Shibboleth ?

Well, let me be more precise:

We are an university which has implemented Shibboleth in general.

As an IDP as well as on different ressources.

My more precise question: Does anybody have implemented Shib with a CF9 server running on Win2008R2 and Apache ?

-Didi

My more precise question: Does anybody have implemented Shib with a CF9 server running on Win2008R2 and Apache ?

I haven't used those exact versions, to the best of my knowledge, but I don't see how those would make a difference at all if you're running a Shib proxy on another machine. If you're running a Shib proxy on that machine, you'd set that up within Apache to proxy to itself, and again the version of CF would be irrelevant.

Dave Watts, CTO, Fig Leaf Software

Do you know whether there is somewhere example code available that shows how to implement such an authentication?

Well, I have coded a lot in CF - but still before Application.cfc and CFLOGIN have been introduced.

Now I would like to get back to coding again and of course not sticking with old patterns but doing it the 'right' way.

-Didi

Do you know whether there is somewhere example code available that shows how to implement such an authentication?

There's nothing special you have to do on the CF side. From your Shib proxy, you'd insert a header that corresponds to the authenticated user, for example X-User-ID. From the CF side, you would look for this header in the CGI scope, and assume that if this header exists, the user has been authenticated successfully. Then, you'd read the information for the authenticated user from the header and do a database lookup, if necessary, and stick the authenticated user info in your Session scope.

Dave Watts, CTO, Fig Leaf Software