CA Single Sign On Secure Proxy Server (SiteMinder)CA Single Sign On Agents (SiteMinder)CA Single Sign On Federation (SiteMinder)CA Single Sign On SOA Security Manager (SiteMinder)SITEMINDER
Issue/Introduction
Having a SSO setup with partnership application, and giving an error message 403
From the fiddler trace respose textview we could see the following reason for the line with the 403 error:
<h1>HTTP Status 403 – Forbidden</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Request Forbidden. Transaction ID: 2b90d625-f5f067ec-00b0051a-4af90ba6-bc9eb3c3-fb failed.</p><p><b>Description</b> The server understood the request but refuses to authorize it.</p>
Searching for the transaction id (2b90d625-f5f067ec-00b0051a-4af90ba6-bc9eb3c3-fb) in smtracedefault.log we could see "Policy is blocked by time"
[03/06/2020][21:03:56][4128][2b90d625-f5f067ec-00b0051a-4af90ba6-bc9eb3c3-fb][IsAuthorized.cpp:680][CSm_Az_Message::IsAuthorized][samlsp:<POLICY>][][][<USER>][][][][Authorizing user...] [03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1453][CSmAz::IsOk][samlsp:<POLICY>][][][<USER>][][][][Start of user policy analysis for realm.] [03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1546][CSmAz::IsOk][samlsp:<POLICY>l][][][][][][][Check the Policy.] [03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1587][CSmAz::IsOk][samlsp:<POLICY>][][][][][][][Check the Rule] [03/06/2020][21:03:56][4128][][SmAuthorization.cpp:809][CSmAz::TestPolicy][samlsp:<POLICY>][][][][][][][Evaluating policy...] [03/06/2020][21:03:56][4128][][SmAuthorization.cpp:823][CSmAz::TestPolicy][samlsp:<POLICY>][][][][][][][Policy is blocked by time] [03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1726][CSmAz::IsOk][samlsp:<POLICY>][][][][][][][Policy is not applicable. Skipped.] [03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1854][CSmAz::IsOk][][][][][][][][IsOk? No.]
Customer had all the checkboxes in the time restriction for the partnership unchecked. Pressed "Always Allow" button so all checkboxes were checked then finished and activated the partnership.