After applying CF3 on PIM 12.8, the User cannot log in to Enterprise Management WebUI

Document ID : KB000033547
Last Modified Date : 14/02/2018
Show Technical Document Details

Symptoms:

During the Privileged Identity manager (PIM) upgrade to CF3 and following the "128_CF3-Deployment-Windows-Manual-Instructions.htm" procedure in "ManualStepsWithoutPatcher.zip", logging into EntM fails on step 29.

 

The following message appears on WebUI:
-----
You have successfully logged out.
-----

The following error appears in server.log:
-----
[Error] potential cross-site request forgery (CSRF) attack thwarted (user:<anonymous>, ip:0:0:0:0:0:0:0:1,method:%request_method%, uri:/iam/ac/ca12/index.jsp, error:required token is missing from the request)
-----


Cause:

After a manual upgrade, two CSRF related files "csrfguard-3.0.0.jar" and "csrfguard-3.1.0.jar" can be located under

"<JBoss>\server\default\deploy\IdentityMinder.ear\user_console.war\WEB-INF\lib", however only "csrfguard-3.1.0.jar" is only used with 12.8 CF3.

 

Workaround:

To address this issue, stop JBoss and remove (or move to other directory) "csrfguard-3.0.0.jar" and restart JBoss.