Layer7 API Management

  • Private Community

  • 1.  How to Generation CSRF Token Generation

    Posted Aug 29, 2017 12:24 AM
      |   view attached

    Hi All,

    Hope all are doing good.

    I need quick help, one of my 'abc' using csrf tokens creation,can you please let me know  how to generate and configure csrf token  in API gateway, I checked below link but i am not getting ..

    Protect Against Cross-Site Request Forgery Assertion - CA API Gateway - 9.2 - CA Technologies Documentation 

    can you please let me know how to create Csrf token step by step ?

     

    Thanks in advance.

    -Sudhakar

    Attachment(s)

    zip
    csrf_synchronizer_token_pattern.xml.zip   1 KB 1 version


  • 2.  Re: How to Generation CSRF Token Generation

    Broadcom Employee
    Posted Nov 23, 2018 03:28 PM
      |   view attached

    Good afternoon,

     

    To test the Cross Site Request Forgery, you will need to do the following:

    1) Publish a new service on the gateway with the URI: /csrf

    2) Import the attached policy to the new service

    3) Send a POST request to the service using soapUI with the following settings:
    Target Address: http://<FWDN for the gateway>:8080/csrf?foo=bar
    Header: Cookie, Value: foo=bar

    First Request will look like
    CSRF Token: bar
    Cached Token:

    Second Request will draw back the cached token
    CSRF Token: bar
    Cached Token: bar

    4) Next change the Cookie value and parameter from foo=bar to foo=baz (This will cause the policy to fail as the CSRF token is invalid)

     

    Note: This is a rudimentary example that will demonstrate how to create the workflow that can be incorporated into other services. 

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support

    Attachment(s)

    zip
    csrf_synchronizer_token_pattern.xml.zip   1 KB 1 version