cancel
Showing results for 
Search instead for 
Did you mean: 

Remote SSO CSRF

New Contributor

Remote SSO CSRF

Hello,

i am trying to do a Remote SSO to our Request Tracker i cannot login because when doing the HTTP i am just sending the Username and the Password. On the Login Page a new CSRF Token (hidden form field 'next') is generated on every request. How can i read this and add it to the Remote SSO POST?

thanks for your help!

regards
Andreas
2 REPLIES 2
Moderator

Re: Remote SSO CSRF

If that field is required and is not generated dynamically when the credentials are passed, POST-based SSO will not work.
If you look at the dsrecord, are all the other POST values present?
New Contributor

Re: Remote SSO CSRF

yes, the form field requiers username, password and the hidden field.

is there another method how to achieve this?