OpenAM 11.0.0 Getting Started Guide – ForBidden issue

This topic has 5 replies, 5 voices, and was last updated 4 years, 5 months ago by Andy Cory.

  • Author
  • #1326


    I am evaluating the OpenAM 11.0.0. I followed the steps described in OpenAM-11.0.0-Getting-Started. I am using following software.

    1. apache-tomcat-7.0.55
    2. java version “1.6.0_45”
    3. Apache HTTP Server, version 2.2.
    4. Apache-v2.2-WINNT-32-Agent-3.3.0

    Everything went well. But I got “ForBidden” issue when I hit section “1.4 Trying it Out” Step 2.
    I used he same URLs described in the getting started guide.

    Here is my host file content : localhost

    Here is the logs from Apache Http server.

    Starting the Apache2.2 service
    The Apache2.2 service is running.
    ] Apache/2.2.25 (Win32) configured — resuming normal operations
    [Thu Nov 20 11:12:53 2014] [notice] Server built: Jul 10 2013 01:52:12
    [Thu Nov 20 11:12:53 2014] [notice] Parent: Created child process 9832
    [Thu Nov 20 11:12:53 2014] [notice] Web Policy Agent shared memory configuration: notif_shm_size[2099200], pdp_shm_size[3213312], max_pid_count[256], max_pdp_count[256]
    [Thu Nov 20 11:12:53 2014] [notice] Child 9832: Child process is running
    [Thu Nov 20 11:12:53 2014] [notice] Child 9832: Acquired the start mutex.
    [Thu Nov 20 11:12:53 2014] [notice] Child 9832: Starting 64 worker threads.
    [Thu Nov 20 11:12:53 2014] [notice] Child 9832: Starting thread to listen on port 8000.

    Any help would be appreciated.

    Talent Partners

     Jamie Bowen

    I take it you’re using windows Murali?

    What URL are you browsing too when you get the Forbidden message?


    I was on vacation last week, hence couldn’t reply.
    Yes I am using Windows 7.
    Browser : Chrome and IE 10

    Today, I started over with clean install and this time I am able to see the openam login page when I hit the URL But when I login by providing the username password then I got below error.

    This webpage has a redirect loop

    The webpage at http://localhost:8080/openam/UI/Login? has resulted in too many redirects.
    Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
    Learn more about this problem.

    Thanks for your time.

     Nicolas Seigneur

    This is likely caused by OpenAM server being access through localhost, you should never access OpenAM using Localhost, but rather through the FQDN.

    What happens here, from what I understand, is that when you hit, the Agent redirect you to OpenAM but on localhost. When successfully authenticated, OpenAM will try to set the iPlanetDirectoryPro cookie, presumably on Localhost…?

    Since the cookie is rejected, the Agent does not find a SessionID, so it sends you back to OpenAM on localhost where it would, again presumably, find the SessionID, seeing you are authenticated, sending you back to the agent, causing an endless loop.

    Make sure the cookie domain, the FQDN of OpenAM, FQDN of the protected resource, should all match, otherwise you will require CDSSO.



    If you are following Getting started guide there is one important step left out there.

    You have to set correct cookie domain which should be not as openAM defaults to.

    Go to configure -> Global Services -> Platform and set cookie domains parameter to

     Andy Cory

    Any evaluation of OpenAM 11.0.0 undertaken in 2014 is hopefully finished by now :-)

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?