-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John,
On 8/27/12 7:25 PM, Lowman, John Mr CTR USA AMC wrote: > I hope someone out there has some insight regarding the problem > that I'm about to describe. All custom request header fields that > are added via the SiteMinder policy server are being stripped > (intentionally or accidentally) from the request header after > passing through the Apache Tomcat "isapi_redirect.dll" ISAPI > filter. > > We have a website running on IIS and ColdFusion 10 that is > protected using SiteMinder. When a web request comes in, SiteMinder > intercepts the request and performs a HTTP 302 redirect to the > policy servers for authentication. After successful authentication, > the policy server adds some custom fields, such as "userid" and > "mail", to the request header and fires it back to our web server. When you say "fires it back" ... how does it do that? Is it proxying or doing another redirect (which sounds like it wouldn't work). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlA87iIACgkQ9CaO5/Lv0PCzBQCfUDdZV0png3PzwWoba5ZognXt Cp8AoLm+WYPFKNMthpEw4lWibyyAdjQ6 =YM3y -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
