Leverage CSRF in Web Services Connector Ad-hoc request to internal middleware system

Is there a workaround or alternate method to use a CSRF token in a workflow through the HTTP request action which requires an access token, either through using custom authentication or oauth2.0, given the response for the request that retrieves the CSRF token is obscured in the header?

Use case:

• Web Service integration is set up between IdentityNow and SAP HR, through the SAP Cloud Foundry Integration Suite. IdentityNow is integrated with Cloud Foundry through a Web Service connector
• An access request workflow is being prepared to allow for ad-hoc update of the SAP HR record based on an API call to assign a role that is made from an ITSM system. The workflow calls an API in Cloud Foundry Integration Suite which requires a cookie and CSRF token as part of the request header. This is fetched using a separate call which expects the receive back the CSRF token in a header field. Since the CSRF token is stripped from the response header, the request is failing.
• The GET requests for the connector do not require a CSRF token, but the POST commands do require the CSRF token.

Is there an alternate approach that can be taken to allow the CSRF token to be used?

Hi @margocbain , not a better solution but did you try fetching CSRF token from one HTTP Request, store it in a variable in the next workflow step and then use the CSRF token along with access token in the next HTTP Request?

Unfortunately the token is returned in the header, which is not available because IdentityNow is stripping the header for security measures by design (see - [IdentityNow] HTTP request Workflow response headers return as "null" - Customer Support). Do you have any other recommendations?

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.