Classification: UNCLASSIFIED Caveats: NONE Chris,
It looks to me like the policy server is sending an HTTP request using the GET method. John -----Original Message----- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Tuesday, August 28, 2012 12:13 PM To: Tomcat Users List Subject: Re: Custom Header Fields are Missing after SiteMinder Redirect (UNCLASSIFIED) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John, On 8/27/12 7:25 PM, Lowman, John Mr CTR USA AMC wrote: > I hope someone out there has some insight regarding the problem that > I'm about to describe. All custom request header fields that are added > via the SiteMinder policy server are being stripped (intentionally or > accidentally) from the request header after passing through the Apache > Tomcat "isapi_redirect.dll" ISAPI filter. > > We have a website running on IIS and ColdFusion 10 that is protected > using SiteMinder. When a web request comes in, SiteMinder intercepts > the request and performs a HTTP 302 redirect to the policy servers for > authentication. After successful authentication, the policy server > adds some custom fields, such as "userid" and "mail", to the request > header and fires it back to our web server. When you say "fires it back" ... how does it do that? Is it proxying or doing another redirect (which sounds like it wouldn't work). - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAlA87iIACgkQ9CaO5/Lv0PCzBQCfUDdZV0png3PzwWoba5ZognXt Cp8AoLm+WYPFKNMthpEw4lWibyyAdjQ6 =YM3y -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Classification: UNCLASSIFIED Caveats: NONE
