Configuration Guide › CA IdentityMinder Protection › Protection from CSRF Attacks

Protection from CSRF Attacks

CA IdentityMinder is enhanced to improve the resistance to Cross-Site Request Forgery (CSRF) attacks. By default, the enhancement is disabled in CA IdentityMinder.

To enable the enhancement:

1. Open the web.xml file located in the following location:

   application-server/iam_im.ear/user_console.war/WEB-INF
   

2. Find the <context-param> element with <param-name> csrf-prevention-on.
3. Set the <param-value> to true.
4. Restart the application server.