Forum Discussion

PeterM's avatar
Icon for Nimbostratus rankNimbostratus
Apr 22, 2020



I am trying to do form based HTTP authentication. Form method is POST. I did wireshark (when connecting to server directly) and HTML form includes:






Username and password is OK. Submit is sent empty. The problem I have is with parameter _token. This parameter is taken from HTML response when entering the site:   <meta name="csrf-token" content="MrMacUlmD6vlcdZsuVP8csCakwAwXXgqaDqaIO1Q">\n and sent back during the authentication.


My question is: how get the token variable to the POST? Using iRules? Or is there easier way of doing it?


thank you

4 Replies

  • there are two types of form based SSO (you are doing SSO right?)


    you might want the client initiated one, there you wouldnt have to worry about the csrf-token issue


  • PeterM's avatar
    Icon for Nimbostratus rankNimbostratus

    Hi, no, I used Access -> Authentication -> HTTP. But if SSO is better then I use it.

  • I am using form based SSO, and I tried pass csrf_token as hidden parameter, still I am getting 403 forbidden error - CSRF verification failed. Request aborted. 

    Hidden parameters - csrf_token submit