Skip to Content

We are using SAP FIORI CLIENT with SMP3.0 but getting 'No CSRF token stored in session'

Dec 11, 2017 at 02:10 PM


avatar image

Hello All,

We are using custom SAP FIORI CLIENT with SMP3.0 . The application is getting authenticated with azure idp using saml and for backend authentication it used SSO mechanism.

Results -

1. application is getting registered in the SMP.

2. The ticket is getting generated for authentication in gateway, but getting the below error in smp - No csrf token stored in session for request with method [GET] and URI [/odata/applications/v4/<app_name>/$metadata].

Attaching the screen shot of the application setup in smp.

Please do have a look and give us some clue of what should be the issue.



10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

1 Answer

Ritushree Saha Dec 11, 2017 at 02:17 PM
    fiori_client_appConfig = {
        "appID": "<appId>",
        "fioriURLIsSMP": true,
				"": "",
				"": "/SAMLAuthLauncher",
				"": "finishEndpointParam"	

        "multiUser": false,

         "certificate": "",

         "autoSelectSingleCert": false,
         "communicatorId" : "REST",
         "passcodePolicy":  {

        "keysize": "",

        "idpLogonURL": "",

        "privacyPolicies": [
            {"id": "mycompany", "label": "<company name>", "url": "<company url>", "lastUpdated": "2016-11-21T00:00"}

        // Customization options for the Logon screens, uncomment to use

         * backgroundImage - Path to the background image used for logon screens
        "backgroundImage": "img/background.jpg",

         * styleSheet - Path to the css file used for logon screens
        "styleSheet": "../../../custom.css",

         * hideLogoCopyright - Boolean value to hide the logo and copyright text in the footer of logon screens
        "hideLogoCopyright": false,

         * copyrightLogo - Path to the logo image in the footer
        "copyrightLogo": "img/sapLogo.png",

         * copyrightMsg - An array of 2 strings to specify 2 lines of copyright text in the footer
        "copyrightMsg": ["<company name>.", "All rights reserved."],

         * disablePasscode - Boolean value to disable the passcode screen
         * Note this value should not be set when multi-user support is enabled.
        //"disablePasscode": false,

         * allowSavingFormCredentials - boolean value whether the user will be given an option to
         * save their credentials when using form authentication.  Defaults to false.
        "allowSavingFormCredentials": true,

         * enableCacheManager - Boolean value to enable/disable the CacheManager plugin.  The
         * default value is true.
        //"enableCacheManager": false,


smp-setup.png (207.0 kB)
10 |10000 characters needed characters left characters exceeded