406 Not Acceptable message when Authorization policy has a deny message.

  • 7016033
  • 06-Jan-2015
  • 06-Jan-2015


Access Manager 4.0 SP1


An authorization policy is configured to deny access with a message, but instead of the deny message the client browser gets a HTML 406 Not Acceptable error.

<title>401 Authorization Required</title>
<h1>Authorization Required</h1>
<p>This server could not verify that you
are authorized to access the document
requested.  Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
<p>Additionally, a 406 Not Acceptable
error was encountered while trying to use an ErrorDocument to handle the request.</p>


Modify the application to accept text/html data, or use a redirect action instead of a deny message. The redirect could be to a page that has a similar deny message.
This has been reported to engineering .


Check the value of the accept header being presented. The deny message will currently only accept text/html content type. If the application header specifies something like
Accept: application/json
then  a 406 error will be returned.
Future updates of the Access Manager authorization deny policies will support more content types.