grouper-users - [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas)

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas)

From: "Hyzer, Chris" <>
To: Akki Kumar <>
Cc: "" <>
Subject: [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas)
Date: Wed, 3 May 2017 16:49:30 +0000
Accept-language: en-US
Authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=isc.upenn.edu;
Ironport-phdr: 9a23:Z2mDaBCr+lSqEfnwDQfhUyQJP3N1i/DPJgcQr6AfoPdwSPX5rsbcNUDSrc9gkEXOFd2CrakV1ayL4uu5ATZIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSijewZbJ/IA+2oAjVucUanJduJrgswRbVv3VEfPhby3l1LlyJhRb84cmw/J9n8ytOvv8q6tBNX6bncakmVLJUFDspPXw7683trhnDUBCA5mAAXWUMkxpHGBbK4RfnVZrsqCT6t+592C6HPc3qSL0/RDqv47t3RBLulSwKMSMy/mPKhcxqlK9VoAyvqQFjw4DaY4+VOvhxfqLBctwVXmdORNpdWzBbD4+gc4cCDewMNvtYoYnnoFsOqAOzCQeuCuLvyz5HmGX20bUn2Ok/EQHGxg0gH8kAvH/Jq9j1MbsdUeC1zajJ0zrDdehb2Tbm6IfUaBwhvOmMUqx2ccrX00UgCR7KjkiJpIHjIjib2OMNs22B4OphU+Kik2EnqwZ2ojigwscjlJPFiZ4SylDB7Sl5wYA1JcGmR05hZ96rDodQuz+AO4RoX8wiXnlkuCI9yr0Jtp60YjIKxI45yBHCdvyKdZWD7BH7VOuJPzt0mXNodKixihqs60Ss1+7xWtWu3FtFqidJisTAu34R2xDJ7sWLV+Fx8lm81TuLzQzf9+NJLEEymKHGMZAu2KQwmYAWsUnbHi/5hkH2jKiOe0s85uWm7Pjrb7v/qpKBNYB4lBjyMqM1lcOhG+g4NRUOX3SA9uS7yb3j+1D2TK9Sjv0slanZrI7VKtgHpq64BA9V1Jwv6xGiDze61NQYmn4HLFFfdB2biIjpPknCIPH+Dfihn1ShiClny+3HM7H7DJjBMGLPnKricLph8UJRxw4+wcha551OC7EBJPzzWlX2tNzdFhI5NhC7w+bnCdR8yIweQ3mCAq6CMKzOq1OI+/ovLPeKZI8TojryNeUq5+P2gX8jhVAdZbWp3YcQaH2gEfRmOUKZYWf0gtgfC2cGpxc+TPf0h12YSj5efHKyX6Mn5jEnE4KqE53PRoGrgLydwii7BJtWaX5aClySC3vnaZiLW+pfIB6Vd+ZikT1MdqWkQpVpgRirvR37zbV+M+fP5iwfs4m7jIdd6OjalBV0/jtxWZezyWaIGitUj3EFXXt+96BloFc3ggOG2qhpkfFCPd1I7LVUSgo8M9jRw/EsWIO6YR7IYtrcEAXued6hGzxkFt8=
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

Look at WEB-INF/grouperPatchStatus.properties

You should have success for each patch here:

https://spaces.internet2.edu/display/Grouper/v2.3+Release+Notes

Especially the UI patch 7, which fixes this problem:

https://bugs.internet2.edu/jira/browse/GRP-1405

So… do they say success or do you need to run the installer again to apply the patches? J

If its hard to tell please sent that file along J

Thanks

Chris

From: Akki Kumar [mailto:]
Sent: Wednesday, May 03, 2017 12:46 PM
To: Hyzer, Chris <>
Cc:
Subject: Re: CSRF Error (Grouper 2.3.0 login w/ Cas)

Hi Chris,

Added Owasp.CsrfGuard.overlay.properties file to below link:

https://drive.google.com/open?id=0BwgGnZC7vA-6dHhLNWpFMmVvSVU

Thank you,

Akki

On Wed, May 3, 2017 at 12:01 PM, Hyzer, Chris <> wrote:

Please send me the file:

/tmp/grouperInstaller_v2_2_3/grouper.ui-2.3.0/dist/grouper/WEB-INF/classes/Owasp.CsrfGuard.overlay.properties

Thanks

Chris

From: Akki Kumar [mailto:]
Sent: Wednesday, May 03, 2017 10:08 AM
To: Hyzer, Chris <>
Cc:
Subject: Re: CSRF Error (Grouper 2.3.0 login w/ Cas)

Hi Chris,

Thank you for the prompt reply. Below link contains grouper logs from today (after starting tomcat). Also, during Grouper 2.3.0 installation, the installer ran and added all patches without any errors.

https://drive.google.com/open?id=0BwgGnZC7vA-6dHhLNWpFMmVvSVU

Note: The logs files, grouper_bench.log & grouper_debug.log are empty.

Thank you,

Akki

On Wed, May 3, 2017 at 8:56 AM, Hyzer, Chris <> wrote:

Are you fully patched? Stop tomcat, delete all logs, put this in log4j.properties:

log4j.logger.edu.internet2.middleware.grouper.ui.GrouperUiFilter = DEBUG

start tomcat, and send all logs.

Thanks

Chris

From: Akki Kumar [mailto:]
Sent: Tuesday, May 02, 2017 3:06 PM
To: Hyzer, Chris <>
Cc:
Subject: CSRF Error (Grouper 2.3.0 login w/ Cas)

Hi Chris,

I installed Grouper 2.3.0 (Fresh Installation) and Tomcat 8.5.12. After login to the Grouper, UI displays below error:

Maybe your session timed out and you need to start again. This should not happen under normal operation. CSRF error.

I clicked on the "start over" link and I get below error:

You have an anonymous session since you are not logged in, but this section requires you to be logged in. Maybe No username found. Your identity provider might not be sending your username to this application. Either you need to use a different identity provider, or ask your IT department to send your username to this application.

As per below ticket (GRP-996), CSRF bug is fixed in 2.2.0, but the error is still showing up for the Grouper 2.3.0. What configuration are needed to fix this issue?

https://bugs.internet2.edu/jira/browse/GRP-996

Thank you,

Akki

[grouper-users] CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/02/2017
- [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas), Hyzer, Chris, 05/03/2017
  - [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017
    - [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas), Hyzer, Chris, 05/03/2017
      - [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017
        
        [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas), Hyzer, Chris, 05/03/2017
        
        [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017
        
        [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017

List archive

[grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas)