We are trying to set up the RSA IMG 6.9.1 AFX Rest Module to manage users via an API with csrfguard turned on. We are unable to parse cookies from the headers of the response. It looks like AFX is parsing a cookie from internal communication between the modules, instead of the actual session cookie from the communication with the endpoint. csrfguard requires that the cookie be presented in any POST commands done with the session. I have tried using basic authentication as well, so see if it could match the token with that instead, but it looks like the session cookie needs to be extracted. Has anyone been able to successfully parse a cookie from http headers in RSA IMG 6.9.1?
This actually appears to be the underlying software in AFX (Mule ESB) that does this. I logged defect ACM-103476 for this.