Release : 8.2.02 and 9.1
Component : AuthMinder(Arcot WebFort)
RiskMinder( Arcot Riskfort)
In later versions of Advanced Authentication product, We by default disabled the X-Forwarded-For header, in ARCOT_HOME/conf/afm/arcotafm.proprties file please check this-
# X-FORWARDED-FOR functionality parameters
To capture the end user IP address make the value as 'true' and once that is done, it will take the application server restart for making this change to come into effect.