SAP gateway unauthorized when trying to get a csrf token

SAP gateway we are getting 403 unauthorized when trying to get a csrf token.

The same username / password is working for read operations.

I've looked at some other posts in the sap forums and also posted there:

We are using http, but we have the login/ticket_only_by_https set to 0.

I also looked at the service and did not see the parameter ~CHECK_CSRF_TOKEN = 0 as described at:

The parameters list came up as blank.

Any other ideas?

I wrote a small c# program to just try to get the csrf token and it works against our test system but it is failing on a customer's system. I haven't been able to figure out why.


  • One way to fix it was to append the following to the URL: “?spnego=disabled”.

    I found this info at:

    2462330 - Your browser is not configured for using SPNego error on Fiori Client - FC/KAP Version 1 from 24 Apr 2017 in English Component:MOB-FC Priority:Normal Category:Problem Release Status:Released to Customer Rated Helpful: (2 people) Quality Rating:  DescriptionProductThis document is referenced byLanguagesRate This Document Symptom Attempting to connect Fiori Client iOS to Netweaver Gateway receives error "Your browser is not configured for using SPNego Press F5 (Page Refresh) to continue". Environment • Fiori Client 1.8.7 iOS • Netweaver Gateway with SPNego configured Reproducing the Issue 1. Configure Netweaver Gateway and Fiori Launchpad with SPNego (Negotiate) authentication. 2. Attempt to connect with iOS Fiori Client. 3. Observer error "Your browser is not configured for using SPNego". Cause Fiori Client on all platforms does not support SPNego (Negotiate) authentication. Resolution User added URL parameter spnego=disabled to Fiori URL and issue was resolved. Example: http://:/sap/bc/ui5_ui5/ui2/ushell/shells/abap/FioriLaunchpad.html/?spnego=disabled