| fsu torches | | florida state university |
  FSUID Home > Project Documentation > Project History > 09/28/2005 | Home | Search | Help | Contact || Home || Search || Help || Contact |


References

LDAP/eDir Documents
LDAP
Windows AD LDAP Schema

 
   
  

CAS/FSUID Authentication Sample Code
 

Below is the CAS/FSUID authentication sample code in Java, Perl, and ColdFusion. "How to log out of CAS" is on the bottom of this page. Here is the promised XML response sample and the XML response sample in development and staging from Blackboard CAS.
You also can refer to CAS Clients --By Yale to find more code and resources.

Sample code for Java applications:
//Here's a snippet of the code SecureLogin uses. It basically is just borrowed from the CAS home page. It uses the casclient.jar library that can also be found at the CAS Java Client website.

ServiceTicketValidator sv = new ServiceTicketValidator();
sv.setCasValidateUrl(CAS_VALIDATE);
String service = req.getRequestURL();
sv.setService(URLEncoder.encode(service,"UTF-8"));
sv.setServiceTicket(ticket);
sv.validate();
cas_xmlResponse = sv.getResponse();
if (sv.isAuthenticationSuccesful()) {
    uid =
    cas_xmlResponse.substring(
    cas_xmlResponse.indexOf("<cas:cn>") + 8,
    cas_xmlResponse.indexOf(
    "</cas:cn>"));
} else {
    cas_errorMessage = sv.getErrorMessage();
    cas_errorCode = sv.getErrorCode();
    System.out.println(cas_errorMessage);
    System.out.println(cas_errorCode);
}

Sample code for Perl applications:
$CASServer="bb5.fsu.edu";
$CASPort="443";
$em = $getHttpData{"em"};
$ser=$getHttpData{"service"};
if ($em ne ""){ #has error message
    $service=$ser;
    $service =~ s/\?/%3F/g;
    $service =~ s/\&/%26/g;
    print "Content-type: text/html\n\n";
    &printErr("Invalid credentials. Please <a href=\"$LOGIN_URI?service=$service\">try again</a>.");
    exit;
}
# Parse the query string to get the ticket, plus any GET variables
# to rebuild our service (needed for CAS).
if($ENV{"QUERY_STRING"} =~ /&/) {
    ($get,$ticket) = split(/&ticket=/,$ENV{"QUERY_STRING"},2);
} else {
    ($foo,$ticket) = split(/^ticket=/,$ENV{"QUERY_STRING"},2);
}

if($ticket eq "") { # if there's no ticket, redirect them to CAS
    print "Location: " . $LOGIN_URI . "?service=" . $service ;
    print "\n\n";
    exit;
}
# Validate through CAS
my ($page) = get_https( $CASServer, $CASPort, $CHECK_URI . "?service=$service&ticket=$ticket");
my $nextPage="https://" . $ENV{"HTTP_HOST"} . "/cgi-bin/identity/pageFileName.cgi";

if ($page=~ /\<cas:cn\>/){

    ($foo1, $cn, $foo2)=split("cas:cn\>", $page, 3);
    #store $cn to perl application session ...
    chop($cn); chop($cn);
    $session = new CGI::Session(...);
    $SId = $session->id();
    $session->param(-name=>"FSUID", -value=>$cn);
    print "Location: https://" . $CASServer . ":" . $CASPort . "/cas/login?service=" . $nextPage . "?sid=" . $SId ;
    print "\n\n";

} else {
    print "Location: https://". $ENV{"HTTP_HOST"} . "/home/index.html";
    print "\n\n";
}

Sample code for ColdFusion applications:
<!---
*******************************************************
Create your cfapplication tag. This will enable Session management, cookies, and other application specific requirements
Please do the following:
Rename the application to something unique
*******************************************************
//--->
    <cfapplication name='Example_App' clientmanagement="yes"
    sessionmanagement="yes" setdomaincookies="no"
    loginstorage="session" setclientcookies="yes">
<!---
*******************************************************
The production CAS server for FSU
*******************************************************
//--->
    <CFSET Session.Cas_Server = "https://bb5.fsu.edu/cas/">
<!---
*******************************************************
Create your custom error page. This is a requirement for production level applications. To see the CF debug information, change the variable errorcontrol to 0
*******************************************************
//--->
    <CFSET errorcontrol=1>
    <CFIF errorcontrol IS 1>
      <CFERROR type="exception" template="error.cfm" mailto="xxx@admin.fsu.edu">
    </CFIF>
<!---
*******************************************************
Set the session.force_auth parameter and set it to 0.
This is done because of blackboard and logout problems.
When coming from blackboard, a url variable, force_auth is set to 1. This will set the session.force_auth to 1 and force a CAS recheck to give you a new ticket.
*******************************************************
//--->
    <cflock timeout='180' scope='session' type='EXCLUSIVE'>
      <cfparam name="session.force_auth" default=0>
    </cflock>
    <CFIF parameterexists(url.force_auth)>
      <CFSET session.force_auth=1>
    </CFIF>
<!---
*******************************************************
Set the Auth_Username parameter and set it to "" if the session of the same name does not exists, else set it to the session of the same name.
*******************************************************
//--->
    <cflock scope="Session" type="ReadOnly" timeout="30" throwontimeout="no">
      <cfset Auth_Username=Iif(IsDefined("Session.Auth_Username"),"Session.Auth_Username",DE(""))>
    </cflock>
    <cfset ticket=Iif(IsDefined("URL.ticket"),"URL.ticket",DE(""))>
    <cfif Auth_Username EQ "" OR ticket NEQ "" OR session.force_auth IS 1>
      <cfset MyServer = "http://#CGI.SERVER_NAME#/dsa/RSO/">
    <!--- Check for ticket returned by CAS redirect --->
      <cfif ticket EQ "">
      <!--- No session, no ticket, Redirect to CAS Logon page --->
        <cfset casurl = #CAS_Server# & "login?" & "service=" & #MyServer#>
        <cflocation url="#casurl#" addtoken="no">
      <cfelse>
      <!--- Back from CAS, validate ticket and get userid (CN attribute) --->
        <cfset casurl = #CAS_Server# & "serviceValidate?ticket=" & #URL.ticket# & "&" & "service=" & #MyServer#>
        <cfhttp url="#casurl#" method="get"></cfhttp>
        <cfset objXML = xmlParse(cfhttp.filecontent)>
        <cfset SearchResults = XmlSearch(objXML,"cas:serviceResponse/cas:authenticationSuccess/cas:cn")>
        <cfif NOT ArrayIsEmpty(SearchResults)>
          <cfset cn = #SearchResults[1].XmlText#>
          <cflock timeout=20 scope="Session" type="Exclusive">
            <cfoutput>
              <cfset Session.Auth_Username=#cn#>
            </cfoutput>
          </cflock>
        <cfelse>
          <cfset casurl = #CAS_Server# & "login?" & "service=" & #MyServer# >
          <cflocation url="#casurl#" addtoken="no">
        </cfif>
        <CFSET session.force_auth=0>
      </cfif>
    </cfif>

How to log out of CAS:
Just call "https://bb5.fsu.edu/cas/logout" with "service" set to wherever you want them to go.

For example: https://bb5.fsu.edu/cas/logout?service=http://campus.fsu.edu

NOTE: Remember to log them out (kill session) on your local application before you send them to CAS logout.
     
FSU | UCS | IS | OMNI | FSUCard | Comments | ©Copyright
| florida state university |