IBM Support

Troubleshooting SIMApi: Remote response: 403: You cannot consume this service error while saving SIM Enabled Node in DTK

Troubleshooting


Problem

In the Development Toolkit (DTK), users may encounter a 403 Forbidden Error when attempting to save a SIM Enabled Node in IBM Sterling Application Manager (aka Configurator). This issue arises in a Store Inventory Management (SIM) integrated environment, specifically when SIM and Inventory Visibility (IV) tenants have been newly provisioned by the IBM Engineering Development Operations (DevOps) Team.
image-20250228152826-1
image-20250228152914-2

Symptom

User selects the dropdown value for "Store_Inventory_Config" as "SIM Enabled, Inventory Managed In Store" and encounters an error:
<?xml version="1.0" encoding="UTF-8"?>
<Errors>
  <Error
    ErrorCode="Failed to invoke SIMApi: Remote response: 403: You cannot consume this service"
    ErrorDescription="Failed to invoke SIMApi: Remote response: 403: You cannot consume this service" ErrorRelatedMoreInfo="">
    <Attribute Name="ErrorCode" Value="Failed to invoke SIMApi: Remote response: 403: You cannot consume this service"/>
    <Attribute Name="ErrorDescription" Value="Failed to invoke SIMApi: Remote response: 403: You cannot consume this service"/>
    <Stack>com.yantra.yfc.util.YFCException
      at com.yantra.yfc.servlets.YFCServlet.service(YFCServlet.java:240)
      at com.yantra.util.YFSServlet.service(YFSServlet.java:314)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      at com.ibm.ws.webcontainer.servlet.SingleThreadModelServlet.service(SingleThreadModelServlet.java:124)
      at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1266)
      at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:754)
      at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:451)
      at com.ibm.ws.webcontainer.filter.WebAppFilterChain.invokeTarget(WebAppFilterChain.java:197)
      at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:100)
      at com.sterlingcommerce.security.dv.web.SCUIRequestValidatorFilter.doFilter(SCUIRequestValidatorFilter.java:43)
      at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:203)
      at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:93)
      at com.sterlingcommerce.security.dv.web.SCUISafeRequestFilter.doFilter(SCUISafeRequestFilter.java:64)
      at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:203)
      at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:93)
      at com.sterlingcommerce.security.csrf.SCUIcsrfFilter.doFilter(SCUIcsrfFilter.java:96)
      at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:203)
      at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:93)
      at com.sterlingcommerce.woodstock.security.FileNotFoundSuppressor.doFileNotFoundSuppressedFilter(FileNotFoundSuppressor.java:23)
      at com.sterlingcommerce.woodstock.security.CrossFrameProtectionFilter.doFilter(CrossFrameProtectionFilter.java:76)
      at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:203)
      at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:93)
      at com.yantra.yfs.ui.backend.YFSUIHttpSecurityFilter.doFilter(YFSUIHttpSecurityFilter.java:95)
      at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:203)
      at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:93)
    </Stack>
  </Error>
</Errors>
>

Cause

There may be multiple issues causing the 403 forbidden issue:
1) The Development Toolkit (DTK) version used for IV - SIM integration may not be latest and greatest (2409.2 or greater)
2) Obtained incorrect devtoolkit_extras.tar from IBM Engineering DevOps team.
3) Store Inventory Management (SIM) is configured with incorrect values.

Environment

Test Environment

Diagnosing The Problem

A 403 Forbidden Error occurs in Development Toolkit (DTK) when attempting to save a SIM Enabled Node in IBM Sterling Configuration Manager. This issue arises in a Store Inventory Management (SIM) integrated environment, specifically when SIM and Inventory Visibility (IV) tenants are newly provisioned by the IBM Engineering Development Operations (DevOps) Team.

To diagnose the issue:

  1. Check the JWT Token Authentication

    • Retrieve the JWT token using the following URL:
      https://hostIP:9443/smcfs/restapi/jwt
      Example: https://9.30.141.139:9443/smcfs/restapi/jwt
    • Decode the JWT token using https://jwt.io and verify its contents.
    • Compare the decoded values with the integration.properties file located at:
      devtoolkit_docker/compose/docker/integration.properties

  2. Validate the IV and SIM Tenant Configuration

    • Ensure that the public key provided by DevOps matches in both IV and SIM tenants.
    • Confirm the key alignment with both the SIM and IV teams.

  3. Check DTK Configuration Files

    • Ensure the safestart.properties and system_overrides.properties files are correctly populated in the runtime/properties folder.
    • Verify that integration.properties contains accurate SIM and IV details.
    • Confirm that IV_V2_ENABLE=Y is set in om-compose.properties for IV V2 enablement.

Resolving The Problem

To resolve the 403 Forbidden Error, follow these steps:

  1. Ensure JWT Configuration Matches the Tenant ID

    • The JWT Auth configuration key should match the tenantId (e.g., omoc-int-4).
    • This configuration must be set by the SIM Engineering Team.

  2. Verify IV and SIM Integration

    • Confirm that the public key in IV and SIM tenants is correctly configured.
    • Revalidate the integration settings in integration.properties.

  3. Reconfigure DTK if Necessary

    • If the issue persists, re-extract the DTK extras tar file in the devtoolkit_docker folder and run setup-upg
    • ./om-compose.sh setup-upg
    • Ensure DTK version 2409.2 or greater is used, preferably with JDK_21.

  4. Restart DTK containers

    • Restart the DTK environment after making the necessary configuration changes:
    • ./om-compose.sh restart

If the issue persists, collect the decode the JWT token using https://jwt.io and validate it against the configured integration properties to identify mismatches and create a ticket with IBM Support to involve the DevOps and SIM Engineering Teams with all the details.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSGTJF","label":"IBM Sterling Order Management System"},"ARM Category":[{"code":"a8m0z000000cy2QAAQ","label":"Call Center Store and SIM"},{"code":"a8m0z000000cxzWAAQ","label":"Install and Deploy"}],"ARM Case Number":"TS018572058","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Historical Number

TS018572058

Product Synonym

SIM; OMS; Store Inventory Management; Order Management;

Document Information

Modified date:
12 March 2025

UID

ibm17184481

Page Feedback