IIS 7 and Above
HttpPlatformHandler and REMOTE_USER
Last post Feb 06, 2019 10:57 AM by Malosh
Mar 08, 2016 09:43 AM|MartinSilkjaer|LINK
Im trying to setup a ruby on rails site with and SSO plugin using REMOTE_USER, but HttpPlatformHandler don't pass the username to the application.
The site is running, this is the only part not working, this is my webconfig.
<environmentVariable name="Path" value="D:\Redmine\Ruby\bin;D:\Redmine\Ruby\devkit\bin;%Path%" />
<environmentVariable name="RAILS_ENV" value="production" />
<environmentVariable name="REDMINE_LANG" value="en" />
Mar 24, 2016 05:50 PM|clarkjim|LINK
I'll second this thread as well because HttpPlatformHandler definitely needs a mechanism to pass remote or authenticated user info. My own issue is that I run Rails under HeliconZoo and IIS authentication is set to certificate required because every user
has their own unique ID certificate. In Rails, I can look in the environment and specifically at CERT_SUBJECT and CERT_ISSUER to find out who authenticated. Under HttpPlatformHandler there is no equivalent so we can't use it in production. Hopefully in 1.3
it will add the authentication info or cert to the request headers.
May 18, 2018 06:15 PM|TxIceMan|LINK
Is there any update to this? If httpplatformhandler is no longer being developed, Microsoft should just come out and say so. I am looking for the httpplatformhandler to pass the REMOTE_USER adn AUTH_USER variables as well.
Feb 06, 2019 10:57 AM|Malosh|LINK
I' ve encountered the same problem. Getting IIS -> httpPlatformHandler -> Rails server (Redmine) -> SSO (via plugin) to work together seems almost impossible. Everything is running fine, authentication works, only the REMOTE_USER and other variables like it
(AUTH_USER, LOGON_USER) get lost during the IIS -> Redmine transfer in HttpPlatformHandler. Using URL rewrite module and others like it to create new custom header with needed value doesn't seem to work for it runs before user authenticates, so REMOTE_USER
is not filled up yet.
I've set passWindowsAuth to "true" and it passed me a header HTTP_X_IIS_WINDOWSAUTHTOKEN with value 228.
Any idea what that might mean? Or how to extract user identity out of it? This looks like a dead end...