• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

CF 2021 User Manager - You dont have permission to access page error on SAML

Community Beginner ,
Aug 10, 2021 Aug 10, 2021

Copy link to clipboard

Copied

I am trying to troubleshoot some issues related to User Management and the new IDP/SP pages of the administrator.

I created a user and granted access to Security > SAML in the user manager.  Saved the user and when I log into the account, it shows only IDP/SP pages.  However, when I click on a IDP or the button Add IDP or even the simialr ones in the SP configuration, I get the below lol.  Is there anyone whom fixed this?  Currently on CF2021 without the first patch..

 
 
 
Forbidden Page

You do not have permission to access the requested page. Please contact your administrator.

TOPICS
Server administration

Views

336

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Aug 12, 2021 Aug 12, 2021

Copy link to clipboard

Copied

Benjamin, I don't have any good news for you, but first for what it's worth, I can confirm that even with update 1 applied, I experience the same problem when I follow those same steps.  (And I can confirm there's no error logged at all in any of the CF logs, which is indeed odd.)

 

(Before anyone may ask if you or I had the "module" installed for SAML, I do, as a full installation. More specifically, when I click the "add sp" button while logged in as the real admin, I get the form to fill out to create a Service Provider. It's only as a limited Admin user that I get the error)

 

And I looked at the fixed issues for the prerelease of update 2 (prerelease.adobe.com) and it makes no mention of this as a problem fixed by that update. Ugh.

 

So it seems you have indeed spotted a bug. I would recommend that since no one from Adobe has replied here, it would be best for you to create a bug report at tracker.adobe.com. If you do that and would come back here to share the link to it, future readers could follow along adding votes, comments, or getting news when it may be fixed.


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Aug 12, 2021 Aug 12, 2021

Copy link to clipboard

Copied

Charlie,

 

I submitted the information and got a number but doesnt show the request yet.

Here is the link once it shows: https://tracker.adobe.com/#/view/CF-4212259

 

Thanks for assistance!

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Aug 13, 2021 Aug 13, 2021

Copy link to clipboard

Copied

That's odd. It doesn't appear for me, either, whether via that link or just searching all cf bugs to see the most recent.. It's just not there.

 

Now, if Adobe deemed that what you share was a security vulnerability, they may make it non public, but then they should have informed you. But this doesn't seem at all that sort of issue.

 

You may want to try again (I realize that's annoying. FWIW, I've gotten into the habit of just always copyinf to the clipboard any long text I type into a form, to be able to reuse it if something goes amiss like this.)

 

Or have you heard from Adobe perhaps, since writing your reply here yesterday? 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 15, 2021 Aug 15, 2021

Copy link to clipboard

Copied

I got two thank yous and "you will hear from us in 3-5 days and make sure the info is correct."  Both links (submitted it twice) dont show anything.  So guessing might be under review or adobe is a bit behind right now.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Aug 15, 2021 Aug 15, 2021

Copy link to clipboard

Copied

Well, I'll say again that this seems an odd situation. I've never known there to be any sort of vetting that needed to take place for a bug report to appear, even for someone posting one for the very first time.

 

Why don't you share here the text of what you're offering. Besides allowing us to assess if anything may put up a red flag, if it does not, then the info will stand for others (including Adobe folks here) to consider, while we await its appearing as a bug report.

 

If they have a concern here, they'll make that known, I'm sure. 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 19, 2021 Aug 19, 2021

Copy link to clipboard

Copied

Charlie,

 

Apologies for not getting back to this.  The most recent update is 8/18 around 10pm:

Issue - https://tracker.adobe.com/#/view/CF-4212259 Target Version updated to 'Update'

However, I still cannot see it from the tracker front end.  

 

Before that was on 8/13 around 9:30am for this and CF-4212260:

Issue - https://tracker.adobe.com/#/view/CF-4212259 Comment added by CFUserForJIRAAPIs Generic 'Thank you for logging a bug with Adobe. We will review the same and respond within 3-5 days. In the meantime, to help us move faster on this review, please ensure that information, such as, platform, product build number, server-level logs, update level, a standalone reproducible test case, server settings summary (can be generated from ColdFusion Administrator), and any other relevant information needed for this review is attached to the bug. Ignore, if these details are already present in the bug report.'

 

Let me know if the text your seeking is the one I submitted to the bug tracker.  I will try and recreate it.

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Aug 19, 2021 Aug 19, 2021

Copy link to clipboard

Copied

No, I was asking for the text of what you put in the ticket. 🙂 


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Aug 19, 2021 Aug 19, 2021

Copy link to clipboard

Copied

I dont have the full text since after submitting the bug, cannot see it anymore.  However, tried my best to replicate what I set up...  This is the description of the bug.

 

Problem Description:
Limited Admin user with Security -> SAML cannot access IDP/SP Pages

Steps to Reproduce:
1) Log into administrator console as administrator account
2) Go to User Manager and create a new user
3) Grant Security -> SAML to the new user, update password and save the user
4) Log out of the administrator account
5) Log in as the limited user account
6) Click on IdP Configuration
7) Click add IdP button
8) Error will appear stating "You do not have permission to access the requested page. Please contact your administrator"
9) If you edit an IdP, you will recieve the same error.
10) Click on SP Configuration
11) Click on add SP button
12) Error will appear stating "You do not have permission to access the requested page. Please contact your administrator"
13) If you edit an SP, you will recieve the same error.

Actual Result:
Recieve error "You do not have permission to access the requested page. Please contact your administrator"

Expected Result:
Limited user account should be able to modify/add/delete IDP/SP Configurations per SAML settings

Any Workarounds:
You must use full administrator account to modify/add/delete IDP/SP Configurations

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Expert ,
Aug 19, 2021 Aug 19, 2021

Copy link to clipboard

Copied

LATEST

OK, that' great (and again, really odd).  So here's good (or bad) news: I WAS able to create a ticket just now using that same info (with some preface to explain how you'd tried first). Here it is:

 

https://tracker.adobe.com/#/view/CF-4212277 

 

You and anyone interested in this should add a vote and/or comments. You will be notified as otehrs, including Adobe, reply to it.


/Charlie (troubleshooter, carehart.org)

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation