InvalidCSRFTokenError

[mjcloutier]

Hello,

The application using samly in dev mode is authenticating fine with Okta but when it redirects back to the app I am getting:

Plug.CSRFProtection.InvalidCSRFTokenError at POST /sso/auth/signin/okta_heimdall invalid CSRF (Cross Site Request Forgery) token, make sure all requests include a valid '_csrf_token' param or 'x-csrf-token' header

Does CSRF need to be disabled or is there a setting I am missing or possibly the redirect is wrong?

[mjcloutier]

Closing this out it seems the redirect URL was setup wrong in Okta needed to post to /sp/consume route.