search cancel

OAuth Requests Failing in IE

book

Article ID: 190746

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

We have a peculiar issue where a OAuth request is failing on IE browser. Its throwing 403 request forbidden error when its calling postredirector.jsp page. The same request is working on Chrome. I don't find any meaningful entries in the logs either.

Environment

Release: ALL

Component : SITEMINDER FEDERATION

Cause

IE was refusing to follow the 302 redirect to the Target destination due to IE's security settings and was instead replaying the request to the oauthtokenconsumer URL, resulting in a 403 error.  Unfortunately, when IE exhibits such behavior due to security settings, it gives no indication that it received a redirect that it's refusing to follow.

Resolution

Adding the Target destination to IE's list of Trusted Sites resolved the problem.