grouper-users - [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas)
Subject: Grouper Users - Open Discussion List
List archive
- From: Akki Kumar <>
- To: "Hyzer, Chris" <>
- Cc: "" <>
- Subject: [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas)
- Date: Wed, 3 May 2017 13:06:12 -0400
- Ironport-phdr: 9a23:BPRwkxKTWG/pHJgWndmcpTZWNBhigK39O0sv0rFitYgfK/nxwZ3uMQTl6Ol3ixeRBMOAuqwC1rud6vi9EUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQtFiT68bL9oLBi7qQrdutQKjYZiN6081gbHrnxUdupM2GhmP0iTnxHy5sex+J5s7SFdsO8/+sBDTKv3Yb02QaRXAzo6PW814tbrtQTYQguU+nQcSGQWnQFWDAXD8Rr3Q43+sir+tup6xSmaIcj7Rq06VDi+86tmTgLjhSEaPDA77W7XkNR9g6BVoByhqRJxwJPabp+JO/dlZKzRYckXSHBdUspNVSFMBJ63YYsVD+oGOOZVt5Xwp1gNrRu/GAKiAf7vyjpSiX/swKY31P4uEQTc0w0hHtIOtnvUrMzoNKgMSuC10KjIzTLFb/NNxTvx9IrFfwsuofGJR71wcM7RxVMzGAPCi1WdsIroNC6b2OQKtmiU9etgVeS3hm4orAFxpTevxsMyhYXTmo0VzVXE+T14wIYzOd23VlR7Ydi6H5tMqS2WLZV5Td4/Q21wvCY6zbIGuZGlcygQ0pgo2QPQa+GBfoOV4RzjTP6cLSl5iX55er+yghiy/Eu7xeHgU8S530pGojZYndTJqn8Byxje582CR/dj4Euh1zCC3B3J5O5eO0A7j6/bJoYhwrEukpoTtlzOHirsl0X3iK+ab1wk+uu05+j+bbTquIGQN4FuhgHxNaQuncO/AeAmPQQUQ2eb/uG82KXi/U3/XrpKkuU7nrfYvZzGJ8kWo6C5DgxO3Yo/7huyACuq3MgFknQCMF1JZBaKgo3sNl3QPvz4A++zg1G2nzdqw/DGMKfhApLILnXbirjheKxy6k9dyAo1wtBf/o9UBa8aIPLvW0/xs9rYDgQlPwCowevqE9p91oYEVmKOBq+VKr/dsViN5u43OemDeJcVuCrhK/gi//PugmU5mVgAfamxw5QXcmm0Hul9I0qHe3rsmcwMEWMLvgolUOzqk0OOXSRSZ3a0Q6Iz+Cs7CIS4AoffWIyhmqKO0zqmHs4eWmcTQHCdA3ryM82vW+0Nc2jadspqki0WWKKJSpQqkwy2uQn8jbdrM7yH1DcfsMfK19t0r87OkBgovWh9Cs2P0meCVnx5hX8JQDkthPggiUN4w1aHl6N/hqoLRpRo+/pVX1JiZtbnxOtgBoWqVw==
Look at WEB-INF/grouperPatchStatus.
properties
You should have success for each patch here:
https://spaces.internet2.edu/
display/Grouper/v2.3+Release+ Notes
Especially the UI patch 7, which fixes this problem:
https://bugs.internet2.edu/
jira/browse/GRP-1405
So… do they say success or do you need to run the installer again to apply the patches? J
If its hard to tell please sent that file along J
Thanks
Chris
From: Akki Kumar [mailto:]
Sent: Wednesday, May 03, 2017 12:46 PM
To: Hyzer, Chris <>
Cc:
Subject: Re: CSRF Error (Grouper 2.3.0 login w/ Cas)
Hi Chris,
Added Owasp.CsrfGuard.overlay.
properties file to below link:
Thank you,
Akki
On Wed, May 3, 2017 at 12:01 PM, Hyzer, Chris <> wrote:
Please send me the file:
/tmp/grouperInstaller_v2_2_3/
grouper.ui-2.3.0/dist/grouper/ WEB-INF/classes/Owasp. CsrfGuard.overlay.properties
Thanks
Chris
From: Akki Kumar [mailto:]
Sent: Wednesday, May 03, 2017 10:08 AM
To: Hyzer, Chris <>
Cc:
Subject: Re: CSRF Error (Grouper 2.3.0 login w/ Cas)
Hi Chris,
Thank you for the prompt reply. Below link contains grouper logs from today (after starting tomcat). Also, during Grouper 2.3.0 installation, the installer ran and added all patches without any errors.
Note: The logs files, grouper_bench.log & grouper_debug.log are empty.
Thank you,
Akki
On Wed, May 3, 2017 at 8:56 AM, Hyzer, Chris <> wrote:
Are you fully patched? Stop tomcat, delete all logs, put this in log4j.properties:
log4j.logger.edu.internet2.
middleware.grouper.ui. GrouperUiFilter = DEBUG
start tomcat, and send all logs.
Thanks
Chris
From: Akki Kumar [mailto:]
Sent: Tuesday, May 02, 2017 3:06 PM
To: Hyzer, Chris <>
Cc:
Subject: CSRF Error (Grouper 2.3.0 login w/ Cas)
Hi Chris,
I installed Grouper 2.3.0 (Fresh Installation) and Tomcat 8.5.12. After login to the Grouper, UI displays below error:
Maybe your session timed out and you need to start again. This should not happen under normal operation. CSRF error.
I clicked on the "start over" link and I get below error:You have an anonymous session since you are not logged in, but this section requires you to be logged in. Maybe No username found. Your identity provider might not be sending your username to this application. Either you need to use a different identity provider, or ask your IT department to send your username to this application.
As per below ticket (GRP-996), CSRF bug is fixed in 2.2.0, but the error is still showing up for the Grouper 2.3.0. What configuration are needed to fix this issue?
Thank you,
Akki
- [grouper-users] CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/02/2017
- [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas), Hyzer, Chris, 05/03/2017
- [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017
- [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas), Hyzer, Chris, 05/03/2017
- [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017
- [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas), Hyzer, Chris, 05/03/2017
- [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017
- [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017
- [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017
- [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas), Hyzer, Chris, 05/03/2017
- [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017
- [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas), Hyzer, Chris, 05/03/2017
- [grouper-users] Re: CSRF Error (Grouper 2.3.0 login w/ Cas), Akki Kumar, 05/03/2017
- [grouper-users] RE: CSRF Error (Grouper 2.3.0 login w/ Cas), Hyzer, Chris, 05/03/2017
Archive powered by MHonArc 2.6.19.