search cancel

Resolving an HTTP 405 (METHOD Not Allowed) error with IdentityIQ on a REST API FORM PostBack when the site is protected by CA Single Sign On (fka SiteMinder).

book

Article ID: 4554

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

SailPoint Technologies Inc. IdentityIQ with AngularJS and XSRF/CSRF (Cross-Site Request Forgery) causes an HTTP 405 (METHOD Not Allowed) error on a REST API FORM PostBack when the site is protected by CA Single Sign On (fka SiteMinder).

Environment

CA R12.x Single Sign On environmentSailPoint IdentityIQ

Cause

If the previous response to the IdentityIQ AngularJS Client contains a set-cookie statement, the Client is unable to set the required "X-XSRF-TOKEN" header on the subsequent request resulting in the HTTP 405 (METHOD Not Allowed) error.

Resolution

To prevent the Single Sign On "set-cookie" from being passed to the IdentityIQ AngularJS Client, set the "UseHTTPOnlyCookies" ACO parameter to "Yes" for the WebAgent protecting the site.