Previous Topic: Protect an Existing Environment After UpgradeNext Topic: CA SiteMinder Integration

Configuration GuideCA IdentityMinder ProtectionProtection from CSRF Attacks

Protection from CSRF Attacks

CA IdentityMinder is enhanced to improve the resistance to Cross-Site Request Forgery (CSRF) attacks. By default, the enhancement is disabled in CA IdentityMinder.

To enable the enhancement:

  1. Open the web.xml file located in the following location: 
    application-server/iam_im.ear/user_console.war/WEB-INF
  2. Find the <context-param> element with <param-name> csrf-prevention-on.
  3. Set the <param-value> to true.
  4. Restart the application server.