Donations to Haiti

I gathered some links for donating to the earthquake relief efforts in Haiti. Each item below was personally link-checked to make sure there was an option for the specific crisis:

• AmeriCares
• Medical Teams International
• Operation USA
• Oxfam International
• UMCOR

Also check out NY1's relief list. They made it a point to review organizations to insure that donations would really make it to their intended destinations.

Please feel free to republish this post on your own blog. Click here to download the source code for Blogger.

Thank you.

ColdFusion / SAML (Part 2)

The XML

I'm going to start with the base XML (before adding in the ColdFusion processing) to give an idea of what I'm going to generate. Here it is below with the items you need to replace marked off as ColdFusion variable calls:

<?xml version="1.0" encoding="UTF-8"?>

<samlp:Response Destination="#SPService#" ID="#ssouser.uuid#" IssueInstant="#nowDateTime#" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">#IDPDomain#</saml:Issuer>

<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>

<saml:Assertion ID="#ssouser.uuid#" IssueInstant="#nowDateTime#" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

<saml:Issuer>#IDPDomain#</saml:Issuer>

<saml:Subject>

<saml:NameID>#ssouser.email#</saml:NameID>

<saml:SubjectConfirmation Method="urn:oasis:names:tc:2.0:cm:bearer">

<saml:SubjectConfirmationData InResponseTo="#ssouser.uuid#" NotOnOrAfter="#nowDateTimePlus1#" Recipient="#SPService#"/>

</saml:SubjectConfirmation>

</saml:Subject>

<saml:Conditions NotBefore="#nowDateTime#" NotOnOrAfter="#nowDateTimePlus1#">

<saml:AudienceRestriction>

<saml:Audience>#SPDomain#</saml:Audience>

</saml:AudienceRestriction>

</saml:Conditions>

<saml:AuthnStatement AuthnInstant="#nowDateTime#">

<saml:AuthnContext>

<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>

</saml:AuthnContext>

</saml:AuthnStatement>

<saml:AttributeStatement>

<saml:Attribute Name="screenName">

<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">#ssouser.name#</saml:AttributeValue>

</saml:Attribute>

</saml:AttributeStatement>

</saml:Assertion>

</samlp:Response>

- #IDPDomain# = The base URL of the IDP
- #SPService# = The full URL of the SP's authentication system
- #ssouser.uuid# = The user ID from the IDP that will be used as a unique identifier in several parts of this file
- #nowDateTime# = The current date/time to mark the initiation of the assertion
- #nowDateTimePlus1# = A date/time stamp after the current date/time to limit the time frame an assertion can occur. This prevents a user from trying to simulate/mimic one. Generally a 1 min differential is good. Assertions will always occur behind the scenes through one or more redirects.
- #ssouser.name# = Username/Display Name
- #SPDomain# = The base URL of the SP

The #SPDomain# and #SPService# will come from the SP and can just be hardcoded into the XML template. The #ssouser.uuid# and #ssouser.name# will be pulled from the IDP database or cookie. The date/time stamps will be pulled from #Now()#.

Now here's that same XML wrapped in ColdFusion:

<cfoutput>

<cfset nowDateTime = "#DateFormat(DateConvert('local2utc', Now()),'YYYY-MM-DDT')# & #TimeFormat(DateConvert('local2utc',Now()),'HH:mm:SS.LZ')#">

<cfset nowDateTimePlus1 = "#DateFormat(DateConvert('local2utc', Now()),'YYYY-MM-DDT')# & #TimeFormat(DateConvert('local2utc', DateAdd('n',1,Now())),'HH:mm:SS.LZ')#">


<cfsavecontent variable="responseOpen">

<?xml version="1.0" encoding="UTF-8"?>

<samlp:Response Destination="#SPService#" ID="#ssouser.uuid#" IssueInstant="#nowDateTime#" Version="2.0" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">#IDPDomain#</saml:Issuer>

<samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status>

</cfsavecontent>


<cfxml variable="samlAssertionXML">

<saml:Assertion ID="#ssouser.uuid#" IssueInstant="#nowDateTime#" Version="2.0" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">

<saml:Issuer>#IDPDomain#</saml:Issuer>

<saml:Subject>

<saml:NameID>#ssouser.email#</saml:NameID>

<saml:SubjectConfirmation Method="urn:oasis:names:tc:2.0:cm:bearer">

<saml:SubjectConfirmationData InResponseTo="#ssouser.uuid#" NotOnOrAfter="#nowDateTimePlus1#" Recipient="#SPService#"/>

</saml:SubjectConfirmation>

</saml:Subject>

<saml:Conditions NotBefore="#nowDateTime#" NotOnOrAfter="#nowDateTimePlus1#">

<saml:AudienceRestriction>

<saml:Audience>#SPDomain#</saml:Audience>

</saml:AudienceRestriction>

</saml:Conditions>

<saml:AuthnStatement AuthnInstant="#nowDateTime#">

<saml:AuthnContext>

<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml:AuthnContextClassRef>

</saml:AuthnContext>

</saml:AuthnStatement>

<saml:AttributeStatement>

<saml:Attribute Name="screenName">

<saml:AttributeValue xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">#ssouser.name#</saml:AttributeValue>

</saml:Attribute>

</saml:AttributeStatement>

</saml:Assertion>

</cfxml>


<cfsavecontent variable="responseClose">

</samlp:Response>

</cfsavecontent>

</cfoutput>

The immediate question is why do I have the XML split up into 3 variable? The whole thing could be enclosed as 1 inside <CFXML>. The reason is that I ran into a bug (to come in Part 3) where I had trouble traversing the DOM beyond the first level of depth. So by cutting out the opening and closing <SAMLP:RESPONSE> tags, I can deal with the middle piece by itself, where <SAML:ASSERTION> is the root level. It might not make sense yet, but I promise it will be cleared up once you read Part 3!

So on to the other ColdFusion pieces:

1) The 2 <CFSET>s in the beginning handle the 2 date/time stamps (now & 1 minute later). I'm not sure if they actually need to be formatted this way, but the other sites I studied had it like this and it worked for me as well.

2) The 1st and 3rd variables I'm saving out use <CFSAVECONTENT> because I'm going to be adding these back in after the signing process and they don't need to be recognized as XML yet.

3) The 2nd variable needs to use <CFXML> rather than <CFSAVECONTENT> because it needs to retain the XML DOM. Later on, when I create and insert the signature piece, it will need to reference this 2nd variable as if it were a valid XML document.

While your at this step, I encourage you to dump out these variables right on the document you're creating so you can get a visual of the unsigned XML to compare with the signed version later on. Just be sure to delete it when it's finalized.

Frommer's Slideshow

Just before the holidays, one of the projects that I was devoted to was a new slideshow format for Frommers.com. We wanted something that highlighted the photo. It also had to be fast and easy to navigate. I went with a neutral color scheme so the only colored item on the page would be the photos. Here are some of the one's we've published so far:

• 13 Favorite Paris Moments
• London Favorites
• Frommer's Favorite Experiences in Rome
• The Art Lover's Tour of Provence
• New Year's Eve Celebrations Around the World
• Green New Zealand
• Top Destinations 2010

On the technology side, the play/pause feature is actually very simple. It's just a basic META refresh that's controlled by a URL variable, but it works well and fast. I threw in another script that activates the arrow keystokes to manually move forward and back in the slideshow. I'm used this feature from Facebook and Picasa and think every slideshow should have it. The links pass the slideshow URL over to the top social networks. "Get Link" uses a JQuery modal window with an autoselect onFocus so users can grab and save the URL of each photo.

Malware Detection

This a pretty useful tool in trying to weed out malware from a website. It checks against a database of blacklisted sites created by Google. All of the good browsers (Firefox, SeaMonkey, Safari & Chrome) check against this database whenever you visit a site.

http://