403 Forbidden Error
Our users are reporting error when clicking on Trouble Logging In, we are using 8.4.3 version and recently 2 pega Security Hotfixes were applied by Pega Cloud.
Users are provided a OTP in email, user enters details on screen then chooses new password and confirms password. Then user gets the 403 error.
We have raised service ticket but nothing back from Pega on this at the moment, wondering if anyone else has similar issues and if so how to fix?
***Edited by Moderator Marije to add Support Case Details;***
Accepted Solution
Pegasystems Inc.
GB
@Justin I can see that on February 18th 2021 you agreed to close support ticket INC-163088 (Users unable to reset passwords with option "Trouble logging in)" based on the solution provided by the Cloud team.
Issue was related to A21 hotfix patching procedure.
Solution description: After installation of A21 hotfix, cloud team had to remove one blocking rule to re enable the functionality.
I will close this thread based on the support ticket resolution details provided here.
Lventur
IN
C21 hotfix - should help you in getting fix for this issue..
Raise an SR with pega team and ask them to schedule a request for C21 hotfix installation.
Cognizant
PH
Hi, We are encountering the same for PEGA 8.5.6.
Upon clicking reset password, user will be redirected to 403 forbidden error.
Pegasystems Inc.
GB
Please make sure that you have installed the relevant hotfix for your v 8.5.6 version.
Are you getting this issue *only * when trying to change password after enter the verification code, or in other scenarios?
Is your deployment on a Cloud instance?
If so the issue may be due to an incorrectly-set security rule in WAF (Web application Firewall) preventing pw changes.
See:
Solution:
In that scenario, please have the cloud team remove the security rule in WAF (Web application Firewall) for "Trouble logging in" functionality .
ie remove the PREFMManaged-Code-Security-pzChangeUserPassword from WAF which causes 403 error on forgot password functionality
If that does not resolve it, please log a Support Incident, and in the support ticket provide the below:
1. Network trace
2. Reproduce the issue again by enabling LogHttpRequest and provide security alerts and pegarules logs.
If there is no error in security alert and the logger LogHttpRequest does not log the change password url then my guess is load balancer is somehow blocking the request.
Please make sure that you have installed the relevant hotfix for your v 8.5.6 version.
Are you getting this issue *only * when trying to change password after enter the verification code, or in other scenarios?
Is your deployment on a Cloud instance?
If so the issue may be due to an incorrectly-set security rule in WAF (Web application Firewall) preventing pw changes.
See:
Solution:
In that scenario, please have the cloud team remove the security rule in WAF (Web application Firewall) for "Trouble logging in" functionality .
ie remove the PREFMManaged-Code-Security-pzChangeUserPassword from WAF which causes 403 error on forgot password functionality
If that does not resolve it, please log a Support Incident, and in the support ticket provide the below:
1. Network trace
2. Reproduce the issue again by enabling LogHttpRequest and provide security alerts and pegarules logs.
If there is no error in security alert and the logger LogHttpRequest does not log the change password url then my guess is load balancer is somehow blocking the request.
3. can you please confirm if you have any customized authentication in place?
4. Can you please confirm if you have the same issue for every access group?
5. Can you please confirm if you have done changes to the access groups before you saw this issue?
In the support incident remember to attach the logs from the issue's timeline ( PegaRULES logs, security alerts, security events and alerts)
Please provide the incident ID here if you chose to log a support request for this. That will help us track your issue with you.
Pegasystems Inc.
GB
@SrinivasP1728 for your 8.6.2 issue the fix connected to C21 should be already in place.
Are you getting this issue *only * when trying to change password after enter the verification code, or in other scenarios?
----> Is your deployment on a Cloud instance?
If so the issue may be due to an incorrectly-set security rule in WAF (Web application Firewall) preventing pw changes.
See:
Solution:
In that scenario, please have the cloud team remove the security rule in WAF (Web application Firewall) for "Trouble logging in" functionality .
ie remove the PREFMManaged-Code-Security-pzChangeUserPassword from WAF which causes 403 error on forgot password functionality
If that does not resolve it, please log a Support Incident, and in the support ticket provide the below:
1. Network trace
2. Reproduce the issue again by enabling LogHttpRequest and provide security alerts and pegarules logs.
If there is no error in security alert and the logger LogHttpRequest does not log the change password url then my guess is load balancer is somehow blocking the request.
3. can you please confirm if you have any customized authentication in place?
@SrinivasP1728 for your 8.6.2 issue the fix connected to C21 should be already in place.
Are you getting this issue *only * when trying to change password after enter the verification code, or in other scenarios?
----> Is your deployment on a Cloud instance?
If so the issue may be due to an incorrectly-set security rule in WAF (Web application Firewall) preventing pw changes.
See:
Solution:
In that scenario, please have the cloud team remove the security rule in WAF (Web application Firewall) for "Trouble logging in" functionality .
ie remove the PREFMManaged-Code-Security-pzChangeUserPassword from WAF which causes 403 error on forgot password functionality
If that does not resolve it, please log a Support Incident, and in the support ticket provide the below:
1. Network trace
2. Reproduce the issue again by enabling LogHttpRequest and provide security alerts and pegarules logs.
If there is no error in security alert and the logger LogHttpRequest does not log the change password url then my guess is load balancer is somehow blocking the request.
3. can you please confirm if you have any customized authentication in place?
4. Can you please confirm if you have the same issue for every access group?
5. Can you please confirm if you have done changes to the access groups before you saw this issue?
In the support incident remember to attach the logs from the issue's timeline ( PegaRULES logs, security alerts, security events and alerts)
Please provide the incident ID here if you chose to log a support request for this. That will help us track your issue with you.
Accepted Solution
Pegasystems Inc.
GB
@Justin I can see that on February 18th 2021 you agreed to close support ticket INC-163088 (Users unable to reset passwords with option "Trouble logging in)" based on the solution provided by the Cloud team.
Issue was related to A21 hotfix patching procedure.
Solution description: After installation of A21 hotfix, cloud team had to remove one blocking rule to re enable the functionality.
I will close this thread based on the support ticket resolution details provided here.