2 Replies Latest reply on Dec 5, 2012 11:39 AM by biswasp

    Coldfusion 10 and IIS 7.5 and SiteMinder

    biswasp

      I have coldfusion 10 running on IIS 7.5. The websites are protected by SiteMinder web agent. When a user makes a request, IIS sends the request to Siteminder which adds custom value (e.g., sm_user) to the header. I can see the values in IIS but when this request is redirected to the application via the coldfusion 10 isapi_redirect.dll file, the user is denied access and the user value is missing. Looks like isapi_redirect.dll is stripping off the user information due to which the user is getting access denied messages. I have checked the version of isapi_redirect.dll file which is 1.2.32.

       

      Any help is greatly appreciated.

        • 1. Re: Coldfusion 10 and IIS 7.5 and SiteMinder
          Carl Von Stetten Adobe Community Professional & MVP

          Since the "sm_user" is a custom value, I wouldn't expect ColdFusion to expose it via CGI (although if it did previously in CF9 or earlier, I'd say then you have a valid bug).  However, it should still be accessible (just not in the CGI scope).  You might be able to see the "sm_user" value if you use getHTTPRequestData():

           

          public string function getSM_User output='false'

                {

                     var httpRequest = GetHttpRequestData();

                     if(structKeyExists(httpRequest, "headers")

                          && structKeyExists(httpRequest.headers, "sm_user"))

                     {

                          return httpRequest.headers.sm_user;

                     }

           

          return '';

          }

          • 2. Re: Coldfusion 10 and IIS 7.5 and SiteMinder
            biswasp Level 1

            Hi Carl,

             

            Thanks for your response. I was able to figure this out. I had to remove the handler mappings and ISAPI filters for SiteMinder so that the website is no longer protected by SiteMinder. Then I added back the handler mappings and ISAPI filters for SiteMinder to the website and did an IIS reset. Now, cgi.ALL_HTTP returns all siteminder added custom values.

             

            Thanks