Skip to Content
0

CSRF token validation failed error after triggering Push Notification

Oct 16, 2017 at 07:46 PM

89

avatar image
Former Member

Hello Team,

We are working on SAP UI5 application which is working in Offline and Online.

We are using Odata Gateway service for communication between Mobile application and SMP.

SMP Version=SMP 3.0.10.0 SP10

We implemented Push Notification functionality using SMP and Google firebase.

But when any new Notification pushed from application then all our Post services gets failed and it shows “CSRF token validation failed” message.

SMP logs:-

#2.0#2017-10-16 04:19:56 PM#ERROR#ApplicationSettings#401##Other#1508150996616002#df02b142-73ca-4710-ad85-402c9648ecc3#com.sap.breakdown#com.sap.mobile.platform.server.online.filter.application.AbstractSMPApplicationSettingsHandler:doInternalFilter########569#####401:Unauthorized#

#2.0#2017-10-16 04:19:56 PM#WARNING#ApplicationSettings###Security#1508150996616001#df02b142-73ca-4710-ad85-402c9648ecc3#com.sap.breakdown#com.sybase.security.http.HttpAuthenticationLoginModule:login########569#####Anonymous authentication is not supported. #

If we restart the SMP then it works fine but if again any Push Notification fired then we get same error again.

Below are the changes we implemented in SMP for Push Notification:-

We already using one security profile SAP_SSO3 with application authentication HTTP/HTTPS and for Push notification we implemented notification security profile with System Login as shown below

issue1.png (95.3 kB)
issue2.png (35.9 kB)
10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Akos Grabecz
Nov 06, 2017 at 12:58 PM
0

This CSRF message can occur for a lot of reasons, but the main issue is that the used controller CSRF token is not right (mismatched or empty). There was a bug in SP10 that is fixed in SP10 PL07. But there are other cases as well and a lot of them is documented. As you know your environment better I think you should search for the error message in SAP's knowledge base. There are some points:

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=469631432

https://launchpad.support.sap.com/#/notes/2506871

https://launchpad.support.sap.com/#/notes/2292046

Ákos

Share
10 |10000 characters needed characters left characters exceeded