Web agent policies ignored (403 Forbidden)

This topic has 2 replies, 2 voices, and was last updated 2 years ago by Rick521.

  • Author
    Posts
  • #19354
     ahodzic
    Participant

    Hello,

    We use OpenAM 11.0.3 Community Edition) where numerous web agents are setup for various environments, and all agent/sURLs work ideally in “SSO Only Mode”.

    However, we have different groups of users which we’d like to limit from accessing agents (URLs) for every environment.

    I’ve setup, policies which should do this, but once I disable “SSO Only Mode” for the web agent I setup policy for I’ll encounter “403 Forbidden” and agent debug log will report one interesting warning:

    2017-10-27 10:13:53.282 +0000 WARNING [0x7f5e1a7fb700:31601] validate_policy(): decision: deny, reason: no action decisions found

    Which means that policies I set up for that URL are completely ignored and aren’t even validated.

    Under policies resource name I’ll set http*://*:*/* with allow to delete/get/head/options/patch/post/put which should allow anything. But from what I understand, this policy never even gets verified by “validate_policy()”.

    Could somebody please shed some light on how I could enforce this set policy, or so it even gets validated.

    Thanks!

    #19359
     ahodzic
    Participant

    Problem solved, please ignore/close this thread.

    #26604
     Rick521
    Participant

    Also i’m using 13.5 version currently.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?