6 Replies Latest reply on Jun 11, 2015 4:10 PM by Ramesh Reddy

    X-CSRF-TOKEN mismatch

    Amit Singh Newbie

           I am using the odata translator to build a data federation module for SAP NW gateway.

      To create any entry in the sap table we need to exchange the csrf token , but looks like for each call the csrf token is new , and all the operations are failing.

       

      Please do let me know , if there is any way , I can maintain the same csrf token between the subsequent GET and POST call.

        • 1. Re: X-CSRF-TOKEN mismatch
          Ramesh Reddy Master

          Amit,

           

          BTW, there is OData based SAP translator in Teiid. You can see that at [1]. Yes this will be missing the X-CSRF-TOKEN. So, I suggest you extending this translator/connector to fix the issue. Can point me any documents on usage of this header token. If you can tell me on how one can obtain/refresh/usage of this token, I can probably direct you as to where this needs be fixed.

           

          You can contribute your work on this back to Teiid, and we will accept any changes.

           

          Thanks


          Ramesh..

           

          [1] teiid/SAPNWODataExecutionFactory.java at master · teiid/teiid · GitHub

          • 2. Re: X-CSRF-TOKEN mismatch
            Amit Singh Newbie

            Hi Ramesh,

             

            I agree with the fact that this implementation is missing from the SAP translator, so I have extended the same to make use of this header.

            The solution specified by SAP is to make a GET call first for the same URL to fetch the token and then set this token for subsequent POST call

             

            http://scn.sap.com/thread/3265491

             

            The issue even after doing this was , for each call either it is GET/POST , the session is different and my token gets invalidated. I think from WSConnectionImpl , for each request we are creating a new call.

            Once I resolved this issue , surely I can contribute to the Teiid.

             

            Thanks

            Amit

            • 3. Re: X-CSRF-TOKEN mismatch
              Amit Singh Newbie

              I have put the x-csrf-token as well as set-cookie both in the header after retrieving the values from GET call , but still it fails to validate.

              • 4. Re: X-CSRF-TOKEN mismatch
                Ramesh Reddy Master

                Amit,

                 

                The "WS" connector is based on HTTP, so it is stateless. So, it will create a new connection every time. This most definitely requires a new resource-adapter. The question I have is how is "x-csrf-token" related to user credentials? It was not clear from the thread. set-cookie is response header so it will not have any effect on the request, and more over Teiid does not keep track of cookies, and SAP does not pass the token in the form of  cookie either. This is some custom authentication flow that SAP defined.


                Ramesh..

                • 5. Re: X-CSRF-TOKEN mismatch
                  Amit Singh Newbie

                  Yes Ramesh,

                   

                  After looking at the WS connector it is clear that it is stateless and as far as SAP is concerned we definitely need a new resource adapter , as SAP has defined this flow for POST operations.

                  There is a possibility that this authentication should be disabled , We are trying to work-around the same.

                  Also x-csrf-token is not related to user credential , its just a best practice they are using for CRSF vulnerability.

                   

                  Thanks for the support.

                   

                  Amit

                  • 6. Re: X-CSRF-TOKEN mismatch
                    Ramesh Reddy Master

                    Ok, once you figure out let us know. If we need to make changes to resource-adapter or translator, we are open for the change. Just engage us back with what those need to be.

                     

                    Ramesh..