Awesome, not yet into the user system thing yet but I'm sure this will be of use when i do.
Thanks! On Nov 19, 10:12 pm, "Tomek Kott" <[EMAIL PROTECTED]> wrote: > Hi All, > > For the website I am developing, I had a rather unique situation in which > there is a built in Central Authentication System (CAS) that takes care of > passwords/userid's and things like that. On the other hand, profile > information (such as First Name / Last Name) and group information are > located in an LDAP system. Additionally, I had to first only allow a certain > subset of users from CAS to log in, and secondly I had to separate those > that could log in into two groups based on some membership data from the FC > installation. So, the process by which this all occurs is also independent > of the FarCry login screen (in a sense): > > 1) Users browse to custom displayPageLogin (dmHTML) type, and submit their > username. > 2) The same page processes the input to check against LDAP if they are in > the correct group. > 3) If it's in the correct group, the user is forwarded to the FarCry login > screen, which immediately forwards onto the CAS service (this is required so > that the CAS always sees one page, FC Login, as its requestor) > 4) User logs in through CAS, upon success gets forwarded back through FC > Login to the default page specified in the displayLogin type of dmHTML > (i.e., the FC Login webskin) > 5) User is then logged into the public "back-end" (i.e. not the webtop) > without seeing the webtop interface. > > To do this, I created a custom UD called CASLDAPUD. I then mapped the right > roles onto the UD Groups (which are defined by hand for my purposes) > > Attached to this post is the CASLDAPUD cfc page, and detailed below is the > relevant portion of the displayPageLogin and displayLogin. I have taken out > the things that need to be changed for your own ldap servers, and other page > fu etc. and replaced with XXX. So just search for those and you should be > able to implement the solution. > > Finally, this is all sort of 'beta' stage, as I would love to get things > working with a config on the front for most of these things to be changed > easily. > > Hope this helps someone somewhere! > > Best, > > Tomek > > displayPageLogin: > <ft:processform action="Login"> > <cfldap > server = "XXX" > port = "389" > action = "query" > name = "results" > start = "XXX" > filter = "XXX" > attributes = "*"> > <cfif results.RecordCount> > <!---No ticket and no session.ident variable: redirect > to CAS---> > > <cflocation > url="/farcry/core/webtop/login.cfm?ud=CASLDAPUD&uid=#form.userid#" > addtoken="no"> > </cfif> > </ft:processform> > <ft:form name="useridInput" action="XXX"> > <cfoutput><input class="required" type="string" > name="userid" /></cfoutput> > <ft:button value="Login" /> > </ft:form> > > displayLogin > > <cfset session.loginReturnURL = "XXX" /> > <cfset session.loginReturnURL = replace( session.loginReturnURL, > "logout=1", "" ) /> > <cfset session.loginReturnURL = replace( session.loginReturnURL, "&&", > "" ) /> > > CASLDAPUD.cfc > 7KViewDownload --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "farcry-dev" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/farcry-dev?hl=en -~----------~----~----~----~------~----~------~--~---
