cgi.remote_user is populated, but not cgi.auth_user

Description

Per adobe’s docs, these are basically the same thing. I see code in lucee’s CGIImpl class for remote_user, but there is nothing populating auth_user other than the default empty string.

https://helpx.adobe.com/coldfusion/cfml-reference/reserved-words-and-variables/cgi-environment-cgi-scope-variables/cgi-server-variables.html

I assume we just need this line added in:

if (key.equals(KeyConstants._auth_user)) return store(key, toString(req.getRemoteUser()));

https://stackoverflow.com/questions/853006/difference-between-auth-user-and-remote-user-cgi-variables

Attachments

1

Activity

Monster 
18 July 2024 at 14:51

I was on 6.0.0.585. The issue happened after upgrading to 6.0.3.1, and resolved after downgrading back to 6.0.0.585. I believe this issue was introduced by this PR in 6.0.1.64.

We use passthrough Windows authentication with the Negotiate provider. Auth_user is the only one that gets populated.

Auth_user and remote_user must be populated by different methods, or in our environment remote_user would also have a value.

Pothys - MitrahSoft 
18 July 2024 at 12:24

Which version do you have? Could you please give me more details to reproduce the issue?

Monster 
17 July 2024 at 22:06
(edited)

In our environment, remote_user is never populated, but user_auth is. This PR broke our apps by setting user_auth to a blank value, which stopped them from retrieving user data.

Pothys - MitrahSoft 
8 February 2024 at 05:29

I've checked this issue with Lucee version 6.0.1.64-SNAPSHOT. Now cgi.remote_user data is also successfully available as cgi.auth_user. So I'm closing this ticket.

Michael Offner 
7 February 2024 at 14:48

please give this a try and set it to resolved when okay.

Fixed

Details

Assignee

Reporter

Labels

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Sprint

Fix versions

Priority

Created 3 August 2022 at 20:33
Updated 18 July 2024 at 14:51
Resolved 8 February 2024 at 05:30