"Error: CSRF_VALIDATION_FAILED" message appears on the EEM login screen. Does it indicate a serious problem?
The Security settings in EEM r12.0 will warn when launching multiple instance of EEM UI on the same browser.
For example, when you check the 'Change Password at next login' option with a specific user on the EEM UI and login the SDM by the user, the password expired message will appear. On the browser, when you input the EEM UI url and open the EEM login screen, this warning message appears.
The UI session is created by EEM login page. At the time of session creation the CSRF code is generated by EEM UI. So, when SDM is trying to redirect using a URL there is no way SDM can generate a CSRF code. Hence the current behavior will be as per design.
This is just a warning message, the user can still logon to EEM. So you can ignore this message.
Also, when Service Desk Manager redirects to the EEM change password screen for the 'Change Password at next login', you will go to the EEM login screen on GA version.
However, later versions of EEM will force Service Desk Manager to redirect to the EEM Change password screen directly without showing the EEM login screen.
Hence, you will not see the warning message "Error: CSRF_VALIDATION_FAILED" because EEM login page will not appear at that timing.