grouper-users - Re: [grouper-users] Grouper UI error
Subject: Grouper Users - Open Discussion List
List archive
- From: Rahul Doshi <>
- To: "Sachdeva, Vivek" <>, "" <>
- Subject: Re: [grouper-users] Grouper UI error
- Date: Thu, 13 Nov 2014 20:24:05 +0000
- Accept-language: en-US
|
Hi Vivek,
I was seeing similar error in my apache log and also saw CSRF error in grouper_error.log. Removing setting for css.additional in grouper-ui.properties resolved my problem.
[13/Nov/2014:15:00:47 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/home.do HTTP/1.1" 16469 [13/Nov/2014:15:00:48 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "POST /grouper/grouperExternal/public/OwaspJavaScriptServlet HTTP/1.1" 55 [13/Nov/2014:15:00:49 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperUi/app/UiV2Main.index?operation=UiV2Main.indexMain HTTP/1.1" 13390 [13/Nov/2014:15:00:49 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperExternal/public/OwaspJavaScriptServlet HTTP/1.1" 14036 [13/Nov/2014:15:00:49 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperUi/app/grouper/cmu-general-purpose.css HTTP/1.1" - [13/Nov/2014:15:00:49 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=csrf&OWASP_CSRFTOKEN=Z3AW-DVUA-Y768-MEI3-LWZ9-7Y4Y-AJZZ-56C7 HTTP/1.1" 5684 [13/Nov/2014:15:00:50 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "POST /grouper/grouperExternal/public/OwaspJavaScriptServlet HTTP/1.1" 55 [13/Nov/2014:15:00:50 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperUi/app/UiV2Main.folderMenu?root HTTP/1.1" 872 [13/Nov/2014:15:00:50 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperUi/app/UiV2Main.folderMenu?root HTTP/1.1" 872 [13/Nov/2014:15:00:50 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "POST /grouper/grouperUi/app/UiV2Main.indexMain HTTP/1.1" 27526 [13/Nov/2014:15:06:52 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "POST /grouper/grouperUi/app/UiV2Stem.viewStem?stemId=f9992f677dc948fb8da0c37eb9d3e666 HTTP/1.1" - [13/Nov/2014:15:06:52 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=csrf&OWASP_CSRFTOKEN=3P0O-DAWJ-CEUG-KPD5-ZAKQ-BCHP-K1WS-ZRW7 HTTP/1.1" 5684 [13/Nov/2014:15:06:52 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=csrf&OWASP_CSRFTOKEN=3P0O-DAWJ-CEUG-KPD5-ZAKQ-BCHP-K1WS-ZRW7 HTTP/1.1" 5684 [13/Nov/2014:15:06:52 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperExternal/public/assets/js/grouperUi.js HTTP/1.1" - [13/Nov/2014:15:06:52 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperExternal/public/OwaspJavaScriptServlet HTTP/1.1" 14036 [13/Nov/2014:15:06:52 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperExternal/public/grouper/cmu-general-purpose.css HTTP/1.1" - [13/Nov/2014:15:06:52 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "GET /grouper/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=csrf&OWASP_CSRFTOKEN=S7DV-4OMF-R9TQ-WJ4M-HPGJ-AJED-WT7V-TKZ8 HTTP/1.1" 5684 [13/Nov/2014:15:06:52 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "POST /grouper/grouperExternal/public/OwaspJavaScriptServlet HTTP/1.1" 55 [13/Nov/2014:15:06:52 -0500] 172.31.25.57 TLSv1.2 ECDHE-RSA-AES256-SHA384 "POST /grouper/grouperExternal/public/UiV2Public.postIndex?function=UiV2Public.error&code=csrf&OWASP_CSRFTOKEN=3P0O-DAWJ-CEUG-KPD5-ZAKQ-BCHP-K1WS-ZRW7 HTTP/1.1” 5171
2014-11-13 15:06:52,229: [TP-Processor1] ERROR CsrfGuardLogger.log(47) - - potential cross-site request forgery (CSRF) attack thwarted (user:, ip:172.31.25.57, method:GET, uri:/grouper/grouperExternal/public/grouper/cmu-general-purpose.css, error:required token is missing from the request)
Thanks,
Rahul
From: <Sachdeva>, Vivek <>
Date: Wednesday, November 12, 2014 at 10:47 PM To: "" <> Subject: Re: [grouper-users] Grouper UI error I just noticed in the logs:
Referer domain <ucla server.edu>/grouperUi/grouperUi/appHtml/grouper.html?operation=Misc.index does not match request domain: http://localhost:8080/grouperUi/grouperExternal/public/OwaspJavaScriptServlet
I am trying to find out that how does it pick localhost.
Can the reason be that on dev server tomcat is behind apache??
Any ideas??
Thanks,
Vivek
From: vivek sachdeva <>
Date: Wed, 12 Nov 2014 21:44:40 +0000 To: "" <> Subject: [grouper-users] Grouper UI error Hi,
A few days ago, I integrated Grouper Ui with Shibboleth. Now, When I click on the Lite UI link, it throws error and page is redirected to:
grouperUi/grouperExternal/public/UiV2Public.index?operation=UiV2Public.postIndex&function=UiV2Public.error&code=csrfg&OWASP_CSRFTOKEN=ICM4-CS43-BGQ1-RBDS-XWBZ-SQXO-Q86U-1O8N
On the UI, it shows:
$$not found: errorCode_csrfg$$
Did anyone also encounter the same issue?
On Localhost, where I use basic authentication, it works fine. I am using version 2.2.
Thanks,
Vivek
|
- [grouper-users] Grouper UI error, Sachdeva, Vivek, 11/12/2014
- Re: [grouper-users] Grouper UI error, Sachdeva, Vivek, 11/13/2014
- Re: [grouper-users] Grouper UI error, Scott Koranda, 11/13/2014
- Re: [grouper-users] Grouper UI error, Sachdeva, Vivek, 11/14/2014
- RE: [grouper-users] Grouper UI error, Chris Hyzer, 11/13/2014
- Re: [grouper-users] Grouper UI error, Sachdeva, Vivek, 11/13/2014
- Re: [grouper-users] Grouper UI error, Rahul Doshi, 11/13/2014
- Re: [grouper-users] Grouper UI error, Scott Koranda, 11/13/2014
- Re: [grouper-users] Grouper UI error, Sachdeva, Vivek, 11/13/2014
Archive powered by MHonArc 2.6.16.