Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-34044: Rest API HTTP Header Requirement in 20.2

Privileged Access Service ,  

2 October,21 at 04:36 AM

Centrify Privileged Access Service version 20.2 introduces a security enforcement of a value in all HTTP headers when communicating with the Centrify Platform REST APIs. This is an added security measure to prevent cross-site scripting.

Who should be concerned with this?
  • Customers using the SIEM integration tool, Centrify Syslog Writer.  Customers not familiar with Syslog Writer, see the documentation page for additional information.
  • Customers using the REST APIs without the recommended value in the HTTP header.
What is the impact, if changes are not made?
  • Centrify Syslog Writer will fail with a “Redrock/Query request to tenant was unsuccessful” error.
  • Centrify REST API calls will fail with an “HTTP 401 Unauthorized Access” error. 
What customer action is needed?
  1. Update to the new version of Centrify Syslog Writer found on the Centrify Download Center. It can be found by clicking on the TOOLS AND PLUGINS tab, then under the SIEM integrations section. You may need to click “LOAD MORE” to see it. Note, this new version will be available when 20.2 is released.
  2. Update your REST API code to include the following HTTP header value: “X-CENTRIFY-NATIVE-CLIENT: True”. For more information, refer to the “Setting HTTP headers” section on our Centrify Developers webpage
What alternative actions are there?
Customers who need additional time to update the Centrify Syslog Writer or change their REST API code can temporarily disable this enhanced security feature on their tenant by going to Settings -> Authentication -> Security Settings and unchecking Origin Validation under API Security. Note, this setting is included in 20.2 and later releases.