SailPoint Technologies Inc. IdentityIQ with AngularJS and XSRF/CSRF (Cross-Site Request Forgery) causes an HTTP 405 (METHOD Not Allowed) error on a REST API FORM PostBack when the site is protected by CA Single Sign On (fka SiteMinder).
If the previous response to the IdentityIQ AngularJS Client contains a set-cookie statement, the Client is unable to set the required "X-XSRF-TOKEN" header on the subsequent request resulting in the HTTP 405 (METHOD Not Allowed) error.
To prevent the Single Sign On "set-cookie" from being passed to the IdentityIQ AngularJS Client, set the "UseHTTPOnlyCookies" ACO parameter to "Yes" for the WebAgent protecting the site.