Resolving an HTTP 405 (METHOD Not Allowed) error with IdentityIQ on a REST API FORM PostBack when the site is protected by CA Single Sign On (fka SiteMinder).

Document ID : KB000004554
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

SailPoint Technologies Inc. IdentityIQ with AngularJS and XSRF/CSRF (Cross-Site Request Forgery) causes an HTTP 405 (METHOD Not Allowed) error on a REST API FORM PostBack when the site is protected by CA Single Sign On (fka SiteMinder).

Environment:
CA R12.x Single Sign On environmentSailPoint IdentityIQ
Cause:

If the previous response to the IdentityIQ AngularJS Client contains a set-cookie statement, the Client is unable to set the required "X-XSRF-TOKEN" header on the subsequent request resulting in the HTTP 405 (METHOD Not Allowed) error.

Resolution:

To prevent the Single Sign On "set-cookie" from being passed to the IdentityIQ AngularJS Client, set the "UseHTTPOnlyCookies" ACO parameter to "Yes" for the WebAgent protecting the site.