cgi.auth_user is empty when using 6.0.1.83.
We have lucee behind IIS using CommandBox/BonCode. It used to work in 6.0.1.0.
Any others experiencing the same issue?
It seems that, it wasn’t issue. remote_user and the auth_user are mapped to the same key, so it returns the same value.
Related ticket : [LDEV-4126] - Lucee
if (key.equals(KeyConstants._auth_user)) return store(key, toString(req.getRemoteUser()));
We updated the fix on 6.0.1.63 version.
Is this are you trying to say? If not, could you please explain the issue
1 Like
IIS docs also says auth_user and remote_user should be the same: IIS Server Variables | Microsoft Learn
However, on 6.0.1.0, cgi.auth_user actually returns the authenticated user but cgi.remote_user is empty.
The code change on [LDEV-4126] - Lucee forces auth_user to just use remote_user. So both are the same but now they are both empty. There’s no way to get the authenticated user.
Hi
I ran into this issue today, and it took me a while to sort it out. Unfortunately, the MS documentation is a little confusing. I think that IIS can return the same value for user-auth and remote-auth unless an application provides remote-auth, and in my case, the AJP connector was providing the blank value.
If you’re using the default port 8009, go into server.xml and add tomcatAuthentication=“false”. That might do the trick