iManager and the "404 Frameservice not found error" - Part 2

This is a follow-up to an earlier article I wrote:


In the article, I discussed a workaround for when you get a "404 Frameservice not found" error inside iManager. The problem is somehow related to the Clipboard access and is saved into your Mozilla Firefox profile. You most often see this with the Identity Manager plugins, since they support copying and pasting of rules and elements between rule sets and policies.

As I said in the previous article, the best way to clear it up is to throw away your Firefox profile. An additional twist that complicates things is that if you do throw away your profile, and start a clean fresh one, the problem could persist.

I use an extension called Google Browser Sync for Firefox that is available from
This extension creates a pocket of disk space on a Google-owned server, linked to your Google account (the same account used for Gmail, Picassa Web, etc.) and stores your bookmarks, and more if you would like. You install it on your multiple machines - I have a dual boot Linux/Windows machine, an old laptop, a couple of Windows VM's, and a Citrix profile I can use Firefox in. My bookmarks are quite complex and detailed, and they act as my personal knowledge base of things I consider interesting.

Each time a Firefox session with the extension connects, it updates the local bookmarks and settings with the values, so your bookmarks stay in sync across multiple machines. This is a very useful tool, highly recommended if you use more than one machine instance. Google protects the settings saved with both your account password and a unique PIN on top of that.

Google Browser Sync can synchronize settings as well, and it seems that it can carry along the setting in the profile that breaks this. So in my case, just deleting the profile is not enough, since I brought it back when I synced back the data from Google. Oh, well ...
Overall, the problem seems to occur some indeterminate amount of time after you get asked by Firefox if you want to Allow or Deny clipboard access. What you want Firefox to do is Allow, and remember the decision. It's a REALLY useful feature to be able to copy a rule, policy, or snippet of code and paste it elsewhere.

What is quite interesting is that if you click on what looks like a widget and paste it into a text editor, you will see that it has copied the XML that defines the settings of that widget. For example, clicking and copying on a rule that has a condition of "If Operational Attribute Surname is not available" and then pasting it into a text editor will show this:

<if-op-attr name="Surname" op="available"/>

which can then be pasted somewhere the XML snippet makes sense. A more generic example that can be pasted better would be an Action that you might want to bundle inside an IF-THEN action. You could copy and paste it where you want it to go. However, if you have said Deny, then this functionality is gone.


The easiest way to clear this up is to do what the popup window tells you to do.

If access to the clipboard from your Mozilla*-enabled or related browser appears to be disabled, use the following procedure:

1. In your browser, open the about:config URL in the Navigation toolbar to configure browser preferences.
2. Set the value of "signed.applets.codebase_principal_support" to true.
3. Restart your browser.

After restarting, the next clipboard access attempt results in the following Internet Security prompt:

A script from "" has requested UniversalXPConnect privileges. You should grant these privileges only if you are comfortable downloading and executing a program from this source. Do you wish to allow these privileges?

4. Click Yes to allow the clipboard access request to proceed. If the "Remember this decision" checkbox is selected, future access is granted without confirmation, effective the next time you restart your browser.

If, after performing the above steps, access to the clipboard remains disabled (or if you selected No and selected the Remember This Decision checkbox in the Internet Security prompt), you might need to perform additional steps.

If this above process does not work for you, then you need to quit the Firefox instance and find your profile. On Linux this is something like


The 2ayu404 part is randomly generated for each Profile or Firefox install. Thus your value may be something random looking and different.

Once you get there, edit the prefs.js file and look for a segment that looks like this:

user_pref("capability.principal.certificate.p3.granted", "UniversalXPConnect");
user_pref("", "09:E5:41:D7:AA:A7:67:22:EB:AB:92:1E:E7:44:F4:FB:B6:19:A3:A9");
user_pref("capability.principal.certificate.p3.subjectName", "CN=\"Novell, Inc.\",OU=Network Products Group,OU=Digital ID Class 3 - Netscape Object Signing,O=\"Novell, Inc.\",L=Provo,ST=Utah,C=US");
user_pref("capability.principal.codebase.p0.granted", "UniversalXPConnect");
user_pref("", "");
user_pref("capability.principal.codebase.p0.subjectName", "");
user_pref("capability.principal.codebase.p1.granted", "UniversalXPConnect");
user_pref("", "");
user_pref("capability.principal.codebase.p1.subjectName", "");

And you are looking for a "capability.principal.codebase.p0.denied" line. (I cleaned mine up, so I do not have an example of a deny to show - sorry!).

You should note that each set of grant/denies can be on multiple lines, and they are connected by the p0 in the example of "capability.principal.codebase.p0" This has a consequence: if the Deny is the first in the list, you need to shuffle the list so that it starts at 0 and continues in sequence and order. You should not leave any gaps in the sequence numbers.

Once you do this, next time you visit the page, you are allowed to Deny or Allow the clipboard access, which will set the new value correctly (one hopes!) in the settings for Firefox.

This still does not resolve the 404 Frameservice issue, but my understanding is that the issue is open with the Firefox developers to fix, and it is possible to work around. This is not the perfect solution, but much better than nothing. I hope this helps you, if you run into this problem in the field somewhere.


How To-Best Practice
Comment List