Web agent policies ignored (403 Forbidden)

This topic has 2 replies, 2 voices, and was last updated 2 years, 11 months ago by Rick521.

  • Author
  • #19354


    We use OpenAM 11.0.3 Community Edition) where numerous web agents are setup for various environments, and all agent/sURLs work ideally in “SSO Only Mode”.

    However, we have different groups of users which we’d like to limit from accessing agents (URLs) for every environment.

    I’ve setup, policies which should do this, but once I disable “SSO Only Mode” for the web agent I setup policy for I’ll encounter “403 Forbidden” and agent debug log will report one interesting warning:

    2017-10-27 10:13:53.282 +0000 WARNING [0x7f5e1a7fb700:31601] validate_policy(): decision: deny, reason: no action decisions found

    Which means that policies I set up for that URL are completely ignored and aren’t even validated.

    Under policies resource name I’ll set http*://*:*/* with allow to delete/get/head/options/patch/post/put which should allow anything. But from what I understand, this policy never even gets verified by “validate_policy()”.

    Could somebody please shed some light on how I could enforce this set policy, or so it even gets validated.



    Problem solved, please ignore/close this thread.


    Also i’m using 13.5 version currently.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?