Could not verify the provided CSRF token because your session was not found.

spring-attic / spring-security-saml

SAML extension for the Spring Security project

Other

419 stars 484 forks source link

Could not verify the provided CSRF token because your session was not found. #501

Closed sundarvc closed 3 years ago

sundarvc commented 3 years ago

Hi ,

I am new to Spring Security and when I run the sample app, after redirection I get this error in the sample app. Any thoughts?

Thanks, Sundar

jzheaux commented 3 years ago

Hi, @sundarvc. When you say "this error", I don't see anything in the ticket. Could you elaborate?

sundarvc commented 3 years ago

Hi Josh,

Thanks for responding to my question.

After I am authenticated, I see this error in my browser (url: http://localhost:8080/spring-security-saml2-sample/saml/SSO)

HTTP Status 403 – Forbidden Type Status Report Message Could not verify the provided CSRF token because your session was not found. Description The server understood the request but refuses to authorize it.

For this to work I had to disable csrf by placing in securityContext.xml. Any other suggestions ?

Thanks, Sundar

bedirachit commented 3 years ago

Yeah, I have the same issue.

jzheaux commented 3 years ago

Thanks for the report, @sundarvc and @bedirachit. I've posted a change to the sample, please let me know if that repairs the issue.