I’m using Lucee with an HTTP proxy, similar to the setup in the Lucee Docker image. Before version 6.0.1.83, cgi.remote_user was empty but I could populate cgi.auth_user by sending the auth_user header from the web server.
However, since updating to version 6.0.1.83, cgi.auth_user is now empty, even though the header is still present in getHttpHeaders().
I noticed that LDEV-4126 was supposed to set the same value for cgi.auth_user and cgi.remote_user, but now both are empty.
I’ve come across solutions involving the AJP connector, but I haven’t found anything specific to the HTTP proxy setup.
There’s probably a more elegant solution, but one thing you can do is make the CGI scope writable in the Lucee server admin, then set the value from the headers in your app’s onRequestStart()
Hi, we have the issue that since both elements in the CGI-scope are empty, SingleSignOn in our Windows environments do not work anymore. Winfows Authentication is Enabled and the NTLM and Negotiate providers are setup, but the auth_user and remote_user are both empty. Why is this? This still worked in Lucee 5.4.6.9 (latest stable LTS-version). For now we’ve disabled TomcatAuthentication in our connector in server.xml, but I do not think that is the correct permanent solution. Can anyone from @Lucee_CFML or @micstriit maybe chime in and explain here? Thnx up front
