5 Replies Latest reply on Feb 26, 2012 10:15 AM by Dave Watts

    Shibboleth ?

    Didi Level 1

      Hi there

       

      has anybody implemented Shibboleth to authenticate?

       

      -Didi

        • 1. Re: Shibboleth ?
          Dave Watts Adobe Community Professional

          Yes. You will probably need to set up a proxy server that will do this for you.

           

          Dave Watts, CTO, Fig Leaf Software

          • 2. Re: Shibboleth ?
            Didi Level 1

            Well, let me be more precise:

            We are an university which has implemented Shibboleth in general.

            As an IDP as well as on different ressources.

             

            My more precise question: Does anybody have implemented Shib with a CF9 server running on Win2008R2 and Apache ?

             

            -Didi

            • 3. Re: Shibboleth ?
              Dave Watts Adobe Community Professional

              My more precise question: Does anybody have implemented Shib with a CF9 server running on Win2008R2 and Apache ?

               

              I haven't used those exact versions, to the best of my knowledge, but I don't see how those would make a difference at all if you're running a Shib proxy on another machine. If you're running a Shib proxy on that machine, you'd set that up within Apache to proxy to itself, and again the version of CF would be irrelevant.

               

              Dave Watts, CTO, Fig Leaf Software

              • 4. Re: Shibboleth ?
                Didi Level 1

                Do you know whether there is somewhere example code available that shows how to implement such an authentication?

                 

                Well, I have coded a lot in CF - but still before Application.cfc and CFLOGIN have been introduced.

                Now I would like to get back to coding again and of course not sticking with old patterns but doing it the 'right' way.

                 

                -Didi

                • 5. Re: Shibboleth ?
                  Dave Watts Adobe Community Professional

                  Do you know whether there is somewhere example code available that shows how to implement such an authentication?

                   

                  There's nothing special you have to do on the CF side. From your Shib proxy, you'd insert a header that corresponds to the authenticated user, for example X-User-ID. From the CF side, you would look for this header in the CGI scope, and assume that if this header exists, the user has been authenticated successfully. Then, you'd read the information for the authenticated user from the header and do a database lookup, if necessary, and stick the authenticated user info in your Session scope.

                   

                  Dave Watts, CTO, Fig Leaf Software