Hi, We are trying to use OIDC authentication with DSpace 7.5 All the required parameters are set according to the tutorial. ( https://wiki.lyrasis.org/display/DSDOC7x/Authentication+Plugins#AuthenticationPlugins-OpenIDConnect(OIDC)Authentication )
Authentication succeeds (we are using MS Azure), but after the redirect on the DSpace backend there is error 401. After analyzing the logs we suspect the source of the problem is that CSRF tokens are not handled properly, but it is unclear how and why they are lost. 2023-05-29 21:56:41,396 WARN unknown unknown org.dspace.app.rest.exception.DSpaceApiExceptionControllerAdvice @ Access is denied. Invalid CSRF token. (status:403 exception: Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-XSRF-TOKEN'. at: org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:127)) 2023-05-29 21:57:02,234 ERROR unknown unknown org.dspace.authenticate.OidcAuthenticationBean @ An error occurs retriving the OIDC user info (...) Is it possible to disable CSRF completely just for testing if everything else works OK? Thank you in advance, Csaba -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/d78ee66b-0f3a-4659-9fd7-8f4e36a7effcn%40googlegroups.com.
