QueryString = Trim(CGI.QUERY_STRING); //strip the ticket off the query string if it exists TicketIndex = FindNoCase( "ticket=", QueryString ); if( TicketIndex GT 1 ) { QueryString = left( QueryString, TicketIndex - 2 ); } else if ( TicketIndex EQ 1 ) { QueryString = ""; } if ( Len(QueryString) GT 0 ) { QueryDelim = "?"; } else { QueryDelim = ""; } if ( CGI.HTTPS EQ "On" ) { HTTPData="https://"; } else { HTTPData="http://"; } return HTTPData & CGI.HTTP_HOST & CGI.SCRIPT_NAME & QueryDelim & QueryString; select #attributes.user_id_column# as user_id, #attributes.timestamp_column# as created from #attributes.table_name# where #attributes.cookie_id_column# = and #attributes.cookie_id_column# not like 'CASAUTH-%' insert into #attributes.table_name# (#attributes.user_id_column#,#attributes.cookie_id_column#,#attributes.timestamp_column#) values ('#arguments.user_id#','#arguments.cookieHash#',) delete from #attributes.table_name# where #attributes.cookie_id_column# = select #attributes.timestamp_column# as cleanedTime from #attributes.table_name# where #attributes.cookie_id_column# = 'CASAUTH-LASTCLEANED' insert into #attributes.table_name# (#attributes.user_id_column#,#attributes.cookie_id_column#,#attributes.timestamp_column#) values ('00000000','CASAUTH-LASTCLEANED',) select #attributes.timestamp_column# as cleanedTime from #attributes.table_name# where #attributes.cookie_id_column# = 'CASAUTH-LASTCLEANED' update #attributes.table_name# set #attributes.timestamp_column# = where #attributes.cookie_id_column# = 'CASAUTH-LASTCLEANED' delete from #attributes.table_name# where #attributes.timestamp_column# < // Validate required invocation parameters if ( not isDefined("Attributes.cas_server") or not isDefined("Attributes.datasource") ) { writeOutput('

ERROR

The cas_auth custom tag requires the following parameters to be set:

cas_server: The base url of your CAS server (i.e. https://cas.yourdomain.edu/)
datasource: The name of the datasource containing the cache table

'); abort(); } // Order of processing: // 1. Existence of form POST (SSOut) // 2. Existence of URL ticket parameter (possible because we redirect after authentication sans ticket) // 3. Existence of CF_CAS cookie // 4. Redirect to CAS // Single Sign Out processing if ( isDefined("Caller.Form.LOGOUTREQUEST") ){ try { XMLResponse = xmlParse(Caller.Form.LOGOUTREQUEST); SearchResults = XmlSearch(XMLResponse,"samlp:LogoutRequest/samlp:SessionIndex"); } catch (Exception e) { SearchResults = ""; } if ( not ArrayIsEmpty(SearchResults) ) { // Valid Logout Request : delete Cookie if exists cookieHash = hash(SearchResults[1].XmlText,"MD5"); if( checkCookie(cookieHash) neq "") { // this deletion is only of active Cache entries deleteCacheEntry(cookieHash); } } } if ( isDefined("URL.ticket") ) { // Coming back from CAS authentication : assemble validation url and validate ValidationURL = Attributes.cas_server & "serviceValidate?ticket=" & URL.ticket & "&" & "service=" & urlencodedformat( getCleanURL() ); // clear the cache of expired entries before validating cleanCache(); // Validate try { HTTPResult = cfhttp(ValidationURL); XMLResponse = xmlParse(cfhttp.FileContent); SearchResults = XmlSearch(XMLResponse,"cas:serviceResponse/cas:authenticationSuccess/cas:user"); } catch (Exception e) { SearchResults = ""; } if ( not ArrayIsEmpty(SearchResults) ) { // Validated : set up the cookie and redirect with the ticket stripped cookieHash = hash(URL.ticket,"MD5"); setCookie(cookieHash,SearchResults[1].XmlText); redirect( getCleanURL() ); } else { // Invalid : redirect to CAS CASURL = Attributes.cas_server & "login?" & "service=" & urlencodedformat( getCleanURL() ); redirect( CASURL ); } } else if ( isDefined("Cookie.CF_CAS") ) { // Check cookie value against cache AuthUser = checkCookie(Cookie.CF_CAS); if( AuthUser neq "") { Request.AuthUser = AuthUser; } else { deleteCookie(Cookie.CF_CAS); //redirect to CAS CASURL = Attributes.cas_server & "login?" & "service=" & urlencodedformat( getCleanURL() ); redirect( CASURL ); } } else { // Not CAS authenticated yet : assemble CAS url and redirect CASURL = Attributes.cas_server & "login?" & "service=" & urlencodedformat( getCleanURL() ); redirect( CASURL ); }