Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Remote SSO CSRF

andys
andys
New Contributor
‎04-21-2017 06:40:AM
‎04-21-2017 06:40:AM

Remote SSO CSRF

Hello,

i am trying to do a Remote SSO to our Request Tracker i cannot login because when doing the HTTP i am just sending the Username and the Password. On the Login Page a new CSRF Token (hidden form field 'next') is generated on every request. How can i read this and add it to the Remote SSO POST?

thanks for your help!

regards
Andreas
0 Kudos
Reply
2 REPLIES 2
zanyterp
Moderator
Moderator
‎04-21-2017 11:21:AM
‎04-21-2017 11:21:AM

Re: Remote SSO CSRF

If that field is required and is not generated dynamically when the credentials are passed, POST-based SSO will not work.
If you look at the dsrecord, are all the other POST values present?
0 Kudos
Reply
andys
andys
New Contributor
‎04-21-2017 12:17:PM
‎04-21-2017 12:17:PM

Re: Remote SSO CSRF

yes, the form field requiers username, password and the hidden field.

is there another method how to achieve this?
0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.