This article has been archived and is no longer maintained by ForgeRock.
The following error is shown in the browser when attempting to access a policy agent protected resource:Error 403 Access Denied/Forbidden
The forward slash (/) is not consistently encoded in the URL when the Encode URL Special Characters property is set to "true". When there are other encoded special characters in the URL, the forward slash is also encoded, but if the forward slash is the only special character in the URL (one or more instances), it is not encoded.
Upgraded to Web Policy Agents 3.3.0.
Enabled the Encode URL's Special Characters property (com.sun.identity.agents.config.encode.url.special.chars.enable=true).
Web Policy Agent incorrectly handles the way that trailing slashes are evaluated in un-encoded form, specifically URLs that contain unencoded parameter values for "uri=/".
The cause of this issue is related to OPENAM-3638 (Policy rule with trailing wildcard denies access to a valid resource URL).
This issue can be resolved by upgrading to OpenAM 11.0.1 or later, and Web Policy Agents 3.3.1 or later; you can download these from BackStage.