Chrome users getting CSRF token verification failed errors

[Spencer Thomas]

I have seen this in multiple paths – not in Shibboleth login, but only because I rarely do that. I have not seen an uptick in complaints from our users, but I will ask our support team to be on the lookout. With an average of 30K Shibboleth logins a day, I would expect that at least a few users might be affected.

On 4/6/22, 5:18 PM, "users" <users-bounces at shibboleth.net> wrote:

>>>>>Caution: This message did not originate from within Ithaka's email system. Please use caution when opening attachments and following links within this message.<<<<<

We've recently (last day or so) seen an uptick in Chrome users getting
CSRF token verification failed errors.  Wondering if anyone else is
seeing this.

In some cases it looks like it might be a Chrome extension that is
interfering (possibly an Adobe extension but there's not enough data to
say for sure).

In the current incarnation, using incognito mode or a different Chrome
profile(?) works fine (which tends to support the extension interference
hypothesis).

--
%%  Christopher A. Bongaarts   %%  cab at umn.edu          %%
%%  OIT - Identity Management  %%  http://umn.edu/~cab  %%
%%  University of Minnesota    %%  +1 (612) 625-1809    %%

--
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20220407/0c5089bb/attachment.htm>