TrueSight Infrastructure Management 10 Operations Console redirects to blank page after login.

Version 1
    Share:|

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    TrueSight Infrastructure Management


    COMPONENT:

    TrueSight Operations Management


    APPLIES TO:

    BMC TrueSight Infrastructure Management 10.0. BMC TrueSight Operations Management 10.1.



    PROBLEM:

    TrueSight Infrastructure Management 10.0 has Cross-Site Request Forgery check enabled to avoid attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.

    So even if users try to login to TSIM console with valid credentials, CSRF check does not allow users to navigate through the TrueSight application and displays blank page instead.

    For more information on CSRF i.e. Cross-Site Request Forgery, kindly refer documentation at below links.
    1) http://en.wikipedia.org/wiki/Cross-site_request_forgery
    2) https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29


    SOLUTION:

    In order to be able to access TSIM console, CSRF script must be disabled by commenting out CSRF section in web.xml file located in %BMC_PROACTIVENET_HOME%\tomcat\webapps\pronto\WEB-INF\ directory.

    Change CSRF section from line 63 to 72

        <!-- Start : CSRF (Cross site request forgery) Header Referer Check Filter -->
        <filter>
            <filter-name>SCRFHeaderRefererFilter</filter-name>
            <filter-class>com.proactivenet.servlet.CSRFHeaderRefererCheckFilter</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>SCRFHeaderRefererFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        <!-- End : CSRF(Cross site request forgery) Header Referer Check Filter -->

    To

        <!-- Start : CSRF (Cross site request forgery) Header Referer Check Filter -->
        <!--
        <filter>
            <filter-name>SCRFHeaderRefererFilter</filter-name>
            <filter-class>com.proactivenet.servlet.CSRFHeaderRefererCheckFilter</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>SCRFHeaderRefererFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
        -->
        <!-- End : CSRF(Cross site request forgery) Header Referer Check Filter -->

    Note: Ensure above section is commented properly and web.xml file does not contain any syntax errors by opening web.xml file in any web browser which has built-in XML parser and validator.

    After this restart TrueSight Infrastructure management server and try to login to TSIM operational console.

     


    Article Number:

    000101271


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles