What is LDAP
LDAP is a Lightweight Directory Access Protocol. LDAP’s primary function is to enable users to find data about organizations, persons, etc. It accomplishes this goal by storing data in the LDAP directory and authenticating users to access the directory. LDAP works with most vendor directory services, such as Active Directory (AD). It makes sharing information about users, services, systems, networks, and applications from a directory service to other applications and services easier to implement.
In ColdFusion, you can integrate the users or groups of an LDAP server from within the ColdFusion Administrator. In previous releases of ColdFusion, using ColdFusion Administrator, you could can add a user manager, which helps create users and assign them permissions one at a time.
In ColdFusion, you can:
- Configure LDAP user store - It helps to store all the data required to connect and import users/groups.
- Import LDAP users and groups from user store - it helps to import selected users/groups from the added user store.
- Grant permissions to users and groups.
Add external authentication type
Select the option "Separate username and password authentication (allows multiple users)" in Security-> Administrator to add an external authentication type.
To add external authentication,
SAML
LDAP
Configure SAML/LDAP
LDAP
Add the LDAP configuration details in Security->Administrator->External Authentication part or using the setAdminLdapConfiguration function.
Then Add the user to CF Admin through Security-> User Manager page by selecting the LDAP authentication type and providing appropriate roles.
Then you can be logged in via the Administrator login page.
Add userS (LDAP)
SAML
First Add SAML IdP and SP configuration from Security->IdP Configuration page and Security->SP Configuration page
Then Add the user to CF Admin through Security->User Manager page by selecting the SAML authentication type and providing appropriate roles.
Now on the login page, you will get an option called SSO Login.
Click on that and you will be redirected to the Identity Provider Login page after successful login there, you will be directed back inside the ColdFusion Admin Page.
Add users (SAML)
Admin APIs for SAML and LDAP
Description
Sets the LDAP configuration.
Syntax
public setAdminLdapConfiguration ( required string host, required string tcpPort, required string userBaseContext, required string groupBaseContext, required string usernameAttr, required string groupnameAttr, required string timeout, string userConfig="", string groupConfig="", string userbindDN="", string userbindPass="", boolean isSSLEnabled="false", boolean isStartTLSEnabled="false" )
Parameters
- host: string, required, host - hostname or IP Address
- tcpPort: string, required, tcpPort
- userBaseContext: string, required, userBaseContext - start point for searching users
- groupBaseContext: string, required, groupBaseContext - start point for searching groups
- usernameAttr: string, required, usernameAttr - attribute whose value is unique and can be used to search users ex: uid
- groupnameAttr: string, required, groupnameAttr - attribute whose value is unique and can be used to search groups ex:cn
- timeout: string, required, timeout - timeout while searching
- userConfig: string, optional, userConfig - object Class of users to act as filter
- groupConfig: string, optional, groupConfig - object Class of groups to act as filter
- userbindDN: string, optional, userbindDN - DN used to connect to Ldap server
- userbindPass: string, optional, userbindPass - Password for the provided DN
- isSSLEnabled: boolean, optional, isSSLEnabled - CFSSL_BASIC of cfldap tag: can refer that. The certificates need to be imported into CF java keystore
- isStartTLSEnabled: boolean, optional, isStartTLSEnabled - Whether to use the startTls extension for initiating SSL over normal LDAP port.
Description
Returns the LDAP configuration.
Syntax
getAdminLdapConfiguration ( )
Description
Removes the LDAP configuration.
Syntax
deleteLdapConfiguration ( )
Description
Sets the type of external authentication and adds config details if the type is SAML)
Syntax
setExternalAuthentication ( required String type, Struct config="[runtime expression]" )
- type: String, required, type - Specify type of authentication
- config: Struct, optional, config - Specify the Struct which contains SAML Configuration details
Description
Returns the selected type of external authentication.
Syntax
getExternalAuthentication ( )
Description
Deletes the SAML Configuration.
Syntax
deleteAdminSamlConfig ( )
Description
Returns the SAML Configuration.
Syntax
getAdminSamlConfig ( )
Description
Returns whether a connection can be established or not.
Syntax
boolean verifyConnection ( )
Examples
SAML
<cfscript>
adminObj = CreateObject("component","CFIDE.adminapi.administrator");
adminObj.login("Adm1n$","admin");
secCFC = CreateObject("component","CFIDE.adminapi.security");
//Add SP Configuration
secCFC.addSpMetadata ( alias="#okta_sp_alias#", entityid="#okta_sp_entityid#", acsurl="#okta_sp_acsurl#", slourl="#okta_sp_slourl#", signrequests="true", wantassertionssigned="true", logoutresponsesigned="true", signkeystorepath="#okta_sp_signkeystorepath#", signkeystorepassword="#okta_sp_signkeystorepassword#", signkeystorealias="#okta_sp_signkeystorealias#" )
//Add IDP Configuration
secCFC.addIdpMetadata(alias = "#okta_idp_alias#", url="#okta_idp_url#");
//Add new SAML User
secCFC.setUser("saml_username",
"",
"",
["coldfusion.administrator","coldfusion.adminapi"],
true,
true,
false,
[],[],[],
false,
false,
false,
true,
false);
config = {
idpName = "#okta_idp_alias#",
spName = "#okta_sp_alias#",
groupName = "#group_Name"
}
//Set external authentication to SAML and pass the config consisting of IdP, SP and groupName attribute name from Identity Provider
secCFC.setExternalAuthentication("Saml",config);
//Get the added SAML Configuration details
saml_config = secCFC.getAdminSamlConfig();
writeDump(saml_config);
</cfscript>
LDAP
<cfscript>
adminObj = CreateObject("component","CFIDE.adminapi.administrator");
adminObj.login("Adm1n$","admin")
secCFC = CreateObject("component","CFIDE.adminapi.security")
//Add LDAP Configuration
secCFC.setAdminLdapConfiguration(ads_ldap_host,
ads_ldap_port,
ads_ldap_userBaseContext,
ads_ldap_groupBaseContext,
ads_ldap_usernameAttr,
ads_ldap_groupnameAttr,
ads_ldap_timeout,
ads_ldap_userConfig,
ads_ldap_groupConfig,
ads_ldap_userbindDN,
ads_ldap_userbindPass,
ads_ssl_enabled,
ads_starttls);
//Get LDAP Configuration details
ldap_conf_details = secCFC.getAdminLdapConfiguration();
//Add user with appropriate roles
secCFC.setUser(ldap_admin_username,
ldap_admin_password,
"",
["coldfusion.administrator","coldfusion.adminapi"],
true,
true,
false,
[],[],[],
false,
false,
true,
false,
false);
//Set External Authentication to LDAP
secCFC.setExternalAuthentication("ldap");
//Login using the newly added LDAP user
adminObj_new = CreateObject("component","CFIDE.adminapi.administrator");
if(adminObj_new.login(ldap_admin_password,ldap_admin_username)==true)
writeOutput("Logged in User #ldap_admin_username1#");
//Delete LDAP Configuration
secCFC.deleteLdapConfiguration();
</cfscript>
The acs URL added while creating an application in identity providers must be of this format:
<cfadmin_host>:<cfadmin_port>/CFIDE /administrator/saml/acs.cfm
CFSetup commands to set up SAML and LDAP
To enable SAML/LDAP as external authentication types, you must have multiuser authentication type enabled, and the configs for SAML/LDAP must also be present
- Add SAML/LDAP configuration using add command for samlconfig/ldapconfig with cfsetup.
- In Security Category, among other parameters, set adminAuthType to MULTIUSER, and externalAuth to SAML/LDAP.
SAML
Add a configuration
- add samlconfig idpName=admin_login_idp spName=admin_login_sp groupName=groupName cfusion
Delete a configuration
- delete samlconfig default cfusion
Display configuration details
- show samlconfig cfusion
Update a configuration
- set samlconfig groupName=admin_login_idp idpName=admin_login_idp spName=admin_login_sp cfusion
Retrieve configuration
- get samlconfig spName cfusion
Export a configuration
- export samlconfig saml.json cfusion
Import a configuration
- import samlconfig saml.json cfusion
LDAP
Add a configuration
- add ldapconfig host=localhost port=10646 groupBaseContext="ou=Group,dc=example,dc=com" userBaseContext="ou=User,dc=example,dc=com" groupnameAttr=cn usernameAttr=cn timeout=6000 cfusion
Update a configuration
- set ldapconfig host=localhost port=10389 groupBaseContext="ou=Group,dc=example,dc=com" userBaseContext="ou=User,dc=example,dc=com" usernameAttr=uid timeout=6000 cfusion
Retrieve configuration
- get ldapconfig host cfusion
Delete a configuration
- delete ldapconfig default cfusion
Export a configuration
- export ldapconfig ldap.json cfusion
Import a configuration
- import ldapconfig ldap.json cfusion
User operations
Display a user
- show user user_name
Update a user
- set user isLdap=false
Add another user
- add user=user2 isLdap=true isSaml=false isGroup=true
Delete a user
- delete user user1
Retrieve user details
- get user user_name isldap
Export user data
- export user user1details.json
Import user data
- import user userdetails.json
Adobe MAX
— творческая конференция
С 14 по 16 октября очно в Майами-Бич и онлайн
Adobe MAX
Творческая конференция
С 14 по 16 октября очно в Майами-Бич и онлайн