Skip to Content.
Sympa Menu

grouper-users - [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas)

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas)


Chronological Thread 
  • From: "Hyzer, Chris" <>
  • To: Akki Kumar <>
  • Cc: "" <>
  • Subject: [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas)
  • Date: Wed, 3 May 2017 12:56:27 +0000
  • Accept-language: en-US
  • Authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=isc.upenn.edu;
  • Ironport-phdr: 9a23:6ZoolBaOQKU/kbZacevOb6L/LSx+4OfEezUN459isYplN5qZrsi+bnLW6fgltlLVR4KTs6sC0LuI9f2xEjFcqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLdzIRmsrQjcssYajIttJ60s1hbHv3xEdvhMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTDQhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlSEKPCM7/m7KkMx9lKJVrgy8qRxjzYDaY4+VO/h/fqzBctwXXnBOUtpNWyFbHo+wc4kCAuwcNuhYtYn9oF4OoAOwCQeuBOLuyyFHhmXu0aYnzekhERvG3A07H94ArX/Zq9D1O7sSUeG1zajH0y/DYuhX2Tfm9IfEaA0hoemSUrJ2d8rd01cgGB7YjliJr4HuIj2b1uMIs2eB7upgU/qii28hqwFtvDev3MEshZfVho4L0FzL6zh2wJstKd28T057btGkH4VKty2AKYR5X94iTmd1syg50r0LoYC3czIWxJg6whPTduGLf5WN7xLtW+udPSt0iXdndb2hiBu+702tx+jiWsWo0VtGtjdJn9fQunwX0xHf99KLRuVg8kqlwzqDygLe5+BCLEspj6TUMYQhzaQ1lpcLsUTMACv2mELugaGOakgq/fSk5/n+brj7pJCQKZZ4igblPaswgMC/Bvk4MhQVUGic5OS80qDs8VfhQLVQif02jrfWv4zGJcQaoa65BRVZ0oE+6xajCzem19MYnXodIF1ZfxKHipDlO1DIIP/mEfeym0qgny13y/zbO7DtH4jBImXGnbfvcrtx91JQxQ8xwN9B6J9YFLQMLfftVkPttdHUFho5PBa1w+bjBtV9zIQeWWeXD6+cLKzSsV+J5+MxLOmWf4IVuS39JOQ/6/7zlX82h1kdfa+z0ZQJdX+4A+xqI1+Fbnr0ntcBDWAKsxIxTOzwj12CTCZTaGioX64l+zE7E5ypDZ3YRo22hLyB3Ty7HoFNZmxYEFyMEHHod5maVPcWbiKdPNNhniIeWbe/VoAhyELmiAiv4rlkL6L35ygRr9q33d189ezVmggv+CdoDsObyDnVEEl7m2oJQ3k926Up8mJnzVLWm4hpkfFCUZR45+lISU1yYZvXz/1oBsraWxnKOMqRRVCgBNiqHGdiHZoK39YSbhMlSJ2ZhRfZ0n/yDg==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

Are you fully patched?  Stop tomcat, delete all logs, put this in log4j.properties:

 

log4j.logger.edu.internet2.middleware.grouper.ui.GrouperUiFilter = DEBUG

 

start tomcat, and send all logs.

 

Thanks

Chris

 

From: Akki Kumar [mailto:]
Sent: Tuesday, May 02, 2017 3:06 PM
To: Hyzer, Chris <>
Cc:
Subject: CSRF Error (Grouper 2.3.0 login w/ Cas)

 

Hi Chris,

 

I installed Grouper 2.3.0 (Fresh Installation) and Tomcat 8.5.12. After login to the Grouper, UI displays below error:

 

Maybe your session timed out and you need to start again. This should not happen under normal operation. CSRF error.


I clicked on the "start over" link and I get below error:

You have an anonymous session since you are not logged in, but this section requires you to be logged in. Maybe No username found. Your identity provider might not be sending your username to this application. Either you need to use a different identity provider, or ask your IT department to send your username to this application.

 

As per below ticket (GRP-996), CSRF bug is fixed in 2.2.0, but the error is still showing up for the Grouper 2.3.0. What configuration are needed to fix this issue?

 

 

Thank you,

Akki




Archive powered by MHonArc 2.6.19.

Top of Page