Troubleshooting
Problem
When a custom Java client connecting remotely to the InteropHttpServlet (via HTTP or HTTPS) is in use, and security for the servlet is enabled (yfs.interopservlet.security.enabled=Y), you may encounter an error returning HTTP response code: 403 for the servlet.
Symptom
You will get the following error on the client side. Normally, the server will not show anything in the logs.
<Errors>
<Error ErrorCode="java.io.IOException"
ErrorDescription="java.io.IOException" ErrorRelatedMoreInfo="">
<Attribute Name="ErrorCode" Value="java.io.IOException"/>
<Attribute Name="ErrorDescription" Value="java.io.IOException"/>
<Error ErrorCode="java.io.IOException" ErrorDescription=""
ErrorRelatedMoreInfo="Server returned HTTP response code: 403 for URL: https://9.155.214.198:9443/smcfs/interop/InteropHttpServlet">
<Stack>java.io.IOException: Server returned HTTP response code: 403 for URL: https://9.155.214.198:9443/smcfs/interop/InteropHttpServlet
<Errors>
<Error ErrorCode="java.io.IOException"
ErrorDescription="java.io.IOException" ErrorRelatedMoreInfo="">
<Attribute Name="ErrorCode" Value="java.io.IOException"/>
<Attribute Name="ErrorDescription" Value="java.io.IOException"/>
<Error ErrorCode="java.io.IOException" ErrorDescription=""
ErrorRelatedMoreInfo="Server returned HTTP response code: 403 for URL: https://9.155.214.198:9443/smcfs/interop/InteropHttpServlet">
<Stack>java.io.IOException: Server returned HTTP response code: 403 for URL: https://9.155.214.198:9443/smcfs/interop/InteropHttpServlet
Cause
There are multiple reasons why this error is thrown:
1.) The login() API is not called, or called incorrectly, before any other API is called.
2.) Token authentication is disabled on the Sterling server.
3.) The return of an API Security Token is disabled on the Sterling server.
4.) The API Security Token is not set in the client's YFSEnvironment after the login() API was called.
1.) The login() API is not called, or called incorrectly, before any other API is called.
2.) Token authentication is disabled on the Sterling server.
3.) The return of an API Security Token is disabled on the Sterling server.
4.) The API Security Token is not set in the client's YFSEnvironment after the login() API was called.
Environment
This article describes multiple scenarios assuming that security for the InteropHttpServelt is enabled (yfs.interopservlet.security.enabled=Y), and that token-based authentication is used (that is, Sterling will authenticate the request, not the application server).
Resolving The Problem
1.) Examine your custom code and check if you call the login() API before any other call like:
Document loginOutput = api.login(YFSenv, loginInput);
Also, verify that the input XML for the API does not contain any typos or incorrect user credentials. The input should look like this:
<Login LoginID="admin" Password="password" />
2.) Look if the yfs.interopservlet.auth.token.enabled property is set to N or false on the Sterling server. Set it to Y or true and restart the server.
3.) Look if the yfs.api.security.token.enabled property is set to N or false on the Sterling server. Set it to Y or true and restart the server.
4.) Examine your custom code and check if the UserToken attribute from the output XML of the login() API call is set in your YFSEnvironment like:
YFSenv.setTokenID(loginOutput.getDocumentElement().getAttribute("UserToken"));
Document loginOutput = api.login(YFSenv, loginInput);
Also, verify that the input XML for the API does not contain any typos or incorrect user credentials. The input should look like this:
<Login LoginID="admin" Password="password" />
2.) Look if the yfs.interopservlet.auth.token.enabled property is set to N or false on the Sterling server. Set it to Y or true and restart the server.
3.) Look if the yfs.api.security.token.enabled property is set to N or false on the Sterling server. Set it to Y or true and restart the server.
4.) Examine your custom code and check if the UserToken attribute from the output XML of the login() API call is set in your YFSEnvironment like:
YFSenv.setTokenID(loginOutput.getDocumentElement().getAttribute("UserToken"));
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS6PEW","label":"IBM Sterling Order Management System Software"},"ARM Category":[{"code":"a8m0z000000cy0AAAQ","label":"Install and Deploy"},{"code":"a8m0z000000cy00AAA","label":"Orders"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"and future releases;10.0.0"}]
Product Synonym
IBM Sterling OMS
Was this topic helpful?
Document Information
More support for:
IBM Sterling Order Management System Software
Component:
Install and Deploy, Orders
Software version:
and future releases, 10.0.0
Document number:
496675
Modified date:
18 July 2025
UID
swg21641003
Manage My Notification Subscriptions