Hi John,
Thanks so much for your reply. After I used keytool to create the
self-authored server certificate, I did import it to all my different
server's keystore, including coldfusion's keystore
(C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am wondering why
Coldfusion's JRun server does not trust it. Did you do extra configuration
for jrun.xml to enable SSL for Coldfusion? I checked the log file of
Tomcat, and Coldfusion, and couldn't find any hint why the infinite loop was
there.
The following is the error message I got from Firefox browser (by the way,
it is not cookie issue):
Redirect Loop
Firefox has detected that the server is redirecting the request for this
address in a way that will never complete.
The browser has stopped trying to retrieve the requested item. The site is
redirecting the request in a way that will never complete.
* Have you disabled or blocked cookies required by this site?
* NOTE: If accepting the site's cookies does not resolve the problem, it
is likely a server configuration issue and not your computer.
Thanks again for your time.
Xuejin
John Watson-13 wrote:
>
> Thank you for trying out the client.
>
> I think the problem you're running into is ColdFusion's JRun server
> does not trust your SSL cert that the tomcat server uses for CAS. So
> when ColdFusion tries to contact your CAS server it's not actually
> getting a response for CAS but rather an error about an invalid cert.
> So the client gets stuck in an infinite loop trying to send user to
> cas login, validate, fail validation, rinse and repeat.
>
> In my test environment I created my own CA and I import my CA's cert
> into all my different server's keystore so that any certs I sign are
> automatically trusted.
> I run CentOS and used these instructions:
> http://dev.antoinesolutions.com/openssl
>
> Then use: /opt/coldfusion8/runtime/jre/bin/keytool
> To import the cert into: /opt/coldfusion8/runtime/jre/lib/security/cacerts
> Detailed instructions:
> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore
>
> Hope that solves your problem,
>
> John
>
> On Wed, May 13, 2009 at 12:18, Xuejin Ruan <[email protected]> wrote:
>>
>> Hi John,
>>
>> Thanks so much for sharing the Coldfusion CAS Client Component with the
>> community. I am new to CAS, but would like to explore the potential of
>> using CAS as an SSO solution to our portal (which has Coldfusion as well
>> as
>> Java applications). This morning I was playing with CAS clients your
>> wrote,
>> and encountered some problem. I am wondering whether you could shed some
>> lights on.
>>
>> The following is my basic environment:
>> CAS server: 3.3.2
>> Coldfusion: 8
>> Tomcat: 6.0.18
>>
>> I've downloaded cas server 3.3.2 and put the war file in Tomcat webapp
>> directory. I also create a self-authored server certificate using
>> Keytool.
>> The CAS server is running fine. Then I download the cas.cfc component and
>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple
>> application
>> casTesting, which only has one file: index.cfm (output HelloWorld). I
>> download Application.cfc and put in in the folder of casTesting. And I
>> only
>> made the following modification in Application.cfc:
>> <cfset Variables.CAS_arguments = { cas_server =
>> "https://<myServerName>:8443/cas",
>> service =
>> "http://<myServerName>:8500/casTesting",
>> direct_forwarding = true } />
>>
>> Then I tried to run the application:
>> http://<myServerName>:8500/casTesting
>> It got redirected to the CAS login page. I typed login credentials, and
>> after a long long while, it returned the following url:
>> http://<myServerName>:8500/casTesting?ticket=ST-4024-Or6y4zgpleq6MtM93qxr-cas
>>
>> And the page says: Page not found, connection failure.
>>
>> On Tomcat console window, it seems it is running a endless loop issueing
>> ticket for the application until it timeouts.
>>
>>
>> If I tried page: http://<myServerName>:8500/casTesting without having
>> Application.cfc in the folder, HelloWorld did get displayed correctly.
>>
>> Am I missing something in the configuration?
>>
>> Thanks!
>>
>> Xuejin
>>
>>
>>
>> John Watson-13 wrote:
>>>
>>> I wrote a new ColdFusion CAS client in order to take advantage of Single
>>> Sign Out and Attribute releasing. Since I use an Application.cfc in my
>>> applications, I figured it was time to for the existing client to be
>>> rewritten as a ColdFusion component (CFC) and now I'm ready to release
>>> it
>>> to
>>> the community.
>>>
>>> I hope to hear feedback from the community and improvements/bug fixes
>>> are
>>> very welcome.
>>>
>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component
>>> John Watson
>>> Jr. Web Developer
>>> University of California, Merced
>>>
>>> --
>>> You are currently subscribed to [email protected] as:
>>> [email protected]
>>> To unsubscribe, change settings or access archives, see
>>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html
>> Sent from the CAS Users mailing list archive at Nabble.com.
>>
>>
>> --
>> You are currently subscribed to [email protected] as:
>> [email protected]
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-user
>>
>
> --
> You are currently subscribed to [email protected] as:
> [email protected]
> To unsubscribe, change settings or access archives, see
> http://www.ja-sig.org/wiki/display/JSG/cas-user
>
>
--
View this message in context:
http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html
Sent from the CAS Users mailing list archive at Nabble.com.
--
You are currently subscribed to [email protected] as:
[email protected]
To unsubscribe, change settings or access archives, see
http://www.ja-sig.org/wiki/display/JSG/cas-user
