Occasional "403 Forbidden" error

Occasionally when a user signs into Ondemand, they’ll get a “403 Forbidden” error. This is rare. Usually a refresh or waiting a few seconds and refreshing fixes it. Other users can sign in, and the user who got the error doesn’t need to change anything, they just have to wait. Today it happened again to 2 people, while multiple others didn’t have a problem. We waited ~30 minutes and it started working again just on a refresh of the page. I didn’t make any changes on the server, I tried a different browser (got the same error), but it just randomly started working.

Looking at the logs, I didn’t see anything out of the ordinary. It looks like my sign in and the other user’s sign in was authorized properly. I really only looked in /var/log/httpd24/error_log and /var/log/httpd24/access_log. I’m not sure if there’s a bug or if there was an issue pulling my permissions from the server.

Our authentication is like this: Ondemand Authenticates against RSA 2FA -> pulls user/groups from LDAP. I believe this has also happened on our other instance that doesn’t use RSA, just LDAP.

I tried looking at another previous issue - 403 Nginx error after install but I’m not sure it’s the same problem.

General Info:
OnDemand version: v1.7.18
CentOS Linux release 7.8.2003 (Core)

I would also check /var/log/httpd24/error_<servername>_log and the access variant too. Also /var/log/ondemand-nginx/<user>/error.log. Maybe they say something more relevant (especially the nginx error logs).

I’m guessing it’s similar to that topic you’ve linked, that there’s something with the underlying OS and it’s permissions/SSSD.