Orchestrator throws error "empty or invalid anti forgery token" while logging in.
In <system.web> section of the Orchestrator's web.config file, set the key 'httpOnlyCookies' to 'false'
<system.web>
<httpCookies requireSSL="True" httpOnlyCookies="false" />
</system.web>
Steps to follow in order to check if httpOnlyCookies is enabled or not:
- Open Chrome > Go to 'Dev Tools' > click on the Application tab and choose Cookies in the left panel
- Delete all cookies in the right panel
- Close Chrome
- Open Chrome > browse to Orchestrator's web app > Open Dev Tools > access Application\Cookies
- Check which cookies have a check mark on the 'HTTP' column
- Take a screenshot and e-mail it to Tech Support
T** The XSRF-TOKEN should not have a check mark, thus enforcing httpOnlyCookies
- While still in Dev Tools > login to Orchestrator > go to the 'Network' tab in Dev Tools
- Click on 'login' in the left panel
- Check if set-cookie response header contains 'httponly'
- Version: 2018.1.x