Cannot Access Apache Page "Forbidden"

This topic has 4 replies, 3 voices, and was last updated 2 years, 9 months ago by pinkupradeep.

  • Author
    Posts
  • #2988
     jasongross
    Participant

    I have gone through the entire steps of this tutorial, but cannot access the protected webpage.
    http://docs.forgerock.org/en/openam/11.0.0/getting-started/index/chap-first-steps.html#try-it-out

    I keep getting a “Forbidden”, “You don’t have permission to access / on this server.” I cannot find anything I have done wrong in the configs, and I was hoping someone could point me in the right direction.

    Heres the Web Agent Log file where it hangs up:

    2015-02-05 14:26:04.404 Info 2735:121f120 ServiceEngine: Successful return from do_update_policy().
    2015-02-05 14:26:04.405 Warning 2735:121f120 ServiceEngine: Service::getPolicyResult():Result size is 0,tree not present for http://www.openam01.com:8000/
    2015-02-05 14:26:04.405 MaxDebug 2735:121f120 AM_POLICY_SERVICE: am_policy_compare_urls: Comparison of “http://www.openam01.com:8000/” and “http://www.openam01.com:8000” returned AM_SUB_RESOURCE_MATCH (usePatterns=true)
    2015-02-05 14:26:04.405 Warning 2735:121f120 PolicyEngine: am_policy_evaluate: InternalException in Service::getPolicyResult() with error message:No Policy or Action decisions found for resource: http://www.openam01.com:8000/ and code:7
    2015-02-05 14:26:04.405 Warning 2735:121f120 all: am_web_is_access_allowed()(http://www.openam01.com:8000/, GET) denying access: status = no policy found
    2015-02-05 14:26:04.405 Info 2735:121f120 all: am_web_is_access_allowed()(http://www.openam01.com:8000/, GET) returning status: access denied.
    2015-02-05 14:26:04.405 Info 2735:121f120 all: process_request(): Access check for URL http://www.openam01.com:8000/ returned access denied.
    2015-02-05 14:26:04.405 Debug 2735:121f120 all: process_request(): AM_ACCESS_DENIED, will redirect (post data: (null))
    2015-02-05 14:26:04.405 MaxDebug 2735:121f120 all: am_web_get_url_to_redirect: goto URL is http://www.openam01.com:8000/
    2015-02-05 14:26:04.405 Debug 2735:121f120 all: process_access_redirect(): get redirect url returned AM_SUCCESS, redirect url [NULL].
    2015-02-05 14:26:04.405 Debug 2735:121f120 all: process_access_redirect(): returning web result AM_WEB_RESULT_FORBIDDEN.
    2015-02-05 14:26:04.405 Debug 2735:121f120 all: process_request(): returning web result AM_WEB_RESULT_FORBIDDEN, data []
    2015-02-05 14:26:04.405 Debug 2735:121f120 all: am_web_process_request(): Rendering web result AM_WEB_RESULT_FORBIDDEN
    2015-02-05 14:26:04.405 Debug 2735:121f120 all: am_web_process_request(): render result function returned AM_SUCCESS.

    Any ideas would be appreciated!

    • This topic was modified 6 years, 8 months ago by Peter Major. Reason: Moving topic under OpenAM forum
    #3021
     Nicolas Seigneur
    Participant

    I think this is the key:

    No Policy or Action decisions found for resource: http://www.openam01.com:8000/ and code:7
    2015-02-05 14:26:04.405 Warning 2735:121f120 all: am_web_is_access_allowed()(http://www.openam01.com:8000/, GET) denying access: status = no policy found

    The agent is protecting the resource and it appears it does not have any policies that allow access to the resource, so in doubt, the access is Forbidden.

    I suggest setting up the agent with “SSO Only” mode. This allows you to protect the app without dealing with policies.

    Once you get this working, if needed, you can tackle Policies under access control.

    #3022
     jasongross
    Participant

    I went through it again on a fresh server and ran everything as root. Now even after the policy is in place, it never prompts me to sign it, it just take me straight to the Apache “It works” page.

    #3028
     Nicolas Seigneur
    Participant

    I would look at /Agent_001/logs/debug/amAgent as well as the content of the iPlanetDirectoryPro cookie.

    I you have a session with OpenAM, you will see a long string in the iPLanetDirectoryPro cookie. That means you’re getting Single Signed On. This is likely the case because otherwise, this would mean that the agent is not protecting the application.

    Other possible cause: You added the URL to “Not Enforced URLs”.

    #24506
     pinkupradeep
    Participant

    Hi
    I am having the same issue. Please let me know if you figure it out.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?