Coldfusion 10 and IIS 7.5 and SiteMinder

Question

I have coldfusion 10 running on IIS 7.5. The websites are protected by SiteMinder web agent. When a user makes a request, IIS sends the request to Siteminder which adds custom value (e.g., sm_user) to the header. I can see the values in IIS but when this request is redirected to the application via the coldfusion 10 isapi_redirect.dll file, the user is denied access and the user value is missing. Looks like isapi_redirect.dll is stripping off the user information due to which the user is getting access denied messages. I have checked the version of isapi_redirect.dll file which is 1.2.32.

Any help is greatly appreciated.

Carl Von Stetten · Answer

Since the "sm_user" is a custom value, I wouldn't expect ColdFusion to expose it via CGI (although if it did previously in CF9 or earlier, I'd say then you have a valid bug). However, it should still be accessible (just not in the CGI scope). You might be able to see the "sm_user" value if you use getHTTPRequestData():

public string function getSM_User output='false'

{

var httpRequest = GetHttpRequestData();

if(structKeyExists(httpRequest, "headers")

&& structKeyExists(httpRequest.headers, "sm_user"))

{

return httpRequest.headers.sm_user;

}

return '';

}

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded