Welcome!

You will be redirected in 30 seconds or close now.

ColdFusion Authors: Yakov Fain, Jeremy Geelan, Maureen O'Gara, Nancy Y. Nee, Tad Anderson

Related Topics: ColdFusion

ColdFusion: Article

Leveraging on Active Directory for ColdFusion Users

The majority of ColdFusion applications live far away, hidden, in enterprise fortresses

The majority of ColdFusion applications live far away, hidden, in enterprise fortresses as applications that small-to-large organizations depend on. In these organizations, especially the medium-to-large ones, there are well-established network infrastructures to manage the users, workstations, servers, etc.

Organizations usually implement LDAP as a directory services infrastructure but, for the purposes of this article, I will only be discussing Active Directory.

Active Directory, AD, is an LDAP implementation from Microsoft that was introduced with the Windows 2000 environment. This implementation is based on the X.500 LDAP standards. The AD is a giant database that can store as much as 16 terabytes or 1 billion objects ranging from users, printer locations, security policies, and, also important, user-defined data.

Every application that interacts with users usually has restrictions based on profiles and must also implement security. These are especially important for applications in financial organizations. Based on my experience, building user and profile management into applications, which is not a trivial matter, take considerable time and effort in the software development cycle. It doesn't stop with this; users don't like to have multiple security credentials across many applications. There is nothing more frustrating for these users than having to remember which username and password work with which application.

One of the beauties of Microsoft's Web-based/enabled applications is the ease at which they plug in to its existing network infrastructure. Outlook Web Access (OWA) users use their network security credentials to log in. Not only that, OWA knows when a user is logged into a computer, so it automatically loads the user's profile from the AD.

ColdFusion has support for LDAP, which includes AD. Using CFLAP, the ColdFusion tag for interacting with LDAP servers, you could leverage on AD for user management and profiling.

In the next few paragraphs, I'll show how you can use CFLAP to authenticate and load user profiles in AD for use in your application.

Step 1: Preparation
For the sake of this article, imagine you are writing an application for a financial institution called Bank X Inc. Bank X has implemented its AD as bankx.com. To write your application, you must know the name or IP of an AD server (Domain Controller, DC) that will authenticate your users. You must also know the structure of your AD. Please consult with your Domain Administrator for documentations.

Step 2: Login
The following is a simple login form to be used by Bank X users to log in to their financial applications:

<form action="loginADUser.cfm" method="post">
   <label for="username" accesskey="u">Username:</label>
   <input name="username" type="text" id="username" />
   <br />
   <label for="password" accesskey="p">Password</label>
   :
   <input name="password" type="password" id="password" />
   <br />
   <input name="Submit" type="submit" value="Submit" />
   <br />
</form>

Step 3: Authentication
The loginADUser.cfm page contains code to authenticate the user against the AD server (see Listing 1).

Explanation
In AD, any valid user can bind to the service, which is accessible on port 389 and port 636 for a secured connection. For more on secured connections, please see the security section. The bind will work only if the security credentials are correct but will throw an error if the credentials are wrong.

The isLoggedIn variable holds a Boolean value that determines if a user's security credentials are valid on the domain or not. Now, when authentication is attempted, the try-catch combination catches the error that is thrown with wrong security credentials.

The code in Listing 1 kills two birds with one stone by authenticating and retrieving certain records at the same time.

A user's groups are stored in the memberof field. The membership information is stored in DN form, which you may have to parse to extract out. It's usually in this form:

CN=Support Team,OU=Distribution List,DC=bankx,DC=com,
CN=InfoTech,OU=Distribution List,DC=bankx,DC=com,
CN=Administrators,CN=Builtin,DC=bankx,DC=com,
CN=Domain Admins,CN=Builtin,DC=bankx,DC=com

The login code can be wrapped with a CFLOGIN tag and the parsed roles passed to CFLOGINUSER as roles. Otherwise, you can implement your own role system with session management.

Extending the AD
The AD, implementing the LDAP specifications, has default fields that hold information that is important to your users and applications. However, you might want to store some application-specific data along with the default information. AD has 15 blank fields that you can use: extensionAttribute1 to extensionAttribute15. You can also use some fields that are not important to your organization such as IPPhone.

If you use these fields, documentation of what you have done is very important. Also, note that the AD can be delicate; kindly consult with your Domain Administrator before writing anything to the database. An error could bring down the whole AD forest.

Tools
You can't do much with AD without using the ADSI Edit. Install this from the Windows Support Tools. The ADSI Edit allows you to peruse the attributes and data types of the objects in the AD. The AD has data types such as Integer, Integer8, DN, OID, Boolean, DirectoryString, and PrintableString. Consult documentations for what these stand for.

Security on AD/CF Integration
Implementing a real-life application requires that transmission of sensitive data between the servers should be encrypted. The AD supports the interchange of data between ColdFusion and itself via the Secured Socket Layer, SSL on port 636.

To use SSL, you must install an Enterprise Certificate Authority on any of the domain controllers in your organization. This forces the DCs to request certificates from ColdFusion whenever you use CFLDAP.

The next step is to install your security certificate on the ColdFusion server using the keytool. Go to the command prompt and navigate to <cfroot_install>\runtime\jre\bin directory and run the following command:

keytool -import -keystore cacerts -alias ldap -file ldap.crt -keypass bl19mq

Please refer to the Sun JDK for full documentation.

With the certificates in place, you must add the secure = "CFSSL_BASIC" attribute to your CFLDAP.

Summary
Your application can be much more elegant if you leverage on the AD. Not only will you deliver faster, you also future-proof your application so that it can effectively connect to other sources of user security profiles.

Ultimately, the users find life easier if they can always use your applications with just a single set of universal security credentials.

Important Links

More Stories By Adédèjì Olówè

Adedeji Olowe, a business intelligence expert, has been using ColdFusion for several years. He has experience developing and extending enterprise applications for companies in the financial industry as well as systems integration.

Comments (1) View Comments

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


Most Recent Comments
CFDJ News Desk 12/07/05 12:35:54 PM EST

Leveraging on Active Directory for ColdFusion Users. The majority of ColdFusion applications live far away, hidden, in enterprise fortresses as applications that small-to-large organizations depend on. In these organizations, especially the medium-to-large ones, there are well-established network infrastructures to manage the users, workstations, servers, etc.

@ThingsExpo Stories
As businesses adopt functionalities in cloud computing, it’s imperative that IT operations consistently ensure cloud systems work correctly – all of the time, and to their best capabilities. In his session at @BigDataExpo, Bernd Harzog, CEO and founder of OpsDataStore, will present an industry answer to the common question, “Are you running IT operations as efficiently and as cost effectively as you need to?” He will expound on the industry issues he frequently came up against as an analyst, and...
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, will provide a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services ...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
SYS-CON Events announced today that Linux Academy, the foremost online Linux and cloud training platform and community, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Linux Academy was founded on the belief that providing high-quality, in-depth training should be available at an affordable price. Industry leaders in quality training, provided services, and student certification passes, its goal is to c...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), will provide an overview of various initiatives to certifiy the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldw...
SYS-CON Events announced today that Technologic Systems Inc., an embedded systems solutions company, will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Technologic Systems is an embedded systems company with headquarters in Fountain Hills, Arizona. They have been in business for 32 years, helping more than 8,000 OEM customers and building over a hundred COTS products that have never been discontinued. Technologic Systems’ pr...
SYS-CON Events announced today that Auditwerx will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Auditwerx specializes in SOC 1, SOC 2, and SOC 3 attestation services throughout the U.S. and Canada. As a division of Carr, Riggs & Ingram (CRI), one of the top 20 largest CPA firms nationally, you can expect the resources, skills, and experience of a much larger firm combined with the accessibility and attent...
SYS-CON Events announced today that CA Technologies has been named “Platinum Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY, and the 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business – from apparel to energy – is being rewritten by software. From ...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that Loom Systems will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2015, Loom Systems delivers an advanced AI solution to predict and prevent problems in the digital business. Loom stands alone in the industry as an AI analysis platform requiring no prior math knowledge from operators, leveraging the existing staff to succeed in the digital era. With offices in S...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
SYS-CON Events announced today that Interoute, owner-operator of one of Europe's largest networks and a global cloud services platform, has been named “Bronze Sponsor” of SYS-CON's 20th Cloud Expo, which will take place on June 6-8, 2017 at the Javits Center in New York, New York. Interoute is the owner-operator of one of Europe's largest networks and a global cloud services platform which encompasses 12 data centers, 14 virtual data centers and 31 colocation centers, with connections to 195 add...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
SYS-CON Events announced today that SD Times | BZ Media has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and commercial UAV markets.
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Why do your mobile transformations need to happen today? Mobile is the strategy that enterprise transformation centers on to drive customer engagement. In his general session at @ThingsExpo, Roger Woods, Director, Mobile Product & Strategy – Adobe Marketing Cloud, covered key IoT and mobile trends that are forcing mobile transformation, key components of a solid mobile strategy and explored how brands are effectively driving mobile change throughout the enterprise.
My team embarked on building a data lake for our sales and marketing data to better understand customer journeys. This required building a hybrid data pipeline to connect our cloud CRM with the new Hadoop Data Lake. One challenge is that IT was not in a position to provide support until we proved value and marketing did not have the experience, so we embarked on the journey ourselves within the product marketing team for our line of business within Progress. In his session at @BigDataExpo, Sum...
Keeping pace with advancements in software delivery processes and tooling is taxing even for the most proficient organizations. Point tools, platforms, open source and the increasing adoption of private and public cloud services requires strong engineering rigor - all in the face of developer demands to use the tools of choice. As Agile has settled in as a mainstream practice, now DevOps has emerged as the next wave to improve software delivery speed and output. To make DevOps work, organization...