Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas)

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas)


Chronological Thread 
  • From: Akki Kumar <>
  • To: "Hyzer, Chris" <>
  • Cc: "" <>
  • Subject: [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas)
  • Date: Wed, 3 May 2017 12:45:45 -0400
  • Ironport-phdr: 9a23:bggw6R1++Ws21sBDsmDT+DRfVm0co7zxezQtwd8ZseMXL/ad9pjvdHbS+e9qxAeQG96KtbQZ2qGP6/qocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbQhFgDuwbalyIRiyogndq9UajZV/Iast1xXFpWdFdf5Lzm1yP1KTmBj85sa0/JF99ilbpuws+c1dX6jkZqo0VbNXAigoPGAz/83rqALMTRCT6XsGU2UZiQRHDg7Y5xznRJjxsy/6tu1g2CmGOMD9UL45VSi+46ptVRTljjoMOTwk/2HNksF/jqxbrhKvqRJ83oDafp2aOeFkca/BZ94XX3ZNUtpTWiFHH4iyb5EPD+0EPetAs4T9pFgOrRqjDgepGePvzyVHhmXr1qA9yeshFBvJ3Q0hH9IIv3TUtcj1O7kJUeCpzanIyjPDb+hK1Tvh6oXFaR8hofSWUrJxdcrd01UgFwTAjliJr4HuIj2b1uMIs2eB7upgU/qii2EgqwF2rTivwtkjhpPViYISz1DI7SR5wIApJdKmUk57Z8CrEIdOuy2AKYR5X94iT3lsuCY9xb0GtoC0fDIQxJs52hHfdvqKeJWL7BL7TOudPzZ1iG5ndb+6iRa/8lOvxvH5W8S7zFpGsjdKn9zQuXwR0xHe782KRuVz80u93zuEyhrd5fteIU8ukKrWM54hzaA0lpoUqUnDGzX5mETyjKOPb0Uk+fSk5/3oY7n4qJKQK5V4ig75MqQplcy/Bfo3PhISUGic/OSwzLzj/UvnT7VWlvA6jKjUvIzYKMkeqK60ABRa3pom5huwEzuqzMkXkHwbI15ZfB+Kio3kN0/ALfzkFfu/hk6jkDZvx/DIJL3hBZDNI2DZn7fkZ7l86k9cyAw8zdBG+pJbFKoBIO7yWk/2stzYFQM1PxC2zuv8B9V905kRWWOLAqODLKzStlqI6vo1I+aQfI8VpCr9K/896v7hl385nkIdfbG30psNcXy4A+9mLFuDYXr3mdoBFWYKvhEiTOzxllGOSz9TZ3CuX60i/DE7DpypDZvdSoy3nrOOwTq7TdVqYTUMKkGeHG2sP66EQfYXImrGJ8Rhgy4JT5CgUIRnyAmjsgm8xrZ6eLn64Cod4Lvg19k9xPDWnAt6oTVxBtac1W6UUmxvgmIPQSRuhP9Xrkl0y1PF2q991a8LXedP7u9EB19pfaXXyPZ3Xoj/

Hi Chris,

Added Owasp.CsrfGuard.overlay.properties file to below link:


Thank you,
Akki


On Wed, May 3, 2017 at 12:01 PM, Hyzer, Chris <> wrote:

Please send me the file:

 

/tmp/grouperInstaller_v2_2_3/grouper.ui-2.3.0/dist/grouper/WEB-INF/classes/Owasp.CsrfGuard.overlay.properties

 

Thanks

Chris

 

From: Akki Kumar [mailto:]
Sent: Wednesday, May 03, 2017 10:08 AM
To: Hyzer, Chris <>
Cc:
Subject: Re: CSRF Error (Grouper 2.3.0 login w/ Cas)

 

Hi Chris,

 

Thank you for the prompt reply. Below link contains grouper logs from today (after starting tomcat). Also, during Grouper 2.3.0 installation, the installer ran and added all patches without any errors.

 

 

Note: The logs files, grouper_bench.log & grouper_debug.log are empty.

 

Thank you,

Akki

 

On Wed, May 3, 2017 at 8:56 AM, Hyzer, Chris <> wrote:

Are you fully patched?  Stop tomcat, delete all logs, put this in log4j.properties:

 

log4j.logger.edu.internet2.middleware.grouper.ui.GrouperUiFilter = DEBUG

 

start tomcat, and send all logs.

 

Thanks

Chris

 

From: Akki Kumar [mailto:]
Sent: Tuesday, May 02, 2017 3:06 PM
To: Hyzer, Chris <>
Cc:
Subject: CSRF Error (Grouper 2.3.0 login w/ Cas)

 

Hi Chris,

 

I installed Grouper 2.3.0 (Fresh Installation) and Tomcat 8.5.12. After login to the Grouper, UI displays below error:

 

Maybe your session timed out and you need to start again. This should not happen under normal operation. CSRF error.


I clicked on the "start over" link and I get below error:

You have an anonymous session since you are not logged in, but this section requires you to be logged in. Maybe No username found. Your identity provider might not be sending your username to this application. Either you need to use a different identity provider, or ask your IT department to send your username to this application.

 

As per below ticket (GRP-996), CSRF bug is fixed in 2.2.0, but the error is still showing up for the Grouper 2.3.0. What configuration are needed to fix this issue?

 

 

Thank you,

Akki

 





Archive powered by MHonArc 2.6.19.

Top of Page