Home/ Questions/Q 6587027
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T16:51:57+00:00

We’re using OpenAM to manage sessions on our application. The problem is everytime we’re

  • 0

We’re using OpenAM to manage sessions on our application.
The problem is everytime we’re trying to pass a parameters with the GET method, the ressource is blocked (error 403 – forbidden). If no parameter is set, everything is wirking.

EX:

http://mysite.com/logo.jpg —-> Works.

http://mysite.com/logo.jpg?foo=bar —-> ERROR !

For images or css, it’s normal to do not have parameters, but all links with using the GET method aren’t working.

How could we solve our problem? Actually, disabling this policy would be a good solution.

We’ve looked for section 7.4.2 in the OpenAM’s documentation (http://openam.forgerock.org/doc/admin-guide/OpenAM-Admin-Guide.html) but nothing is working.

Any clue ?

Thanks for your time.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You have to create the appropriate policies to accept parameters in your url.

    In your OpenAm console :

    - go to the Access Control Tab
- click on the realm you want to modify
- click on the Agents Tab
- click agent name you want to modify
- go to the Application Tab

    In the Not Enforced URL Processing section

    - look for the NotEnforced URLs parameter
- Enter the new policies in New Value
- click Add and then save.

    You can use * or -*- depending on what you want :

    • * include all subdivision (Ex : mysite.com/* would permit mysite.com/Foo/Bar)
    • -*- exclude subdivision (Ex : mysite.com/-*- would permit
      mysite.com/page1.aspx but
      not mysite.com/Foo/page1.aspx)

    So you can use for your parameters something like mysite.com?-*- or
    more specifically mysite.com?myparam=-*-

    And be aware : despite the fact that it is indicated “Hot Swap : yes”, it doesn’t mean that your changes are effective immediately.

    • 0