I have coldfusion 10 running on IIS 7.5. The websites are protected by SiteMinder web agent. When a user makes a request, IIS sends the request to Siteminder which adds custom value (e.g., sm_user) to the header. I can see the values in IIS but when this request is redirected to the application via the coldfusion 10 isapi_redirect.dll file, the user is denied access and the user value is missing. Looks like isapi_redirect.dll is stripping off the user information due to which the user is getting access denied messages. I have checked the version of isapi_redirect.dll file which is 1.2.32.
Any help is greatly appreciated.
Since the "sm_user" is a custom value, I wouldn't expect ColdFusion to expose it via CGI (although if it did previously in CF9 or earlier, I'd say then you have a valid bug). However, it should still be accessible (just not in the CGI scope). You might be able to see the "sm_user" value if you use getHTTPRequestData():
public string function getSM_User output='false'
var httpRequest = GetHttpRequestData();
&& structKeyExists(httpRequest.headers, "sm_user"))
Thanks for your response. I was able to figure this out. I had to remove the handler mappings and ISAPI filters for SiteMinder so that the website is no longer protected by SiteMinder. Then I added back the handler mappings and ISAPI filters for SiteMinder to the website and did an IIS reset. Now, cgi.ALL_HTTP returns all siteminder added custom values.