OpenAM with http Apache server – 403 Error

This topic has 6 replies, 4 voices, and was last updated 5 years, 12 months ago by Rogerio Rondini.

  • Author
  • #13307

    I’ve hard problem about OpenAM. I configured OpenAM with Http Apache Server, using Policy Agent for Apache 2.4. I followed the guide “”.
    Unfortunately, if I call “url of apache resource” with special character, I’ve got this error:
    “Forbidden – you don’t have permission to access …. on this server”.

    For example:
    OpenAM URL:
    Url Apache:

    if I call there’s no error
    if I call there’s 403 http error

    I don’t find the solution. Help me!!!

    • This topic was modified 6 years ago by f.strada.
     Henrique Droog

    Hi @f-strada,

    I guess you need to use wildcard like /*? and /*?*, I tried to find an example in the documentation but I didn’t. You can try to find here Agent DOC

    Sorry for my english.



    Unfortunately, I don’t find the solution. I tried to disabled “FQDN check” on OpenAM Web Agent, but I ‘ve got same error. Is It possible that OpenAM does accept special character such as “?” or query String? Most of the web url contain query string with special character (?,% ecc….)…


    if you are using virtual host, then add below code to httpd-vhosts.conf (<apachehome>/conf\extra)

    <directory “E:/Documenten/Dropbox/Dropbox/dummy-htdocs”>
    Allow from all


    <VirtualHost *:80>
    DocumentRoot “C:/webserver/sites/site2”
    # Set access permission
    <Directory “C:/webserver/sites/site2”>
    Options Indexes FollowSymLinks
    AllowOverride None
    Allow from All
    Require all granted



    Eureka!!!! I solved the problem!!!! It’s very simple:
    1) TOP LEVEL REALM -> Authorization -> Policy Sets
    2) Select “your policy agent” (If it doesn’t exists, select “new policy Set”)
    3) Select Add Resources
    4) Select as resource pattern *://*.*/*?* and valorize :*?*
    5) Select as resource pattern *://*.*/* and valorize :*

    It works!!!!


    I’ve got other problem on this integration: if there’s a wildcard “*” into query string, I’ve got 403 forbidden. For example:*&yyy=343efwfwe

    The result of call is: 403 Forbidden.
    In this case, It’s not possibile to resolve this problem using Policy Set. How can I resolve it?

    • This reply was modified 5 years, 12 months ago by f.strada.
     Rogerio Rondini

    In the previous post you was talking about “” … now you are talking about “”. Is that just a typo in the post related to port 8080 and 8085, or is really missing policy for port 8085?

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?