response from someone about the variables. Here’s what they sent me (specific to my environment). Sorry I couldn’t be more helpful. Hope this helps:

 

Generally for coldfusion you can use something like CGI.SHIB_AFFILIATION. REMOTE_USER will give you the ON...@unc.edu.

 

I get the onyen as #uid#, as seen below:

 

<cflogin>

        <cfif IsDefined("remote_user")>

       <cfquery name="getuserinfo" datasource="#APPLICATION.datasource#">

        SELECT user_level, user_onyen, user_ID

        FROM users

        WHERE user_onyen = '#uid#'

        </cfquery>

                                                                                <cfif getuserinfo.recordCount eq 1>                                                      

                                                                                <cfloginuser

                                                                                                                name="#uid#"

                                                                                                                password=""

                                                                                                                roles="#getuserinfo.user_level#">                                                        

                                                                                                               <cfset SESSION.auth = structNew()>

                                                                                                                <cfset SESSION.auth.onyen = uid>        

                                                                                                                <cfset SESSION.auth.role = getuserinfo.user_level>

                                                                                                                <cfelse> 

                                                                                                 <p>Sorry, you are not authorized to access this application. Please try again.</p>

                                                                                                <cfabort>

                                                                                                </cfif>

                                                                                <cfelse>

           <p>Sorry, you are not logged in to this application. Please try again.</p>

           <cfabort>                                                                

         </cfif>

    </cflogin>

--

Upcoming events: http://www.meetup.com/Triangle-Area-ColdFusion-Users-Group/
Follow us on Twitter: @tacfug
---
You received this message because you are subscribed to the Google Groups "TACFUG" group.

To unsubscribe from this group and stop receiving emails from it, send an email to tacfug+un...@googlegroups.com.

John Gerald

unread,
Oct 25, 2016, 9:28:54 AM10/25/16
to tac...@googlegroups.com

Thanks Alli,

 

Once I find a solution I will post it.

 

Thanks

 

John Gerald

NetHomeFX, LLC

832-657-4446

jge...@nethomefx.com

You received this message because you are subscribed to a topic in the Google Groups "TACFUG" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/tacfug/3s5jlI0xOS4/unsubscribe.
To unsubscribe from this group and all its topics, send an email to tacfug+un...@googlegroups.com.


For more options, visit https://groups.google.com/d/optout.



Avast logo

This email has been checked for viruses by Avast antivirus software.
www.avast.com


Reply all
Reply to author
Forward
0 new messages