Users experience 403 errors when redirected to the login or logout page after applying Access Manager 3.1 SP2

  • 7008717
  • 07-Jun-2011
  • 26-Apr-2012

Environment

Novell Access Manager 3.1 Linux Access Gateway

Situation

Access Manager 3.1.2 IR2 applied. Configuration appears to be fine - users can access the protected resources after authenticating to the Identity server. After applying an update or purging the cache, all users sometimes start experiencing 403 errors with "You do not have permission to access the resource.". The URL displayed in the browser at the time of the error is always the /nesp/app/plogin or /nesp/app/plogout link on the LAG embedded service provider.

When the issue occurs, the system can be put back into the working state by re-pushing the LAG configuration. However, the problem often reappears after applying a new change.

Resolution

Apply Access Manager 3.1 Support Pack 3.

The problem lies with the fact that the soapbc service configuration entry appeared at the came at the end of the config.xml file, and not at the beginning. When this happens, another protected resource is executed instead of the soapbc /nesp protected resource and the 403 forbidden message is displayed. The issue appears to have been introduced with the SP2 IR2 build.