Uploaded image for project: 'Identity Gateway'
  1. Identity Gateway
  2. OPENIG-2243

AM 6 default CSRF Protection switch breaks Policy Enforcement Filter

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 5.5.0, 6.0.0
    • Fix Version/s: 5.5.1, 6.0.0
    • Component/s: OpenAM
    • Labels:
    • Sprint:
      OpenIG Sprint 120

      Description

      When using the default configuration of AM 6, there is a new setting "Enable CSRF Protection"; see AME-10874. As a result of this setting being enabled, the Policy Enforcement Filter fails to call the AM endpoints for either authentication as the PEP user or for policy evaluation calls.

      IG should supply either the X-Requested-With http header or the Accept-API-Version header when issuing these calls, so that this setting does not cause them to be rejected.

        Attachments

          Activity

            People

            • Assignee:
              guillaume.sauthier Guillaume Sauthier
              Reporter:
              jake.feasel Jake Feasel
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: