403 Forbidden for one user only

[kswisher]

We are using Univeral display files to run AJAX requests from our main Rich Application.

Our system uses SSO via Enterprise Identity Mapping(EIM).

We have 1 particular user who is able to get into the application...but then when the AJAX runs and calls the Universal display file, it returns a 403 forbidden. He gets this same result in IE and Chrome.

We have logged onto his PC and ran the application as another User without issues, trying to isolate that it is not his desktop.

Our call to the AJAX is passing the the AUTH token so that we can sync library lists, and it's almost as if that token for him is not correct.

BAD URL....
https://web400.mhc.trk/profoundui/unive ... 854B5DCF03
GOOD URL...
https://web400.mhc.trk/profoundui/unive ... 3EAB3E4779

I would initially think this would be his EIM setup, but that doesn't make sense as he shouldn't get into the application at all.

[Glenn]

Ken,

My initial thought would be that this issue is related to your EIM and/or Apache server configuration. While our support doesn't extend to this area, we could review your application and see if that is in fact where the issue is. Please submit a support request either via our website (http://www.profoundlogic.com/contact?type=support) or by sending a message to support@profoundlogic.com.

Note that there might be more information in the error log of the instance.

Glenn

[kswisher]

Resolved....turns out that SSO and EIM will log you in with an expired password.

The user profile had an expired password and once we got that changed, it resolved the issue.

We didn't think to review this as he was getting logged into the application.