search cancel

Username in REMOTE_USER not populated in IIS 6.0 access log for the v6.0 Siteminder Web Agent


Article ID: 54321


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On



After upgrading IIS 5.0 to IIS 6.0, the REMOTE_USER value that used to be available in IIS log (within the "cs-username" field) is missing in IIS 6.0. Even after setting Web Agent parameter 'SetRemoteUser' to 'YES', no username is shown in the access log.


The SiteMinder Web Agent for IIS 5.0 functions as an ISAPI filter only. IIS Server access logs are written after the Web Agent has processed the request, authenticates, and authorizes the user. The implementation of the Web Agent for IIS 6.0, however, functions as both an ISAPI filter and an ISAPI extension. For each request in IIS 6.0, web server access logs are written before the Web Agent has processed the request or challenged the user. Therefore, IIS 6.0 access logs are written before the Web Agent obtains the username, and there is presently no workaround to allow for this to occur.


Component: SMIIS