Get Remote_User or Auth_User variable from IIS
2,083 views
Skip to first unread message
TxIceMan
Jun 9, 2011, 2:19:58 PM6/9/11
to Railo
Hello,
I was playing around with the latest version of Railo w/Tomcat and I
noticed that when I set a folder or site in IIS to use Windows
authentication. I am unable to grab the userID of the authenticated
user. Is this a known issue? or am I doing something wrong?
Thanks!
I was playing around with the latest version of Railo w/Tomcat and I
noticed that when I set a folder or site in IIS to use Windows
authentication. I am unable to grab the userID of the authenticated
user. Is this a known issue? or am I doing something wrong?
Thanks!
TxIceMan
Jun 9, 2011, 4:35:59 PM6/9/11
to Railo
Nevermind...I found a way to grab it.
I had to add tomcatAuthentication="false" to the AJP connector config
inside Tomcat's server.xml. Hope this helps other devs!
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" tomcatAuthentication="false" protocol="AJP/
1.3" redirectPort="8443" />
I had to add tomcatAuthentication="false" to the AJP connector config
inside Tomcat's server.xml. Hope this helps other devs!
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" tomcatAuthentication="false" protocol="AJP/
1.3" redirectPort="8443" />
AJ Mercer
Jun 9, 2011, 10:17:40 PM6/9/11
to ra...@googlegroups.com
a timely piece off information - I am configuring Apache web server
for those that are interested
Apache http.conf
# Windows Authentication module
LoadModule sspi_auth_module modules/mod_auth_sspi.so
#Tomcat -> Apache
LoadModule jk_module modules/mod_jk-1.2.31-httpd-2.2.3.so
# Railo
<IfModule jk_module>
JkMount /*.cfm ajp13
JkMount /*.cfc ajp13
JkMount /*.do ajp13
JkMount /*.jsp ajp13
JkMount /*.cfchart ajp13
JkMount /*.cfres ajp13
JkMount /*.cfm/* ajp13
JkMount /*.cfml/* ajp13
JkMountCopy all
JkLogFile C:\Apache2.2\logs\mod_jk.log
</IfModule>
Apache http-vhosts.conf
<location />
AuthName "<description here>"
AuthType SSPI
SSPIAuth On
SSPIAuthoritative On
require valid-user
# set the domain to authorize against
SSPIDomain <domain here>
SSPIOmitDomain On # keep domain name in userid string
SSPIOfferBasic On # let non-IE clients authenticate
SSPIBasicPreferred Off # should basic authentication have higher priority
SSPIUsernameCase lower
</location>
Michael Jackson
May 23, 2012, 1:31:20 PM5/23/12
to ra...@googlegroups.com
I tried that. I am unable to get anything in cgi.remote_user, or cgi.auth_user. I was able to get the network login prompt. I am using IIS 7 on windows 2008 r2 with railo. I tried to edit the tomcat server.xml as described. Anonymous access is diabled and windows authentication is enabled in IIS for the site. I realy just want to know who the network username of the remote user is. I don't really want a login prompt. Is that possible with CF and railo? Any Help would be great?
Bilal
May 24, 2012, 4:47:25 AM5/24/12
to ra...@googlegroups.com
Michael:
Which version of Railo did you install:Can you share what you get when you dump this:
<cfdump var="#GetHttpRequestData().headers#">
Michael Jackson
May 24, 2012, 10:41:50 AM5/24/12
to Railo
Railo 3.3.1.000 final
Struct
accept string */*
Accept-Encoding string gzip, deflate
Accept-Language string en-US
authorization string Negotiate
YIIJfQYGKwYBBQUCoIIJcTCCCW2gMDAuBgkqhkiC9xIBAgIGCSq.... (I assume you
don't need to see all the encrypted stuff)
connection string Keep-Alive
content-length string 0
cookie string CFID=6e191046-3759-47ae-8195-1b75a1d16d74; CFTOKEN=0;
RAILO_ADMIN_LANG=en; RAILO_ADMIN_LASTPAGE=server.application
host string temp1-cda-12
user-agent string Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)
Struct
accept string */*
Accept-Encoding string gzip, deflate
Accept-Language string en-US
authorization string Negotiate
YIIJfQYGKwYBBQUCoIIJcTCCCW2gMDAuBgkqhkiC9xIBAgIGCSq.... (I assume you
don't need to see all the encrypted stuff)
connection string Keep-Alive
content-length string 0
cookie string CFID=6e191046-3759-47ae-8195-1b75a1d16d74; CFTOKEN=0;
RAILO_ADMIN_LANG=en; RAILO_ADMIN_LASTPAGE=server.application
host string temp1-cda-12
user-agent string Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1;
WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727)
Bilal
May 25, 2012, 1:45:00 PM5/25/12
to ra...@googlegroups.com
Michael:
Could be a configuration or connector issue.
On the IIS side the can you verify that Anonymous is disabled on all sub nodes if for some reason you had configured one differently.
Since I do not see the x-tomcat-docroot header, could I assume that you are using the ISAPI redirector.
The only areas that I am aware of are indicated in this thread already, i.e.:
On tomcat side:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443"
tomcatAuthentication="false" />
There should be a registry entry as well you can try out:
[HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software
Foundation\Jakarta Isapi
Redirector\2.0]
"authComplete"="0"
If you are using the BonCode connector give me a shout on the project contact page and we can trace it from there.
Best,
Bilal
li...@platform.ch
Jul 23, 2013, 8:17:28 AM7/23/13
to ra...@googlegroups.com
I have the same problem with railo Railo 4.1.1 and Apache/2.2.15 & Tomcat/7.0.37 on CentOS. I changed tomcatAuthentication="false" in railo/tomcat/conf/server.xml and tried with ajp, mod_proxy and mod_jk, withoput success.
I can read getHttpRequestData().headers['Authorization'] but getPageContext().getRequest().getRemoteUser() stays empty.
Anyway cfm-requests don't are not consider basic authentication of apache, because they are directly forwarded to tomcat. Any ideas oder hint on this subject?
Regards, Daniel
Reply all
Reply to author
Forward
0 new messages