HTTP Status Code: 403 and HTTP Reason Phrase: Access denied

We are having a problem while receiving xmls from our partners.

We have provided our partner with an QA url, uid and pwd.

Our partner is getting the following error while he is posting xmls:

HTTP Status Code: 403
HTTP Reason Phrase: Access denied

uid is set up with the following groups:
“EveryBody” and “TNPartners” but not in “Administrators” group.

But since this is our QA env, we don’t want to assoicate QA uid with “Administrators” group.

We have given our dev url and uid and pwd to our partners with uid assoicated with “Administrators” group and
they didn’t have this problem.

My question is, do we need to associate the uid that is given to our partners with “Administrators” group?

Hi Sudheshna,
If your client is invoking a service through http check the execute ACL for that service and whether the username is in that ACL or not.

We associated that uid with TNPartners group and have given the “ExecuteACL=TNPartners” permission for the flow service that needs to be execute upon the receival of this xml.

But still when our partner posts xml, we are receiving the xml but with the processing status of “ABORTED” and error message as follows:

The user that posted this document (partnermoore) could not be associated with a partner to check their identity.

Do we need to give the flow service the permission of “List ACL=TNPartners” also?

The ID within the document that identifies the sender must match with the username used to log in. When you created the profile, TN created an IS user account. That account must be used to log in when submitting the document. The document must contain an identifier that matches the appropriate external ID in the profile. This is for security.

But in the dev env it is working without that. We have given a different uid that doesnot
match the DUNS number or sender id in the document. But it still works.

When we transferred our code to our QA env, we have given them new url with new uid and pwd
with the above criteria and it does not work.

The only difference is new uid in QA is not included in “Administrators” group where as uid in dev is in “Administrators” group. QA New uid is in “EveryBody” and "TNPartners group.

Do we need to change the permissions of ACLs from “Default” to “Anonymous”?

Complete error in TN: The user that posted this document (xxxxx) could not be associated with a partner to check their identity.

Thank you in advance for your help!

Hi Sudheshna,
Open the IS administration page if you have access and check the TNPartners ACL whether the TNPartners group is included in it or not.

TNPartners ACL has:

Group Assoiciations for this ACL:

Even though we changed the “Execute or List ACL” to Anonymous this is not working.

But we added the uid that is given to our partners to “Administrators” group and it started working. But we don’t want to do this.

Is there any other way?

Review page 43 in the wM TN Concepts Guide (v6.1). Post again if you still have questions.