Cgi.auth_user in

cgi.auth_user is empty when using

We have lucee behind IIS using CommandBox/BonCode. It used to work in

Any others experiencing the same issue?

It seems that, it wasn’t issue. remote_user and the auth_user are mapped to the same key, so it returns the same value.
Related ticket : [LDEV-4126] - Lucee

if (key.equals(KeyConstants._auth_user)) return store(key, toString(req.getRemoteUser()));

We updated the fix on version.
Is this are you trying to say? If not, could you please explain the issue

1 Like

IIS docs also says auth_user and remote_user should be the same: IIS Server Variables | Microsoft Learn

However, on, cgi.auth_user actually returns the authenticated user but cgi.remote_user is empty.

The code change on [LDEV-4126] - Lucee forces auth_user to just use remote_user. So both are the same but now they are both empty. There’s no way to get the authenticated user.


I ran into this issue today, and it took me a while to sort it out. Unfortunately, the MS documentation is a little confusing. I think that IIS can return the same value for user-auth and remote-auth unless an application provides remote-auth, and in my case, the AJP connector was providing the blank value.

If you’re using the default port 8009, go into server.xml and add tomcatAuthentication=“false”. That might do the trick