Skip to main content
BeRadB
BeRadB
Inspiring
February 19, 2020
Question

Azue ad authentication iis coldfusion

  • February 19, 2020
  • 1 reply
  • 2264 views

Has anyone tried to use Azure AD, IIS with ColdFusion to authenticate users?

 

Our user is external to our network and remote in via a pulse secure portal pulse secure looks up the users in a security group which is an Azure AD, They are then given link(s) to our internal apps. currently, I have to add their accounts local to the servers for then to even get to the site. without that the server rejects the log in a 401 error. I have added the security group to the server and tried different things, I even contacted Microsoft to see if they had any thoughts, they only said that I should be doing the auth at the app level, but I don't think we even get to the site. it's not even making past IIS

 

so if anyone has some insight on how to set up an azure ad on a windows machine running ColdFusion and IIS, please drop a line.

 

oh, these are some legacy CF apps. I really don't want to alter the code to make this work if I don't have to.

 

This topic has been closed for replies.

1 reply

D
Community Expert
Dave WattsCommunity Expert
Community Expert
February 21, 2020

I think you're going to have to make sure that your Windows server is in your AD domain, and make sure that your server can authenticate logins against that domain. Forget about IIS or CF for a minute. Set that up and test that. You should be able to log into your server via RDP using a domain account. Once you have that working, you should be able to set up IIS to require Windows authentication. This is an IIS-specific setting. You should be able to test this by itself, without using CF. Just set up a static HTML page in an IIS virtual server configured to require Windows authentication. Once you have all of this working, your CF application should have access to the appropriate CGI variables indicating a successful Windows authentication. I don't remember what they are, but I'm thinking CGI.AUTH_USER. If that has a value, your user is logged in. You can then use that in your app to decide what the user is allowed to do. If that's how your apps were set up to work before, you shouldn't have to worry about making code changes.

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC
BeRadB
BeRadBAuthor
Inspiring
February 27, 2020

the server is on the domain, and the server can auth on the domain, it just not working for users coming in via the pulse secure portal. and I did this test and it worked, if I RDP to the server and go to the web app, I am prompted for creds, I enter the creds for a user that is in the security group and bam I am in, but if I do the save from my personal computer it doesn't work and doesn't work for the users logging in via the pulse secure portal unless I add the user locally to the server.

I'm still waiting for an answer from Microsoft.

Iambradb.com Adobe ColdFusion Specialist.
D
Community Expert
Dave WattsCommunity Expert
Community Expert
February 27, 2020

When you log in locally, are you specifying the domain as well as the user? (for example, domain\user or user@domain)

 

I don't know much about how your portal is set up. Maybe it can be used to specify the user's domain as part of the authentication.

 

Dave Watts, Eidolon LLC

Dave Watts, Eidolon LLC
Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices