Getting Unauthorised HTTP 401 error on different screens after authentication

IdentityIQ (IIQ) IIQ Discussion and Questions
,
1

Which IIQ version are you inquiring about?

IdentityIQ 8.4 p1

Please share any other relevant files that may be required (for example, logs).

Getting warning message as below.
User is Unauthorised to access/identityiq/ui/rest/forms/dynamicAllowedValues
User is Unauthorised to access/identityiq/ui/rest/resquestAcess/accessItems (people when requesting access)
even any form selection gets this warning message.
Issue is intermittent.

Share all details about your problem, including any error messages you may have received.

Below error message is coming for certain group of users (10% of user base) who login from a different network to that of remaining user group.
Only this user group is facing the unauthorised warning message on different screens like any forms submittion/access request pages/access review pages.

Warning error message:
User is Unauthorised to access/identityiq/ui/rest/forms/dynamicAllowedValues
User is Unauthorised to access/identityiq/ui/rest/resquestAcess/accessItems/identities?limit(people when requesting access)

this is creating a bad user experience. SSO provider is same for all the user base. using SAML 2.0 for the SSO between SailPoint and the identity provider.

Checked the identityxml for different usergroups - user rights wise both are same no changes. only the 10% user base who login from different network are facing this problem intermittently. rest of the userbase are not experiencing this problem.

what could be cause of this issue ?

2

Is this browser-specific? It sounds like an IE security policy issue regarding cookies or possibly referrer. This is not likely to be an IIQ configuration issue. All the example paths you’ve supplied are REST endpoints. This could be an intermediate network appliance also interfering with this type of HTTPS request / post.

I recommend you have one or more of the affected users on that other network verify the behavior persists when using Chrome / Safari / Firefox / etc.

If necessary, you can also have a network admin perform packet tracing with a tool like Wireshark to see where and why the 401 is being thrown. Fundamentally, I do not believe you will be able to fix this issue by adjusting configuration settings within IIQ. The culprit is outside IIQ.

1 Like
3

Thank you @seth_johnson for your response. Appreciate it. They don’t use chrome/firefox. They use only edge browser
We checked the version of IE in working network to non working network both are same.