AQ messages
CSIAQ0001E Tenant information is required.
Explanation
The system cannot perform the request because the tenant ID was missing.
Action
Specify a valid tenant ID.
CSIAQ0002E Payload information is required.
Explanation
The system cannot perform the request because the payload was missing.
Action
Specify a valid payload.
CSIAQ0003E A version number is required.
Explanation
The system cannot perform the request because the version number was missing.
Action
Specify a valid version number.
CSIAQ0004E A locale is required.
Explanation
The system cannot perform the request because the locale was missing.
Action
Specify a valid locale.
CSIAQ0005E The context key cannot be null or empty.
Explanation
The system cannot perform the request because the context key was missing.
Action
Specify a valid context key.
CSIAQ0006E The HttpServletRequest object was not found in the context.
Explanation
The system cannot perform the request because the HTTP request was not valid.
Action
Check that a valid HTTP request was received.
CSIAQ0007E The system cannot process your request because the system might be busy. Try the request again later.
Explanation
The system cannot perform the request because a temporary capacity or network problem might exist.
Action
Try the procedure again later. If the problem persists, the error has no recovery option that you can take. Contact your Support team for assistance.
CSIAQ0008E An unknown internal server error occurred.
Explanation
The system cannot perform the request because an unknown internal server error occurred.
Action
Check the log file for details.
CSIAQ0009E The system cannot retrieve the payload from the request body.
Explanation
The request body is empty or has an invalid payload.
Action
Check the request payload and try the request again.
CSIAQ0010E The system cannot map the payload.
Explanation
The request body has an invalid payload.
Action
Check the request payload and try the request again.
CSIAQ0011E The system cannot find the following item from the payload: "property"
Explanation
The request payload is incomplete.
Action
Check that the request payload is complete and try the request again.
CSIAQ0012E The tenant ID is invalid: "tenantId"
Explanation
The system cannot perform the request because the tenant is not enabled or it does not exist.
Action
Enable or create the tenant.
CSIAQ0013E Client ID information is required.
Explanation
The system cannot perform the request because the client ID was missing.
Action
Specify a valid client ID.
CSIAQ0014E Client ID or user ID information is required.
Explanation
The system cannot perform the request because the client ID or user ID was missing.
Action
Specify a valid client ID or user ID.
CSIAQ0015E State ID information is required.
Explanation
The system cannot perform the request because the state ID was missing.
Action
Specify a valid state ID.
CSIAQ0016E Client Name information is required.
Explanation
The system cannot perform the request because the client name was missing.
Action
Specify a valid client name.
CSIAQ0017E Redirect URI information is required.
Explanation
The system cannot perform the request because the redirect URI was missing.
Action
Specify a valid redirect URI.
CSIAQ0018E The system cannot create the client ID.
Explanation
The system cannot perform the request because the client ID exists in the system.
Action
Specify different client ID or let the system generate one.
CSIAQ0019E The client name contains invalid characters. Use only alphanumeric characters, blank spaces, and the following special characters: _ , . , -
Explanation
The system cannot perform the request because the client name contains one or more invalid characters.
Action
Specify a valid client name. Use only alphanumeric characters, blank spaces, and the following special characters: _ , . , -
CSIAQ0020E The grant type is not supported. Valid grant types are: list.
Explanation
The system cannot perform the request because one of the grant type is not valid.
Action
Specify only valid grant types and try again.
CSIAQ0021E One of the redirect URIs is not a valid URI.
Explanation
The system cannot perform the request because the provided redirect URI is not a valid URI.
Action
Specify a valid URI for redirect URI information.
CSIAQ0022E The value of 'count' or 'limit' exceeds 1000.
Explanation
The system cannot perform the request because the value of 'count' or 'limit' must be less than 1000.
Action
Enter a value of 'count' or 'limit' that is less than 1000.
CSIAQ0023E The search condition has an incorrect format. It requires a search operator and two operands: the field name and the value. A string search value must have double quotes.
Explanation
The system cannot perform the request.
Action
Specify a valid search condition.
CSIAQ0024E The search operator is invalid.
Explanation
The system cannot perform the request because the search operator is not supported or cannot be performed for a field or value.
Action
Specify a supported search operator. Supported search operators for string type are 'contains', '=' and '!='. Supported search operators for number type are '=', '!=', '>', '>=', '<' and '<='. Supported search operators for boolean type are '=' and '!='.
CSIAQ0025E Mixing inclusive and exclusive filters is not supported.
Explanation
The system cannot perform the request because filters must all be either inclusive or exclusive.
Action
Do not mix inclusive and exclusive filters.
CSIAQ0026E One of the fields is invalid.
Explanation
The system cannot perform the request because the software cannot perform search, sort, or filter operations on one of the fields.
Action
Remove the invalid field from the search, sort, or filter string.
CSIAQ0027E You must enter the authorization code that is generated by the authorize endpoint before the token exchange can be performed.
Explanation
The system cannot perform a request. The authorization code was missing.
Action
Specify a valid authorization code.
CSIAQ0028E The resource ID is invalid: "resourceId"
Explanation
The system cannot perform the request because the resource does not exist.
Action
Create the resource and retry the operation.
CSIAQ0029E The system cannot create the definition ID.
Explanation
The system cannot perform the request because the definition ID exists in the system.
Action
Specify a different definition ID or let the system generate one.
CSIAQ0030E The system cannot create the definition name.
Explanation
The system cannot perform the request because the definition name exists in the system.
Action
Specify a different definition name.
CSIAQ0031E Definition name information is required.
Explanation
The system cannot perform the request because the definition name was missing.
Action
Specify a valid definition name.
CSIAQ0032E Grant type information is required.
Explanation
The system cannot perform the request because the grant type was missing.
Action
Specify a grant type that was configured for this client.
CSIAQ0033E OpenID connect is disabled. OpenID connect keys are not allowed.
Explanation
The system cannot perform the request because the OpenID connect keys were provided when OpenID connect is disabled.
Action
Remove the OpenID connect keys from the payload.
CSIAQ0034E OpenID Connect is disabled. ID token lifetime is not allowed.
Explanation
The system cannot perform the request because the ID token lifetime was provided when OpenID connect is disabled.
Action
Remove the ID token lifetime from the payload.
CSIAQ0035E OpenID connect is disabled. Issuer identifier is not allowed.
Explanation
The system cannot perform the request because issuer identifier was provided when OpenID connect is disabled.
Action
Remove the issuer identifier from the payload.
CSIAQ0036E Refresh token grant type is disabled. The following parameters are not supported and must be removed from the request payload: max authorization grant lifetime, refresh token lifetime, refresh token length, enable multiple refresh tokens for fault tolerance, PIN policy, and PIN length
Explanation
The system cannot perform the request because invalid parameters were provided when refresh token was disabled.
Action
Remove the invalid parameters from the payload and resubmit the request.
CSIAQ0037E PIN policy is disabled. The PIN length parameter is not allowed.
Explanation
The system cannot perform the request because PIN length was provided when PIN policy was disabled.
Action
Remove the PIN length parameter from the payload.
CSIAQ0038E The issuer identifier is invalid. It must be a valid URL that uses the https scheme and contains no query or fragment components.
Explanation
The system cannot perform the request because the issuer identifier is not a valid URL.
Action
Specify a valid issuer identifier.
CSIAQ0039E Unsupported trusted client manager behavior. Valid trusted client manager behaviors are: behaviors.
Explanation
The system cannot perform request because the trusted client manager behavior is unsupported.
Action
Specify one of the valid trusted client manager behaviors.
CSIAQ0040E The token character set contains non-alphanumeric characters. Use only alphanumeric characters.
Explanation
The system cannot perform request because the token character set contains one or more invalid characters.
Action
Specify a valid token character set. Use only alphanumeric characters.
CSIAQ0041E The access token length parameter is required.
Explanation
The system cannot perform the request because the access token length is missing.
Action
Specify a valid access token length.
CSIAQ0042E The access token lifetime parameter is required.
Explanation
The system cannot perform the request because the access token lifetime is missing.
Action
Specify a valid access token lifetime.
CSIAQ0043E The authorization code length parameter is required.
Explanation
The system cannot perform the request because the authorization code length is missing.
Action
Specify a valid authorization code length.
CSIAQ0044E The authorization code lifetime parameter is required.
Explanation
The system cannot perform the request because the authorization code lifetime is missing.
Action
Specify a valid authorization code lifetime.
CSIAQ0045E The max authorization grant lifetime parameter is required.
Explanation
The system cannot perform the request because the max authorization grant lifetime is missing.
Action
Specify a valid max authorization grant lifetime.
CSIAQ0046E The PIN length parameter is required.
Explanation
The system cannot perform the request because the PIN length is missing.
Action
Specify a valid PIN length.
CSIAQ0047E The refresh token length parameter is required.
Explanation
The system cannot perform the request because the refresh token length is missing.
Action
Specify a valid refresh token length.
CSIAQ0048E The definition ID parameter is required.
Explanation
The system cannot perform the request because the definition ID is missing.
Action
Specify a valid definition ID.
CSIAQ0049E One of the request URIs is not a valid URI.
Explanation
The system cannot perform the request because the provided request URI is not a valid URI.
Action
Specify valid URI for request URI information.
CSIAQ0050E The system cannot create the client name.
Explanation
The system cannot perform the request because the client name exists in the system.
Action
Specify a different Client name.
CSIAQ0051E The token character set is required.
Explanation
The system cannot perform the request because the token character set is missing.
Action
Specify a valid token character set. Valid token character sets use alphanumeric characters only.
CSIAQ0052E The grant type cannot be modified.
Explanation
The system cannot perform request because the grant type must be the original one that was used to create this definition.
Action
Specify the grant types that this definition was originally created with.
CSIAQ0053E The grant type cannot be modified.
Explanation
The system cannot perform request because the grant type must be the original one that was used to create this definition.
Action
Remove the grant type from this patch request.
CSIAQ0054E The OpenID Connect enabled parameter cannot be modified.
Explanation
The system cannot perform request because the OpenID Connect enabled parameter cannot be modified when there are clients already associated with the definition.
Action
Specify the OpenID Connect enabled parameter value that this definition was originally created with.
CSIAQ0055E The OpenID Connect enabled parameter cannot be modified.
Explanation
The system cannot perform request because the OpenID Connect enabled parameter cannot be modified when there are clients already associated with the definition.
Action
Remove the OpenID Connect enabled parameter from this patch request.
CSIAQ0056E The read-only parameter cannot be modified.
Explanation
The system cannot perform request because the read-only parameter must be the original one that was used to create this definition.
Action
Specify the read-only parameter value that this definition was originally created with.
CSIAQ0057E The read-only parameter cannot be modified.
Explanation
The system cannot perform request because the read-only parameter must be the original one that was used to create this definition .
Action
Remove the read-only parameter from this patch request.
CSIAQ0058E One of these parameters must be provided when ID Token encryption is enabled: ID Token Encryption Key, or JSON Web Key URI
Explanation
The system cannot perform request because a required parameter is missing.
Action
Specify either the ID Token Encryption Key parameter or JSON Web Key URI parameter.
CSIAQ0059E One of these parameters needs to be provided when request verification is enabled: Request Verification Key, or JSON Web Key URI
Explanation
The system cannot perform request because a required parameter is missing.
Action
Specify either the Request Verification Key parameter or the JSON Web Key URI parameter.
CSIAQ0060E The client secret contains invalid characters. Use only ASCII characters.
Explanation
The system cannot perform request because the client secret contains one or more non-ASCII characters.
Action
Specify a valid client secret. Use only ASCII characters.
CSIAQ0061E The elliptic-curve (EC) signing key cannot be removed from the definition.
Explanation
The system cannot perform request because the EC signing key cannot be removed from the definition.
Action
Specify the EC signing key that this definition was originally created with.
CSIAQ0062E The elliptic-curve (EC) decryption key cannot be removed from the definition.
Explanation
The system cannot perform request because the EC decryption key cannot be removed from the definition.
Action
Specify the EC decryption key that this definition was originally created with.
CSIAQ0063E The RSA signing key cannot be removed from the definition.
Explanation
The system cannot perform request because the RSA signing key cannot be removed from the definition.
Action
Specify the RSA signing key that this definition was originally created with.
CSIAQ0064E The RSA decryption key cannot be removed from the definition.
Explanation
The system cannot perform request because the RSA decryption key cannot be removed from the definition.
Action
Specify the RSA decryption key that this definition was originally created with.
CSIAQ0065E The company URL is invalid.
Explanation
The system cannot perform request because the company URL is invalid.
Action
Specify a valid company URL.
CSIAQ0066E An invalid contact type was specified. Valid contact types are technical, support, administrative, billing, or other.
Explanation
The system cannot perform the request. The contact type is invalid.
Action
Specify valid contact type: technical, support, administrative, billing, or other.
CSIAQ0067E One or more grant type values are not supported by the associated definition.
Explanation
The system cannot perform request because one or more grant type is unsupported by the associated definition.
Action
Specify grant types supported by the associated definition.
CSIAQ0068E The definition name cannot be more than length characters.
Explanation
The system cannot perform the request. The definition name is too long.
Action
Provide a shorter definition name.
CSIAQ0069E The definition description cannot be more than length characters.
Explanation
The system cannot perform the request. The definition description is too long.
Action
Provide a shorter definition description.
CSIAQ0070E The access policy ID cannot be more than length characters.
Explanation
The system cannot perform the request. The access policy ID is too long.
Action
Shorten the access policy ID or specify another access policy ID.
CSIAQ0071E The pre-mapping rule ID cannot be more than length characters.
Explanation
The system cannot perform the request. The pre-mapping rule ID is too long.
Action
Shorten the pre-mapping rule ID or specify another pre-mapping rule ID.
CSIAQ0072E The post-mapping rule ID cannot be more than length characters.
Explanation
The system cannot perform the request. The post-mapping rule ID is too long.
Action
Shorten the post-mapping rule ID or specify another post-mapping rule ID.
CSIAQ0073E The access token lifetime (in seconds) must be more than minlength , but less than maxlength.
Explanation
The system cannot perform request because the access token lifetime is invalid.
Action
Specify valid access token lifetime.
CSIAQ0074E The access token length must be more than minlength , but less than maxlength.
Explanation
The system cannot perform the request. The access token length is invalid.
Action
Specify valid access token length.
CSIAQ0075E The enforce single use authorization grant parameter is missing.
Explanation
The system cannot perform the request. The enforce single use authorization grant parameter is required.
Action
Specify a valid enforce single use authorization grant parameter.
CSIAQ0076E The authorization code lifetime (in seconds) must be more than minlength , but less than maxlength.
Explanation
The system cannot perform the request. The authorization code lifetime is invalid.
Action
Specify a valid authorization code lifetime.
CSIAQ0077E The maximum authorization grant lifetime [grantLT] must be longer than the authorization code lifetime [acLT].
Explanation
The system cannot perform the request. The maximum authorization grant lifetime is invalid.
Action
Specify a valid maximum authorization grant lifetime.
CSIAQ0078E The authorization code length must be more than minlength , but less than maxlength.
Explanation
The system cannot perform the request. The authorization code length is invalid.
Action
Specify a valid authorization code length.
CSIAQ0079E Do not provide the authorization code lifetime if authorization code is disabled.
Explanation
The system cannot perform the request because the authorization code lifetime was provided when authorization code is disabled.
Action
Remove the authorization code lifetime from the payload and submit the request again.
CSIAQ0080E Do not provide the authorization code length if authorization code is disabled.
Explanation
The system cannot perform the request because the authorization code length was provided when authorization code is disabled.
Action
Remove the authorization code length from the payload and submit the request again.
CSIAQ0081E The enforce single access token per authorization grant parameter is missing.
Explanation
The system cannot perform the request because the enforce single access token per authorization grant parameter is required.
Action
Specify a valid enforce single access token per authorization grant parameter.
CSIAQ0082E The authorization grant lifetime, specified in seconds, must be more than minlength , but less than maxlength. The authorization grant lifetime that was specified is agLTvalue.
Explanation
The system cannot perform the request because the authorization grant lifetime did not meet the requirements for either the minimum or the maximum number of seconds.
Action
Specify a valid authorization grant lifetime.
CSIAQ0083E The refresh token length must be more than minlength , but less than maxlength.
Explanation
The system cannot perform the request. The refresh token length is invalid.
Action
Specify a valid refresh token length.
CSIAQ0084E The enable multiple refresh tokens for fault tolerance parameter is missing.
Explanation
The system cannot perform the request. The enable multiple refresh tokens for fault tolerance parameter is required.
Action
Specify a valid enable multiple refresh tokens for fault tolerance parameter.
CSIAQ0085E The PIN length must be more than minlength , but less than maxlength.
Explanation
The system cannot perform the request. The PIN length is invalid.
Action
Specify a valid PIN length.
CSIAQ0086E The token character set must be more than minlength characters, but less than maxlength characters.
Explanation
The system cannot perform the request. The token character set is invalid.
Action
Specify a valid token character set.
CSIAQ0087E The issuer identifier is missing.
Explanation
The system cannot perform the request because the issuer identifier is required.
Action
Specify a valid issuer identifier.
CSIAQ0088E The issuer identifier cannot be more than length characters.
Explanation
The system cannot perform the request. The issuer identifier is too long.
Action
Specify a valid issuer identifier.
CSIAQ0089E The ID token lifetime is missing.
Explanation
The system cannot perform the request because the ID token lifetime is required.
Action
Specify a valid ID token lifetime.
CSIAQ0090E The ID token lifetime (in seconds) must be more than minlength , but less than maxlength.
Explanation
The system cannot perform the request. The ID token lifetime is invalid.
Action
Specify a valid ID token lifetime.
CSIAQ0091E The elliptic-curve (EC) signing key cannot be more than length characters.
Explanation
The system cannot perform the request because the EC signing key is too long.
Action
Specify a valid EC signing key.
CSIAQ0092E The RSA signing key cannot be more than length characters.
Explanation
The system cannot perform the request because the RSA signing key is too long.
Action
Specify a valid RSA signing key.
CSIAQ0093E The elliptic-curve (EC) decryption key cannot be more than length characters.
Explanation
The system cannot perform the request because the EC decryption key is too long.
Action
Specify a valid EC decryption key.
CSIAQ0094E The RSA decryption key cannot be more than length characters.
Explanation
The system cannot perform the request because the RSA decryption key is too long.
Action
Specify a valid RSA decryption key.
CSIAQ0095E The read-only parameter is missing.
Explanation
The system cannot perform the request because the read-only parameter is required.
Action
Specify the read-only parameter.
CSIAQ0096E The trusted client manager behavior is missing. Valid trusted client manager behaviors are never_prompt, always_prompt, and prompt_once_and_remember.
Explanation
The system cannot perform the request because the trusted client manager behavior is required.
Action
Specify a valid trusted client manager behavior: never_prompt, always_prompt, and prompt_once_and_remember.
CSIAQ0097E The PIN policy enabled parameter is missing.
Explanation
The system cannot perform the request because the PIN policy enabled parameter is required.
Action
Specify the PIN policy enabled parameter.
CSIAQ0098E The OpenID Connect enabled parameter is missing.
Explanation
The system cannot perform the request because the OpenID Connect enabled parameter is required.
Action
Specify the OpenID Connect enabled parameter.
CSIAQ0099E The elliptic-curve (EC) signing key cannot be removed from the definition.
Explanation
The system cannot perform request because the EC signing key cannot be removed from the definition.
Action
Specify the EC signing key that this definition was originally created with.
CSIAQ0100E The RSA signing key cannot be removed from the definition.
Explanation
The system cannot perform request because the RSA signing key cannot be removed from the definition.
Action
Specify the RSA signing key that this definition was originally created with.
CSIAQ0101E The elliptic-curve (EC) decryption key cannot be removed from the definition.
Explanation
The system cannot perform request because the EC decryption key cannot be removed from the definition.
Action
Specify the EC decryption key that this definition was originally created with.
CSIAQ0102E The RSA decryption key cannot be removed from the definition.
Explanation
The system cannot perform request because the RSA decryption key cannot be removed from the definition.
Action
Specify the RSA decryption key that this definition was originally created with.
CSIAQ0103E The client ID cannot be more than length characters.
Explanation
The system cannot perform the request because the client ID is too long.
Action
Specify a valid client ID.
CSIAQ0104E The client name cannot be more than length characters.
Explanation
The system cannot perform the request because the client name is too long.
Action
Specify a valid client name.
CSIAQ0105E The client secret cannot be more than length characters.
Explanation
The system cannot perform the request because the client secret is too long.
Action
Specify a valid client secret.
CSIAQ0106E The redirect URI cannot be more than length characters.
Explanation
The system cannot perform the request because the redirect URI is too long.
Action
Specify a valid redirect URI.
CSIAQ0107E The request URI cannot be more than length characters.
Explanation
The system cannot perform the request because the request URI is too long.
Action
Specify a valid request URI.
CSIAQ0108E The company name cannot be more than length characters.
Explanation
The system cannot perform the request because the company name is too long.
Action
Specify a shortened version of the company name.
CSIAQ0109E The company URL cannot be more than length characters.
Explanation
The system cannot perform the request because the company URL is too long.
Action
Specify a valid company URL.
CSIAQ0110E The contact name cannot be more than length characters.
Explanation
The system cannot perform the request because the contact name is too long.
Action
Specify a valid contact name.
CSIAQ0111E The email address cannot be more than length characters.
Explanation
The system cannot perform the request because the email address is too long.
Action
Specify a valid email address.
CSIAQ0112E The telephone number cannot be more than length characters.
Explanation
The system cannot perform the request because the telephone number is too long.
Action
Specify a valid telephone number.
CSIAQ0113E The other information parameter cannot be more than length characters.
Explanation
The system cannot perform the request because the other information parameter is too long.
Action
Specify a valid other information parameter.
CSIAQ0114E Definition ID parameter is missing or is invalid.
Explanation
The system cannot perform the request because the definition ID does not exist or is invalid.
Action
Specify a valid definition ID.
CSIAQ0115E The ID token signing algorithm is invalid. Valid ID token signing algorithms are list.
Explanation
The system cannot perform the request because the ID token signing algorithm is unsupported.
Action
Specify a valid ID token signing algorithm.
CSIAQ0116E The ID token key management algorithm is invalid. Valid ID token key management algorithms are list.
Explanation
The system cannot perform the request because the ID token key management algorithm is unsupported.
Action
Specify a valid ID token key management algorithm.
CSIAQ0117E The ID token content encryption algorithm is invalid. Valid ID token content encryption algorithms are list.
Explanation
The system cannot perform the request because the ID token content encryption algorithm is unsupported.
Action
Specify a valid ID token content encryption algorithm.
CSIAQ0118E The request signing algorithm is invalid. Valid request signing algorithms are list.
Explanation
The system cannot perform the request because the request signing algorithm is unsupported.
Action
Specify a valid request signing algorithm.
CSIAQ0119E The request key management algorithm is invalid. Valid request key management algorithms are list.
Explanation
The system cannot perform the request because the request key management algorithm is unsupported.
Action
Specify a valid request key management algorithm.
CSIAQ0120E The request content encryption algorithm is invalid. Valid request content encryption algorithms are list.
Explanation
The system cannot perform the request because the request content encryption algorithm is unsupported.
Action
Specify a valid request content encryption algorithm.
CSIAQ0121E Do not provide the ID token signing algorithm if OpenID connect is disabled.
Explanation
The system cannot perform the request because the ID token signing algorithm was provided when OpenID connect is disabled.
Action
Remove the ID token signing algorithm from the payload.
CSIAQ0122E Do not provide the ID token key management algorithm if OpenID connect is disabled.
Explanation
The system cannot perform the request because the ID token key management algorithm was provided when OpenID connect is disabled.
Action
Remove the ID token key management algorithm from the payload.
CSIAQ0123E Do not provide the ID token content encryption algorithm if OpenID connect is disabled.
Explanation
The system cannot perform the request because the ID token content encryption algorithm was provided when OpenID connect is disabled.
Action
Remove the ID token content encryption algorithm from the payload.
CSIAQ0124E Do not provide the request signing algorithm if OpenID connect is disabled.
Explanation
The system cannot perform the request because the request signing algorithm was provided when OpenID connect is disabled.
Action
Remove the request signing algorithm from the payload.
CSIAQ0125E Do not provide the request key management algorithm if OpenID connect is disabled.
Explanation
The system cannot perform the request because the request key management algorithm was provided when OpenID connect is disabled.
Action
Remove the request key management algorithm from the payload.
CSIAQ0126E Do not provide the request content encryption algorithm if OpenID connect is disabled.
Explanation
The system cannot perform the request because the request content encryption algorithm was provided when OpenID connect is disabled.
Action
Remove the request content encryption algorithm from the payload.
CSIAQ0127E Do not provide the ID token encryption key if OpenID connect is disabled.
Explanation
The system cannot perform the request because the ID token encryption key was provided when OpenID connect is disabled.
Action
Remove the ID token encryption key from the payload.
CSIAQ0128E Do not provide the request verification key if OpenID connect is disabled.
Explanation
The system cannot perform the request because the request verification key was provided when OpenID connect is disabled.
Action
Remove the request verification key from the payload.
CSIAQ0129E Do not provide the JSON Web Key URI if OpenID connect is disabled.
Explanation
The system cannot perform the request because the JSON Web Key URI was provided when OpenID connect is disabled.
Action
Remove the JSON Web Key URI from the payload.
CSIAQ0130E The client secret is missing.
Explanation
The system cannot perform the request because the client secret is required.
Action
Specify a valid client secret.
CSIAQ0131E The require PKCE verification parameter is missing.
Explanation
The system cannot perform the request because the require PKCE verification parameter is required.
Action
Specify a valid require PKCE verification parameter.
CSIAQ0132E The hidden parameter is missing.
Explanation
The system cannot perform the request because the original hidden parameter is required.
Action
Specify the hidden parameter that this client was originally created with.
CSIAQ0133E The enabled parameter is missing.
Explanation
The system cannot perform the request because the enabled parameter is required.
Action
Specify the enabled parameter.
CSIAQ0134E The ID token signing algorithm is missing.
Explanation
The system cannot perform the request because the ID token signing algorithm is required.
Action
Specify a valid ID token signing algorithm for the payload.
CSIAQ0135E The ID token key management algorithm is missing.
Explanation
The system cannot perform the request because the ID token key management algorithm is required.
Action
Specify a valid ID token key management algorithm for the payload.
CSIAQ0136E The ID token content encryption algorithm is missing.
Explanation
The system cannot perform the request because the ID token content encryption algorithm is required.
Action
Specify a valid ID token content encryption algorithm for the payload.
CSIAQ0137E The request signing algorithm is missing.
Explanation
The system cannot perform the request because the request signing algorithm is required.
Action
Specify a valid request signing algorithm for the payload.
CSIAQ0138E The request key management algorithm is missing.
Explanation
The system cannot perform the request because the request key management algorithm is required.
Action
Specify a valid request key management algorithm for the payload.
CSIAQ0139E Request content encryption algorithm is required.
Explanation
The system cannot perform the request because the request content encryption algorithm is missing.
Action
Specify a valid request content encryption algorithm for the payload.
CSIAQ0140E The ID token encryption key cannot be more than length characters.
Explanation
The system cannot perform the request because the ID token encryption key is too long.
Action
Specify a valid ID token encryption key.
CSIAQ0141E The request verification key cannot be more than length characters.
Explanation
The system cannot perform the request because the request verification key is too long.
Action
Specify a valid request verification key.
CSIAQ0142E The JSON Web Key URI cannot be more than length characters.
Explanation
The system cannot perform the request because the JSON Web Key URI is too long.
Action
Specify a valid JSON Web Key URI.
CSIAQ0143E Do not provide the ID token encryption key if the following key management algorithms are used: dir, A128KW, A192KW, A256KW, A128GCMKW, A192GCMKW, and A256GCMKW
Explanation
The system cannot perform the request because the ID token encryption key was provided when the key management algorithm does not require a key.
Action
Remove the ID token encryption key parameter from the payload.
CSIAQ0144E Do not provide the request verification key if the following request signing algorithm are used: HS256, HS384, and HS512
Explanation
The system cannot perform the request because the request verification key parameter was provided when the request signing algorithm does not require a key.
Action
Remove the request verification key parameter from the payload.
CSIAQ0145E Token character set contains duplicate characters. Use only unique alphanumeric characters.
Explanation
The system cannot perform the request because the token character set contains duplicate characters.
Action
Specify a valid token character set. Use only unique alphanumeric characters.
CSIAQ0146E The JSON Web Key URI is not a valid URL.
Explanation
The system cannot perform the request because the provided JSON Web Key URI must be a valid URL.
Action
Specify a valid URL for JSON Web Key URI information.
CSIAQ0147E The required parameter: [name] is missing in the request.
Explanation
A required parameter for this request type was not found in the received request
Action
Ensure that the request contains all of the required parameters.
CSIAQ0148E The parameter value [value] is not valid for the parameter [param].
Explanation
The system cannot perform the request because the value of the parameter is not valid.
Action
Ensure that the parameter values in the request message has the correct type and format.
CSIAQ0149E Multiple values of the OAuth 2.0 protocol parameter [request_parameter] were found in the request.
Explanation
The system cannot perform the request because the OAuth 2.0 protocol parameters cannot have more than one value in the request.
Action
Remove the duplicate OAuth 2.0 request parameters from the request.
CSIAQ0150E The client must use the HTTP POST method when making access token requests.
Explanation
The system cannot perform the request because a client attempted to make an access token request without using the HTTP POST method.
Action
Ensure that all requests to the OAuth 2.0 token endpoint use the HTTP POST method.
CSIAQ0151E The client used an incorrect method to make a request to this endpoint.
Explanation
The system cannot perform the request because all requests to the OAuth 2.0 endpoint must use the HTTP POST or the HTTP GET method.
Action
Ensure that all requests to the OAuth 2.0 endpoint use the HTTP POST or the HTTP GET method.
CSIAQ0152E The browser request could not be converted into a security token service universal user (STSUU)document because [message].
Explanation
The process of converting an HTTP request to an STSUU failed.
Action
Ensure that the request has been properly constructed.
CSIAQ0153E The provider is not an OpenID Connect provider.
Explanation
The system cannot perform the request because the client has requested an OpenID Connect request against OAuth provider.
Action
Please configure and enable OpenID Connect configuration.
CSIAQ0154E The system cannot find the client with identifier [client_id].
Explanation
The system cannot perform the request because the client identifier in the request does not match any registered client.
Action
Ensure that the client is valid and that it is registered correctly.
CSIAQ0155E An invalid client authentication was provided for the client with the identifier [client_id].
Explanation
The client authentication provided in the request contains an incorrect client ID or an incorrect client secret.
Action
Ensure that the client authentication is valid.
CSIAQ0156E The authenticated client ID [username] does not match the client ID in the request body [client_id].
Explanation
The client's authenticated user name does not match the client ID it provided in the request body.
Action
Ensure that the authenticated user name matches the client ID.
CSIAQ0157E The request included multiple client credentials.
Explanation
OAuth 2.0 protocol requests can have one client credential only. For example, the request cannot have client credentials in both the BA header and the request body.
Action
Make sure that the OAuth 2.0 request did not include client credentials in more than one place. Remove the additional client credentials from the request.
CSIAQ0158E The [type] of type [sub_type] does not exist or is invalid.
Explanation
An invalid grant or token was provided.
Action
Ensure that the grant or token that is provided is valid.
CSIAQ0159E You are not authorized to access this protected resource.
Explanation
This resource can only be access by an authorized user.
Action
Ensure that the authorization endpoint is properly configured and secured.
CSIAQ0160E The client secret is missing.
Explanation
Confidential clients that access the token endpoint must authenticate with both client ID and client secret.
Action
Ensure that valid client credentials are provided when accessing the token endpoint.
CSIAQ0161E A public client attempted to use the client credentials grant type. The client credentials flow is restricted to confidential clients.
Explanation
This grant type is restricted to confidential clients.
Action
Ensure public clients are not attempting to use the client credentials grant type.
CSIAQ0162E A public client attempted to access a token endpoint that is configured to allow confidential clients only.
Explanation
The token endpoint is not configured to allow public client access.
Action
Use a confidential client to access the token endpoint.
CSIAQ0163E The client assertion [assertion] is not valid. The [param] is missing.
Explanation
The missing parameter is a required parameter.
Action
Ensure that the assertion has all the required parameters.
CSIAQ0164E The client assertion [assertion] has expired. It's expiry time was [expiredTime]. The current time is [currentTime].
Explanation
The system cannot process an expired assertion.
Action
Specify a client assertion that has not expired.
CSIAQ0165E The client assertion [assertion] is not yet valid. It is not valid before [validityTime]. The current time is [currentTime].
Explanation
The value of the assertion is not valid because its validation time has not yet been reached.
Action
Specify a client assertion that is already valid.
CSIAQ0166E The [type] of type [sub_type] does not belong to the client that is attempting to use it.
Explanation
The client ID provided when accessing the token endpoint does not match the client ID that is associated with the grant or token.
Action
Specify the client ID that matches the client ID that is associated with the grant or token.
CSIAQ0167E The redirection URI that is provided in the request [redirect_uri] is either invalid, or does not meet the matching criteria for the registered redirection URI.
Explanation
An invalid redirection URI was provided.
Action
Correct the redirection URI and submit the request again.
CSIAQ0168E The client's registered redirection URI is not a valid absolute URI.
Explanation
The client's configured redirection URI is invalid.
Action
Ensure that your client is configured correctly with a valid absolute redirection URI.
CSIAQ0169E A redirection URI is missing at runtime.
Explanation
The request does not specify a redirection URI and multiple registered redirection URIs exist. The system cannot determine which redirection URI to use at runtime.
Action
Provide a redirection URI in the request.
CSIAQ0170E The response type [response_type] is not supported. Supported response types are list.
Explanation
The response_type parameter that was received in the request is not a type that is supported by the client's configuration.
Action
Correct the response_type and submit the request again.
CSIAQ0171E The response_type parameter value none cannot be combined with another value.
Explanation
The response_type parameter must not contain none with any other value.
Action
Ensure that the request response_type parameter none is not combined with any other value.
CSIAQ0172E The grant type [grant_type] is not supported. Supported grant types are grant_types.
Explanation
The grant_type parameter received in the request has an unsupported value.
Action
Correct the grant_type and submit the request again.
CSIAQ0173E The received redirection URI [redirect_uri] does not match the redirection URI that this grant was issued to.
Explanation
The redirection URI in the request is no the same as the redirection URI that was used in the request for the authorization grant.
Action
Ensure that the same redirection URI is used when requesting an authorization grant and when using an authorization grant.
CSIAQ0174E The scope requested in the access token request exceeds the scope granted by the resource owner.
Explanation
The client has requested an access token with greater scope than the scope that was granted.
Action
Reduce the scope of the client's token request.
CSIAQ0175E The openid scope is missing. The id_token cannot be generated.
Explanation
The openid scope is required to generate the id_token parameter.
Action
Specify the openid scope in the request.
CSIAQ0176E The prompt parameter value none cannot be combined with other value.
Explanation
The prompt parameter must not contain none with any other value.
Action
Ensure that the request prompt parameter none is not combined with any other value.
CSIAQ0177E The prompt parameter value [prompt] is invalid.
Explanation
The prompt parameter value is not none, login, or consent.
Action
Ensure that the request prompt parameter value is either none, login, or consent.
CSIAQ0178E Login is required. The request cannot be processed without authentication.
Explanation
This is expected behavior when the prompt parameter value is none and user is not authenticated.
Action
None.
CSIAQ0179E The system could not prompt for user consent.
Explanation
The request cannot continue without user consent.
Action
Check that the request prompt parameter value and client's trusted client behavior configuration allow for user consent.
CSIAQ0180E The user did not consent to access the protected resource.
Explanation
The user denied authorization of the OAuth 2.0 client to access the protected resource.
Action
None.
CSIAQ0181E The authorization delegate received a consent page form verifier that was not valid compared to the verifier in the user's session.
Explanation
The consent page form verifier sent to the authorization delegate was not valid compared to the verifier contained in the user's session.
Action
Ensure that the consent page form verifier parameter submitted matches that set by the initial authorization delegate request.
CSIAQ0182E The authorization delegate received consent form data that contained OAuth 2.0 parameters.
Explanation
The consent page form returned one or more OAuth 2.0 parameters such as client_id, redirect_uri, response_type or state.
Action
Remove any OAuth 2.0 parameters such as client_id, redirect_uri, response_type or state from the consent page form.
CSIAQ0183E PKCE validation failed. The code_verifier is not valid.
Explanation
The code_challenge and computed code_verifier must match for validation.
Action
Ensure that a valid code_verifer is specified.
CSIAQ0184E The code_challenge_method [badValue] is not valid. The supported values are goodValues.
Explanation
The code_challenge_method that was selected is not supported by this authorization server.
Action
Ensure that a valid code_challenge_method is selected.
CSIAQ0185E The submitted PIN is incorrect.
Explanation
PIN policy is enabled for the refresh token. The PIN that was received in the request does not match the one generated by the authorization server.
Action
None.
CSIAQ0186E The PIN does not match the PIN length setting in the definition.
Explanation
The PIN length is either longer than or shorter than the PIN length set in the definition.
Action
None.
CSIAQ0187E A PIN must be provided to protect the refresh token.
Explanation
PIN policy is enabled in the definition, but a PIN was not provided.
Action
None.
CSIAQ0188E The PIN contains invalid characters.
Explanation
A PIN must contain numbers only.
Action
None.
CSIAQ0189E The client's registered request URI is not a valid absolute URI.
Explanation
The client's configured request URI is invalid.
Action
Ensure that the client is configured correctly with a valid absolute registered request URI.
CSIAQ0190E The request URI provided in the request [request_uri] is either invalid, or does not meet matching criteria for the registered request URI.
Explanation
The request URI must match the criteria of the registered request URI.
Action
Ensure that the request URI is correct.
CSIAQ0191E The system cannot fetch the request from the request URI.
Explanation
There is an issue connecting to or parsing the result of the request URI.
Action
Check that the request URI is correct.
CSIAQ0192E The request object [request] is not valid. The [param] parameter is missing.
Explanation
The missing parameter is required.
Action
Ensure that the request object has all the required parameters and that the parameter values in the request message have the correct type and format.
CSIAQ0193E An error was encountered while building a JSON Web Token (JWT): jwt_error
Explanation
The JWT cannot be built because of the error.
Action
Ensure that JWT configuration for this definition is correct.
CSIAQ0194E The required parameter: [name] was invalid or not found when building the JSON Web Token (JWT).
Explanation
A required parameter for this request type was not found when building the JWT.
Action
Ensure that the request contains all of the required parameters.
CSIAQ0195E The system was unable to produce token hash because of an unsupported algorithm
Explanation
The system does not support the hash algorithm.
Action
Ensure that the system supports the hash algorithm.
CSIAQ0196E The JSON Web Token (JWT) signing or encryption algorithm is unknown or invalid.
Explanation
An unsupported JWT algorithm was configured in the client.
Action
Check the signing and encryption algorithms configured in the client.
CSIAQ0197E Signature verification of the JSON Web Token (JWT) failed.
Explanation
The signature of the JWT is not valid.
Action
Check the signing and encryption algorithms configured in the client.
CSIAQ0198E The payload of the JSON Web Token (JWT) could not be decrypted.
Explanation
The JWT could not be decrypted because of incorrect decryption keys or algorithm.
Action
Check the decryption keys and algorithms configured in the client.
CSIAQ0199E The claim [attributeName] did not match the configured value.
Explanation
The value that is provided must match the pattern or value that is configured for that claim.
Action
None.
CSIAQ0200E The JSON Web Token (JWT) in the request is expired.
Explanation
The current time is past the timestamp in the 'exp' claim.
Action
None.
CSIAQ0201E The JSON Web Token (JWT) not yet valid.
Explanation
The not before (nbf) claim indicates the time before which the JWT must not be accepted for processing. This nbf claim is in the future.
Action
None.
CSIAQ0202E The symmetric key is missing or null.
Explanation
A JWT could not be formed from the values that were provided.
Action
Provide the symmetric key if it is missing or ensure that its value is not null.
CSIAQ0203E The contents of the JWT could not be parsed as valid JSON.
Explanation
An parsing error occurred when parsing the JWT.
Action
None.
CSIAQ0204E A JWT could not be formed.
Explanation
A JWT could not be formed from the provided values because it is not in a valid JWT format.
Action
None.
CSIAQ0205E The system cannot validate the JWT.
Explanation
An error occurred when performing an operation on the JWT.
Action
Check the logs to determine the cause of the failure.
CSIAQ0206E The JWT header could not be parsed.
Explanation
The header portion of the JWT was not valid.
Action
Check the JWT and correct the header.
CSIAQ0207E A 'none' signed JWT was provided, when a signature or information to perform signature validation was present.
Explanation
A JWT signed with 'none' is rejected if there is any data present that performs signature validation. This action is to prevent attacks that modify a JWT header, and drop the signature.
Action
Ensure there is nothing configured which would be used to perform signature validation such as an Hmac key, or a keystore and key label.
CSIAQ0208E The system cannot retrieve a private or a public key for JWT processing.
Explanation
The keystore is not accessible, or key label is invalid, or key has been deleted.
Action
Ensure that your client is configured correctly.
CSIAQ0209E The system cannot generate JSON Web Key set.
Explanation
There is issue generating JSON Web Key set and the system cannot publish it.
Action
Check that the tenant has certificates.
CSIAQ0210E The system cannot fetch a key from the JSON Web Key set URI.
Explanation
There is an issue connecting to or parsing the result of the JSON Web Key set URI.
Action
Check that the JSON Web Key set URI configured in the client is correct.
CSIAQ0211E The definition ID cannot be more than length characters.
Explanation
The system cannot perform the request. The definition ID is too long.
Action
Specify a valid definition ID.
CSIAQ0212E The attribute name is missing.
Explanation
The system cannot perform the request. The attribute name is required.
Action
Specify a valid attribute name.
CSIAQ0213E The attribute name cannot be more than length characters.
Explanation
The system cannot perform the request. The attribute name is too long.
Action
Specify a valid attribute name.
CSIAQ0214E The attribute source ID is missing.
Explanation
The system cannot perform the request. The attribute source ID is required.
Action
Specify a valid attribute source ID.
CSIAQ0215E The attribute source ID cannot be more than length characters.
Explanation
The system cannot perform the request. The attribute source ID is too long.
Action
Specify a valid attribute source ID.
CSIAQ0216E A signing key label was provided. The signature algorithm does not require a key.
Explanation
The system cannot perform the request because the signing key label was provided when signature algorithm does not require any key.
Action
Remove the signing key label from the payload and submit the request again.
CSIAQ0217E The application ID cannot be more than length characters.
Explanation
The system cannot perform the request. The application ID is too long.
Action
Specify a valid application ID.
CSIAQ0218E The algorithm algo cannot be used for public clients.
Explanation
The system cannot perform the request because the algorithm chosen requires a client secret.
Action
Specify an algorithm that does not require a client secret or make the client confidential.
CSIAQ0219E Multiple values for name were found in the attribute map.
Explanation
The system cannot perform the request because attributes in the attribute map cannot have more than one value.
Action
Remove the duplicate attributes and submit the request again.
CSIAQ0220E The maximum authorization grant lifetime [grantLT] must be longer than the access token lifetime [atLT].
Explanation
The system cannot perform the request because the maximum authorization grant lifetime is shorter than the access token lifetime.
Action
Specify a valid maximum authorization grant lifetime.
CSIAQ0221E The tenant ID already exists.
Explanation
The system cannot perform the request because tenant IDs must be unique.
Action
Specify a different tenant ID and submit the request again.
CSIAQ0222E The client cannot have more than max_uri redirect URI entries. The client specified count redirect URI entries.
Explanation
The system cannot perform the request because the number of redirect URIs exceeds the limit.
Action
Remove the excess redirect URIs and submit the request again.
CSIAQ0223E The client cannot have more than max_uri request URI entries. The client specified count request URI entries.
Explanation
The system cannot perform the request because the number of request URIs exceeds the limit.
Action
Remove the excess request URIs and submit the request again.
CSIAQ0224E The tenant is deprovisioned.
Explanation
The system cannot perform the request because the tenant does not have access to the resource.
Action
Check with customer support.
CSIAQ0225E The tenant is disabled.
Explanation
The system cannot perform the request because the tenant was disabled by a system administrator.
Action
Check with customer support.
CSIAQ0226E The tenant status was not changed. It already has the intended status.
Explanation
The system did not perform the request because the tenant already has the intended status and does not require the change.
Action
None.
CSIAQ0227E The attribute name is invalid because that name is already in use. These attribute names are reserved: list.
Explanation
The system cannot perform the request because the attribute name is reserved.
Action
Specify a different attribute name.
CSIAQ0228E An incorrect grant type combination was specified. Specify the refresh token grant type with one of these grant types: list.
Explanation
The system cannot perform the request because grant types combination is invalid.
Action
Ensure that the refresh toke grant type is specified with the listed grant types.
CSIAQ0229E The refresh token expiry setting, that is specified in seconds, must be more than minlength , but less than maxlength.
Explanation
The system cannot perform the request because the refresh token expiry setting did not meet the requirements for either the minimum or the maximum number of seconds.
Action
Specify valid refresh token expiry setting.
CSIAQ0230E The refresh token expiry setting of grantLT seconds must be longer than acLT seconds.
Explanation
The system cannot perform the request. The refresh token expiry setting is too short.
Action
Specify a sufficiently long refresh token expiry setting.
CSIAQ0231E The refresh token expiry setting of grantLT seconds must be longer than the access token expiry setting of atLT seconds.
Explanation
The system cannot perform the request because the refresh token expiry setting is shorter than the access token expiry setting.
Action
Specify a valid refresh token expiry setting that is longer than the specified access token expiry setting.
CSIAQ0232E The response type value [response_type] is invalid. Valid response type values are list.
Explanation
The response_type parameter that was received in the request has an invalid value.
Action
Correct the response_type and submit the request again.
CSIAQ0233E The grant ID [grantId] does not exist.
Explanation
The grant that was specified might be expired or disabled.
Action
Verify that the grant ID was specified correctly. If it was mistyped, correct the ID and resubmit the request. Otherwise, specify a different valid grant ID for the request.
CSIAQ0234E The grant ID [grantId] is invalid.
Explanation
The grant that was specified does not belong to this user or client.
Action
Specify a grant ID that belongs to this user and client and resubmit the request.
CSIAQ0235E Mixing AND and OR search logic is not supported.
Explanation
The system cannot perform the request because search logic must all be either AND or OR.
Action
Correct the search logic so that it is either AND or OR exclusively.
CSIAQ0236E The system cannot process the request because access token provided [token] contains invalid characters. Use only alphanumeric characters and the following special characters: _ , . , -
Explanation
The access token contained non-alphanumeric characters other than the following special characters: _ , . , -
Action
Specify a valid access token. Use only alphanumeric characters and the following special characters: _ , . , - and resubmit the request.
CSIAQ0237E The system cannot perform the request because the client category type [category] is not supported. Supported client category types are list.
Explanation
The system cannot perform the request because a supported client category type was not provided.
Action
Correct the client category and resubmit the request.
CSIAQ0238E The system cannot perform the request because the JSON Web Token (JWT) entitlement header is missing or is invalid.
Explanation
A valid JWT entitlement header is required to process the request.
Action
Specify a valid JWT entitlement header and resubmit the request.
CSIAQ0239E The patch operation failed.
Explanation
The system cannot perform any patch operations because of the reasons specified in the API response.
Action
Check the API response for the error message for each operation and correct them before resubmitting the request.
CSIAQ0240E The system was able to perform the request partially. Some of the operations were successful.
Explanation
The system cannot perform all operations in the patch request because of the reasons specified in the API response.
Action
Check the API response for the error message for each operation and correct them before resubmitting the request.
CSIAQ0241E The system cannot perform the request because the operation has missing or invalid data.
Explanation
The system cannot perform the request because the operation was missing required attributes or invalid values were specified.
Action
Correct the missing or invalid data in the API operation and resubmit the request.
CSIAQ0242E The system cannot perform the request because the path that was specified [path] is not valid.
Explanation
The system cannot perform the request unless the operation has a valid path.
Action
Correct the path for the operation and resubmit the request.
CSIAQ0243E The system cannot perform the request because the operation [operation] is not supported. Supported patch operations are list.
Explanation
The system can perform supported operations only.
Action
Specify a valid operation and resubmit the request.
CSIAQ0244E The system cannot perform the request because access to the resource specified by this path [path] is denied.
Explanation
Either the user has no permission to access the resource or the path to the resource was incorrect.
Action
Specify the path to the correct resource and resubmit the request or if the path is correct, request permission to access the resource.
CSIAQ0245E The client category cannot be null or empty.
Explanation
The system cannot perform the request because the client category is missing.
Action
Specify a valid client category and resubmit the request.
CSIAQ0246E The value specified [value] is not of the correct data type.
Explanation
The system cannot perform the request because the value specified is not of the correct data type for the field it is trying to add or replace.
Action
Specify a valid value and resubmit the request.
CSIAQ0247E The refresh token lifetime [rtLT] must be equal or shorter than the maximum authorization grant lifetime [grantLT].
Explanation
The system cannot perform the request because the refresh token lifetime is longer than the maximum authorization grant lifetime.
Action
Specify a valid refresh token lifetime and resubmit the request.
CSIAQ0248E The patch operation cannot have more than max_entries operations. The patch operation specified count operations.
Explanation
The system cannot perform the request because the number of operations exceeds the limit.
Action
Remove the excess operations and submit the request again.
CSIAQ0249E The user has not authorized the request.
Explanation
The system cannot perform the request because it was not authorized by the user.
Action
None.
CSIAQ0250E The device made an attempt within [rate] seconds. This request will not be processed.
Explanation
The system will not perform the request because the device is polling too often.
Action
None.
CSIAQ0251E The system cannot perform the request because the scope name is missing.
Explanation
The scope name is required.
Action
Specify a valid scope name.
CSIAQ0252E The system cannot perform the request because the scope name cannot be more than length characters.
Explanation
The scope name is too long.
Action
Shorten the scope name so that it is valid or specify another scope name.
CSIAQ0253E The system cannot perform the request because the scope description cannot be more than length characters.
Explanation
The scope description is too long.
Action
Specify a shorter scope description.
CSIAQ0254E The system cannot perform the request because multiple values for the scope [name] were found in the scope list.
Explanation
Duplicate scope names exist in the scope list. A scope name can have only one value.
Action
Remove the duplicate scopes and submit the request again.
CSIAQ0255E The audience name is not a valid string or URI.
Explanation
The system cannot perform request because the audience must be either a printable ASCII string or URI as defined in RFC-2396.
Action
Specify a valid audience.
CSIAQ0256E The access token type is not supported. Valid access token types are: types.
Explanation
The system cannot perform the request because the access token type must be one of the listed types.
Action
Specify a valid access token type.
CSIAQ0257E A JSON Web Token (JWT) access token type requires one of the following signing algorithms: algos.
Explanation
The system cannot perform the request because asymmetric signing algorithm is required when JWT access token type is selected.
Action
Select default access token type or provide a valid asymmetric signing algorithm.
CSIAQ0258E The system cannot perform the request because the token that was received in the request cannot be revoked.
Explanation
Tokens of the type JSON Web Token (JWT) type cannot be revoked.
Action
Specify a non-JWT token.
CSIAQ0259E The system cannot perform the request because the token that was received in the request is not a valid JWT access token.
Explanation
A token of the type JSON Web Token (JWT) that can be introspected must be a valid access token.
Action
Specify a valid JWT access token.
CSIAQ0260E The system cannot perform the request because the API access entitlement [badValue] is not valid. The supported values are goodValues.
Explanation
The API access entitlement that was selected is not supported for this tenant.
Action
Ensure that a valid API access entitlement is selected.
CSIAQ0261E The system cannot perform the request because a recipient in the audience cannot be more than length characters.
Explanation
One or more of the recipients in the audience is too long.
Action
Remove or shorten the recipients in the audience that exceed the character limit and resubmit the request.
CSIAQ0262E The system cannot perform request because the client identifier contains invalid characters. Use only alphanumeric characters and the following special characters: _ , . , -
Explanation
The client identifier contains one or more invalid characters.
Action
Specify a valid client identifier. Use only alphanumeric characters and the following special characters: _ , . , - and resubmit the request.
CSIAQ0263E The system cannot perform the request because multiple values for name were found in the list of API access entitlements.
Explanation
The API access entitlements list cannot have duplicates. An API access entitlement can be in the list only once.
Action
Remove the duplicate API access entitlements and submit the request again.
CSIAQ0264E The user name or password is invalid.
Explanation
Either the password or the user name was incorrectly entered, or the user name does not exist.
Action
Verify that the user name exists and correct any entry errors, or specify different valid user credentials, then resubmit the request.
CSIAQ0265E Unable to parse JWKS due to invalid format.
Explanation
The JWKS format should follow this specification https://tools.ietf.org/html/rfc7517.
Action
Verify that the JWKS specified is in the right format, then resubmit the request.
CSIAQ0266E Unable to redirect to gather more information.
Explanation
The redirection URI specified in the access policy is invalid.
Action
Please contact your system administrator.
CSIAQ0267E The password must be changed.
Explanation
Temporary password cannot be used. You must change the password first.
Action
Please change your password and try again.
CSIAQ0268E Unexpected client configuration.
Explanation
Some of the client configuration does not allow the flow to complete.
Action
Please contact your system administrator.
CSIAQ0269E The specified client is not allowed.
Explanation
The relying party flow can only be performed for particular OIDC clients.
Action
Please change your client ID and try again.
CSIAQ0270E The callback URI specified is invalid.
Explanation
The callback URI should not contain the scheme and hostname.
Action
Please change the callback URI and try again.
CSIAQ0271E The theme ID cannot be more than length characters.
Explanation
The system cannot perform the request. The theme ID is too long.
Action
Specify a valid theme ID.
CSIAQ0272E The system cannot verify the JWT bearer assertion [assertion] because the [param] claim is missing.
Explanation
The missing claim is a required claim.
Action
Ensure that the JWT bearer assertion has all the claims that are required.
CSIAQ0273E The system cannot validate the JWT bearer assertion [assertion] because the value of the [param] claim is invalid.
Explanation
The assertion might be expired or might not yet accepted for processing. An initiate claim that is too far in the past or an expiration claim that is too far in the future might be the cause for the rejection.
Action
Ensure that the JWT bearer assertion claims have valid values.
CSIAQ0274E The system rejected the JWT bearer assertion [assertion].
Explanation
The JWT bearer assertion is not digitally signed, or does not have a Message Authentication Code (MAC) applied, or has an invalid signature or MAC.
Action
Specify a JWT bearer assertion that has valid signature or MAC.
CSIAQ0275E The user name or password is invalid. The account is locked.
Explanation
Either the password or the user name was incorrectly entered, or the user name does not exist. The account is locked because because the number of unsuccessful authentication attempts was exceeded.
Action
Verify that the user name exists and correct any entry errors, or specify different valid user credentials for the request. Wait until the account is unlocked and resubmit the request. If the problem persists, contact your system administrator.
CSIAQ0276E The account is locked.
Explanation
The account is locked because the number of unsuccessful authentication attempts was exceeded.
Action
Verify that the user name exists and correct any entry errors, or specify different valid user credentials for the request. Wait until the account is unlocked and resubmit the request. If the problem persists, contact your system administrator.
CSIAQ0277E The subject attribute could not be mapped.
Explanation
The subject attribute is mapped to an attribute that is null or empty.
Action
Verify that all users that can access this application have the attribute that the subject attribute is mapped to.
CSIAQ0278E User is not authorized to access the application due to policy constraints.
Explanation
Access policy evaluation denied your access to the application. Please check with your administrator for the applicable access policy for the application.
Action
The administrator needs to check the applicable access policy for the application.
CSIAQ0279E Only entitled users can single sign-on to the application. You must request for application access.
Explanation
The user does not have permission to access the application.
Action
If the user should be permitted to access the application, the administrator should grant the user permission.
CSIAQ0280E Password has expired.
Explanation
The account password has expired.
Action
None.
CSIAQ0281E The account is not active.
Explanation
The user's account is not active.
Action
Ask administrator to activate the user's account.
CSIAQ0282E The JSON Web Key Set cannot be more than length characters.
Explanation
The system cannot perform the request because the JSON Web Key Set is too long.
Action
Specify a valid JSON Web Key Set.
CSIAQ0283E The JSON Web Key Set format is not correct.
Explanation
The system cannot perform the request because the JSON Web Key Set specified or downloaded from JSON Web Key URI has invalid format.
Action
Specify a valid JSON Web Key Set format or check whether JSON Web Key URI pointing to correct document.
CSIAQ0284E Accessing JSON Web Key URI took more than second seconds.
Explanation
The JSON Web Key URI may be unreachable or the response is too slow.
Action
Check whether JSON Web Key URI is correct or improve its performance.
CSIAQ0285E The data retrieved from JSON Web Key URI exceeds length bytes.
Explanation
When the size of data downloaded from JSON Web Key URI is too big, it may slow down the runtime response.
Action
Try to trim the data or use JSON Web Key Set to specify selective keys only.
CSIAQ0286E Both JSON Web Key URI and JSON Web Key Set are specified.
Explanation
The system cannot perform the request because only either JSON Web Key URI or JSON Web Key Set should be specified.
Action
Specify either JSON Web Key URI or JSON Web Key Set.
CSIAQ0287E The system cannot process your request because the transaction has been idle for too long.
Explanation
The transaction span is too long. User should start a new request.
Action
Please trigger a new request.
CSIAQ0288E The request payload cannot contain [name] member.
Explanation
The request payload cannot contain the following members: 'registration_access_token', 'registration_client_uri', 'client_id_issued_at' or 'client_secret_expires_at'.
Action
Ensure that the request payload does not contain the forbidden member.
CSIAQ0289E The request payload 'client_id' or 'client_secret' member has been modified.
Explanation
The request payload 'client_id' or 'client_secret' does not match the current issued value.
Action
Ensure that the request payload 'client_id' or 'client_secret' has the right value.
CSIAQ0290E Unsupported user search option. Valid user search options are: options.
Explanation
The system cannot perform request because the user search option is unsupported.
Action
Specify one of the valid user search option.
CSIAQ0291E The user search function is missing.
Explanation
The system cannot perform the request. The user search function is required.
Action
Specify a valid user search function.
CSIAQ0292E The system cannot perform the request because the user search function cannot be more than length characters.
Explanation
The user search function is too long.
Action
Shorten the function so that it is valid.
CSIAQ0293E Grant type policyauth must be specified together with urn:ietf:params:oauth:grant-type:jwt-bearer grant type.
Explanation
The system cannot perform the request because policyauth grant type requires urn:ietf:params:oauth:grant-type:jwt-bearer grant type.
Action
Ensure that policyauth grant type is specified together with urn:ietf:params:oauth:grant-type:jwt-bearer grant type.
CSIAQ0294E All operations were successful.
Explanation
The system can perform all the operations successfully. Check the API response for more details.
Action
None.
CSIAQ0295E The application has been disabled.
Explanation
The system cannot perform the request because the application is currently disabled.
Action
Ensure the application is enabled and try again.
CSIAQ0296E The specified policy-applied API grant types are either not API-based grant types or not already selected as a grant type for this client.
Explanation
The system cannot perform the request because the list of policy-applied API grant types is invalid.
Action
Specify subset of the following grant types: password, urn:ietf:params:oauth:grant-type:jwt-bearer and refresh_token that are also selected for this client.
CSIAQ0297E The script is missing, blank or the length is greater than length characters.
Explanation
The system cannot perform the request. The script is invalid.
Action
Specify a valid script.
CSIAQ0298E Adaptive access assessment unavailable. Session collection was not completed or interrupted.
Explanation
The system cannot perform risk assesment due to incomplete data.
Action
Please perform the collection before trying again.
CSIAQ0299E The JWT validation time skew should be between minSkew to maxSkew seconds.
Explanation
The system cannot perform the request. The JWT validation time skew value is invalid.
Action
Specify valid time skew for JWT validation.
CSIAQ0300E The issuer host name is invalid. Valid host names are: names.
Explanation
The system cannot perform the request because the issuer host name neither primary host name or any vanity host name.
Action
Specify a valid issuer host name.
CSIAQ0301E The client description cannot be more than length characters.
Explanation
The system cannot perform the request. The client description is too long.
Action
Provide a shorter client description.
CSIAQ0302E The key of additional properties cannot be more than length characters.
Explanation
The system cannot perform the request because the key of additional properties is too long.
Action
Specify a valid additional properties' key.
CSIAQ0303E The value of additional properties cannot be more than length characters.
Explanation
The system cannot perform the request because the value of additional properties is too long.
Action
Specify a valid additional properties' value.
CSIAQ0304E The value of additional properties has to be string.
Explanation
The system cannot perform the request because the value of additional properties is not a string.
Action
Specify a valid additional properties' value.
CSIAQ0305E The additional properties size cannot be more than length entries.
Explanation
The system cannot perform the request because the additional properties size is too big.
Action
Remove some of the entries in additional properties so it fall within the allowed limit.
CSIAQ0306E The device-flow polling interval must be between minInterval and maxInterval seconds.
Explanation
The system cannot perform request because the device-flow polling interval is invalid.
Action
Specify valid device-flow polling interval.
CSIAQ0307E The device-flow code lifetime must be between minlength and maxlength seconds.
Explanation
The system cannot perform request because the device-flow code lifetime is invalid.
Action
Specify valid device-flow code lifetime.
CSIAQ0308E The device-flow user code length must be between minlength and maxlength.
Explanation
The system cannot perform the request. The device-flow user code length is invalid.
Action
Specify a valid device-flow user code length.
CSIAQ0309E The device-flow user code character set must have at least minlength characters and at most maxlength characters.
Explanation
The system cannot perform the request. The device-flow user code character set is invalid.
Action
Specify a valid device-flow user code character set.
CSIAQ0310E Device-flow user code character set contains non-alphanumeric or duplicate characters.
Explanation
The system cannot perform the request because the device-flow user code character set contains non-alphanumeric or duplicate characters.
Action
Specify a valid device-flow user code character set. Use only unique alphanumeric characters.
CSIAQ0311E The specified policy-applied API grant types must include policyauth if policyauth is already selected as a grant type for this client.
Explanation
The system cannot perform the request because the list of policy-applied API grant types is invalid.
Action
Include the policyauth grant type in the list of policy-applied API grant types.
CSIAQ0312E The IP filter operation is not supported. Valid IP filter operations are: ops.
Explanation
The system cannot perform the request because the IP filter operation must be one of the listed types.
Action
Specify a valid IP filter operation.
CSIAQ0313E IP filter is not specified for allow or deny operation or one of the IP filter specified is invalid.
Explanation
The system cannot perform the request because there is no IP filter specified or one of the IP filter is not valid.
Action
Specify valid IP filter.
CSIAQ0314E The request is denied because the request origin is not allowed.
Explanation
The system cannot perform the request because of IP filtering restriction.
Action
Check with administrator if you should have access.
CSIAQ0315E The parameter context cannot be used without secure client credentials.
Explanation
The system cannot perform the request because the client is not properly authenticated.
Action
Remove context parameter from the request or use secure method to authenticate the client.
CSIAQ0316E The consent type is not supported. Valid consent types are: types.
Explanation
The system cannot perform the request because the consent type must be one of the listed types.
Action
Specify a valid consent type.
CSIAQ0317E Unable to set consent type to 'oidc'.
Explanation
The system cannot perform the request because the consent type can not be set back to 'oidc'.
Action
Specify a valid consent type.
CSIAQ0318E The specified policy ID is not valid.
Explanation
The system cannot perform the request because the policy ID contains control characters.
Action
Specify a valid policy ID.
CSIAQ0319E When using custom or predefined rule, sourceId and transformation rule cannot be specified.
Explanation
The system cannot perform the request because custom or predefined rule cannot be specified with sourceId nor transformation rule.
Action
Remove sourceId or transformation rule name and try again.
CSIAQ0320E The transformation rule name is not supported. Valid names are: names.
Explanation
The system cannot perform the request because of invalid transformation rule name.
Action
Specify a valid transformation rule name.
CSIAQ0321E The attribute custom rule cannot be more than length characters.
Explanation
The system cannot perform the request. The attribute custom rule is too long.
Action
Specify a valid attribute custom rule.
CSIAQ0322E Either parameter request or request_uri should be specified, cannot specify both.
Explanation
The system cannot perform the request because both request and request_uri parameter were specified.
Action
Remove either request or request_uri and try again.
CSIAQ0323E The parameter request_uri is not allowed for this endpoint.
Explanation
The system cannot perform the request because request_uri parameter is specified.
Action
Remove request_uri and try again.
CSIAQ0324E When using request object, no other parameters should be specified outside of request object, except client authentication parameters.
Explanation
The system cannot perform the request because other parameter not used by client authentication exists outside of request object.
Action
Remove the unnecessary parameters and try again.
CSIAQ0325E The client assertion validation failed because the value of the iss claim does not match the client with identifier [client_id].
Explanation
The value of the assertion is not valid because iss claim does not match the client id.
Action
Ensure that the client assertion claims have valid values.
CSIAQ0326E The client assertion validation failed because the aud claim does not contain any of the expected audience URLs.
Explanation
The value of the assertion is not valid because aud claim does not contain the expected audience URLS.
Action
Ensure that the client assertion claims have valid values.
CSIAQ0327E The system cannot validate the client assertion [assertion] because the value of the [param] claim is invalid.
Explanation
At least one of the following claims failed validation: nbf, iat, exp. The timestamp in the iat claim, if provided, must be within the last 24 hours. The timestamp in the nbf claim, if provided, must be in the past. The exp claim is required, must not have passed yet, and cannot be more than 24 hours in the future.
Action
Ensure that the client assertion claims have valid values.
CSIAQ0328E Unable to extract sub claim from the JSON Web Token (JWT) client assertion.
Explanation
The system cannot perform the request because the client assertion is missing sub claim or is encrypted.
Action
Ensure the client assertion is not encrypted and the sub claim exists.
CSIAQ0329E The client assertion type is not supported. Valid client assertion types are: types.
Explanation
The system cannot perform the request because the client assertion type is not supported.
Action
Specify a valid client assertion type.
CSIAQ0330E The client authentication method is invalid. Valid client authentication methods are list.
Explanation
The system cannot perform the request because the client authentication method is unsupported.
Action
Specify a valid client authentication method.
CSIAQ0331E The client assertion verification key [param] is invalid.
Explanation
The system cannot perform the request because the client assertion verification key is invalid.
Action
Specify a valid client assertion verification key.
CSIAQ0332E The key ID (kid) in the client assertion header is invalid.
Explanation
The system cannot perform the request because the client assertion header key ID (kid) is invalid.
Action
Specify a valid client assertion header key ID (kid).
CSIAQ0333E A signing key label is required.
Explanation
Specify a signing key label. The system cannot perform the request because the signature algorithm specified requires a key.
Action
Specify a valid signing key label.
CSIAQ0334E The [alg] signing key [param] is invalid.
Explanation
The system cannot perform the request because the key is invalid.
Action
Specify a valid signing key label.
CSIAQ0335E The introspect authorization option is not supported. Valid options are: options.
Explanation
The system cannot perform the request because the introspect authorization option must be one of the listed types.
Action
Specify a valid introspect authorization option.
CSIAQ0336E The response type [response_type] is not valid based on the selected grant types.
Explanation
The system cannot perform the request because the response type specified is invalid.
Action
Specify a valid response type based on grant type selected or modify your grant type selection.
CSIAQ0337E Either custom or predefined rule is required.
Explanation
The system cannot perform the request because both custom and predefined rule are specified or both missing.
Action
Specify either custom or predefined rule and try again.
CSIAQ0338E The enrichment type is not supported. Valid enrichment types are: types.
Explanation
The system cannot perform the request because the enrichment type must be one of the listed types.
Action
Specify a valid enrichment type.
CSIAQ0339E The predefined rule is not valid. Valid predefined rules are: values.
Explanation
The system cannot perform the request because the predefined rule must be one of the listed values.
Action
Specify a valid predefined rule.
CSIAQ0340E User is not authorized to access the application due to policy constraints and could not be redirected.
Explanation
Access policy evaluation denied your access to the application and the redirection URI specified in the access policy is invalid. Please check with your administrator for the applicable access policy for the application.
Action
The administrator needs to check the applicable access policy for the application.