Notifications

2007 views

Description

When unauthenticated users try to submit a public catalog item in Service Portal, a 400 Bad Request error occurs and they are unable to submit. This issue is due to AngularProcessor authentication restrictions. 

Steps to Reproduce

  1. Open any catalog item, for example an iPhone 6S [ /sp?id=sc_cat_item&sys_id=d0b15e33d7033100a9ad1e173e24d49e ].

    For more information, see the product documentation topic Service catalog items.

  2. Make the item public.
  3. Go to the Service Portal page (sc_cat_item) and make this page public.

  4. Make any widgets associated with the sc_cat_item page public as well.

  5. Open the item in an incognito window [ /sp?id=sc_cat_item&sys_id=d0b15e33d7033100a9ad1e173e24d49e ].

    Note that although the catalog Item is public, it will not allow you to submit the item.

 

Workaround

What needs to be done :

  • Catalog Item Service Portal Page(sc_cat_item) must be made public.
  • SC Catalog Item Widget must be made public.
  • Catalog Checkout Widget must be made public ( For the case of two step checkout).
  • SC Order Status page and the Order Status widget must be made public.

 

Most of the Service Catalog Service Portal widgets make use of REST API.

These REST APIs are configured to require authentication and because of this when these are triggered by a public user, they throw a 403 Unauthorized error.

 

All the REST APIs, used on the above mentioned pages

  • Buy Item
  • Submit Producer
  • Validate Regex (In case the item consists of a variable which requires Regex Validation).

 must be configured to function without any Authentication by unchecking the requires authentication field in the REST API configuration.

 


Related Problem: PRB854474

Seen In

SR - IRM - Audit Management - New York 2019 Q3
SR - IRM - GRC Profiles - Madrid 2019 Q2
SR - IRM - Policy and Compliance - Madrid 2019 Q2
SR - IRM - Risk Management - New York 2019 Q3
SR - IRM - Vendor Risk Management - Madrid 2019 Q1
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - Security Incident Response - Madrid 2019 Q2
SR - SIR - Security Incident Response PA Content - New York 2019 Q3
SR - SIR - Security Incident Response UI Patch - London 2019 Q2 v.6.2.3
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - SIR - Store Threat Core - Madrid 2019 Q2
SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3
SR - VR - Vulnerability Response - New York 2019 Q3
SR - VR - Vulnerability Response PA Content - Madrid 2019 Q2

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-11-20 12:54:59
Published:2019-11-05