Policy Xpress REST call fails with Forbidden, errCode 403
search cancel

Policy Xpress REST call fails with Forbidden, errCode 403


Article ID: 138470


Updated On:


CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite


After configuring REST PX on 14.3 is failing with the below error while doing a TEST:

Error during PX TEST:

The test has failed to run with following error: "Failed invoking REST operation: '<HTML><HEAD><TITLE>Secure Proxy Server - Error Report</TITLE><style>body { font-family: verdana, Georgia, Arial, "Times New Roman", Times, serif; }</style></HEAD><BODY><H1><center>Secure Proxy Server - Error Report</center></H1><H2>Error Details</H2><TABLE><TR VALIGN="TOP"><TD><H3>Request URI</H3></TD><TD>:</TD><TD>/test-user-service/api/test/users</TD></TR><TR VALIGN="TOP"><TD><H3>Error Type</H3></TD><TD>:</TD><TD>SPS Exception</TD></TR><TR VALIGN="TOP"><TD><H3>Error Code</H3></TD><TD>:</TD><TD>WebAgentException</TD></TR><TR VALIGN="TOP"><TD><H3>Error Message</H3></TD><TD>:</TD><TD>Web agent has thrown error. More details in SPS logs.</TD></TR></TABLE></BODY></HTML>' " which was caused by "Forbidden". 

The Web Agent trace on the SPS shows "Missing required cookies, exiting" error message.

The same Xpress Policy Worked fine in IDM 12.6.8.


In IDM 12.6.x , PX REST API makes two separate requests. In 14.x the product was modifed and sends only one call, which leaves out the "Cookie: SMCHALLENGE=YES" setting from being sent to REST url.


Add a parameter in PX's DATA tab.

In the Xpress Policy's Data tab,

Near the bottom there is an Add Parameter option.

Click to Add Parameter and enter and save the following parameter: