Hi Andrew, Thanks for the reply. I was just trying to set up a very simple HelloWorld test, and there is no code making url var lower case. What is your working environment? I am just wondering whehter there is some weird Coldfusion set up in my local box. Do you need to configure JRun to enable SSL in your coldfusion server?
Best, Xuejin Andrew Tillinghast wrote: > > I had a similar problem when implementing a custom CAS/CF connection > here. figured out that we had some code processing every url var and > making them lower case, the lower case ticket strings failed to pass > validate. > > -Andrew > > On May 18, 2009, at 7:17 PM, Xuejin Ruan wrote: > >> >> Actually the endless loop comes before serviceValidate function was >> called. >> It seems it happen in the fuction "login". When I get to CAS login >> page, if >> I enter an incorrect credential, it correctly returns me the message >> "The >> credentials you provided cannot be determined to be authentic." But >> if I >> enter correct credential, then you will see from Tomcat console that >> it >> keeps generating tickets, until at last it says "Page not found" >> with the >> address bar showing the target page >> "http://dprg110.ad.co.pierce.wa.us:8500/casTesting/";. (there were >> occations >> I got a ticket appended at the end of the URL) >> >> <cffunction name="login" access="public" output="no" returntype="void" >> hint="Call CAS login page"> >> <cfargument name="forceRenew" required="no" type="boolean" >> default="false" hint="Force them to provide primary authentication" /> >> <cflocation >> url="#Variables.cas_server#login? >> service=#Variables.service##Iif(Variables.renew >> OR >> Arguments >> .forceRenew >> ,DE >> ('&renew >> =true'),DE(''))##Iif(Variables.gateway,DE('&gateway=true'),DE(''))#" >> addtoken="no" /> >> </cffunction> >> >> I did try adding cfabort after </cfhttp>, it seems never get there. >> >> Thanks, >> >> Xuejin >> >> >> >> >> John Watson-13 wrote: >>> >>> Odd, please dump out the response that the CAS server returns. >>> >>> Add this: <cfdump var="#cfhttp.filecontent#" /><cfabort/> >>> after </cfhttp> in the "serviceValidate" function. >>> >>> It will dump out the raw cas response and stop processing. >>> >>> On Fri, May 15, 2009 at 12:11, Xuejin Ruan <[email protected]> >>> wrote: >>>> >>>> Hi John, >>>> >>>> Thanks so much for your reply. After I used keytool to create the >>>> self-authored server certificate, I did import it to all my >>>> different >>>> server's keystore, including coldfusion's keystore >>>> (C:\ColdFusion8\runtime\jre\lib\security\caserts). So I am >>>> wondering why >>>> Coldfusion's JRun server does not trust it. Did you do extra >>>> configuration >>>> for jrun.xml to enable SSL for Coldfusion? I checked the log file >>>> of >>>> Tomcat, and Coldfusion, and couldn't find any hint why the >>>> infinite loop >>>> was >>>> there. >>>> >>>> The following is the error message I got from Firefox browser (by >>>> the >>>> way, >>>> it is not cookie issue): >>>> Redirect Loop >>>> Firefox has detected that the server is redirecting the request >>>> for this >>>> address in a way that will never complete. >>>> The browser has stopped trying to retrieve the requested item. The >>>> site >>>> is >>>> redirecting the request in a way that will never complete. >>>> * Have you disabled or blocked cookies required by this site? >>>> * NOTE: If accepting the site's cookies does not resolve the >>>> problem, >>>> it >>>> is likely a server configuration issue and not your computer. >>>> >>>> Thanks again for your time. >>>> >>>> Xuejin >>>> >>>> >>>> >>>> John Watson-13 wrote: >>>>> >>>>> Thank you for trying out the client. >>>>> >>>>> I think the problem you're running into is ColdFusion's JRun server >>>>> does not trust your SSL cert that the tomcat server uses for CAS. >>>>> So >>>>> when ColdFusion tries to contact your CAS server it's not actually >>>>> getting a response for CAS but rather an error about an invalid >>>>> cert. >>>>> So the client gets stuck in an infinite loop trying to send user to >>>>> cas login, validate, fail validation, rinse and repeat. >>>>> >>>>> In my test environment I created my own CA and I import my CA's >>>>> cert >>>>> into all my different server's keystore so that any certs I sign >>>>> are >>>>> automatically trusted. >>>>> I run CentOS and used these instructions: >>>>> http://dev.antoinesolutions.com/openssl >>>>> >>>>> Then use: /opt/coldfusion8/runtime/jre/bin/keytool >>>>> To import the cert into: >>>>> /opt/coldfusion8/runtime/jre/lib/security/cacerts >>>>> Detailed instructions: >>>>> http://www.coldfusionmuse.com/index.cfm/2005/1/29/keystore >>>>> >>>>> Hope that solves your problem, >>>>> >>>>> John >>>>> >>>>> On Wed, May 13, 2009 at 12:18, Xuejin Ruan <[email protected]> >>>>> wrote: >>>>>> >>>>>> Hi John, >>>>>> >>>>>> Thanks so much for sharing the Coldfusion CAS Client Component >>>>>> with the >>>>>> community. I am new to CAS, but would like to explore the >>>>>> potential of >>>>>> using CAS as an SSO solution to our portal (which has Coldfusion >>>>>> as >>>>>> well >>>>>> as >>>>>> Java applications). This morning I was playing with CAS clients >>>>>> your >>>>>> wrote, >>>>>> and encountered some problem. I am wondering whether you could >>>>>> shed >>>>>> some >>>>>> lights on. >>>>>> >>>>>> The following is my basic environment: >>>>>> CAS server: 3.3.2 >>>>>> Coldfusion: 8 >>>>>> Tomcat: 6.0.18 >>>>>> >>>>>> I've downloaded cas server 3.3.2 and put the war file in Tomcat >>>>>> webapp >>>>>> directory. I also create a self-authored server certificate using >>>>>> Keytool. >>>>>> The CAS server is running fine. Then I download the cas.cfc >>>>>> component >>>>>> and >>>>>> put it in folder C:\ColdFusion8\CustomTags. I have a very simple >>>>>> application >>>>>> casTesting, which only has one file: index.cfm (output >>>>>> HelloWorld). I >>>>>> download Application.cfc and put in in the folder of casTesting. >>>>>> And I >>>>>> only >>>>>> made the following modification in Application.cfc: >>>>>> <cfset Variables.CAS_arguments = { cas_server = >>>>>> "https://<myServerName>:8443/cas", >>>>>> service = >>>>>> "http://<myServerName>:8500/casTesting", >>>>>> direct_forwarding = true } /> >>>>>> >>>>>> Then I tried to run the application: >>>>>> http://<myServerName>:8500/casTesting >>>>>> It got redirected to the CAS login page. I typed login >>>>>> credentials, and >>>>>> after a long long while, it returned the following url: >>>>>> http://<myServerName>:8500/casTesting?ticket=ST-4024- >>>>>> Or6y4zgpleq6MtM93qxr-cas >>>>>> >>>>>> And the page says: Page not found, connection failure. >>>>>> >>>>>> On Tomcat console window, it seems it is running a endless loop >>>>>> issueing >>>>>> ticket for the application until it timeouts. >>>>>> >>>>>> >>>>>> If I tried page: http://<myServerName>:8500/casTesting without >>>>>> having >>>>>> Application.cfc in the folder, HelloWorld did get displayed >>>>>> correctly. >>>>>> >>>>>> Am I missing something in the configuration? >>>>>> >>>>>> Thanks! >>>>>> >>>>>> Xuejin >>>>>> >>>>>> >>>>>> >>>>>> John Watson-13 wrote: >>>>>>> >>>>>>> I wrote a new ColdFusion CAS client in order to take advantage of >>>>>>> Single >>>>>>> Sign Out and Attribute releasing. Since I use an >>>>>>> Application.cfc in my >>>>>>> applications, I figured it was time to for the existing client >>>>>>> to be >>>>>>> rewritten as a ColdFusion component (CFC) and now I'm ready to >>>>>>> release >>>>>>> it >>>>>>> to >>>>>>> the community. >>>>>>> >>>>>>> I hope to hear feedback from the community and improvements/bug >>>>>>> fixes >>>>>>> are >>>>>>> very welcome. >>>>>>> >>>>>>> http://www.ja-sig.org/wiki/display/CASC/ColdFusion+CAS+Client+Component >>>>>>> John Watson >>>>>>> Jr. Web Developer >>>>>>> University of California, Merced >>>>>>> >>>>>>> -- >>>>>>> You are currently subscribed to [email protected] as: >>>>>>> [email protected] >>>>>>> To unsubscribe, change settings or access archives, see >>>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>>> >>>>>> >>>>>> -- >>>>>> View this message in context: >>>>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23526600.html >>>>>> Sent from the CAS Users mailing list archive at Nabble.com. >>>>>> >>>>>> >>>>>> -- >>>>>> You are currently subscribed to [email protected] as: >>>>>> [email protected] >>>>>> To unsubscribe, change settings or access archives, see >>>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>>> >>>>> >>>>> -- >>>>> You are currently subscribed to [email protected] as: >>>>> [email protected] >>>>> To unsubscribe, change settings or access archives, see >>>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>>> >>>>> >>>> >>>> -- >>>> View this message in context: >>>> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23565346.html >>>> Sent from the CAS Users mailing list archive at Nabble.com. >>>> >>>> >>>> -- >>>> You are currently subscribed to [email protected] as: >>>> [email protected] >>>> To unsubscribe, change settings or access archives, see >>>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>>> >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> >> -- >> View this message in context: >> http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23607021.html >> Sent from the CAS Users mailing list archive at Nabble.com. >> >> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- View this message in context: http://www.nabble.com/New-ColdFusion-CAS-Client-tp23343215p23678691.html Sent from the CAS Users mailing list archive at Nabble.com. -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
