Version Affected: 19.07+
Description:
When a user opens multiple tabs to the same realm, one or both of the tabs can fail with an antiforgery error.
Cause:
In modern browsers, tabs are not isolated so the antiforgery value will change when the 2nd tab is opened but the first tab will still be expecting the older value.
Resolution:
This can mostly be resolved by User education. However, if you need a workaround which doesn't involve disabling antiforgery you can do the following:
1. Enable Custom Errors for the realm by navigating to the Logs tab in the Web Admin Console
2. Change the Custom Error page to Restart.aspx
This means that when you hit that error, instead of failing, it will restart the session and, if you have an SPStartURL set, it will go there.
This will solve the issue and also potentially stop the User from having to login a second time if they've already logged in on the other tab.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.