Resolving an HTTP 405 (METHOD Not Allowed) error with IdentityIQ on a REST API FORM PostBack when the site is protected by CA Single Sign On (fka SiteMinder).

book

Article ID: 4554

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

SailPoint Technologies Inc. IdentityIQ with AngularJS and XSRF/CSRF (Cross-Site Request Forgery) causes an HTTP 405 (METHOD Not Allowed) error on a REST API FORM PostBack when the site is protected by CA Single Sign On (fka SiteMinder).

Cause

If the previous response to the IdentityIQ AngularJS Client contains a set-cookie statement, the Client is unable to set the required "X-XSRF-TOKEN" header on the subsequent request resulting in the HTTP 405 (METHOD Not Allowed) error.

Environment

CA R12.x Single Sign On environmentSailPoint IdentityIQ

Resolution

To prevent the Single Sign On "set-cookie" from being passed to the IdentityIQ AngularJS Client, set the "UseHTTPOnlyCookies" ACO parameter to "Yes" for the WebAgent protecting the site.