search

morincer / teamcity-plugin-saml

The plug-in adds ability to authenticate users by SAML-based SSO providers (like Okta, Onelogin etc.)
MIT License
24 stars 16 forks source link

New CSRF protection in TC 2020.1 #38

Closed dafanasiev closed 4 years ago

dafanasiev commented 4 years ago

There is some changes in TS since 2020.1: https://www.jetbrains.com/help/teamcity/csrf-protection.html

So, latest plugin say (on POST /app/saml/callback phase):

403 Forbidden: Responding with 403 status code due to failed CSRF check: authenticated POST request is made, but neither tc-csrf-token parameter nor X-TC-CSRF-Token header are provided.. For a temporary workaround, you can set internal property teamcity.csrf.paranoid=false  and provide valid Origin=https://my-teamcity-site.net header with your request
dafanasiev commented 4 years ago

The same issue: https://github.com/JetBrains/teamcity-azure-active-directory/issues/48

morincer commented 4 years ago

Thanks for reporting the issue, but I guess there's no much I can do here - the CSRF protection is not something a plugin can have influence to.

If you think there's something I should do around it - re-open the defect