Feedback

Chorus Portal changes impact on robot users

Overview

Chorus will be upgrading one of the underlying software components of the Chorus Portal. These changes, which take effect on 6 May 2022 and 17 June 2022, are all non-functional, however if you use robots or macros to interact with Chorus Portal you will need to review and possibly change configurations.

 

What’s happening?

As part of our lifecycle upgrade programme of work for Chorus systems and applications, changes will be made to one of the software components that Chorus Portal uses. This ensures the systems is up-to-date and allows security improvements to be introduced. 

 

Key changes 

1.  Change one (6 May 2022)

Chorus Portal Logout URL is changed from “/saml/logout” to “/logout”, and http command for the Logout is changed from ‘Get’ to ‘Post’.

2.  Change two (17 June 2022) 

A change will be introduced in Chorus Portal to support Cross Site Request Forgery (CSRF) protection. When CSRF protection is enabled in Chorus Portal, every HTML page will have two new meta tags in the header, namely "_csrf", "_csrf_header". 

A client system communicating with Chorus Portal programmatically via HTTP commands will need to include a new HTTP header in every POST request (or pass it in the form data). The name of this header should be same as the "_csrf_header" tag value and the value of the header as the "_csrf" tag value. 

Login page request is an exception to this where these header values are not required.

These tag values can be obtained from HTML pages as illustrated in the sample below.

<html>

   <head>

      <meta name="_csrf" content="some value"/>

      <meta name="_csrf_header" content="some value"/>

...

   </head>

</html>

 

Next steps

Change one will be in EMMA on 12 April 2022. Change two will be in EMMA on 10 May 2022. Please check any robots or macros you use to interact with the Chorus Portal to ensure their operation will not be impacted by this change and if necessary make appropriate changes to ensure their continued operation.    

 

Contact

For any queries, please contact you Chorus account team.