Orchestrator throws error "empty or invalid anti forgery token" while logging in

Orchestrator throws error "empty or invalid anti forgery token" while logging in.

In <system.web> section of the Orchestrator's web.config file, set the key 'httpOnlyCookies' to 'false'

<system.web>
  <httpCookies requireSSL="True" httpOnlyCookies="false" />

</system.web>

 

Steps to follow in order to check if httpOnlyCookies is enabled or not:

  • Open Chrome > Go to 'Dev Tools' > click on the Application tab and choose Cookies in the left panel
  • Delete all cookies in the right panel
  • Close Chrome
  • Open Chrome > browse to Orchestrator's web app > Open Dev Tools > access Application\Cookies
  • Check which cookies have a check mark on the 'HTTP' column
  • Take a screenshot and e-mail it to Tech Support  

T** The XSRF-TOKEN should not have a check mark, thus enforcing httpOnlyCookies
 

  • While still in Dev Tools > login to Orchestrator > go to the 'Network' tab in Dev Tools
  • Click on 'login' in the left panel
  • Check if set-cookie response header contains 'httponly'
  • Version: 2018.1.x