PWI 403 Forbidden Error

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

Hello!

I am currently facing an issue while testing the Password Interceptor (PWI) in our sandbox environment. After completing the installation, when I manually change a user’s password in Active Directory, the PWI logs return a 403 Forbidden error, indicating a permission problem.

The local service account hosting the PWI service has administrative access, and the API client being used has scope: all. The API is successfully retrieving an access token, but the synchronization does not proceed past that point.

Has anyone experienced this behavior before or can provide guidance on what might be missing?

Thanks

1 Like
2

09/29/2025 16:05:37 : AccessTokenManager [ Thread-9 ] DEBUG : “Exiting getAccessToken”

09/29/2025 16:05:37 : ServiceEntry [ Thread-9 ] DEBUG : “Entering processIDNInterceptRequest”

09/29/2025 16:05:37 : ServiceEntry [ Thread-9 ] DEBUG : “Finding source external ID”

09/29/2025 16:05:38 : ServiceEntry [ Thread-9 ] DEBUG : “Response status for the request:OK”

09/29/2025 16:05:38 : ServiceEntry [ Thread-9 ] DEBUG : “Source Name for id:a465526ba67e442c9ba47488932f9b51 is : Active Directory”

09/29/2025 16:05:38 : ServiceEntry [ Thread-9 ] DEBUG : “Getting sync info”

09/29/2025 16:05:38 : ServiceEntry [ Thread-9 ] DEBUG : “data:{“userName”:“lutejoj”,“sourceName”:“Active Directory”,“accountId”:“CN=Luan Teste Joj,OU=x,OU=x,DC=x,DC=x”}”

09/29/2025 16:05:38 : ServiceEntry [ Thread-9 ] ERROR : “Web Exception occurred .The remote server returned an error: (403) Forbidden. For user:lutejoj”

09/29/2025 16:05:38 : ServiceEntry [ Thread-9 ] ERROR : “Error code: 403 Forbidden”

09/29/2025 16:05:38 : ServiceEntry [ Thread-9 ] ERROR : “Error message: The server understood the request but refuses to authorize it.”

3

Create a new Security Token in the tenant UI (Admin > Security Tokens) intended for Password Interceptor and replace the token configured in the PWI service with this one.

Reference: [Troubleshooting] Password Interceptor with IdentityNow returns 403 Forbidden

1 Like
4

Hello Sita,

After generating a new credential in Admin > Global > Security Settings > API Management and updating it in the PWI, I was able to re-establish the communication successfully.

1 Like
5

@Luan1

Awesome, Glad it worked. Please mark it as solution so that it will help others. Thanks.

1 Like
6

Just to complement, at first I had configured it using the PAT credential, but afterward I followed the cleanup steps: uninstalled the Password Interceptor, deleted the Organizational Unit (OU) created during the previous installation, removed the encryption keys in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys, restarted the machine, performed a fresh installation of the Password Interceptor, and finally generated a new credential in API Management, which successfully restored the communication.

1 Like
7

Great troubleshooting work! That cleanup process you followed is exactly the right approach for PWI authentication issues.

8

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.