Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Russell Welton (RussellW6092)
Vodafone UK Ltd

Vodafone UK Ltd
GB
RussellW6092 Member since 2018 5 posts
Vodafone UK Ltd
Posted: Sep 4, 2019
Last activity: Jan 24, 2020
Posted: 4 Sep 2019 3:58 EDT
Last activity: 24 Jan 2020 6:09 EST
Closed

CSRF Enablement Causes HTTP 400 Error on Attempted Login

Hi,

When enabling CSRF we are recieving a HTTP 400 error while attempting to login with users which do not belong to 2 of 6 user groups.

Error Description: The server cannot or will not process the request due to something that is perceived to be a client error (e.g., malformed request syntax, invalid request message framing, or deceptive request routing).

Alert found in PegaRULES-ALERT.log: Unable to create requestor

Without CRSF Enabled we are able to successfully login, and seems to be no correlation between the Access Group and the error as duplicating working User Groups shows the same error.

Has anyone come across this issue before?

***Moderator Edit-Vidyaranjan: Updated SR details***

To see attachments, please log in.
Pega Platform
Security
Support Case Exists

Posted: 4 years ago
Posted: 24 Jan 2020 6:09 EST
Krishnachandran Mohan (mohak8)
Pegasystems Inc.

If your server is maintained by pega cloud please raise it with them, or need to raise it with your infra team. the thing is it is redirect URL is containing some characters like "[[" which Tomcat doesn't like it., So this has to be corrected by infra team.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice