Login to applications with CSRF-tokens
Some applications provide login forms that have a hidden field with some random value in it. This random value is generated by the application by every request and must match during the POST of the form. This prevents CSRF attacks, because an attacker cannot know the random token. Therefore we need two steps. First we use a "CSRF From Token Extraction Step" that extracts the hidden value holding the form token. Then we use the "HTTP POST On Behalf Login Step" that POSTs the form using the username, password and CSRF-token from the shared information of the steps. Be sure to select "Store Password In Session Ticket" option in the "Security Settings" such that the password is available.