Browse FAQs

Power Monitoring Expert 8.2 with CU3: Web App error ‘403 – Forbidden: Access is denied’ when tried Logon Web App with Multiuse AuthToken

Published date: 08 April 2020

Issue
Getting below error in web app when tried open PME web application using URL generated by http://<PMEMachineName>/SystemDataService/Auth/GenerateAuthURL tool (used for generating PME web URL’s with Multiuse Automatic Authentication Token for SBO integrations) in PME v8.2 with CU3.


403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.


Same link works before applying CU3.

Environment
Power Monitoring Expert v8.2 with CU3

Cause
In PME v8.2 when applied cumulative updated 3 there was a fix for a security vulnerability in the software and hence PME no longer accepts redirects using the full computer name.


The problem is that the 'GenerateAuthURL' tool includes the full computer name. Hence why the redirect is failing with above error.

Resolution
Workaround for this issue would be to remove computer name or IP address present under ‘RedirectURL’ section in the URL generated by the tool (masked with red box in below screen-capture needs to be removed.