We have several users who appear to be getting directed to the below Forbidden page when clicking on action items in emails. The weird part is that this doesn't happen consistently, but it is affecting some fairly imprtant people and they're beating us up about it. Any idea why some links would occationally direct you to this page? Is this even a PPM issue? I would assume so since the location is /niku/app. Thoughts?
You don't have permission to access /niku/app;jsessionid=A1CB5F6621008059A653F9E2131E78A7 on this server.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
-Thanks for any help you can give me!
I'm not sure from your message if you're seeing this with an On Premise installation or not, so my answer may not be appropriate, but one area to be checked when this happens will be the load balancers and any single sign-on configurations. The jsessionid should have been and remained a cookie value unseen in the UI or browser, but somewhere along the way it ended up getting promoted into the URL as a query attribute instead.
Unfortunately (in this case anyway) the content filters in PPM are thorough/explicit and see this as a URL it needs to provide information for, including the parameter key/value pair, and it cannot comply with providing that and gives you this response.
If you are an On Demand customer that happens to be seeing this, (I think) the problem should be able to be resolved through a support issue which can get the relevant teams engaged that look after those configuration items.
Thanks Nick for the input. I'm happy to report that we're on demand, so we've passed the word along. Now it's someone else's problem to fix!
Hi Nick and Ronnie,
Regarding the jsessionid showing in the url, we recently moved dev to 15.3 (on demand) and at times the jessionid ends up in the url when using SSO. This becomes a problem when navigating back to the "Classic PPM" view. Were you able to find a resolution to this? (Have a support ticket open, just curious)
JSession ID comes from Siteminder and not PPM as nick said. There needs to be certain configuration change at Siteminder layer to get this fixed.
Thanks for the reply. Do you know if this is something our Ca support engineer could fix?
And to clarify we use Centrify for our SSO.
Please share the case number, we will have it discussed internally
Our open case is 00831921. Thanks!
I have let the team and they will work with you on this to get this resolved.