Kamesh Gopalan Posted September 21, 2020 Share Posted September 21, 2020 Hi, We are started getting these issues after changing the SAML SSO setting from AD to Azure AD. (FOC44540) Web Services Request got error. Response Status : 403 ; Reason: Forbidden Tested this link and it is working. http://hostname:8080/ibi_apps/rsIBIRS_action=TEST We are using POST request and confirmed that CSRF token is generating and the configuration on Admin Console shows CSRF is enforced. Recently we switched the SAML SSO from AD to Azure AD. After that, this is stopped working. Do I need to look anything else on the configuration Thanks for your help Kamesh Version: WF8206 Link to comment Share on other sites More sharing options...
Toby Mills Posted September 21, 2020 Share Posted September 21, 2020 Hi Kamesh Let me ask you a couple of questions. First - have your tried logging on to the WebFOCUS Reporting Server Console and going to Access Control and then used the Test button to see if you can log in successfully from there If this part doesnt work, then nothing will work as expected. Open WFRS Console Choose Access Control Right click o n the Access Control Provider that youre trying to use and choose Properties. at the bottom of the screen will be a Test button. Try to log on. Second, do you know who is giving you the 403 Is it coming from maybe IIS or your Web Server Or is it coming from WebFOCUS Tomcat (or whatever webapp server youre using) even To check, start at the first thing your HTTP request hits and work your way to the back (being WebFOCUS). Check your Web Server Logs first (like IIS for example). Find your request and look at the timestamp and see if you see the 403 here. Remember the timestamp is shifted off to GMT time so it may be 5 or 6 hours ahead of your local time). Next, take a look at your current tomcatlogslocalhost_access log (or whatever log shows URLs and return code for your Webapp server if its not tomcat). Find that same request you saw in IIS being handed off to Tomcat (use the timestamp to help). Does this one show the 403 Move on to WebFOCUS logs. Again using the time, this time go look through audit.log, event.log and websecurity.log to see if you see more info. If your can authenticate okay from the WFRS (WebFOCUS Reporting Server) Console Access Control, let us know what you find on where you get knocked out with a 403. There is a trace you might turn on if youre making it to WebFOCUS but getting knocked out. Last thing for interests sake - what version are you on and which company are you working for (in case that helps any of us who previously worked in techsupport or Profesisonal Services and might know youre enironment. Thanks Toby Mills, CISSP Link to comment Share on other sites More sharing options...
Toby Mills Posted September 21, 2020 Share Posted September 21, 2020 Hi Kamesh - sorry I didnt see the last line where you said youre on 8206. The version doesnt matter so much, but I just wanted to get it documented. Let me know once you test the things in my last note. Thanks Link to comment Share on other sites More sharing options...
Kamesh Gopalan Posted September 24, 2020 Author Share Posted September 24, 2020 Thanks Toby. By default, CSRF token is enabled in the latest version. Combination of disabling the CSRF token and Form Based Authentication solved our issue. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now