After 10.5 Build 10509 : [com.adventnet.iam.security.IAMSecurityException] ... IAMSecurityException ErrorCode: BROWSER_COOKIES_DISABLED, RequestURI: "/api/v3/requests/3491/share"

After 10.5 Build 10509 : [com.adventnet.iam.security.IAMSecurityException] ... IAMSecurityException ErrorCode: BROWSER_COOKIES_DISABLED, RequestURI: "/api/v3/requests/3491/share"

I guess it is a bug of your security framework since upgrading to 10.5 Build 10509.

The same python script of request sharing stopped accidentally working since upgrading.

I had to discover on my own for possible evidences and found out in /opt/ServiceDeskPlus-MSP/logs the following (in serverout0.txt)

1. 
   
2. [13:48:55:471]|[07-26-2020]|[com.manageengine.servicedesk.v3api.utils.SDPAPIUtil]|[SEVERE]|[64]: BROWSER_COOKIES_DISABLED|
   
3. com.adventnet.iam.security.IAMSecurityException: BROWSER_COOKIES_DISABLED
   
4.         at com.adventnet.iam.security.ActionRule.validateCSRFToken(ActionRule.java:1309)
   
5.         at com.adventnet.iam.security.ActionRule.validate(ActionRule.java:1447)
   
6.         at com.adventnet.iam.security.URLRule.validateURLRule(URLRule.java:411)
   
7.         at com.adventnet.iam.security.SecurityFilter.doFilter(SecurityFilter.java:199)
   
8.         at com.manageengine.servicedesk.filter.SdpSecurityFilter.doFilter(SdpSecurityFilter.java:300)
   
9.         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
   
10.         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
11.         at com.adventnet.servicedesk.filter.AccountUrlFilter.doFilter(AccountUrlFilter.java:38)
    
12.         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
13.         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
14.         at org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:350)
    
15.         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
16.         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
17.         at com.adventnet.servicedesk.filter.RememberMe.doFilter(RememberMe.java:125)
    
18.         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
19.         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
20.         at com.adventnet.servicedesk.authentication.NTLMV2CredentialAssociationFilter.doFilter(NTLMV2CredentialAssociationFilter.java:37)
    
21.         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
22.         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
23.         at com.adventnet.servicedesk.authentication.NTLMV2Filter.doFilter(NTLMV2Filter.java:222)
    
24.         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
25.         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
26.         at com.adventnet.filters.ParamFilter.doFilter(ParamFilter.java:30)
    
27.         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
28.         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
29.         at com.adventnet.authentication.filter.AssociateCredential.doFilter(AssociateCredential.java:61)
    
30.         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
31.         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
32.         at com.manageengine.servicedesk.filter.MethodFilter.doFilter(MethodFilter.java:65)
    
33.         at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    
34.         at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    
35.         at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
    
36.         at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    
37.         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
    
38.         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
    
39.         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
    
40.         at com.adventnet.servicedesk.tools.AuthenticateNtlm.invoke(AuthenticateNtlm.java:179)
    
41.         at com.adventnet.servicedesk.tools.LoginCookiesValveBase.invoke(LoginCookiesValveBase.java:249)
    
42.         at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:240)
    
43.         at org.apache.catalina.valves.StuckThreadDetectionValve.invoke(StuckThreadDetectionValve.java:206)
    
44.         at com.manageengine.servicedesk.valves.SDPStuckThreadDetectionValve.invoke(SDPStuckThreadDetectionValve.java:65)
    
45.         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
    
46.         at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
    
47.         at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:800)
    
48.         at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
    
49.         at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)
    
50.         at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)
    
51.         at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    
52.         at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    
53.         at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    
54.         at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    
55.         at java.lang.Thread.run(Thread.java:748)
    
56. 
    

Browser cookies? Disabled?

I scanned through cat securitylog*.txt | grep "IAMSecurityException ErrorCode" and found this exception started appearing sicne the date we upgraded onto 10509

• Topic Participants

• Alexey

• Nirmal D

  

New to M365 Manager Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Live chat
• Workshops
• Contact support

New to M365 Manager Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Live chat
• Workshops
• Contact support

New to RecoveryManager Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Roadmap
• Workshops
• Contact support
• Live chat

New to RecoveryManager Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Roadmap
• Workshops
• Contact support
• Live chat

New to Exchange Reporter Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Workshops
• Live chat
• Contact support

New to Exchange Reporter Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Workshops
• Live chat
• Contact support

New to SharePoint Manager Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Workshops
• Live chat
• Contact support

New to SharePoint Manager Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Workshops
• Live chat
• Contact support

See all integrations

New to ADManager Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Roadmap
• Workshops
• Contact support
• Live chat
  

See all integrations

New to ADManager Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Roadmap
• Workshops
• Contact support
• Live chat
  

New to ADSelfService Plus?

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Roadmap
• Workshops
• Contact support
• Live chat
  

Start your free trial

Resources

• Guides
• What's new
• How-tos
• Latest build
• Roadmap
• Workshops
• Contact support
• Live chat
  

Related Products

• ADAudit Plus
• AD360
• ADSelfService Plus
• RecoveryManager Plus
• M365 Manager Plus
• Exchange Reporter Plus
• Log360

• ADManager Plus
• Log360
• ADSelfService Plus
• EventLog Analyzer
• DataSecurity Plus
• AD360
• Exchange Reporter Plus

• AD360
• ADManager Plus
  
• ADAudit Plus
  
• Exchange Reporter Plus
  
• M365 Manager Plus
  
• RecoveryManager Plus
  
• SharePoint Manager Plus
  

• Log360
• Log360 cloud
• ADAudit Plus
• DataSecurity Plus
• Exchange Reporter Plus
• CSP
• AD360

• ADManager Plus
  
• ADAudit Plus
  
• ADSelfService Plus
  
• M365 Manager Plus
  
• EventLog Analyzer
• AD360
  
• Log360
  

• AD360
  
• ADManager Plus
• ADAudit Plus
• M365 Manager Plus
• SharePoint Manager Plus
  
• ADSelfService Plus
• Log360

• ADManager Plus
• ADAudit Plus
• AD360
  
• RecoveryManager Plus
• ADSelfService Plus
• Exchange Reporter Plus
  
• Log360

• ADManager Plus
• AD360
• ADAudit Plus
• ADSelfService Plus
• M365 Manager Plus
• RecoveryManager Plus
• Exchange Reporter Plus
  

• ADAudit Plus
• EventLog Analyzer
• Log360
• ADManager Plus
• ADSelfService Plus
• Exchange Reporter Plus
• AD360

• ADManager Plus
• ADAudit Plus
• ADSelfService Plus
• M365 Manager Plus
• RecoveryManager Plus
• Exchange Reporter Plus
• Log360

• EventLog Analyzer
• ADAudit Plus
• Log360 cloud
• DataSecurity Plus
• Exchange Reporter Plus
• CSP
• AD360

• ADManager Plus 
• ADAudit Plus
• ADSelfService Plus  
  
• EventLog Analyzer
• Exchange Reporter Plus
• DataSecurity Plus
• Office365 Manager Plus
• RecoveryManager Plus
• SharePoint Manager Plus 
• Log360