Cybersecurity
DevOps Cloud (ADM)
IT Operations Cloud
Summary
None idle / active user session with the Access Gateway expires on IDP after configured Contract Authentication Timeout
Products
Access Manager (NAM)
Environment
NetIQ Access Manager Version 4.5.6
NetIQ Access Manager Version 5.0.3
Situation
CSRFDetectionFilter has been enabled on all IDP cluster nodes within the "/opt/novell/nids/lib/webapp/WEB-INF/web.xml" as below
<filter>
<filter-name>CSRFDetectionFilter</filter-name>
<filter-class>com.novell.nidp.servlets.filters.csrf.CSRFDetectionFilter</filter-class>
<description>This filter is used to detect CSRF attacks in NIDS, for an authenticated session</description>
<init-param>
<param-name>active</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>exclude</param-name>
<param-value>metadata</param-value>
</init-param>
<init-param>
<param-name>RefererWhitelist</param-name>
<param-value></param-value>
</init-param>
<init-param>
<param-name>RequestWhitelist</param-name>
<param-value>GET</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CSRFDetectionFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Read Knowledge Base Article for full situation, cause and resolution
URL Name
KM000012041