Error message 403 while using a partnership
Article ID: 186118
Updated On:
Products
CA Single Sign On Secure Proxy Server (SiteMinder)
CA Single Sign On Agents (SiteMinder)
CA Single Sign On Federation (SiteMinder)
CA Single Sign On SOA Security Manager (SiteMinder)
SITEMINDER
Issue/Introduction
Having a SSO setup with partnership application, and giving an error message 403
Environment
Release : 12.8.03
Component : SiteMinder Federation(Federation Manager)
Resolution
From the fiddler trace respose textview we could see the following reason for the line with the 403 error:
<h1>HTTP Status 403 – Forbidden</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Request Forbidden. Transaction ID: 2b90d625-f5f067ec-00b0051a-4af90ba6-bc9eb3c3-fb failed.</p><p><b>Description</b> The server understood the request but refuses to authorize it.</p>
Searching for the transaction id (2b90d625-f5f067ec-00b0051a-4af90ba6-bc9eb3c3-fb) in smtracedefault.log we could see "Policy is blocked by time"
[03/06/2020][21:03:56][4128][2b90d625-f5f067ec-00b0051a-4af90ba6-bc9eb3c3-fb][IsAuthorized.cpp:680][CSm_Az_Message::IsAuthorized][samlsp:<POLICY>][][][<USER>][][][][Authorizing user...]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1453][CSmAz::IsOk][samlsp:<POLICY>][][][<USER>][][][][Start of user policy analysis for realm.]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1546][CSmAz::IsOk][samlsp:<POLICY>l][][][][][][][Check the Policy.]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1587][CSmAz::IsOk][samlsp:<POLICY>][][][][][][][Check the Rule]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:809][CSmAz::TestPolicy][samlsp:<POLICY>][][][][][][][Evaluating policy...]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:823][CSmAz::TestPolicy][samlsp:<POLICY>][][][][][][][Policy is blocked by time]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1726][CSmAz::IsOk][samlsp:<POLICY>][][][][][][][Policy is not applicable. Skipped.]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1854][CSmAz::IsOk][][][][][][][][IsOk? No.]
Customer had all the checkboxes in the time restriction for the partnership unchecked. Pressed "Always Allow" button so all checkboxes were checked then finished and activated the partnership.
<h1>HTTP Status 403 – Forbidden</h1><hr class="line" /><p><b>Type</b> Status Report</p><p><b>Message</b> Request Forbidden. Transaction ID: 2b90d625-f5f067ec-00b0051a-4af90ba6-bc9eb3c3-fb failed.</p><p><b>Description</b> The server understood the request but refuses to authorize it.</p>
Searching for the transaction id (2b90d625-f5f067ec-00b0051a-4af90ba6-bc9eb3c3-fb) in smtracedefault.log we could see "Policy is blocked by time"
[03/06/2020][21:03:56][4128][2b90d625-f5f067ec-00b0051a-4af90ba6-bc9eb3c3-fb][IsAuthorized.cpp:680][CSm_Az_Message::IsAuthorized][samlsp:<POLICY>][][][<USER>][][][][Authorizing user...]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1453][CSmAz::IsOk][samlsp:<POLICY>][][][<USER>][][][][Start of user policy analysis for realm.]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1546][CSmAz::IsOk][samlsp:<POLICY>l][][][][][][][Check the Policy.]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1587][CSmAz::IsOk][samlsp:<POLICY>][][][][][][][Check the Rule]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:809][CSmAz::TestPolicy][samlsp:<POLICY>][][][][][][][Evaluating policy...]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:823][CSmAz::TestPolicy][samlsp:<POLICY>][][][][][][][Policy is blocked by time]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1726][CSmAz::IsOk][samlsp:<POLICY>][][][][][][][Policy is not applicable. Skipped.]
[03/06/2020][21:03:56][4128][][SmAuthorization.cpp:1854][CSmAz::IsOk][][][][][][][][IsOk? No.]
Customer had all the checkboxes in the time restriction for the partnership unchecked. Pressed "Always Allow" button so all checkboxes were checked then finished and activated the partnership.
Feedback
Yes
No
Powered by
