5 Replies Latest reply on May 23, 2013 12:26 PM by BKBK

    cgi.remote_user set for / but not for /index.cfm

    cherdt Level 1

      This is on a ColdFusion 10 install on Windows 2008 R2 with IIS 7.5. We have an additional authentication module, Cosign, installed for single sign-on.

       

      If I make a request for https://[servername]/test/ and dump the CGI variables, cgi.auth_type is set to Cosign and cgi.auth_user and cgi.remote_user are both set to my username.

       

      If I make a request for https://[servername]/test/index.cfm and dump the CGI variables, cgi.auth_type, cgi.auth_user, and cgi.remote_user are all set to [empty string].

       

      Some of the things we've tried (largely based on the posts Coldfusion 10 with IIS 7 Windows authenticaiton and cgi.auth_user not staying set):

      • Moving the Cosign module to the top of the modules list in IIS
      • Enabling Windows auth at the server level in IIS (index.cfm then required additional authorization beyond Cosign)
      • Enabling Windows auth at the directory level in IIS (no change--remote_user not populated)
      • Disabling Anonymous auth at the server level in IIS (index.cfm then returned a 401 Unauthorized message)


      It's strange because the cgi.script_name value is set to /test/index.cfm in both cases, but the credentials are passed for /test/ and not /test/index.cfm.

       

      It's a longshot that anyone here is using Cosign, but just wondering if anyone has other ideas for what might be causing this.

        • 1. Re: cgi.remote_user set for / but not for /index.cfm
          BKBK Adobe Community Professional & MVP

          I wonder what would happen if you set index.cfm as a default page in IIS. To do that, you have to configure like this: IIS Manager => Your Server Name => Your site => Under HTTP features => Default document => Add index.cfm

          • 2. Re: cgi.remote_user set for / but not for /index.cfm
            cherdt Level 1

            Thanks for the suggestion. I checked and index.cfm is listed as the top default document.

             

            Some additional info:

            • I created a page, test.cfm, that also dumps the CGI variables. It also displays [empty string] for auth_type, auth_user, and remote_user.
            • I created a page, test.asp, that dumps the environment variables. It correctly displays the values for auth_type (Cosign), auth_user, and remote_user (my username).

             

            Since ASP is displaying the proper values but not CF, I'm guessing this is a ColdFusion configuration issue (although that doesn't explain why CF displays the proper values if the path does not include the filename).

            • 3. Re: cgi.remote_user set for / but not for /index.cfm
              BKBK Adobe Community Professional & MVP

              The culprit just might be Cosign. In ColdFusion, if index.cfm exists, as in your case, then the URLs  https://[servername]/test/ and https://[servername]/test/index.cfm will point to the same resource. So, if the one URL is authenticated and the other is not, this will likely be the result of insufficient configuration in Cosign. I suspect Cosign is failing to write cookies in the case /test/index.cfm.

               

              I am unfamiliar with Cosign. However I had a look at the documentation. The Cosign overview suggests how you might resolve the problem. You should configure https://[servername]/test/ as well as https://[servername]/test/index.cfm as destinations. That will instruct Cosign to write the security cookies in either case.

              • 4. Re: cgi.remote_user set for / but not for /index.cfm
                cherdt Level 1

                Thanks! We consulted with a Cosign expert, and we did have a configuration issue. The fact that it was working in ASP was throwing me off.

                 

                In our case, Cosign protection was not enabled in the web.config file at the document root, but only enabled for the directory in question (/test) by the web.config file in that folder.

                 

                When we enabled protection at the document root (and removed the web.config file at the directory level), the server environment variables for auth_type, auth_user, and remote_user were passed on the ColdFusion.

                • 5. Re: cgi.remote_user set for / but not for /index.cfm
                  BKBK Adobe Community Professional & MVP

                  I thought it would be something like that. Good luck.