search cancel

Getting not authorized error with SM protecting TEWS on subsequent calls with Forgotten Password.


Article ID: 52137


Updated On:


CA Directory CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting



Forgotten Password is a three step TEWS call. With TEWS being protected by SM and the right security parameters set for SM in the web.xml, customer is noticing that only his first Forgotten Password TEWS call (to verify user identity) is successful and the subsequent TEWS call is coming back with a "401 Not Authorized" error on the client side. This document describes a way to work around this issue since the problem lies within Apache Axis and not the client side TEWS code or IDM.


Apache Axis 1.3 and 1.4 have a problem with the way they send cookie headers, they send them in the form of cookie:

cookie: cookie2=value

The above format is not RFC compliant and Webservers reject all but the first cookie as they expect it to be in RFC compliant form:

cookie: cookie1=value; cookie2=value

There is a patch to the Axis clients, however it is a manual patch that requires recompiling Axis. The patch for Axis 1.4 is attached.


Component: IDMGR

Attachments get_app