Hi Isuru, The reason might the java version you're using.
You can update the Owasp.CsrfGuard.Carbon.properties file, which is in $APIM_HOME/repository/conf/security folder with the bellowing entry to ignore this error, IMO it's better if you use the proper java version. org.owasp.csrfguard.unprotected.mgtconsolelogin=%servletContext%/carbon/admin/* Thanks, Iqbal On Wed, Nov 22, 2017 at 3:08 PM, Isuru Uyanage <[email protected]> wrote: > Hi All, > > I'm using wum updated pack (wso2am-2.1.0.1511201090302) for API Manager. > After APIM server is started with the fresh pack, I can navigate to > Management Console. But once I'm trying to log in with admin credentials, I > cannot log in. The error is as below. > > Error: 403 Forbidden > JavaLogger potential cross-site request forgery (CSRF) attack thwarted > (user:<anonymous>, ip:10.100.5.136, method:POST, > uri:/carbon/admin/login_action.jsp, > error:required token is missing from the request) > > Affected Product Version: > wum updated pack: wso2am-2.1.0.1511201090302.zip > > Environment details and versions: > > macOS High Sierra > Version 10.13.1 > Google Chrome: Version 62.0.3202.94 (Official Build) (64-bit) > Firefox: 57.0 > > Any thoughts about this are highly appreciated. > > > *Thanks and Best Regards,* > > *Isuru Uyanage* > *Software Engineer - QA | WSO2* > *Mobile : **+94 77 <+94%2077%20767%201807> 55 30752* > *LinkedIn: **https://www.linkedin.com/in/isuru-uyanage/ > <https://www.linkedin.com/in/isuru-uyanage/>* > > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Irham Iqbal Software Engineer WSO2 phone: +94 777888452 <http://wso2.com/signature>
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
