-
Titel
Some custom Web Interface scripts or direct URLs to specific areas of Web Interface no longer functioning after upgrading -
Beschreibung
After an upgrade, when attempting to navigate directly to any URL in the Active Roles Web Interface that is not the default home page, the page fails to load and the following error may be displayed:
{"State":1,"ErrorMessages":["Invalid Request Error: The possible reasons for the error may be the security policy compliance settings or session time out. Refresh the page or navigate to the Home page to continue. For more information, please contact Administrator for Enhanced Security policy on Active Roles Web Interface."],"Arguments":null}
This error may also be encountered by custom Web Interface script modules documented in the Active Roles SDK, such as the sample noted under the section titled "Reloading the Web Interface"
-
Ursache
Product design change. Active Roles 7.4 introduced a new security feature to prevent Cross-Site Request Forgery (CSRF). -
Lösung
One Identity recommends leaving the configuration in place to enhance site security. However, these settings can be modified in the web.config file for the appropriate Active Roles site.
Please see the Enabling CSRF section of the Active Roles Administration Guide.
NOTE: If you enable the CSRF settings, you can not copy the URLs of any other page and open them in a new tab or a new window on the browser. You can not open the bookmarked URLs also.