SSO with ColdFusion
Contents |
Using SSO Functionality with ColdFusion
Single sign-on (SSO) functionality was added to EZproxy in version 4.0b (2006-08-18) allowing for the secure transfer of user authentication information to other systems.
There are currently no native ColdFusion scripts written to use this functionality. The following shows how to achieve this using Perl - requiring slight modifications to the perl scripts written by Chris.
Prerequisites
Perl
You need to have Perl/CGI set up to work with your web server.
For Windows Server 2003 & IIS I followed the guide at http://www.visualwin.com/Perl/
The following packages then need to be added to your ActivePerl installation (Download & Install Instructions):
- CGI/Session
- Crypt/CBC
- Crypt/DES
- Crypt/DES_EDE3
Modify the default Perl scripts
- To make the perl scripts work you need to replace "#!/usr/bin/perl -T" with "#!C:\Perl\bin\perl.exe"
- Put the perl files into the cgi-bin directory
ssotest.cgi
- line 6:
require '/var/www/cgi-bin/SSO.pm';: change the path to SSO.pm - line 12:
my $key = "abcdefghijklmnopqrstuvwx";: change the key to match your ezproxy.cfg config entry - line 32: replace blank line with
print "Content-type: text/html\n\n"; - line 34: change
print "Location: http://ezproxy.yourlib.org/sso/perl\n\n";toprint "";- If the user is not logged in your CF code will do the redirection
- line 38: delete this line (already sent this header on line 32)
- line 40: replace
print "Hello user *** $user ***\n";withprint $user;
After this - my file ended up looking like
#!C:\Perl\bin\perl.exe
use strict;
use CGI;
use CGI::Session;
require "ezproxySSO.pm";
# This key value must match to the same one in ezproxy.cfg
# The following demo assumes that ezproxy.cfg contains
# SSO -URL=http://gw.usefulutilties.com/cgi-bin/ssotest.cgi -Secret=abcdefghijklmnopqrstuvwx perl
# The key value must always be exactly 24 characters
my $key = "godihopethisworksprobnot";
my $q = new CGI;
my $sid = $q->cookie("CGISESSID") || undef;
my $session = new CGI::Session(undef, $sid, {Directory=>'/tmp'});
if ($sid ne $session->id) {
print "Set-Cookie: ", $q->cookie(CGISESSID => $session->id), "\n";
}
if ($q->param("sso") ne "" && $q->param("ts") ne "") {
my $sso = new EZproxy::SSO;
$sso->decode($q->param("sso"), $q->param("ts"), $key);
if ($sso->user() ne "" && $sso->expired() == 0) {
$session->param("user", $sso->user());
}
}
my $user = $session->param("user");
print "Content-type: text/html\n\n";
if ($user eq "") {
print "";
exit();
}
print $user;
CFML Files
In this simple example there are 2 CFML files in the same directory: index.cfm & login.cfm. you will need to change my.ezproxy.edu.au to your ezproxy server name & my.coldfusion.web.site to your web site in login.cfm.
index.cfm
<cfif isdefined('session.username')>
<cfoutput>
<h1>The user is logged in as #session.username#</h1>
<h2>The Query String is: #cgi.QUERY_STRING#</h2>
</cfoutput>
<cfelse>
<cfinclude template="login.cfm">
</cfif>
login.cfm
<cfif cgi.SERVER_PORT_SECURE eq 1>
<cfset prot = "https://">
<cfelse>
<cfset prot = "http://">
</cfif>
<cfset cx = URLEncodedFormat('#prot##cgi.HTTP_HOST#:#cgi.SERVER_PORT##cgi.SCRIPT_NAME#?#cgi.QUERY_STRING#')>
<cfset ssoURL = "http://my.ezproxy.edu.au/sso/CFLogin?context=#cx#">
<cfset loginResponse = ''>
<cfset mQS = ''>
<cfif isdefined('url.SSO')>
<cfset mQS = '?#cgi.QUERY_STRING#'>
<cfhttp method="Get"
url='http://my.coldfusion.web.site/cgi-bin/ssotest.cgi#mQS#'
resolveurl="Yes">
</cfhttp>
<cfset loginResponse = trim(#cfhttp.filecontent#)>
<cfelse>
<cfset session.origContext = #cx#>
<cflocation url="#ssoURL#" addtoken="no">
<cfabort>
</cfif>
<cfset session.ssoUser = "">
<cfif loginResponse EQ "">
<!--- no response - so not logged in --->
<cflocation url="#ssoURL#" addtoken="no">
<cfelse>
<!---
***** got a response - so logged in!
--->
<cfset session.username = "#loginResponse#">
<cfset origURL = URLDecode("#session.origContext#")>
<cflocation url="#origURL#" addtoken="No">
</cfif>
EZproxy Configuration
All that is left to do now is configure EZproxy to allow this SSO.
ezproxy.cfg
T Test CF SSO SSO -Secret=godihopethisworksprobnot -URL=http://my.coldfusion.web.site/login.cfm CFLogin
Now restart EZproxy and test it out at http://my.coldfusion.web.site/index.cfm
