Explanation | The system cannot load the cell-level ws-security.xml configuration file. The file might be corrupted, missing, or in the wrong location. |
Action | Verify that the configuration file exists. If the file is missing, copy the ws-security.xml file from the ${USER_INSTALL_ROOT}/config/templates directory. |
Explanation | The system cannot load the server-level ws-security.xml configuration file. The file might be corrupted, missing, or in the wrong location. |
Action | Verify that the configuration file exists. If the file is missing, copy the ws-security.xml file from the ${USER_INSTALL_ROOT}/config/templates directory. |
Explanation | The NLS message catalog might not exist, is corrupted, or exists in the wrong location. An error occurred when the Web services configuration utilities attempted to locate this bundle. |
Action | Verify that the message catalog exists in the correct location. |
Explanation | An attempt to load the collection certificate store failed. The provider of the collection certificate store might have a null value. The providor of the collection certificate store might not be configured. The collection might have a null value. |
Action | The CollectionCertStore configuration might be corrupted or missing. Verify that the collection certificate store is configured properly in the binding. |
Explanation | The ContextManager class manages the state information for a request that is being processed. The code cannot access the ContextManager class for this message. Therefore, the code does not have access to this information. |
Action | No user action is required. |
Explanation | The CallbackHandler class does not support the specified Callback implementation. |
Action | Verify the configuration specifies the correct CallbackHandler class and that the class is implemented correctly. |
Explanation | There is a problem with the Java message beans that has prevented the SecurityTokenServiceAdmin MBean from activating. This message bean is used to perform a live refresh of the configuration of the Security Token Service. |
Action | There is no user action to correct this problem. |
Explanation | The format for the value for the Nonce cache timeout is not an integer. The Nonce is a randomly generated value. |
Action | Change the value for the Nonce cache timeout to an integer. The Nonce cache timeout value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceCacheTimeout in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The specified value for the Nonce cache timeout is less than the minimum value that is required. The Nonce is a randomly generated value. |
Action | Change the value for the Nonce cache timeout to one within the valid range. The Nonce cache timeout value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceCacheTimeout in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The format for the value of the Nonce max age is not an integer. The Nonce is a randomly generated value. |
Action | Change the the value for the Nonce max age to an integer. The Nonce max age value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceMaxAge in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The specified value for the Nonce max age is not within the valid range. The Nonce is a randomly generated value. |
Action | Change the value for the Nonce max age to one within the valid range. The Nonce max age value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceMaxAge in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The specified value for the Nonce clock skew is not within the valid range. The Nonce is a randomly generated value. |
Action | Change the value for the Nonce clock skew to one within the valid range. The Nonce clock skew value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceClockSkew in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The format for the value of the Nonce clock skew is not an integer. The Nonce is a randomly generated value. |
Action | Change the value for the Nonce clock skew to an integer. The Nonce clock skew value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceClockSkew in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The value of the Nonce is either missing from the SOAP message or it was not encoded with a supported encoding type. The Nonce is a randomly generated value. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The specified Nonce cache size is less than the minimum value that is required. The Nonce is a randomly generated value. |
Action | Specify a cache size greater the minimum value. The Nonce cache size value can be specified by the custom property com.ibm.ws.wssecurity.config.token.BasicAuth.Nonce.cacheSize in the WS-Security bindings or the com.ibm.websphere.wssecurity.util.nonceCacheSize Java system property. The Nonce is a randomly generated value. |
Explanation | The specified Nonce length is less than the minimum value that is required. The Nonce is a randomly generated value. |
Action | Specify the Nonce length greater the minimum. The Nonce length value can be specified by the com.ibm.websphere.wssecurity.util.nonceLength Java system property. The Nonce is a randomly generated value. |
Explanation | The CallbackHandler with prompt behavior is not supported for applications running on the Application Server. If this is used in the Application Server, it might cause the Application Server to hang. |
Action | Use a CallbackHandler that is supported for the Application Server. |
Explanation | The CallbackHandler with prompt behavior is not supported for applications running on the Application Server. If this is used in the Application Server, it might cause the Application Server to hang. |
Action | Use a CallbackHandler that is supported for the Application Server. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The specified value for the timestamp timeout is less than the minimum value that is required. |
Action | Change the value for the timestamp timeout to one that is within the valid range. The timestamp timeout value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampTimeout in the WS-Security bindings. |
Explanation | The format for the value of the timestamp max age is not an integer. |
Action | Change the value for the timestamp max age to an integer. The timestamp max age value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampMaxAge in the WS-Security bindings. |
Explanation | The specified value for the timestamp max age is not within the valid range. |
Action | Change the value for the timestamp max age to one within the valid range. The timestamp max age value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampMaxAge in the WS-Security bindings. |
Explanation | The specified value for the timestamp clock skew is not within the valid range. |
Action | Change the value for the timestamp clock skew to one within the valid range. The timestamp clock skew value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampClockSkew in the WS-Security bindings. |
Explanation | The format of the value for the timestamp clock skew is not an integer. |
Action | Change the value for the timestamp clock skew to an integer. The timestamp clock skew value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampClockSkew in the WS-Security bindings. |
Explanation | The format of the value for the timestamp cache timeout is not an integer. |
Action | Change the value for the timestamp cache timeout to an integer. The timestamp cache timeout value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampTimeout in the WS-Security bindings. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The RSA-OAEP algorithm is only supported by JDK Version 1.5 and later. |
Action | If the application is not configured to use the RSA-OAEP algorithm, no action is required. If the application is configured to use the RSA-OAEP algorithm, change the Web services security binding configuration to use the http://www.w3.org/2001/04/xmlenc#rsa-1_5 algorithm instead. |
Explanation | This is for informational purposes only. |
Action | This is for informational purposes only. |
Explanation | An attempt was made to use the Web services security token propagation feature, but global security was not enabled in the Application Server. |
Action | Enable global security in the Application Server. |
Explanation | A WebSphere Credential is expected in the Lightweight Third-Party Authentication (LTPA) propagation token and none is found. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Cryptographic operations are processed using the software provider because the hardware cryptographic processing has failed. |
Action | Check the first failure data capture (FFDC) log file for error details and make sure the hardware cryptographic provider is properly configured. |
Explanation | This message is for informational purposes only. |
Action | No action is required. |
Explanation | This message is for informational purposes only. |
Action | No action is required. |
Explanation | A password is required to load the Java key store. This password does not exist in the binding. |
Action | Specify the key store password in the binding. |
Explanation | The key store path is incorrect, or the key store does not exist. |
Action | Verify the path to the key store in the binding does exist on the machine. |
Explanation | The I/O error could be caused by format problem with the data in the key store, no password is specified when required, or incorrect password is specified. |
Action | Verify that you specified the correct key store type and password in the binding. |
Explanation | The default provider does not support the key store type, the algorithm that is used to verify the key store integrity does not exist, or certificates in the key store cannot be loaded. |
Action | Use the iKeyman tool or keytool to create key store with the supported key store type. Refer to the information center for supported key store types. |
Explanation | The system cannot locate the Java class that you specified in the class path. |
Action | Verify that the class name is correct and exists in the appropriate class path. |
Explanation | The class default constructor does not exist, or the class is one of the following class types: abstract, interface, array, primitive, or void, or other permission problem. |
Action | Verify that the class default constructor exists. Verify that you did not specify any of the following class types: abstract, interface, array, primitive, or void. Verify that you have the proper Java 2 Security permission or file system permission. |
Explanation | The class default constructor does not exist or not public. |
Action | Verify that the class public default constructor exists. |
Explanation | The key store file does not contain at least one trusted certificate entry or has not successfully initialized. |
Action | Verify that the key store file is correctly configured for the parameters that the PKIXBuilderParameters object specifies. Verify that the key store file contains at least one trusted certificate entry. |
Explanation | The instantiated class is not a subclass of the required class type. |
Action | Verify that the class implementation extends the required base class or implements the required interfaces. |
Explanation | The certificate store type is not available or supported by the provider. |
Action | Verify that you specified a supported certificate store type. |
Explanation | The specified initialization parameters for this certificate store are incorrect. |
Action | Verify that you specified the certificate store configuration in the binding correctly. |
Explanation | The specified provider is not configured. |
Action | Verify that you configured the specified provider correctly. |
Explanation | The certificate file cannot be accessed because I/O errors occurred. |
Action | Verify that you specified the correct certificate file path and the appropriate file system permissions. |
Explanation | The certificate file cannot be parsed. |
Action | Verify that the certificate file format is a supported certificate type. |
Explanation | Multiple XML elements exist in the SOAP message, where only one XML element with a specific namespace is expected. |
Action | Verify that the SOAP message conforms to the standard specifications. If the error persists, then refer to the information center for further troubleshooting and support. |
Explanation | The XML element with a specific namespace does not exist in the SOAP message. |
Action | Verify that the SOAP message conforms to the standard specifications. If the error persists, then refer to the information center for further troubleshooting and support. |
Explanation | One or more of the XML elements with a specific namespace do not exist in the SOAP message. |
Action | Verify that the SOAP message conforms to the standard specifications. If the error persists, then refer to the information center for further troubleshooting and support. |
Explanation | The required attribute does not exist in the XML element. |
Action | Verify that the SOAP message conforms to the standard specifications. If the error persists, then refer to the information center for further troubleshooting and support. |
Explanation | None of required elements with the specific namespaces exist in the SOAP message. |
Action | Verify that the SOAP message conforms to the standard specifications. If the error persists, then refer to the information center for further troubleshooting and support. |
Explanation | The encoding type that you requested is not supported. |
Action | Verify that you encoded the SOAP message with the supported encoding type. |
Explanation | The KeyIdentifier element requires the ValueType attribute, which cannot be found. |
Action | Verify that you specified the ValueType attribute for the KeyIdentifier element in the SOAP message. |
Explanation | The XML encryption process requires the EncryptedData element, which cannot be found. |
Action | Verify that you encrypted the SOAP message correctly using W3C XML encryption and Organization for the Advancement of Structured Information Standards (OASIS) Web service security specifications. |
Explanation | Internal configuration files cannot be loaded. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This message is a formatted version of a SOAP fault message. |
Action | Examine the formatted SOAP fault message, which will list the actual problem. |
Explanation | The certificate has expired. |
Action | Verify the expiration date of the certificate and obtain a valid new certificate. |
Explanation | The certificate is not valid. |
Action | Verify that the certificate is a valid one and obtain a valid certificate if necessary. |
Explanation | The certificate could not be mapped to a valid user in the registry. |
Action | Verify that there is a valid user that corresponds to the Distinguished Name for this certificate in the registry. Either obtain a certificate that has a corresponding valid user in the registry, or assure that the Distinguished Name can map to a valid user in the registry. |
Explanation | An internal class could not be instantiated. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | A certificate is about to expire in the keystore. |
Action | Open the keystore and validate the expiration dates for all of the certificates in the keystore. Generate new certificates, if necessary. |
Explanation | The Application Server expects an integer value. However, the specified value is not an integer number. |
Action | Correct the value for the property so that it is an integer number. |
Explanation | The timestamp of the nonce is too old and has expired. The message might have taken too long to arrive, or there could be a time syncronization problem between client and server. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. If they are both syncronized, it will need to be determined why the message is taking so long to arrive. |
Explanation | An implementation of the specified algorithm could not be obtained from the JCE provider. |
Action | Make sure that the JCE provider being used does provide the specified algorithm. |
Explanation | The clocks on the client and server might not be synchronized. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. |
Explanation | The time stamp in the message is too old and has expired. The message might have taken too long to arrive, or there could be a time syncronization problem between client and server. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. If they are both syncronized, it will need to be determined why the message is taking so long to arrive. |
Explanation | The clocks on the client and server might not be synchronized. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. |
Explanation | The clocks on the client and server might not be synchronized. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. |
Explanation | The clocks on the client and server might not be synchronized. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | A configuration file is missing. |
Action | Verify that the configuration file is in the specified location. |
Explanation | There has been an error processing an XML file. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | A Certificate Revocation List file cannot be found in the filesystem. |
Action | Verify that the file is located on the specified location. |
Explanation | There has been a problem creating a Certificate Revocation List from the CRL file. |
Action | Verify that the CRL file contents are correct. |
Explanation | The key could not be recovered. The password for recovering the key might be wrong. |
Action | Verify that the password to retrieve the key from the keystore is correct. |
Explanation | storepass attribute required for KeyStore. |
Action | Verify the KeyStore:- storepass attribute in the binding is required. |
Explanation | There was a problem parsing a nonce value. The nonce in the message is in an incorrect format. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | A nonce value should be unique on each message. The current message has a nonce that has already been found in a previous message. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | There has been a problem parsing a time stamp value found in the message. Could be timestamp is in an incorrect format. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The message arrived after the expiration time for the time stamp. The message might have taken too long to arrive, or there could be a time syncronization problem between client and server. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. If they are both syncronized, it will need to be determined why the message is taking so long to arrive. |
Explanation | A check for the time stamp type has determined that the type is not supported. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | A nonce was expected in the message but it was not found. |
Action | Verify that the security policies and bindings for the application sending the message are configured so a nonce is added to its messages. |
Explanation | A time stamp was expected in the message but it was not found. |
Action | Verify that the security policies and bindings for the application sending the message are configured so a time stamp is added to its messages. |
Explanation | The time stamp must have a wsu:Created element indicating the time of message creation. |
Action | A time stamp was expected for the UsernameToken when consuming the message. Check your bindings for the sending service and verify that they especify the use of a time stamp for the UsernameToken. |
Explanation | An identifier is used to uniquely label a section of a message. If more than one section have the same identifier, then it is impossible to associate the id to a unique section. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The security configuration for this service is not valid. |
Action | Check that the specified policy and bindings for this service are correct. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | No XPath expression was specified on an XPath element in the specified assertion in the policy. |
Action | Verify that all XPath elements in the specified assertion in the policy contain valid XPath expressions. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | An unsupported canonicalization method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | An unsupported signature method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | An unsupported digest method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | An unsupported transform method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | The key information content consumer type is unknown. A probable reason could be that there is an error in the key bindings. |
Action | Verify that key bindings for the application security bindings are correct. |
Explanation | An unsupported encryption method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | An unsupported key encryption method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | The Caller configuration must have a JAAS configuration or a Caller identity. One of the two must be present. This might be a problem with the application security bindings. |
Action | Verify that the application security bindings are correct for Caller configuration. |
Explanation | There is no configuration found for the signing key. There might be key bindings information missing in the application security bindings. |
Action | Verify that the key bindings configuration for signing key on the application security bindings are correct. |
Explanation | Reference to message parts are required in order to retrieve the signature algorithms from Policy. This could be an error in the bindings. |
Action | Verify that there are message parts to be signed on the application security bindings. |
Explanation | There was no data encryption method found in the configuration. The Algorithm Suite assertion in the policy might not be valid. |
Action | Verify that a valid Algorithm Suite is specified in the application security policy. |
Explanation | There is no configuration found for the encryption consumer key. There might be key bindings information missing in the application security bindings. |
Action | Verify that the key bindings for the encryption consumer in the application security bindings are correct. |
Explanation | Reference to message parts are required in order to retrieve the encryption algorithms from the policy. In this case there are none. |
Action | Verify that there are message parts to be encrypted in the application security bindings. |
Explanation | A token consumer configuration must have a class instance. A probable reason could be that there is an error in the security bindings relating to security tokens. |
Action | Verify that the token/consumer generator binding information in the application security bindings are correct. |
Explanation | A token consumer configuration must have a type. A probable reason could be that there is an error in the security bindings relating to security tokens. |
Action | Verify that the token consumer binding information in the application security bindings is correct. |
Explanation | A key consumer configuration must have a content consumer list. A probable reason could be that there is an error in the key bindings configuration. |
Action | Verify that the key bindings configuration is correct for the application security bindings. |
Explanation | A key information configuration must have a class instance. A probable reason could be that there is an error in the key bindings. |
Action | Verify that the key bindings configuration is correct for the application security bindings. |
Explanation | A key information configuration must have a type. A probable reason could be that there is an error in the key bindings. |
Action | Verify that the key bindings information in the application security bindings are correct. |
Explanation | An XPath transform was specified in the signing information but an XPath expression was not provided. |
Action | Verify that the application bindings do provide an XPath expression in the signing information. |
Explanation | Not valid or Unexpected QName for the TokenConsumer. |
Action | Verify that valid QName for the TokenConsumer is provided. |
Explanation | The expected reference is not available. |
Action | Turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | trustanchor is not available. |
Action | Verify that trustanchor information is provided in the binding. |
Explanation | If there is one or more Nonce or timestamp that need to be signed, there needs to be a MessagePart that needs to be signed/encrypted as well. |
Action | Verify the policy if there is one or more Nonce or timestamp that need to be signed, there needs to be a MessagePart that needs to be signed/encrypted as well. |
Explanation | Missing or incorrect algorithm attribute. |
Action | Verify the algorithm has been specified in the binding. |
Explanation | One of the possible reasons be the Algorithm URI couldnot be mapped to the Algorithm Factory. |
Action | Verify the algorithm information in the binding. |
Explanation | The Algorithm URI information could be missing or not valid in the binding. |
Action | Verify the Algorithm information in the binding. |
Explanation | There is mismatch of referencing signed parts in policy and binding. |
Action | PartReference in SigningInfo is required to be referenced correctly in the policy and binding. |
Explanation | information for the signing algorithm is not valid or incomplete. |
Action | One of the places to verify is the binding, ensure the algorithm provided is valid. |
Explanation | transform information for the signing algorithm is not valid or incomplete |
Action | Verify transform information in the binding. |
Explanation | (Required)Integrity or (Required)Confidentiality: At least one MessagePart is required. |
Action | Provide Required)Integrity or (Required)Confidentiality message part. |
Explanation | The order is negative or not valid value. |
Action | Verify the order is specified correctly in the binding. The order mentions how to process signature and encryption. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | type attribute required for KeyStore. |
Action | Verify the KeyStore:- type attribute in the binding is required. |
Explanation | path attribute required for KeyStore. |
Action | Verify the KeyStore:- path attribute in the binding is required. |
Explanation | alias attribute required for Key. |
Action | Verify the Key:- alias attribute in the binding is required. |
Explanation | name attribute required for Key. |
Action | Verify the Key:- name attribute in the binding is required. |
Explanation | Keystore reference is not valid. |
Action | Verify keystore is available, not corrupted and specified correctly in binding. |
Explanation | KeyStore doesnot have one of the following. Either KeyStoreRef attribute or storepass, path, type attributes. |
Action | Change the keystore element to have either KeyStoreRef or storepass,path,type attributes |
Explanation | When specifying a Header to be signed or encrypted, the Namespace attribute is required. |
Action | Specify the Namespace attribute for the Header on the EncryptedParts or SignedParts. |
Explanation | Only one KeyInfo is required in Generator SigningInfo. |
Action | Verify the binding for the Signature Generators KeyInfo. |
Explanation | Only one KeyInfo is required in Generator EncryptionInfo. |
Action | Verify the binding for the Encryption Generators KeyInfo. |
Explanation | TokenGenerator classname and instance attribute is required. |
Action | Verify binding for correct TokenGenerator classname. |
Explanation | TokenGenerator ValueType attribute is required. |
Action | Verify binding for valueType of TokenGenerator. |
Explanation | CallbackHandler classname attribute is required. |
Action | Verify the binding if the CallbackHandler className is valid. |
Explanation | BasicAuth: User id is null, but user password is not null. |
Action | Verify the User ID and password for the BasicAuth in the binding. |
Explanation | Generator SigningInfo or EncryptionInfo: Only one KeyInfo is required. |
Action | Verify the binding for keyinfo information. |
Explanation | The combination of secret key algorithms [{0}] and the type of key information [{1}] is not allowed. |
Action | Verify if the secret key algorithm information provided in policy and key information provided in binding are valid. |
Explanation | There are no allowed transform algorithms defined. |
Action | Verify if the transform algorithm in binding and algorithmSuite in policy are valid. |
Explanation | There are no allowed canonicalization algorithms defined. |
Action | Verify the algorithm attributes in binding and algorithmSuite in policy are valid. |
Explanation | There are no allowed signature algorithms defined. |
Action | Verify the algorithm attributes in binding and algorithmSuite in policy are valid. |
Explanation | There are no allowed digest algorithms defined. |
Action | Verify the algorithm attributes in binding and algorithmSuite in policy are valid. |
Explanation | There are no allowed data encryption algorithms defined. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | There are no allowed key encryption algorithms defined. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Null or empty is not allowed to the name of Integrity, Confidentiality, RequiredIntegrity, or RequiredConfidentiality. |
Action | Verify wsu:Id value is set valid for Integrity and Confidentiality in policy. |
Explanation | Null or empty is not allowed to the name of SecurityToken or RequiredSecurityToken. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | AddCreateTimestamp/@expires has a not valid format string. |
Action | Verify binding for valid timestamp format. |
Explanation | Unable to find the default configuration. |
Action | Verify default binding have not been modified, deleted or corrupted. |
Explanation | Null or empty is not allowed to the name of TokenGenerator or TokenConsumer. |
Action | Verify the binding for valid name attribute for TokenGenerator and TokenConsumer. |
Explanation | Null or empty is not allowed to the name of KeyInfo. |
Action | Verify the binding for valid name attribute for KeyInfo. |
Explanation | Missing TokenGenerator reference in the KeyInfo. |
Action | Verify the binding for TokenGenerator reference in KeyInfo. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The message contained tokens that could not be consumed. This could be a problem with the token consumer bindings. |
Action | Verify that the token consumer bindings in the application security bindings are correct. |
Explanation | The target element: {0} was not expected. |
Action | To get more information on the error, turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | Unexpected child element. |
Action | To get more information on the error, turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | Unexpected Namespace URI. |
Action | Verify the namespace URI is correct. |
Explanation | There is mismatch of WS-Security Namespace URI versions. |
Action | Verify in binding approrpriate WS-Security Namespace URI versions are specified. |
Explanation | The provided SigningInfo is corrupted or not valid. |
Action | Verify SigningInfo information in the binding. |
Explanation | The provided EncryptionInfo is corrupted or not valid. |
Action | Verify EncryptionInfo information in the binding. |
Explanation | The provided TokenConsumer is corrupted or not valid. |
Action | Verify TokenConsumer information in the binding. |
Explanation | Expected Security Token missing. |
Action | Verify the valuetype information of the Token in the binding. |
Explanation | Error during signature verification. |
Action | For more information on error turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | Error during message decryption. |
Action | For more information on error turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | The securitytoken provided in policy or binding is not supported or valid. |
Action | Verify the Token information in the policy and binding. |
Explanation | An exception while processing WS-Security message. |
Action | Turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The SOAP message might not have the security constraints defined, or the actor on the server and the client do not match. |
Action | Verify that the client has security configured for Web services and that the actor matches on both the client and the server. |
Explanation | The SOAP message might not have the security constraints defined, or the actor on the server and the client do not match. |
Action | Verify that the client has security configured for Web services and that the actor matches on both the client and the server. |
Explanation | The SOAP message might not have the security constraints defined, or the actor on the server and the client do not match. |
Action | Verify that the client has security configured for Web services and that the actor matches on both the client and the server. |
Explanation | The RequireSignatureConfirmation policy assertion might not be specified in the policies for the client or the server. |
Action | Verify that the RequireSignatureConfirmation policy assertion has been specified in the policies for both the client and the server. |
Explanation | The RequireSignatureConfirmation policy assertion might not be specified in the policies for the client or the server. |
Action | Verify that the RequireSignatureConfirmation policy assertion has been specified in the policies for both the client and the server. |
Explanation | The RequireSignatureConfirmation policy assertion might not be specified in the policies for the client or the server. |
Action | Verify that the RequireSignatureConfirmation policy assertion has been specified in the policies for both the client and the server. |
Explanation | The RequireSignatureConfirmation policy assertion might not be specified in the policies for the client or the server. |
Action | Verify that the RequireSignatureConfirmation policy assertion has been specified in the policies for both the client and the server. |
Explanation | An EncryptedHeader element with mustUnderstand equal 1 was not decrypted while processing the security header for a Web service. |
Action | Verify that the EncryptedHeader element was targeted to the correct role or actor. |
Explanation | The RequireSignatureConfirmation policy assertion might be specified in the service policy but not in the client policy. |
Action | Verify that the RequireSignatureConfirmation policy assertion is not needed in the client policy. |
Explanation | A signature digest must cover over the entire soap body, or cover over an entire soap header, or cover over a direct child element of the security header when the onlySignEntireHeadersAndBody assertion presents. Please refer to Section 6.6 "[Entire Header and Body Signatures] Property" of the WS-SecurityPolicy v1.2 Specification. |
Action | Check the security policy for both server and client applications and correct the corresponding SignedElements assertion. |
Explanation | The SAML holder-of-key assertion must be used for message signing or endorsing a request. |
Action | Verify the SAML token is configured as a protection token for message signing or endorsing a request. |
Explanation | The SAML sender-vouches assertion must be signed by the sender or protected with an SSL client certificate authentication. |
Action | Verify the SAML sender-vouches assertion is signed with a SOAP message. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | If using symmetric bindings, data encryption must be used instead of key encryption. |
Action | Verify that the bindings are configured to use data encryption if symmetric bindings are used in the policy. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The EncryptedHeader was not processed because of the exception. Because the mustUnderstand attribute was not equal to true, processing of the message was allowed to continue. |
Action | No action is required. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | A Timestamp cannot be added to a Timestamp. |
Action | Modify the policy to only add a Timestamp to message parts that are not a Timestamp. Multiple signed parts can be specified to achieve this. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The AlgorithmSuite specified in the client policy and the server policy might not be compatible. |
Action | Verify that the AlgorithmSuite specified in the client policy and the server policy are compatible. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The specified XPath expression was not properly formed. |
Action | Correct the XPath expression in the policy. |
Explanation | The Header/@Namespace attribute is required. The Header/@Name attribute is optional. |
Action | Verify that the Header/@Namespace is specified correctly in the policy. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The policy expected the specified message part to be encrypted. |
Action | Verify that the policies on both the client and the server specify the same EncryptedParts and EncryptedElements. |
Explanation | The policy expected the specified message part to be signed. |
Action | Verify that the policies on both the client and the server specify the same SignedParts and SignedElements. |
Explanation | The policy expected the specified message part to contain a Nonce element, which is a randomly generated value. |
Action | Verify that the policies on both the client and the server specify that a Nonce is required for the specified message part. |
Explanation | The policy expected a Timestamp header to be found in the message. |
Action | Verify that the policies on both the client and the server specify that a Timestamp is required on the message. |
Explanation | The policy expected the specified message part to contain a Timestamp element. |
Action | Verify that the policies on both the client and the server specify that a Timestamp is required for the specified message part. |
Explanation | The KeyStoreRef attribute name must be valid. |
Action | Verify that the KeyStoreRef attribute exists in the binding and valid. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | KeyInfo specified in the bindings probably is not valid. |
Action | Check the bindings |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The Embedded key id is missing |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | KeyIdentifier element does not have the correct Algorithm specified |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | bindings have the information related to Value Type of the token |
Action | Check the Value Type of the token configuration in the bindings |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | More than one caller token type was specified in the bindings without specifying and order attribute, and more than one caller token was found on the message. Not enough information available to decide which token to use as caller. |
Action | Specify a single token type to use as caller in the bindings, or utilize order attribute when specifying multiple callers to eliminate ambiguity. |
Explanation | A set of callers was defined in the bindings, and no caller token was found in the incoming message. |
Action | Do not require caller in the bindings or ensure that the client does send the required token. |
Explanation | This token type was designated as a caller, but more than one token of the same type was found in the message. Do not know which one to use as caller. |
Action | Service sending the message with multiple tokens of this same type should be reconfigured to send only one. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This supporting token type was designated as a caller, but more than one token of the same type was found in the message. Do not know which one to use as caller. |
Action | Service sending the message with multiple tokens of this same type should be reconfigured to send only one. |
Explanation | This protection token type was designated as a caller, but more than one token of the same type was found in the message. Do not know which one to use as caller. |
Action | Service sending the message with multiple tokens of this same type should be reconfigured to send only one. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | A keystore with the specified reference could not be loaded. |
Action | Verify that the keystore reference in the bindings is correct. |
Explanation | Multiple conflicting Web Services Addressing (WS-Addressing) namespaces in the SOAP message. |
Action | Make sure the correct and supported WS-Addressing namespace is used. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | It might be that the user is not included in token, or the user is not in user registry, or the token could not be validated. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | A keystore with the specified reference could not be loaded. |
Action | Verify that the keystore reference in the bindings is correct. |
Explanation | The specified key alias is not in keystore. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The certificate is expired. |
Action | Check keystore, and make sure certificate is not expired. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The keystore configuration used by key locator is not defined in the consumer side. |
Action | Check binding file. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The security token should be used for stand-alone tokens. |
Action | Check binding file. |
Explanation | The security token should be used for stand-alone tokens. |
Action | Check the binding file. |
Explanation | The security token need a matching token generator. |
Action | Check binding file for the security token type. |
Explanation | The Security token need a token generator reference. |
Action | Check binding file for the security token type. |
Explanation | The security token type need define a matching token consumer. |
Action | Check binding file for the security token type. |
Explanation | The Security token need a token consumer reference. |
Action | Check binding file for the security token type. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Nonce cache size must be an integer. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Nonce length must be an integer. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The certificate cache timeout has a minimum value. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The certificate cache size is less than the allowed minimum size. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Use integer number as cache size. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The token cache timeout is less than the minimum. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The token cache size is less than the allowed minimum. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Use integer value as cache size. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The token cushion is less than the minimum. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Only one wsse:Security element is allowed. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | JAAS login configuration name is not defined. |
Action | Check binding file and security.xml file for JAAS login name. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The request might be missing required elements. |
Action | Refer to the information center for information on the request formats. |
Explanation | The request does not meet the authentication requirements. |
Action | Refer to the configuration files for the authentication requirements. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The security token is not valid. |
Action | Obtain a new security token. |
Explanation | The request is missing some of the required authentication information. |
Action | Refer to the information center for information on the authentication requirements. |
Explanation | The Application Server cannot process the request because elements exist that are not understood. |
Action | Refer to the information center for information on the request formats. |
Explanation | The data in the request has expired. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The Application Server cannot process the request because the requested time range is not valid or not supported. |
Action | Refer to the documentation or the configuration to determine the valid time ranges. |
Explanation | The Application Server cannot process the request because the requested scope is not valid or not supported. |
Action | Refer to the documentation or the configuration to determine the valid scopes. |
Explanation | The security token has expired. |
Action | Renew the security token. |
Explanation | The Application Server cannot renew the security token. |
Action | Obtain a new security token. |
Explanation | The context token does not contain the required information. |
Action | Refer to the information center for information on the required context information. |
Explanation | Some of the values in the request that are associated with the security context token (SCT) are not supported. |
Action | Refer to the information center for information on the supported values. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The context token has expired. |
Action | If the token is renewable, renew the context token. Otherwise, obtain a new context token. |
Explanation | Some context tokens cannot be renewed. |
Action | Obtain a new context token. |
Explanation | The configuration file for the security token service is needed for normal operation. |
Action | Verify that the file has not been moved or become corrupted. |
Explanation | The plugins configuration file for the security token service is needed for normal operation. |
Action | Verify that the file has not been moved or become corrupted. |
Explanation | The targets configuration file for the security token service is needed for normal operation. |
Action | Verify that the file has not been moved or become corrupted. |
Explanation | There is a syntax problem for the URIs specifying the SCT token type, the SCT get request, or the SCT put request type. |
Action | Verify that the installation image has not been corrupted. |
Explanation | This issue causes errors for messages that are targeted for an unconfigured endpoint. |
Action | Verify that the configuration file for the security token service targets specifies a default token type. |
Explanation | There is a syntax problem for the URI specifying the wildcard mapping. |
Action | Verify that the installation image has not been corrupted. |
Explanation | This instance of the security token service is required for normal operation. |
Action | Verify that the instance of the security token service exists. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The format of the LDAP port number is wrong. |
Action | Check the LDAP port number and make sure it is correct. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The requested cryptographic algorithm is not available on this environment. |
Action | Specify an available cryptographic algorithm. |
Explanation | A not valid parameter for a cryptographic algorithm has been found. |
Action | Check parameters and ensure they are valid. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | There was an exception received while loading default bindings. The exception will contain the specific problem found. |
Action | Refer to the exception thrown for details and take appropriate action. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Default bindings were not found. |
Action | Check logs and trace to see if default bindings were found in the filesystem or if there were any loading errors, and take appropriate action. |
Explanation | There was a problem loading the ws-security.xml file. It could have been moved, deleted or corrupted. |
Action | Verify that the ws-security.xml file is present and intact in the WebSphere installation. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Loading of default and custom bindings failed. It is impossible to complete configuration. |
Action | Check trace and FFDC logs for problems logged during loading of custom and default bindings and take appropriate action. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Valid policy set attachment types are client, application, or system/trust. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Incomplete keystore configuration was found, either KeyStore Reference or KeyStore Path must be specified, but not both at the same time. |
Action | Check the keystore configuration in the binding and make sure either KeyStore Reference or KeyStore Path is specified. |
Explanation | The may be caused by instantiation of class that is an abstract class, an interface, an array class, a primitive type, or void, or the class has no default constructor, but could also be other reasons. |
Action | Make sure the class specified is not an abstract class, an interface, an array class, a primitive type, or void, and has default constructor. |
Explanation | This error is caused by the requested certificate type is not available from the JCE provider. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The AxisService from the BindingProvider object may not be correct for this Security Context Token. |
Action | Make sure the BindingProvider object specified on the cancel operation is correct. |
Explanation | The Security Context Token is not cancelled because of an exception. |
Action | Look at the exception and see if the security token service (STS) configuration needs to be modifed to support SCT cancel. |
Explanation | Either the createdDate or expiredDate is null. Both createdDate and expiredDate are required when renewing a Security Context Token. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The Security Context Token could not be renewed because an exception was received. |
Action | Make sure the security token service (STS) is configured to allow the Security Context Token to be renewed. Also check that the WSSGenerationContext and WSSConsumingContext specified on the renew operation are correct. |
Explanation | The Security Context Token could not be validated because an exception was received. |
Action | Make sure the security token service (STS) is configured correctly, and that the WSSGenerationContext and WSSConsumingContext specified on the validate operation are correct. |
Explanation | The Security Context Token is not renewable after expiration. |
Action | Make sure the renewableAfterExpiration property is set to true in the security token service (STS) configuration if the desired behavior is to renew the Security Context Token after expiration. |
Explanation | The encrypting key or signing key could not be retrieved from the security token. Either an exception occurred or null was returned. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The decrypting key or verifying key could not be retrieved from the security token because an exception was received. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The default duration for the timestamp for WSS APIs does not have a valid format. This value is defined in the web services security runtime. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | A required class could not be instantiated. |
Action | If the class was specified for token generators or consumers, make sure the class name is correct and that the class is in the correct location. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The request type is not recognized. |
Action | Verify that the plugins configuration file contains the correct information. |
Explanation | A valid URI value for the issue request type must be present in the SCT configuration. |
Action | Verify that the SCT configuration file contains a valid URI for the custom property issueRequestTypeRST. |
Explanation | A valid URI value for the cancel request type must be present in the SCT configuration. |
Action | Verify that the SCT configuration file contains a valid URI for the custom property cancelRequestTypeRST. |
Explanation | A valid URI value for the renew request type must be present in the SCT configuration. |
Action | Verify that the SCT configuration file contains a valid URI for the custom property renewRequestTypeRST. |
Explanation | A valid URI value for the validate request type must be present in the SCT configuration. |
Action | Verify that the SCT configuration file contains a valid URI for the custom property validateRequestTypeRST. |
Explanation | The SCT handler classes must be initialized before use. |
Action | Refresh the Security Token Service or restart the server. |
Explanation | Requests are required to contain Entropy and BinarySecret elements. |
Action | Refer to the documentation for acceptable issue request formats. |
Explanation | The attempt to cache the security context token failed. |
Action | Verify that the SCT configuration file contains the fully qualified name of an accessible token cache factory class under the property tokenCacheFactory. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Cancel requests must have the CancelTarget element, which specifies the UUID of the security context token to cancel. |
Action | Refer to the documentation for acceptable cancel request formats. |
Explanation | Failed to extract the UUID of the security context token from the CancelTarget element in the request. The UUID is needed to fulfill the cancel request. |
Action | Refer to the documentation for acceptable cancel request formats. |
Explanation | The SCT handler classes must be initialized before use. |
Action | Refresh the Security Token Service or restart the server. |
Explanation | Renew requests must have the RenewTarget element, which specifies the UUID of the security context token to renew. |
Action | Refer to the documentation for acceptable renew request formats. |
Explanation | Failed to extract the UUID of the security context token from the RenewTarget element in the request. The UUID is needed to fulfill the renew request. |
Action | Refer to the documentation for acceptable renew request formats. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Validate requests must have the ValidateTarget element, which specifies the UUID of the security context token to validate. |
Action | Refer to the documentation for acceptable validate request formats. |
Explanation | Failed to extract the UUID of the security context token from the ValidateTarget element in the request. The UUID is needed to fulfill the validate request. |
Action | Refer to the documentation for acceptable validate request formats. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | WS-Address might not be enabled. It is required for Secure Conversation. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | WS-SecureConversation client cache configuration file, WSSCCache.xml, could not be loaded by using JAXB. |
Action | Verify the WSSCCache.xml is in Cell name directory. If WSSCCache.xml existed and problem still persists, contact your service representative. |
Explanation | The request to using distributed SecurityContextToken cache could not be done. SecurityContextToken will be cached in local server only, and will not be distributed to all other cluster members. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Requested Security Token Response message does not have the valid life time information of the Security Context Token |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Might be due to a problem during the derived key generation |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | Security Context Token is expired. |
Action | When using WSSAPIs, user can try to renew the token and retry the request |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The Value Type specified in the token configuration is not correct |
Action | Check and correct the Value Type information in the bindings for the token consumer configuration |
Explanation | The security context token might be expired or there is a problem retrieving the token from the trust service |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The security context token might be expired or the token does not exist in the cache |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The security context is associated with more than one instance |
Action | Security Context Token should have instance information |
Explanation | Cannot renew the security context token |
Action | set renewableAfterExpiration property to true |
Explanation | The security context token is valid at the webservice endpoint specified in the RequestSecurityToken. |
Action | Ensure the endpoint address of the webservice (To: header) matches the AppliesTo URL specified in the RequestSecurityToken including port number. Verify an intermediate server is not modifying the To: header. |
Explanation | This is informational message only. Runtime will automatically request for a new SC token |
Action | Informational message |
Explanation | Newly issued security context token should have more lifetime than the WS-SecureConversation client cache cushion |
Action | Either lower the client cache cushion setting or increase the lifetime of the security context token |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | The requested property is not in WS-SecureConversation client cache configuration file. |
Action | Check WS-SecureConversation client cache configuration file. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J . |
Explanation | This is information only. |
Action | No action is required. |
Explanation | This is information only. |
Action | No action is required. |
Explanation | The Application Server encountered not valid settings while loading the configuration file. |
Action | Verify that the configuration files contain valid settings. |
Explanation | A problem was encountered when attempting to configure the STS. |
Action | Verify that the STS configuration files have not been corrupted or removed. |
Explanation | The token type that was specified is not valid for the endpoint. |
Action | Verify that the token type is valid for the endpoint. |
Explanation | One possibility is that the RequestSecurityToken element was not present in the sent message. Another is that the soap message may not have been decrypted, because of an issue with the policy set. |
Action | Verify that the policy set is correct. |
Explanation | The element can only occur once in the token request. |
Action | Remove the extra elements from the token request and resubmit the request. |
Explanation | The Application Server encountered a not valid element while processing the RequestSecurityToken. |
Action | Remove the not valid element from the RequestSecurityToken and resubmit the request. |
Explanation | The Application Server could not successfully process the RequestSecurityToken because of a missing header element. |
Action | Specify the missing header element in the RequestSecurityToken and resubmit the request. |
Explanation | The Application Server encountered an incorrect number of responses from the STS. |
Action | No user action is required. |
Explanation | The trust related policy set for the resource failed to load. |
Action | Verify that the trust related policy set for the resource is correct. |
Explanation | The attached WS-PolicySet binding file is not valid. |
Action | Regenerate the binding file. |
Explanation | The attached WS-PolicySet binding file is not valid. |
Action | Regenerate the binding file. |
Explanation | The attached WS-PolicySet policy for web services security is not valid. |
Action | Regenerate the policy file. |
Explanation | The attached WS-PolicySet policy for web services security is not valid. |
Action | Regenerate the policy file. |
Explanation | The attached WS-PolicySet policy for web services security is not valid. |
Action | Regenerate the policy file. |
Explanation | An unsupported assertion has been added to the Kerberos Token assertion. |
Action | Remove the unsupported assertion from the Kerberos Token assertion. |
Explanation | Two Kerberos version assertions have been defined in the policy. |
Action | Remove one of the assertions from the policy and use only one Kerberos version. |
Explanation | Two Kerberos version assertions have been defined in the policy. |
Action | Remove one of the assertions from the policy and use only one Kerberos version. |
Explanation | Only one of the following token reference assertions may be specified for a token: RequireKeyIdentifierReference, RequireEmbeddedTokenReference, RequireIssuerSerialReference, RequireThumbprintReference. |
Action | Regenerate the policy file. |
Explanation | The policy file contains a not valid X509Token, Kerberos or UsernameToken assertion. |
Action | Regenerate policy file with a valid token type. |
Explanation | The policy file contains a not valid SecureConversationToken assertion. |
Action | Regenerate policy file with a valid SecureConversation token type. |
Explanation | The policy file contains multiple namespaces. Only one namespace is allowed. |
Action | Verify that the policy file is correct. |
Explanation | The policy file contains an element that is not a known policy assertion. |
Action | Verify that the policy file is correct. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains multiple XPath elements in signedElements that are identical. The element will only be signed once. |
Action | No user action is required. |
Explanation | The policy file contains multiple XPath elements in encryptedElements that are identical. The element will only be encrypted once. |
Action | No user action is required. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | A null value is not allowed for the Value Type for the token generator. |
Action | Specify a valid Value Type and regenerate the binding file. |
Explanation | The token types need to match. |
Action | Correct the token type in either the policy file or binding file and regenerate the file. |
Explanation | The token generator did not define a JAAS configuration. |
Action | Define a JAAS configuration for the token generator in the binding file and regenerate the file. |
Explanation | The two specified assertions are not valid together. Only one of them should be specified in the policy. |
Action | Correct the policy file and regenerate the file. |
Explanation | A null value is not allowed for the Value Type for the token consumer. |
Action | Specify a valid Value Type and regenerate the binding file. |
Explanation | The token consumer did not define a JAAS configuration. |
Action | Define a JAAS configuration for the token consumer in the binding file and regenerate the file. |
Explanation | The policy file contains more than one token with the same type. Duplicate tokens are not allowed. |
Action | Correct the policy file and regenerate the file. |
Explanation | The Token Generator token type in the bindings file must match the signature token type in the policy file. |
Action | Correct the policy or binding file and regenerate the file. |
Explanation | The Token Generator token type in the bindings file must match the encryption token type in the policy file. |
Action | Correct the policy or binding file and regenerate the file. |
Explanation | The Token Consumer token type in the bindings file must match the signature token type in the policy file. |
Action | Correct the policy or binding file and regenerate the file. |
Explanation | The Token Consumer token type in the bindings file must match the encryption token type in the policy file. |
Action | Correct the policy or binding file and regenerate the file. |
Explanation | A caller was defined that does not have a matching token in the policy. |
Action | Remove the caller from the bindings, or add a supporting or protection token of the same type to the policy. |
Explanation | The token consumer specified enforceTokenVersion. The token Value type must match the token consumer configuration. |
Action | Verify that the token generator and consumer configuration is correct. Removing enforceTokenVersion will allow the token with a different Value type to be consumed. |
Explanation | The policy file specifies no parts to be encrypted. The SignatureConfirmation element will not be encrypted. |
Action | Correct the policy file and regenerate the file. |
Explanation | The policy file specifies no parts to be signed. The SignatureConfirmation element will not be signed. |
Action | Correct the policy file and regenerate the file. |
Explanation | The audit subsystem failed initialization. One possible reason is the implementation class cannot be found or loaded. |
Action | Examine the exception for possible cause. Contact the vendor who provided the audit service extension implementation for help. |
Explanation | The WebSphere platform audit subsystem platform implementation failed generating a security audit event. |
Action | Examine the exception for possible cause. Contact WebSphere support for help if this problem was not caused by a configuration problem or failure of an external component such as an event log database. |
Explanation | The WebSphere platform audit subsystem platform implementation cannot generate a security audit event because critical data was missing. |
Action | Contact WebSphere support for help. |
Explanation | The above property determines what the valid value types are. |
Action | Change the value type in the binding and regenerate the file, or set the above property to true. |
Explanation | The LTPA token is only supported on WebSphere Server. |
Action | Change the token type in the policy and regenerate the file. |
Explanation | Kerberos login failed to generate the Kerberos AP_REQ token for the current message due to the exception. |
Action | Verify the intended user is valid in Kerberos registry and specified correctly in the binding file. Set JVM properties, com.ibm.security.jgss.debug=all, com.ibm.security.krb5.Krb5Debug=all, com.ibm.security.ktp.debug=all for more log messages. |
Explanation | Kerberos login failed to consume the Kerberos AP_REQ token for the current message due to the exception. |
Action | Verify the Kerberos Distribution Center(KDC) is configured properly to accept the request AP_REQ token. Set JVM properties, com.ibm.security.jgss.debug=all, com.ibm.security.krb5.Krb5Debug=all, com.ibm.security.ktp.debug=all for more log messages. |
Explanation | Kerberos login failed to consume the Kerberos AP_REQ token for the current message due to the exception. |
Action | Verify the Kerberos Distribution Center(KDC) is configured properly to accept the request AP_REQ token. Set JVM properties, com.ibm.security.jgss.debug=all, com.ibm.security.krb5.Krb5Debug=all, com.ibm.security.ktp.debug=all for more log messages. |
Explanation | Caller processing failed due to the exception. |
Action | Verify the caller configuration and look for other failures in JGSS and Java Kerberos logs. |
Explanation | The specified configuration is not supported with the bindings version thats used |
Action | Migrate bindings to a level that supports the configuration |
Explanation | Two and only two UsernameTokens Supporting tokens are allowed in policy when being used as a trusted id and an id assertion |
Action | Correct the policy and ensure that your it has exactly two UsernameTokens. |
Explanation | When a supporting token type is specified as a caller, one and exactly one supporting token of that type is allowed. |
Action | Correct the policy and ensure that your policy has exactly one token of that type. |
Explanation | In default bindings only one trustedId UsernameToken consumer is allowed. |
Action | Correct the bindings and ensure that it has exactly one trustedId UsernameToken consumer. |
Explanation | In default bindings only one idAssertion UsernameToken consumer is allowed. |
Action | Correct the bindings and ensure that it has exactly one idAssertion UsernameToken consumer. |
Explanation | Only one token consumer per supporting token type is allowed. |
Action | Correct the default bindings so only one token consumer for each supporting token type is configured. |
Explanation | A maximum of 2 UsernameTokens of the same type are allowed in the policy when using default bindings. The maximum of 2 is only allowed when setting up one UsernameToken as a trustedId, and another one as a callerId. |
Action | Correct the policy so a maximum of 2 SupportingToken UsernameToken assertions of the same type are found in the policy. |
Explanation | A caller was configured without an order attribute in a namespace requiring its use. |
Action | Regenerate the binding file with correct caller order attributes set. |
Explanation | The Value Type on the token in the message does not match the token consumer configuration. |
Action | Check and correct the Value Type information in the bindings. The token consumer and token generator configuration must both specify valid Value Types that are compatible. |
Explanation | The WSS API configuration is not valid. See the referenced exception. |
Action | Correct the WSS API configuration. |
Explanation | The SOAP message that has been received by the consumer or provider contained an XML digital signature in the security header. However, the application that is receiving the message is not configured for inbound XML digital signature. The security header in the inbound SOAP message contained a mustUnderstand attribute with a value of 1. Therefore, an exception has been created. |
Action | Complete one of the following tasks: - Add an inbound XML digital signature configuration to the application that is receiving the SOAP message. - Remove the outbound XML Digital signature configuration from the application that is sending the SOAP message. - Configure the application that is sending the SOAP message to not add the mustUnderstand attribute to the SOAP security header. |
Explanation | The SOAP message that has been received by the consumer or provider contained XML encryption information in the security header. However, the application that is receiving the message is not configured for inbound XML encryption. The security header in the inbound SOAP message contained a mustUnderstand attribute with a value of 1. Therefore, an exception has been created. |
Action | Complete one of the following tasks: - Add inbound XML encryption configuration to the application that is receiving the SOAP message. - Remove outbound XML encryption configuration from the application that is sending the SOAP message. - Configure the application that is sending the SOAP message to not add the mustUnderstand attribute to the SOAP security header. |
Explanation | A RunAs Subject may not exist or may not contain WebSphere user security attributes. |
Action | Check if the application server security is enabled. |
Explanation | The identity delimiter pattern appears more than once. |
Action | Either the user name or the unique representation of the user in the identity string {0} contains the identity delimeter pattern {1}. Modify the name representation to remove any ambiguity. |
Explanation | The user identity should be qualified by realm name when the com.ibm.wsspi.wssecurity.token.IDAssertion.sendRealm property value is set to true. |
Action | Check if the com.ibm.wsspi.wssecurity.token.IDAssertion.sendRealm property is set to true in binding on sending side. |
Explanation | Realm of the asserted identity is not in list of trusted inbound realms. |
Action | Verify the list of inbound trusted realms. |
Explanation | There was a problem loading named bindings or default bindings for this application. |
Action | Exception will have details on what went wrong during loading. Please examine specific exception and take corrective actions. |
Explanation | Only one token consumer per supporting token type is allowed. |
Action | Correct the default bindings so only one token consumer for each supporting token type is configured. |
Explanation | Kerberos login failed to generate the Kerberos AP_REQ token for the current message due to the exception stated. |
Action | Verify the intended user is valid in Kerberos registry and specified correctly in the binding file. Set JVM properties, com.ibm.security.jgss.debug=all, com.ibm.security.krb5.Krb5Debug=all, com.ibm.security.ktp.debug=all for more log messages. |
Explanation | The format to use for the property is in service_name/hostname. |
Action | Verify the value of property named com.ibm.wsspi.wssecurity.krbtoken.serviceSPN. |
Explanation | A securityTokenReference is not supported on default bindings. |
Action | Regenerate the token consumer in the default bindings, so the securityTokenReference is removed. |
Explanation | A securityTokenReference is not supported on default bindings. |
Action | Regenerate the token generator in the default bindings, so the securityTokenReference is removed. |
Explanation | In default bindings only one trustedId UsernameToken generator is allowed. |
Action | Correct the bindings and ensure that it has exactly one trustedId UsernameToken generator. |
Explanation | In default bindings only one idAssertion UsernameToken generator is allowed. |
Action | Correct the bindings and ensure that it has exactly one idAssertion UsernameToken generator. |
Explanation | Only one token generator per supporting token type is allowed. |
Action | Correct the default bindings so only one token generator for each supporting token type is configured. |
Explanation | In default bindings, we allow only a single supporting token of this type in the policy. |
Action | Regenerate the policy so only one supporting token of this type is in the policy. |
Explanation | Two UsernameToken token consumers, one configured as trusted id and the other as a caller id were found, but do not know which one to use, as only one UsernameToken assertion was found in the policy. This is an ambiguous situation. |
Action | Correct the policy so two Usernametoken SupportingToken assertions are in the policy, or remove one of the two UsernameToken token consumers from the default bindings. |
Explanation | Two UsernameToken token generators, one configured as trusted id and the other as a caller id were found, but do not know which one to use, as only one UsernameToken assertion was found in the policy. This is an ambiguous situation. |
Action | Correct the policy so two Usernametoken SupportingToken assertions are in the policy, or remove one of the two UsernameToken token generators from the default bindings. |
Explanation | A token consumer was not found in the bindings for the supporting token of this type. |
Action | Correct the bindings so a token consumer for the supporting token in the policy is defined. |
Explanation | A token generator was not found in the bindings for the supporting token of this type. |
Action | Correct the bindings so a token generator for the supporting token in the policy is defined. |
Explanation | After looking at bindings, no encryption bindings were found for the confidential part with the specified reference name in the policy. |
Action | Regenerate bindings so this confidential part specified in the policy has a correctly defined encryption binding. |
Explanation | After looking at bindings, no signature bindings were found for the integral part with the specified reference name in the policy. |
Action | Regenerate bindings so this integral part specified in the policy has a correctly defined signature binding. |
Explanation | When using default bindings, we allow 2 UsernameTokens of the same type, only when being used as callers. |
Action | Correct the default bindings, so these 2 UsernameTokens are used as callers, or to not use 2 UsernameTokens. |
Explanation | Only two UsernameTokens, one configured as trusted identity and the other as a caller identity are allowed when using default bindings. |
Action | Regenerate policy to use 2 UsernameTokens as caller identity and trusted identity. |
Explanation | Only two UsernameTokens, one configured as trusted identity and the other as a caller identity are allowed when using default bindings. |
Action | Regenerate policy to use 2 UsernameTokens as caller identity and trusted identity. |
Explanation | Default bindings are missing the token consumer for the signing token. |
Action | Regenerate the default bindings, so there is a token consumer for the signing token. |
Explanation | Integral parts were specified for inbound messages in the policy, but there was no matching signing information on the inbound section of the default bindings. |
Action | Regenerate the default bindings, so there are signature bindings for the specified inbound integral parts. |
Explanation | Default bindings are missing the token consumer for the encryption token. |
Action | Regenerate the default bindings, so there is a token consumer for the encryption token. |
Explanation | Confidential parts were specified for inbound messages in the policy, but there was no matching encryption information on the inbound section of the default bindings. |
Action | Regenerate the default bindings, so there are encryption bindings for the specified integral parts. |
Explanation | Integral parts were specified for outbound messages in the policy, but there was no matching signing information on the outbound section of the default bindings. |
Action | Regenerate the default bindings, so there are signature bindings for the specified outbound integral parts. |
Explanation | Confidential parts were specified for outbound messages in the policy, but there was no matching encryption information on the outbound section of the default bindings. |
Action | Regenerate the default bindings, so there are encryption bindings for the specified outbound integral parts. |
Explanation | The ValueType on the token generator is missing. |
Action | Check and correct the ValueType information in the bindings. The token generator configuration must specify a valid ValueType. |
Explanation | The ValueType on the token consumer is missing. |
Action | Check and correct the ValueType information in the bindings. The token consumer configuration must specify a valid ValueType. |
Explanation | An attempt to fill missing encryption information missing in custom bindings by loading missing information from default bindings failed. Default bindings loading failed earlier. |
Action | Inspect original error that prevented default bindings loading and take appropriate action. |
Explanation | An attempt to fill missing signature information in custom bindings by loading missing information from default bindings failed. Default bindings creation failed earlier. |
Action | Inspect original error that prevented default bindings creation and take appropriate action. |
Explanation | An attempt to fill missing supporting token information in custom bindings by loading missing information from default bindings failed. Default bindings creation failed earlier. |
Action | Inspect original error that prevented default bindings creation and take appropriate action. |
Explanation | An attempt to use default bindings failed. Default bindings creation failed earlier. |
Action | Inspect original error that prevented default bindings creation and take appropriate action. |
Explanation | The trust anchor could not be loaded because the path is null. |
Action | Verify the trust anchor path is specified in the bindings, or specify trustAnyCertificate. |
Explanation | There was a problem loading the bootstrap configuration. The caught exception has the precise reason. |
Action | Look at the exception that was caught and take appropriate action. |
Explanation | When a protection token type is specified as a caller, one and exactly one protection token of that type is allowed. |
Action | Correct the policy and ensure that your policy has exactly one token of that protection token type. |
Explanation | SCT lifetime is less than the RM sequence timeout. Message would not be able to be recovered as SCT will have expired before the RM sequence timeout time. It is recommended that SCT lifetime is equal or greater than the RM sequence timeout. |
Action | Adjust RM and/or SCT timeouts so SCT lifetime is equal or greater than the RM inactivity timeout. |
Explanation | None |
Action | None |
Explanation | At most one signature token and one encryption token can be declared in the WS-Security bindings |
Action | Modify the WS-Security bindings to ensure there is no more than one encryption token and one signature token |
Explanation | None |
Action | None |
Explanation | Request message part protection and response message part protection policies must be the same in order for bootstrap policy to be published. |
Action | Modify the trust system policy set to ensure the message part protection policies are the same for request and response. |
Explanation | The policy file contains an AlgorithmSuite assertion that has parameters that contradict settings in the bindings. |
Action | Modify either the policy file or the bindings to ensure the Algorithm suite parameters match. |
Explanation | The signature reference contains a transformation algorithm that can not be published using WS-Policy |
Action | Modify the WS-Security bindings to remove the transformation algorithm that can not be published using WS-Policy |
Explanation | The order attribute in the signature and encryption references in the bindings can not be published using WS-Policy |
Action | Modify the bindings to ensure that all signature order attributes are either higher or all lower than the encryption order attribute values. |
Explanation | Strict header layout can not be guaranteed when encrypting before signing. |
Action | Modify the policy and select an alternative header order. |
Explanation | Web services security runtime cannot find correrct SOAP action or correct WS-Addressing action to determine whether an operation level PolicySet must be used to validate the received message. The request message is therefore rejected for security consideration. |
Action | Modify web services client so that correct SOAP action or WS-Addressing action is specified in request messages. |
Explanation | A SAML assertion cannot be issued. |
Action | Ensure that the required assertion elements are specified. |
Explanation | The assertion token cannot be retrieved because the assertion ID is missing from the requesting message context. |
Action | Ensure that the assertion ID is generated for the SAML assertion. |
Explanation | The confirmation method or type for this request is not recognized. |
Action | The subject confirmation method can be either holder-of-key (HOK) or sender-vouches (SV). |
Explanation | The SAML token issue request to the STS failed. |
Action | The SAML token issue request to the STS failed. |
Explanation | The propagation token is not valid for this request. |
Action | Provide a valid propagation token for this request. |
Explanation | The token type must be SAML, which is the only token type processed by this login module. |
Action | Provide a SAML token type. |
Explanation | A SAML token cannot be located for the provided ID. |
Action | Provide a valid SAML ID. |
Explanation | The SOAP namespace specified in the trust client request is not valid. |
Action | Specify a SOAP namespace that is supported by the trust client. |
Explanation | The WS-Addressing namespace specified is not a valid namespace. |
Action | Specify a WS-Addressing namespace that is supported by the trust client. |
Explanation | The WS-Addressing namespace specified is not a valid namespace. |
Action | Specify a WS-Trust namespace that is supported by the trust client. |
Explanation | The trust client cannot configure the outgoing request with the specified configuration setting. |
Action | Verify that the configuration setting is correct. |
Explanation | The trust client settings key is not one of the predefined keys required for the trust client. |
Action | Specify a trust client settings key from the list of predefined trust client keys. |
Explanation | The request security token cannot be added to the collection because the token action does not match the action of the existing requests in the collection. |
Action | Ensure that the request security token action matches the action of existing requests in the collection. |
Explanation | The request security token cannot be added to the collection because the token header does not match the header of the existing requests in the collection. |
Action | Ensure that the request security token header matches the header of the existing requests in the collection. |
Explanation | The request security token cannot be added to the collection because the token trust service provider address does not match the trust service provider address of the existing requests in the collection. |
Action | Ensure that the trust service provider of the request security token matches the provider of existing requests in the collection. |
Explanation | The specified trust client key value settings is not valid. |
Action | Verify that the value of the trust client settings key is correct. |
Explanation | Loading the application trust policy set and bindings produced an error. |
Action | Verify that the specified policy set and bindings names are correct. Also, verify that the policy set and bindings files exist, and are in the correct location. |
Explanation | The trust client was unable to access the necessary resources to create a new instance. |
Action | Verify that the product was installed properly, and the application classpath is correct. |
Explanation | The specified trust service provider is not a valid Web service address for processing trust client requests. |
Action | Verify that the specified trust service provider Web service address is correct and accessible. |
Explanation | The trust client failed to establish communications with the specified trust service provider. |
Action | Verify that the specified trust service provider Web service address is correct, and the application trust policy set and bindings are configured correctly for the trust service provider. |
Explanation | The trust client received a response from the trust service provider that is not valid. |
Action | Verify that the trust service provider address is correct, and the trust client is configured correctly for the specified trust service provider. |
Explanation | The SAML issuer configuration data property file did not load. |
Action | Verify that a valid SAML property file exists at the specified location. |
Explanation | The WS-PolicySet policy for Web services security that is attached to the service specifies a SAML confirmation method that is different from the method used by the issued token. |
Action | Revise your configuration to ensure the confirmation method for the attached WS-PolicySet corresponds to the issued token. |
Explanation | The SAML token contains OneTimeUse or DoNotCacheCondition assertions; however, these assertions are not supported. |
Action | The SAML token provider must be configured to not include the OneTimeUse or the DoNotCacheCondition assertions, or set the validateOneTimeUse binding option to false. |
Explanation | The SAML token contains an AudienceRestriction assertion that cannot be verified. |
Action | Do not configure the AudienceRestriction assertion in the SAML token provider, or set the validateAudienceRestriction binding option to false. |
Explanation | Neither the SAML issuer name nor the SubjectDN of the signer certificate are defined in the trusted issuer list in the bindings. Trusted issuers are defined with the [trustedIssuer_n] SAML callback handler custom property. Trusted SubjectDNs are configured with the [trustedSubjectDN_n] SAML callback handler custom property. |
Action | Check your bindings to make sure the SAML issuer name or the SubjectDN of the signer certificate is trusted. |
Explanation | The SAML token specifies a confirmation method that is not supported. |
Action | The SAML token provider must be configured to not send SAML tokens with the unsupported confirmation method. |
Explanation | The received token is not supported. |
Action | The token provider must be configured to send only supported token types. See the Information Center for list of supported token types. |
Explanation | There was no token consumer configured for the token type received. |
Action | Configure a token consumer for the received token type so it can be processed. |
Explanation | A returned token is expected when a token validation request is made to the security token service. |
Action | The security token service must be configured to return a token when it handles a token validation request. |
Explanation | The ValueType of the token received from the security token service cannot be identified. |
Action | The security token service must be configured to return a ValueType for the exchanged token. |
Explanation | A token validation request was sent to the security token service but no results were returned. |
Action | The security token service must be configured to return a result on a token validation request. |
Explanation | A token validation request was sent to the security token service and multiple results were returned. This is not supported. |
Action | Configure the security token service to return a single result on a token validation request. |
Explanation | The outgoing request is not able to use the token in the RunAsSubject to exchange it for the requested token from the security token service. |
Action | Configure the security token service to return a GenericSecurityToken with the expected ValueType attribute value. |
Explanation | To parse a SAML token, the parser is required to determine the value of the ValueType attribute for the token. Receiving an unsupported SAML token type is one possible cause for this error. |
Action | Ensure the security token service that provides the token is configured to return a supported SAML token type. See the Information Center for list of supported SAML token types. |
Explanation | The outgoing request is not able to use the token in the RunAs subject to exchange it for the requested token from the security token service. |
Action | If a token cannot be extracted from the RunAs subject, change the configuration to issue a new token by removing the custom property, useRunAsSubjectOnly, from the callback handler. |
Explanation | The keyType attribute for this request is not valid this confirmation method. |
Action | Select an appropriate keyType attribute for the given confirmation method. |
Explanation | There can be at most one application binding in the bindings. |
Action | Regenerate the bindings and insure only a single application binding is present. |
Explanation | There can be at most one bootstrap binding in the bindings. |
Action | Regenerate the bindings and insure only a single bootstrap binding is present. |
Explanation | The SAML token specifies a confirmation method that is not supported by the login module. |
Action | The SAML token provider must be configured to not send SAML tokens with the unsupported confirmation method. |
Explanation | The SAML attribute defining the principal can have only one value. |
Action | Assign a single value to the SAML attribute defining the principal in the bindings. |
Explanation | Only one principal may be defined for a SAML token |
Action | Define a single principal for the SAML token in the bindings. |
Explanation | The SAML attribute defining the realm can have only one value. |
Action | Assign a single value to the SAML attribute defining the realm in the bindings. |
Explanation | Only one realm may be defined for a SAML token |
Action | Define a single realm for the SAML token in the bindings. |
Explanation | The SAML attribute defining the unique ID can have only one value. |
Action | Assign a single value to the SAML attribute defining the unique ID in the bindings. |
Explanation | Only one unique ID may be defined for a SAML token |
Action | Define a single unique ID for the SAML token in the bindings. |
Explanation | A realm is required but was not found in the SAML attributes. |
Action | Define a realm for the SAML token in the bindings. |
Explanation | A principal is required but was not found in the SAML attributes. |
Action | Define a principal for the SAML token in the bindings. |
Explanation | A unique Id is required but was not found in the SAML attributes. |
Action | Define a uniqueId for the SAML token in the bindings. |
Explanation | A SecurityToken was identified in the security header without an OMElement representation |
Action | The token generator must be configured to create tokens using an OMElement representation. |
Explanation | The response Status element contains a code that represents the status of the corresponding SAML request. The Status element is a required element in a response. |
Action | Check with your SAML identity provider and ensure it emits the Status element in the SAML Response. |
Explanation | A StatusCode element is a required element that represents the status of the activity carried out in the response to the corresponding request. |
Action | Check with your SAML identity provider and ensure it emits the StatusCode element in the Status element in the corresponding SAML Response. |
Explanation | A "Success" StatusCode value is required. |
Action | Check with your SAML identity provider and ensure it emits the Success StatusCode element in the Status element in the corresponding SAML Response. |
Explanation | The SAML Response must contain a valid <Assertion>. |
Action | Check with your SAML identity provider and ensure it emits a valid <Assertion>. |
Explanation | The SAML Response must contain an identifier. |
Action | Check with your SAML identity provider and ensure it emits an identifier. |
Explanation | The Issuer format must be omitted or have a value of urn:oasis:names:tc:SAML:2.0:nameid-format:entity. |
Action | Check with you SAML identity provider and ensure it emits Issuer format properly. |
Explanation | The SAML Assertion with the ID that is shown in the message contains an SubjectConfirmationData with an InResponseTo attribute. When a SAMLResponse is received from an IdP that is not in response to an SP-initiated AuthnRequest, the InResponseTo attribute must not be in the message. |
Action | If your original request is an SP-Initiated AuthnRequest, make sure that the WasSamlAcsID cookie exists and is available to WebSphere Application Server at the time the SAMLResponse is received from the IdP. If there is an issue with the WasSamlAcsID cookie, consider setting the com.ibm.websphere.security.addSameSiteAttributeToCookie global security custom property to the value "Lax" or "None". If your original request is not an SP-Initiated AuthnRequest, check with your SAML identity provider and ensure its response is generated properly. |
Explanation | The identifier for the version of SAML defined in this specification is 2.0. |
Action | Check with your SAML identity provider and ensure it emits the correct version number. |
Explanation | The time of the response must be a current time. |
Action | Synchronize the system clocks between your SAML identity provider and WebSphere Application Server service provider. Ensure the time of the response is not in the future. |
Explanation | The IssueInstant attribute of the SAML response is required. |
Action | Check with your SAML identity provider and ensure it emits the IssueInstant attribute. |
Explanation | If the Destination attribute is present in a SAML Response, it must match the URL of the endpoint to which the message is sent. A SAML Response is sent to the AssertionConsumerService URL. In this case, the Destination attribute is present on the SAML Response and it does not match the AssertionConsumerService URL. |
Action | Check with your SAML identity provider. Ensure that the provider either does not emit the Destination attribute, or that Destination attribute value matches the partner's AssertionConsumerService URL. |
Explanation | The Extension element in the SAML response is not validated. |
Action | Check with your SAML identity provider if you do not want the Extension element present. |
Explanation | The Signature element in the SAML response is not valid. |
Action | Examine the exception for possible cause. Contact WebSphere Application Server support for help if this problem was not caused by a configuration problem. |
Explanation | The Signature element in the SAML Assertion is not valid. |
Action | Examine the exception for possible cause. Contact WebSphere Application Server support for help if this problem was not caused by a configuration problem. |
Explanation | The Issuer name in the SAML Assertion does not match the value configured for the [allowedIssuerName] custom property on the service provider. |
Action | Check TAI configuration to make sure the issuer name is trusted. |
Explanation | At least one Single-Sign-on partner is required in the SAML TAI configuration. |
Action | Check the SAML TAI configuration and ensure at least one Single-Sign-On partner is created. |
Explanation | Authentication Error: SAMLResponse is required for the request to SAML AssertionConsumerService. Please login to the SAML Identity Provider, and try again. |
Action | Contact WebSphere Application Server support for help if this problem was not caused by a configuration problem. |
Explanation | This error occurs when all the following conditions are true: 1) Global security verification for the LTPA cookie failed, or the cookie does not exist. 2) The endpoint is protected by the SAML single sign-on (SSO). 3) No SAMLResponse parameter is specified in the HTTP request. The LTPA cookie might fail verification if one or more of the sso_<id>.sp.enforceTaiCookie SAML Web SSO TAI properties are set to true and there a SAML Assertion on the LTPA that is not scoped to the identified endpoint. |
Action | If the request is to the Assertion Consumer Service (ACS) URL, ensure that the identity provider (IdP) includes the SAMLResponse parameter on the HTTP request. If the request is to the business endpoint and the error is expected, but not wanted, perform one or more of the following actions: 1) If the enforceTaiCookie SAML Web SSO TAI property is set to true, set it to false. 2) If one or more of the sso_<id>.sp.enforceTaiCookie SAML Web SSO TAI properties are set to true, set them to false. 3) Increase the LTPA timeout. |
Explanation | Authentication Error: SAMLResponse could not be verified. Please review and correct the TAI configuration, and try again. |
Action | Contact WebSphere Application Server support for help if this problem was not caused by a configuration problem. |
Explanation | Authentication Error: HTTP Artifact Binding is not supported. |
Action | Contact WebSphere Application Server support for help. |
Explanation | The SAML response does not contain a required <Assertion> element. |
Action | Check with your SAML identity provider and ensure it emits at least one <Assertion> element. |
Explanation | The SAML assertions do not contain a required <AuthnStatement> element that reflects the authentication of the principal to the identity provider. |
Action | Check with your SAML identity provider and ensure it emits at least one <AuthStatement> element. |
Explanation | The SAML Assertion MUST contain a <Subject> element. |
Action | Check with your SAML identity provider and ensure it emits a <Subject> element. |
Explanation | The SAML Assertion does not contain a required SubjectConfirmation Method of urn:oasis:names:tc:SAML:2.0:cm:bearer. |
Action | Check with your SAML identity provider and ensure it emits a bearer Subject Confirmation method. |
Explanation | The SAML Assertion does not contain a required Recipient in <SubjectConfirmationData> element. |
Action | Check with your SAML identity provider and ensure it emits <SubjectConfirmationData> element. |
Explanation | The SAML identity provider (IdP) must set the Recipient attribute to the URL to which they are sending the SAMLResponse. The IdP sends the SAMLResponse to the acsUrl, therefore these values must match. |
Action | Check with your SAML identity provider and ensure it emits a correct Recipient attribute. |
Explanation | The SAML Assertion has passed NotOnOrAfter in the <SubjectConfirmationData> element. |
Action | Synchronize the system clocks between your SAML identity provider and WebSphere Application Server service provider and ensure NotOnOrAfter is large enough for recipient processing. |
Explanation | The NotBefore attribute in the <SubjectConfirmationData> element is not allowed. |
Action | Check with your SAML identity provider and ensure it does not emit the NotBefore attribute in the <SubjectConfirmationData> element. |
Explanation | The received Assertion has exceeded the SessionNotOnOrAfter attribute from <AuthnStatement> element. |
Action | Synchronize the system clocks between your SAML identity provider and WebSphere Application Server service provider and ensure SessionNotOnOrAfter is large enough for recipient processing. |
Explanation | The SAML Assertion in the SAMLResponse must contain an AudienceRestriction element that contains at least one Audience subelement. An Audience subelement must be set to the value for the sso_<id>.sp.EntityID, sso_<id>.sp.acsUrl, or sso_<id>.sp.targetUrl for the service provider. The value for the sso_<id>.sp.EntityID property defaults to the value for the sso_<id>.sp.acsUrl property and the sso_<id>.sp.targetUrl property is optional. |
Action | Check with your SAML identity provider and ensure that it emits the correct AudienceRestriction element in the SAML Assertion in the SAMLResponse. Alternatively, you can set the sso_<id>.sp.EntityID property in your SAML TAI configuration to match one of the values in the AudienceRestriction list in the SAML Assertion. |
Explanation | There is no AssertionConsumerService URL configured for the incoming SAML Response. |
Action | Check the WebSphere Application Server SAML TAI configuration and ensure it has the AssertionConsumerService URL configured. |
Explanation | There are multiple Single-Sign-on partners configured for the request. |
Action | Check the WebSphere Application Server SAML TAI configuration and ensure the filter condition uniquely identifies one Single-Sign-On partner. |
Explanation | The filter operator for SAML Web SSO is not valid. |
Action | Check the WebSphere Application Server SAML TAI configuration and ensure the filter operator is valid. |
Explanation | Bad IP range specfied. Must contain only wildcards after the first range. |
Action | Ensure everything after the first range specified is a wildcard. |
Explanation | Could not obtain IP address. |
Action | Validate the IP address range specified. |
Explanation | Conversion error occurred while converting the IP string to an IP address. |
Action | Validate the IP string provided. |
Explanation | A SAML assertion should not be replayed. The current request has a SAML assertion that has already been found in a previous request. |
Action | Ensure the Identity Provider does not generate a SAML assertion with a duplicated ID or resend the same SAML assertion more than once. |
Explanation | WebSphere Application Server Dynamic Cache is configured to prevent replay detection, however Dynamic Cache could not be created. |
Action | Verify that the WebSphere Application Server Dynamic Cache is enabled. |
Explanation | TAI custom property realmNameRange is required if TAI custom property realmName is configured. |
Action | Add TAI custom property realmNameRange if TAI custom property realmName is configured. |
Explanation | A realm is required but was not found in the SAML attributes. |
Action | Define a SAML Attribute as realm in TAI. |
Explanation | A principal is required but was not found in the SAML attributes. |
Action | Define a principal for the SAML token in the TAI. |
Explanation | A unique Id is required but was not found in the SAML attributes. |
Action | Define a uniqueId for the SAML token in the TAI. |
Explanation | The Subject DN of the signer certificate in the SAML Assertion does not match the value configured for the [allowedIssuerDN] custom property on the service provider. |
Action | Check the SAML TAI configuration to make sure the Subject DN of the signer certificate is trusted. |
Explanation | A value has been specified for the [allowedIssuerDN] custom property. The value for the [allowedIssuerDN] custom property must match the Subject DN of the signer certificate in the SAML Assertion. The signer certificate is not available so the comparison could not be made. The signer certificate will only be available if the signature of the SAML Assertion is validated. Two possible causes of this failure are: 1) The SAML Assertion is not signed, 2) The [wantAssertionsSigned] SAML TAI custom property is set to false for the active service provider. |
Action | Ensure that the SAML Assertion is signed and check the SAML TAI configuration to make sure that the [wantAssertionsSigned] custom property is set to true for the active service provider. |
Explanation | The Issuer name and the Subject DN shown in the message are part of a trusted pair in the SAML token consumer configuration. A trusted pair is [trustedIssuer_n] and [trustedSubjectDN_n] where n is the same number. Either the Issuer name in the token is part of a pair and the Subject DN of the signer certificate doesn't match its pair or the other way around. The Issuer or Subject DN that is not trusted will be added as a cause to this message and will be visible in the FFDC logs. |
Action | Do one of the following: 1) Ensure that the SAML token contains the Issuer name shown in the message and is signed with a certificate that has the Subject DN shown in the message. 2) Change the [trustedIssuer_n] [trustedSubjectDN_n] pair in the SAML token consumer configuration to be the Issuer name and the Subject DN of the signer certificate of the SAML token. 3) Remove the pair association of [trustedIssuer_n] [trustedSubjectDN_n] in your SAML token consumer by changing the 'n' to different numbers for each custom property. |
Explanation | The Subject DN of the signer certificate in the SAML Assertion does not match any of the values configured for the [trustedSubjectDN_n] custom properties on the SAML token consumer. |
Action | Check the SAML token consumer configuration to make sure the Subject DN of the signer certificate is trusted. |
Explanation | The Issuer name in the SAML Assertion does not match any of the values configured for the [trustedIssuer_n] custom properties on the SAML token consumer. |
Action | Check the SAML token consumer configuration to make sure the issuer name is trusted. |
Explanation | A value has been specified for the [trustedSubjectDN_n] custom property in the SAML token consumer configuration. The value for the [trustedSubjectDN_n] custom property must match the Subject DN of the signer certificate in the SAML Assertion. The signer certificate is not available so the comparison could not be made. The signer certificate will only be available if the signature of the SAML Assertion is expected to be validated. Two possible causes of this failure are: 1) The SAML Assertion is not signed, 2) The [signatureRequired] SAML token consumer callback handler custom property is set to false. |
Action | Ensure that the SAML Assertion is signed and check the SAML token consumer callback handler configuration to make sure that the [signatureRequired] custom property is set to true in the WS-Security bindings. |
Explanation | The runtime requires a decrypting key to decrypt a message. The decrypting key is not found to decrypt the message. |
Action | Check the configuration for missing or mis-configured properties. This message is contained within a companion message that might include information about the properties. |
Explanation | The SAMLResponse or Assertion/SubjectConfirmationData with the ID that is shown in the message contains an InResponseTo attribute. That attribute value does not match the ID of the original AuthnRequest. These values must match. |
Action | Check with your SAML identity provider and ensure its response is generated properly. |
Explanation | In the SAMLResponse that is received from the IdP, there is an InResponseTo attribute in the SAMLResponse or SAML Assertion SubjectConfirmationData element. The SAML TAI SP configuration shows that the original request was an SP-initiated AuthnRequest. However, the SAML TAI is unable to obtain the ID of the original AuthnRequest from the WasSamlAcsID cookie at this time. Because the TAI has an InResponseTo attribute, but no AuthnRequest ID, the request must be rejected. Either the AuthnRequestProvider did not set the REQUEST_ID in the result of the getAuthnRequest method or the WasSamlAcsID(string) cookie is missing for this request. |
Action | Perform one or more of the following actions 1) make sure that the AuthnRequestProvider sets the REQUEST_ID in the result of the getAuthnRequest method. 2) make sure that the WasSamlAcsID(string) cookie is present in the request. Try setting the global security custom property com.ibm.websphere.security.addSameSiteAttributeToCookie to 'Lax' or 'None'. |
Explanation | The SAML TAI sent an SP-initiated AuthnRequest with an ID that is shown in the message. The IdP responded with a message that does not contain an InResponseTo attribute in either the SAMLResponse or SAML Assertion SubjectConfirmationData element. The IdP must respond with an InResponseTo attribute that matches the ID of the SP-initiated AuthnRequest. |
Action | Check with your SAML identity provider and ensure its response is generated properly. |