Hi All, For the website I am developing, I had a rather unique situation in which there is a built in Central Authentication System (CAS) that takes care of passwords/userid's and things like that. On the other hand, profile information (such as First Name / Last Name) and group information are located in an LDAP system. Additionally, I had to first only allow a certain subset of users from CAS to log in, and secondly I had to separate those that could log in into two groups based on some membership data from the FC installation. So, the process by which this all occurs is also independent of the FarCry login screen (in a sense):
1) Users browse to custom displayPageLogin (dmHTML) type, and submit their
username.
2) The same page processes the input to check against LDAP if they are in
the correct group.
3) If it's in the correct group, the user is forwarded to the FarCry login
screen, which immediately forwards onto the CAS service (this is required so
that the CAS always sees one page, FC Login, as its requestor)
4) User logs in through CAS, upon success gets forwarded back through FC
Login to the default page specified in the displayLogin type of dmHTML
(i.e., the FC Login webskin)
5) User is then logged into the public "back-end" (i.e. not the webtop)
without seeing the webtop interface.
To do this, I created a custom UD called CASLDAPUD. I then mapped the right
roles onto the UD Groups (which are defined by hand for my purposes)
Attached to this post is the CASLDAPUD cfc page, and detailed below is the
relevant portion of the displayPageLogin and displayLogin. I have taken out
the things that need to be changed for your own ldap servers, and other page
fu etc. and replaced with XXX. So just search for those and you should be
able to implement the solution.
Finally, this is all sort of 'beta' stage, as I would love to get things
working with a config on the front for most of these things to be changed
easily.
Hope this helps someone somewhere!
Best,
Tomek
displayPageLogin:
<ft:processform action="Login">
<cfldap
server = "XXX"
port = "389"
action = "query"
name = "results"
start = "XXX"
filter = "XXX"
attributes = "*">
<cfif results.RecordCount>
<!---No ticket and no session.ident variable: redirect
to CAS--->
<cflocation
url="/farcry/core/webtop/login.cfm?ud=CASLDAPUD&uid=#form.userid#"
addtoken="no">
</cfif>
</ft:processform>
<ft:form name="useridInput" action="XXX">
<cfoutput><input class="required" type="string"
name="userid" /></cfoutput>
<ft:button value="Login" />
</ft:form>
displayLogin
<cfset session.loginReturnURL = "XXX" />
<cfset session.loginReturnURL = replace( session.loginReturnURL,
"logout=1", "" ) />
<cfset session.loginReturnURL = replace( session.loginReturnURL, "&&",
"" ) />
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"farcry-dev" group.
To post to this group, send email to farcry-dev@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/farcry-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
CASLDAPUD.cfc
Description: Binary data
