Hope all are doing good.
I need quick help, one of my 'abc' using csrf tokens creation,can you please let me know how to generate and configure csrf token in API gateway, I checked below link but i am not getting ..
Protect Against Cross-Site Request Forgery Assertion - CA API Gateway - 9.2 - CA Technologies Documentation
can you please let me know how to create Csrf token step by step ?
Thanks in advance.
To test the Cross Site Request Forgery, you will need to do the following:
1) Publish a new service on the gateway with the URI: /csrf
2) Import the attached policy to the new service
3) Send a POST request to the service using soapUI with the following settings:Target Address: http://<FWDN for the gateway>:8080/csrf?foo=barHeader: Cookie, Value: foo=bar
First Request will look likeCSRF Token: barCached Token:
Second Request will draw back the cached tokenCSRF Token: barCached Token: bar
4) Next change the Cookie value and parameter from foo=bar to foo=baz (This will cause the policy to fail as the CSRF token is invalid)
Note: This is a rudimentary example that will demonstrate how to create the workflow that can be incorporated into other services.