Problem

When trying to issue a REST outbound call from UI to an end point, you witness the error “Forbidden username/password combo” in the response message”

Symptoms:

You will recognize this error when you go to the configured Outbound Rest call -> Select the http method (Get or Post) and then issue the Test command

The same error is visible from the Outbound HTTP requests as well

Cause

Possible cause of the behavior is the “user agent” field value in the http Header of the request is not liked by the end point leading to this access denied error message in the response

Actual Http Header Request from HTTP log on UI:
{Accept=application/json, Content-Type=application/json, Authorization=Basic XXX, User-Agent=Jakarta Commons-HttpClient/3.1, Host=XXX}

Issue is identified when we were trying to issue CURL command from the App Physical host with the same header as the one’s passed to the end point from UI when you click on the Test button in the Outbound REST call.

INITIAL CURL USED with the default User Agent Value:

Failed:

curl -v \
> -H 'Accept: application/json' \
> -H 'Content-Type: application/json' \
> -H 'Authorization: Basic XXXXXX' \
> -H 'User-Agent: Jakarta Commons-HttpClient/3.1' \
> -H 'Host: XXXXXX' \
> -X GET XXXXX

User agent changed to “servicenow” for testing and you see a success response

Success:

 curl -v \
> -H 'Accept: application/json' \
> -H 'Content-Type: application/json' \
> -H 'Authorization: Basic XXXXXX' \
> -H 'User-Agent: servicenow' \
> -H 'Host: XXXXXX' \
> -X GET XXXXX

Similarly, when adding the user Agent value as "servicenow" in the Get/POST method Header of the REST call from UI, you see a successful response with the expected data 

Resolution

The end point to some reasons doesn’t accept the value of the “User Agent” field in the Header of the Outbound REST call. Changing this to "servicenow" in the outbound REST Header will resolve the error.