Question: ColdFusion / Shibboleth - REMOTE_USER


ColdFusion / Shibboleth - REMOTE_USER

Answers 1
Added at 2017-11-30 16:11

I have a ColdFusion application being hosted on my IIS server. I added the Shibboleth service to my web IIS, and the CGI/Filters are setup to use it. I added my application to the testshib federation and was able to login successfully. Now I'm trying to get the session variable into the ColdFusion code.

When I dump the CGI scope, I see the shibboleth session is saved under HTTP_COOKIE, but REMOTE_USER is an empty string. This is because REMOTE_USER cannot be used according to the docs. Instead the request header variable should be named HTTP_REMOTE_USER, but I don't see that in the CGI dump. Does anyone why this is? Do I have to set that up my shibboleth attribute-map or in ColdFusion ?


<cfdump var = "#cgi#" > 
<cfdump var="#CGI.HTTP_REMOTE_USER#">
<br>Get Request
<cfset x = GetHttpRequestData()> 
<cfdump var="x">

Dump result



Session Expiration (barring inactivity): 479 minute(s)
Client Address:
SSO Protocol: urn:oasis:names:tc:SAML:2.0:protocol
Identity Provider:
Authentication Time: 2017-11-30T14:48:48.255Z
Authentication Context Class: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
Authentication Context Decl: (none)

affiliation: 2 value(s)
entitlement: 1 value(s)
eppn: 1 value(s)
persistent-id: 1 value(s)
unscoped-affiliation: 2 value(s)
Answers to

ColdFusion / Shibboleth - REMOTE_USER

nr: #1 dodano: 2017-11-30 17:11

I believe that ColdFusion doesn't expose every possible CGI variable in the <cfdump>, only the most common ones. That doesn't mean you can't access what appear to be missing CGI variables directly. Try changing your dump to specifically target the one you need, like:

<cfdump var="#CGI.HTTP_REMOTE_USER#">

If it still isn't being written to the CGI scope, you might be able to access that specific request header variable through the the page request using getHTTPRequestData().

Source Show
◀ Wstecz