ibm securityaccess manager for mobile version 8.0.0€¦ · usc user self care ws common auditing...

IBM Security Access Manager for MobileVersion 8.0.0.1

Error Message Reference

GC27-6210-01

��

NoteBefore using this information and the product it supports, read the information in “Notices” on page 345.

Edition notice

Note: This edition applies to version 8.0.0.1 of IBM Security Access Manager for Mobile (product number5725-L52) and to all subsequent releases and modifications until otherwise indicated in new editions.

© Copyright IBM Corporation 2013.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Figures . . . . . . . . . . . . . . . v

About this publication . . . . . . . . viiAccess to publications and terminology . . . . . viiAccessibility . . . . . . . . . . . . . . viiiTechnical training . . . . . . . . . . . . viiiSupport information . . . . . . . . . . . viiiStatement of Good Security Practices . . . . . viii

Chapter 1. Message overview . . . . . 1Message types . . . . . . . . . . . . . . 1Message format . . . . . . . . . . . . . 1

Chapter 2. Secure Reverse ProxyMessages . . . . . . . . . . . . . . 5

Chapter 3. Protocol Service Messages 111

Chapter 4. Authorization ServiceMessages . . . . . . . . . . . . . 295

Chapter 5. Risk-based AccessMessages . . . . . . . . . . . . . 333

Notices . . . . . . . . . . . . . . 345

© Copyright IBM Corp. 2013 iii

iv IBM Security Access Manager for Mobile: Error Message Reference

Figures

1. Message ID format . . . . . . . . . . 2

© Copyright IBM Corp. 2013 v

vi IBM Security Access Manager for Mobile: Error Message Reference

About this publication

The IBM Security Access Manager for Mobile Error Message Reference lists the errorand warning messages provided by IBM Security Access Manager for Mobile.

Access to publications and terminologyThis section provides:v A list of publications in the “IBM Security Access Manager for Mobile library.”v Links to “Online publications.”v A link to the “IBM Terminology website.”

IBM Security Access Manager for Mobile library

The following documents are available online in the IBM Security Access Managerfor Mobile library:v IBM Security Access Manager for Mobile Configuration Guide, SC27-6205-00v IBM Security Access Manager for Mobile Administration Guide, SC27-6207-00v IBM Security Access Manager Appliance Administration Guide, SC27-6206-00v IBM Security Access Manager for Mobile Auditing Guide, SC27-6208-00v IBM Security Access Manager for Mobile Troubleshooting Guide, GC27-6209-00v IBM Security Access Manager for Mobile Error Message Reference, GC27-6210-00

Online publications

IBM posts product publications when the product is released and when thepublications are updated at the following locations:

IBM Security IBM Security Access Manager for Mobile libraryThe product documentation site (http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.ammob.doc_8.0.0/welcome.html) displays thewelcome page and navigation for the library.

IBM Security Systems Documentation CentralIBM Security Systems Documentation Central provides an alphabetical listof all IBM Security Systems product libraries and links to the onlinedocumentation for specific versions of each product.

IBM Publications CenterThe IBM Publications Center site (http://www.ibm.com/e-business/linkweb/publications/servlet/pbi.wss) offers customized search functionsto help you find all the IBM publications you need.

IBM Terminology website

The IBM Terminology website consolidates terminology for product libraries in onelocation. You can access the Terminology website at http://www.ibm.com/software/globalization/terminology.

© Copyright IBM Corp. 2013 vii

http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.ammob.doc_8.0.0/welcome.html

http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.ammob.doc_8.0.0/welcome.html

https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/IBM%20Security%20Systems%20Documentation%20Central/page/Welcome

http://www.ibm.com/e-business/linkweb/publications/servlet/pbi.wss

http://www.ibm.com/e-business/linkweb/publications/servlet/pbi.wss

http://www.ibm.com/software/globalization/terminology

http://www.ibm.com/software/globalization/terminology

AccessibilityAccessibility features help users with a physical disability, such as restrictedmobility or limited vision, to use software products successfully. You can use thekeyboard instead of the mouse to operate all features of the graphical userinterface.

For additional information, see the IBM Accessibility website athttp://www.ibm.com/able/.

Technical trainingFor technical training information, see the following IBM Education website athttp://www.ibm.com/software/tivoli/education.

Support informationIBM Support provides assistance with code-related problems and routine, shortduration installation or usage questions. You can directly access the IBM SoftwareSupport site at http://www.ibm.com/software/support/probsub.html.

IBM Security Access Manager for Mobile Troubleshooting Guide provides details about:v What information to collect before contacting IBM Support.v The various methods for contacting IBM Support.v How to use IBM Support Assistant.v Instructions and problem-determination resources to isolate and fix the problem

yourself.

Note: The Community and Support tab on the product information center canprovide additional support resources.

Statement of Good Security PracticesIT system security involves protecting systems and information throughprevention, detection and response to improper access from within and outsideyour enterprise. Improper access can result in information being altered, destroyed,misappropriated or misused or can result in damage to or misuse of your systems,including for use in attacks on others. No IT system or product should beconsidered completely secure and no single product, service or security measurecan be completely effective in preventing improper use or access. IBM systems,products and services are designed to be part of a comprehensive securityapproach, which will necessarily involve additional operational procedures, andmay require other systems, products or services to be most effective. IBM DOESNOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES AREIMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THEMALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

viii IBM Security Access Manager for Mobile: Error Message Reference

http://www.ibm.com/able/

http://www.ibm.com/able/

http://www.ibm.com/software/tivoli/education

http://www.ibm.com/software/support/probsub.html

Chapter 1. Message overview

Messages indicate events that occur during the operation of the system.

Depending on their purpose, messages might be displayed on the screen. Bydefault, all informational, warning, and error messages are written to the messagelogs. The logs can be reviewed later to determine what events occurred, to seewhat corrective actions were taken, and to audit all the actions performed. Formore information about message logs, see the IBM Security Access Manager forMobile Troubleshooting Guide.

Message typesIBM® Security Access Manager for Mobile uses messages of specific types.

The following types of messages are used:

Informational messagesIndicate conditions that are worthy of noting but that do not require you totake any precautions or perform an action.

Warning messagesIndicate that a condition has been detected that you should be aware of,but does not necessarily require that you take any action.

Error messagesIndicates that a condition has occurred that requires you to take action.

Message formatMessages logged by IBM Security Access Manager for Mobile adhere to the Tivoli®

Message Standard. Each message consists of a message identifier (ID) andaccompanying message text.

Message ID format

A message ID consists of 10 alphanumeric characters that uniquely identify themessage.

A message ID in Security Access Manager for Mobile is composed of:v three-character product identifierv two-character or three-character component or subsystem identifierv three-digit or four-digit serial or message numberv one-character type code indicating the severity of the message

The figure that follows shows a graphical representation of a possible message IDand identifies its different parts. (Some messages might use 2 characters for thecomponent ID and 4 digits for the serial number.)

© Copyright IBM Corp. 2013 1

IBM product prefix (3 characters)

Component or subsystem identifier (3 characters)

Message number (3 digits)

FBT RTE 033

IWE

---

InformationalWarningError

Severity

I

Component identifiers

The component identifier indicates which component or subsystem produced themessage.

ADM Administration commands

AUD Audit

CC Common Auditing and Reporting Service disk cache

CDS InfoCard messages

CE Common Auditing and Reporting Service emitter

CFG Configuration properties

CLI Command-line interface

CO Common Audit Service Configuration Console

CON Security Access Manager console

CTG Authorization service

DPW Secure reverse proxy

FMS Management service

FBT Protocol service

IDS Identity service

IN Common Auditing and Reporting Service installation

ISJ Alias service JDBC component

ISL Alias service LDAP component

IVT Installation verification test

KES Key service keystore management

KJK Key service keystore management

LIB Liberty single sign-on protocol

LOG Logging

MB Common Audit Service Configuration MBean

MGT Management

Figure 1. Message ID format

2 IBM Security Access Manager for Mobile: Error Message Reference

MET Metadata handling

MOD Module

OID OpenID messages

PWD Password handling

RPT Report messages

RTE Runtime environment component configuration

SML SAML single sign-on protocol

SOC SOAP client

SPS Single sign-on protocol service

STM Secure token service

STS Secure token service modules

STZ RACF® PassTicket tokens

SU Common Audit Staging Utility

TAC Tivoli Access Manager configuration as point-of-contact server

TRC Trust client

USC User self care

WS Common Auditing and Reporting Service Mobile service

WSF WS-Federation single sign-on protocol

WSP Provisioning service

WSS Mobile services security management

XS Common Audit Service XML data store

XU Common Audit Service XML store utilities

Severity

Associated with each message is a severity level that indicates whether correctiveaction must be taken.

Table 1. Severity level

Severity Description

I (Informational) Provides information or feedback about normal events that occur. Ingeneral, no action needs to be performed in response to aninformational message.

FBTRTE033I The domain default was successfully created.FBTSTM066I The Trust Service has been disabled.

W (Warning) Indicates that a potentially undesirable condition has occurred, butprocessing can continue. Intervention or corrective action might benecessary in response to a warning message.

FBTLOG002W An integer was expected.FBTTRC004W The returned RequestSecurityTokenResponsedid not have a wsu:Id

Chapter 1. Message overview 3

Table 1. Severity level (continued)

Severity Description

E (Error) Indicates that a problem has occurred that requires intervention orcorrection before processing can continue. An error message might beaccompanied by one or more warning or informational messages thatprovide additional details about the problem.

FBTCON013E The federation with ID insert could not beretrieved from the single sign-on protocol service.Explanation:This error can occur if the console is unable tocommunicate with the single sign-on protocol service.

FBTSML260E The binding value value for attribute attris not valid for profile profile.

Message text

The text of the message, in the system locale, also is recorded in the log file. If themessage text is not available in the desired language, the English language text isused.


Chapter 2. Secure Reverse Proxy Messages

These messages are provided by the secure reverse proxy component.

CTGSI0301E Initialization of the distributed sessioncache server failed.

Explanation: The distributed session cache server wasunable to initialize and cannot function until the causeof the failure is corrected.

Administrator response: Inspect the application serverlog files for details, take any necessary correctiveaction, and restart the distributed session cache server.

CTGSI0302W The client is not registered with thedistributed session cache server.

Explanation: The client is not registered with thedistributed session cache server. Clients must registerbefore performing any operations.

Administrator response: No action is necessary.

CTGSI0303E The client is not authorized to performthe requested operation.

Explanation: The client attempted to perform anoperation that it is not authorized to perform.

Administrator response: If the client is expected to beauthorized to perform the requested operation thencorrect the security policy that applies to thedistributed session cache server.

CTGSI0304W The concurrent session limit for theuser has been reached.

Explanation: The attempt to create a new session forthe user failed because creating another session wouldexceed the concurrent session limit for the user.


CTGSI0305W The client attempted to create asession with a session ID that is alreadyin use.

Explanation: The session ID specified for the newsession already exists in the shared session cache. Theclient must choose a new ID for the session.


CTGSI0306E The client attempted to use a replica setthat does not exist in the distributedsession cache server configuration.

Explanation: The client attempted to use a replica set

that has not been specified in the distributed sessioncache server configuration. All replica set names mustbe specified in the distributed session cache serverconfiguration.

Administrator response: Verify the client'sconfiguration specifies all replica set names correctlyand the distributed session cache server's configurationincludes all any necessary replica sets.

CTGSI0307E The client attempted to perform anoperation on a replica set that it has notjoined.

Explanation: When clients connect to the distributedsession cache server they must specify the names of allreplica sets they will use. This error indicates a clienthas not done so.

Administrator response: Verify the client is correctlyconfigured.

CTGSI0308E The client attempted to create or modifya session such that its concurrentsession key would not be valid.

Explanation: Sessions stored by the distributed sessioncache server can include session data items indicatingthe concurrent session key. Either all of these sessiondata items must be present and valid, or none of them.This error indicates that some, but not all, of thesession data items were present.

Administrator response: This error indicates aproblem with the configuration of the client or aprogramming error. Examine the sections of the clientconfiguration relating to concurrent session limits andsession displacement. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0309W The client's version of the session isout of date.

Explanation: The client issued a session modificationrequest based on an out of date version of the session.The client must retrieve the current version of thesession and retry the request.



CTGSI0310W The client specified a capability maskthat does not match the active capabilitymask.

Explanation: The client specified a capability maskthat does not match the active capability mask. Theclient will not be able to register until the distributedsession cache server is restarted and initialized with amatching capability mask.

Administrator response: Ensure all clients accessingthe distributed session cache server are compatible withthe version of the distributed session cache server. Itmay be necessary to restart the distributed sessioncache server and all active clients to correct thiscondition. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0311E The distributed session cache server wasunable to generate a new key.

Explanation: The distributed session cache server wasunable to generate a new key.

Administrator response: Examine the distributedsession cache server logs for further details. It may benecessary to restart the distributed session cache servercompletely to correct this condition.

CTGSI0312W The session was not found.

Explanation: The distributed session cache server wasunable to find a session with the session ID specifiedby the client.


CTGSI0313E A parameter value was not valid.

Explanation: The client specified a parameter valuethat was not valid to the distributed session cacheserver.

Administrator response: If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0314E The specified client instance ID hasalready been registered by anotherclient.

Explanation: Each client that makes use of thedistributed session cache server must register a uniqueinstance ID. This message indicates a client attemptedto use an instance ID that another client had alreadyregistered.

Administrator response: Restart the client. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/

software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0315E The distributed session cache serverencountered an error and was unable tocomplete the operation.

Explanation: While processing the client's request, thedistributed session cache server encountered an errorthat prevented it from completing the operation.

Administrator response: Inspect the distributedsession cache server logs to identify the nature andcause of the error. Take any necessary correctivemeasures. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0316E The client attempted to register using anactive client name from a different IPaddress than was used to register theactive instance.

Explanation: The client attempted to register using anactive client name from a different IP address than wasused to register the active instance.

Administrator response: Inspect the client'sconfiguration to ensure each client uses a uniquereplica name. The distributed session cache server logsindicate the IP addresses of the clients using the sameclient name. If the IP address of the client has recentlychanged, wait until the distributed session cache serverexpires the previous registration before restarting theclient. The amount of time to wait is controlled by thedistributed session cache server's client idle timeoutconfiguration parameter.

CTGSI0317W The client attempted an idle timeoutoperation but the capabilities requiredto support idle timeouts have not beenenabled.

Explanation: The first client to start-up requested a setof capabilities from the distributed session cache serverthat did not include the session interest list capability.This capability is required to support idle timeout ofsessions.

Administrator response: Examine any clientconfiguration options relating to distributed sessioncache server capabilities. To change the active set ofcapabilities, all clients must be shut-down, and thedistributed session cache server restarted. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0310W • CTGSI0317W


CTGSI0319E The client issued a change sessionrequest with no session data changes.

Explanation: The client issued a change sessionrequest with no session data changes.


CTGSI0320E The interface version requested by theclient is not supported by this server.

Explanation: The interface version requested by theclient is not supported by this server.

Administrator response: Ensure the versions of clientsoftware and server software are compatible.

CTGSI0321W The distributed session cache serverdetected a conflict resulting fromreplication of the changes.

Explanation: The distributed session cache serverdetected a conflict resulting from replication of thechanges.


CTGSI0322E An invalid request parameter waspassed to the session administrationinterface.

Explanation: An invalid request parameter was passedto the session administration interface.

Administrator response: Retry the operationspecifying valid parameters. Consult the IBM SecurityAccess Manager Shared Session Administration Guidefor information about valid request parameters.

CTGSI0323E An unrecognized administrationoperation was passed to the distributedsession cache server's administrationinterface.

Explanation: The distributed session cache server'sadministration interface can only handle known requesttypes from its clients. An unrecognized request typewas sent from a client.

Administrator response: Ensure the requestedadministration operation is currently enabled and thatthe version of the client software in use is supported bythis version of the distributed session cache server.

CTGSI0324E The request from the client requires acapability of the distributed sessioncache server that is not enabled by thedistributed session cache server.

Explanation: The request from the client requires a

capability of the distributed session cache server that isnot enabled by the distributed session cache server.


CTGSI0325E The client attempted to use a sessionrealm that does not exist in thedistributed session cache serverconfiguration.

Explanation: The client attempted to use a sessionrealm that does not exist in the distributed sessioncache server configuration. All session realm namesmust be specified in the distributed session cacheserver configuration.

Administrator response: Retry the operationspecifying a defined session realm.

CTGSI0327W The distributed session cache serverwas not able to replicate the changesacross the cluster.

Explanation: The distributed session cache server wasnot able to replicate the changes resulting from therequest across the cluster.

Administrator response: Check the distributed sessioncache server logs for more information concerning thiserror. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSI0328E Authentication failed. You have used aninvalid user name or password.

Explanation: An invalid user name or password wassupplied.

Administrator response: Check your authenticationinformation and try again.

CTGSI0329E Authentication failed. The accountassociated with the user has expired.

Explanation: The users account has expired.

Administrator response: Contact your systemadministrator to have the account reactivated.

CTGSI0330E Authentication failed. The credentialassociated with the user has expired.

Explanation: The user's credential has expired. Thiserror might indicate that the user's password hasexpired.

Administrator response: Contact your systemadministrator to renew the users credential.

CTGSI0319E • CTGSI0330E

Chapter 2. Secure Reverse Proxy Messages 7

CTGSI0331W The session limit for this sessionrealm has been reached.

Explanation: The attempt to create a new session forthe user failed because creating another session wouldexceed the session limit for the session realm.


CTGSM0301E The new instance, %s, of the client,%s, could not be stored.

Explanation: The session management server wasunable to store the details of the client.

Administrator response: Examine the log for furtherdetailed messages regarding the error, take anynecessary corrective action, and restart the client. Itmay also be necessary to restart the sessionmanagement server.

CTGSM0303E The list of keys stored in the sessionlist store, %s, for the replica set, %s,could not be retrieved.

Explanation: The session management server wasunable to retrieve the list of keys stored in the givensession list.

Administrator response: Examine the log for earliermessages regarding this error and take any necessarycorrective action. If the problem persists, restart thesession management server.

CTGSM0304E The session, %s, in the replica set,%s, does not have a concurrent sessionkey.

Explanation: Every session must include the data itemused as the key for maintaining concurrent sessioncounts. A session was either created without the dataitem, or the data item was removed as part of a sessionupdate.


CTGSM0305E The session, %s, in replica set, %s,could not be stored.

Explanation: A session could not be stored in thesession cache.

Administrator response: Examine the log for othermessages regarding the error and take any necessarycorrective action. The error might indicate resourceexhaustion.

CTGSM0306W The session management server hasrejected a session modification requestfrom the client, %s, for the session, %s,in the replica set, %s, based on anoutdated version of the session. Theclient has version number %s, while %sis the current version number.

Explanation: A client has issued a session updaterequest based on an outdated version of the session.The request has been rejected.

Administrator response: This condition cansometimes occur during normal operation of thesession management server. The client can correct thecondition by first requesting the current version of thesession, and then re-issuing the update request basedon that version. This error could also indicate aproblem with the client.

CTGSM0310W The client, %s, is not registered.

Explanation: The client attempted the perform anoperation without first registering with the sessionmanagement server.


CTGSM0311W Returning result: %s (code: 0x%s).

Explanation: The specified result is being returned tothe client. This message is usually only logged when anerror result is returned.

Administrator response: If the result indicates anerror has occurred, examine the log for further detailsand take any necessary corrective action.

CTGSM0312E A new instance of the client, %s, hasattempted to start-up. The existinginstance ID is %s, with the client ID of%s. The second instance ID is %s, withIP address %s.

Explanation: A replica attempted to register with thesession management server using a replica name thatwas already active, and its client ID was different tothat used to register the active instance. The replica'sregistration was denied by the session managementserver.

Administrator response: This message indicates tworeplicas are configured with the same replica name, andboth are attempting to register with the sessionmanagement server. If this message coincides with aplanned client ID change for a replica machine, thereplica cannot be restarted until its previous instance isexpired. Otherwise, examine the configuration on themachines with the client ID's given to determinewhether they have been configured to use the samereplica name. If so, change the replica name on onemachine. It may be necessary to explicitly configure thereplica name on both machines to avoid a conflict.

CTGSI0331W • CTGSM0312E


CTGSM0316E Single sign-on was requested insession realm, %s, but there is no singlesign-on mapping configured.

Explanation: A client requested a session be createdusing single sign-on within a session realm, but thesession management server configuration does notspecify a single sign-on mapping for the session realm.

Administrator response: Modify the sessionmanagement server configuration so it specifies a singlesign-on mapping to use within the session realm. Thesession management server must be restarted for thischange to take effect.

CTGSM0317E An error occurred during statisticsgathering setup: %s.

Explanation: An error occurred during statisticsgathering setup. Statistics will not be recorded until theerror is corrected and the session management serverapplication is restarted.

Administrator response: Examine this and earlier logmessages for more information regarding the error.Once the error has been corrected, restart the sessionmanagement server.

CTGSM0318E Initialization of the event timer class,%s, failed: %s

Explanation: The session management server usesdifferent event timer classes in different runtimeenvironments. This message indicates the event timerclass for this environment is not available. The sessionmanagement server will not function without an eventtimer.


CTGSM0319E The database, %s, could not beopened.

Explanation: The database may not exist or may haveother problems.


CTGSM0321E The event does not specify a session.

Explanation: The event may be corrupt or incorrectlycreated because it does not specify a session.


CTGSM0322E The session management server couldnot copy the file %s to %s: %s

Explanation: The session management server couldnot copy a file.

Administrator response: Examine the error messagefor more information on the error. Restart the sessionmanagement server application to retry the operation.If the problem persists, check IBM Electronic Supportfor additional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0323E The administration interface version,%s, requested by the client is notsupported by the server. The serversupports the following versions of theadministration interface: %s.

Explanation: The interface version requested by theclient is not supported by this server.

Administrator response: Ensure the versions of clientsoftware and server software are compatible.

CTGSM0324W J2EE security is disabled for thisapplication server. No security checkswill be performed by the sessionmanagement server administrationinterface.

Explanation: The session management serveradministration interface security depends on J2EEsecurity being enabled in the application server.

Administrator response: If security is required for thesession management server administration interfacethen enable J2EE security and restart the applicationserver.

CTGSM0325E Unable to retrieve message text formessage code {0}.

Explanation: The message text for the specifiedmessage code could not be retrieved.

Administrator response: Verify the files that make upthe session management server application are presentin the WebSphere application server installedapplications directory. The session management serverwill not function correctly until this problem iscorrected. It may be necessary to reinstall the sessionmanagement server application to correct this problem.

CTGSM0326E The file, %s, could not be deleted.

Explanation: A file could not be deleted.

Administrator response: Check that the file system iswritable, and that the file system permissions allow thefile to be deleted.

CTGSM0316E • CTGSM0326E


CTGSM0327E An error occurred duringinitialization of the class, %s, specifiedby property, %s: %s

Explanation: An error occurred during initialization ofan event handler class.

Administrator response: Examine the error messagefor information regarding the error and take anynecessary corrective action. The session managementserver application must be restarted.

CTGSM0328E An error occurred while replicatingsession management server data: %s

Explanation: An error occurred while replicatingsession management server data. This error mayindicate communication problems between clustermembers.

Administrator response: Examine the error messagefor information regarding the error and take anynecessary corrective action. It may be necessary torestart the session management server application. Ifthe problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0329E The session management server wasnot able to replicate an operation on thekey, %s, in the map, %s.

Explanation: The session management server was notable to replicate an operation on an entry in a storagemap to other nodes in the cluster. The client issuing therequest that resulted in the operation will be notified ofthe failure.

Administrator response: Check that all WebSpherecluster members are running correctly, and that thenetwork connections between each node arefunctioning. Multiple instances of this error mayindicate resource starvation or server availabilityproblems. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0330E The session management serverinstance was not able to establishcommunication with other instances inthe cluster: %s.

Explanation: The session management server instancewas not able to establish communication with otherinstances in the cluster.

Administrator response: Restart the server on whichthis instance of the session management server runs. Ifthe problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/

software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0332E The session management server wasnot able to obtain a cluster-wide lock onthe item, %s: %s

Explanation: The session management server was notable to obtain a cluster-wide lock on a data item inorder to update it.


CTGSM0333E The session management server wasnot able to release a lock on the item,%s: %s

Explanation: The session management server was notable to release a cluster-wide lock on a data item afterupdating it.


CTGSM0334E Transfer of existing sessionmanagement server data to a newinstance, %s, failed: %s.

Explanation: Transfer of existing session managementserver data to a new instance failed. The new instancewill not process requests until it is restarted.

Administrator response: Restart the server on whichthe new instance runs. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0335E An error occurred while receivingsession management server data fromanother instance: %s

Explanation: An error occurred while receivingsession management server data. This error mayindicate communication problems between clustermembers.

Administrator response: Examine the error message



for information regarding the error and take anynecessary corrective action. It may be necessary torestart the session management server application. Ifthe problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0336E The replication operation messagewas badly formed.

Explanation: A replication operation message, used totransfer data between session management serverinstances, was badly formed.

Administrator response: This message indicates aserious problem relating to session management serverdata replication. Restart the session management serverapplication. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0337E Initialization of the event workerclass, %s, failed: %s

Explanation: The session management server usesdifferent event worker classes in different runtimeenvironments. This message indicates the event workerclass for this environment is not available.


CTGSM0450E An SQL error has occurred: %s (SQLerror code: %s, SQL state: %s).

Explanation: The session management server hasencountered an SQL error during a database operation.

Administrator response: This message may indicateresource starvation problems, such as disk space ormemory exhaustion. Examine the system's resourceusage to see if this is the case. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0451E The JDBC driver could not beinitialized: %s

Explanation: The JDBC driver required to access thesession management server database tables could notbe initialized.

Administrator response: Check the properties of theJDBC data source configured for use by the sessionmanagement server and restart the sessionmanagement server.

CTGSM0452E The database table, %s, was notfound.

Explanation: One of the session management serverdatabase tables is missing.

Administrator response: Correct the databaseconfiguration and restart the session managementserver. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0453E The column, %s, in the databasetable, %s, was not found.

Explanation: A column in one of the sessionmanagement server database tables is missing.


CTGSM0454E The column, %s, in the databasetable, %s, has the wrong type. Theexpected type is %s, but the type in thedatabase is %s.

Explanation: A column in one of the sessionmanagement server database tables has the wrong type.


CTGSM0457E The column, %s, in the databasetable, %s, is not a primary key.

Explanation: A column in one of the sessionmanagement server database tables is not a primarykey.


CTGSM0458E The column, %s, in the databasetable, %s, is not configured to use aforeign key.

Explanation: A column in one of the sessionmanagement server database tables is not configured touse a foreign key.




CTGSM0459E The foreign key column, %s, in thedatabase table, %s, imports its key fromthe table, %s, but it should import fromthe table, %s.

Explanation: A column in one of the sessionmanagement server database tables has amisconfigured foreign key.


CTGSM0460E The foreign key column, %s, in thedatabase table, %s, imports its key fromthe column, %s, but it should importfrom the column, %s.



CTGSM0461E The foreign key column, %s, in thedatabase table, %s, uses the update rule,%s, but it should use the update rule,%s.



CTGSM0462E The foreign key column, %s, in thedatabase table, %s, uses the delete rule,%s, but it should use the delete rule, %s.



CTGSM0463E No index was found for the column,%s, in the database table, %s.

Explanation: The database does not contain an indexfor the specified column.


CTGSM0464E The JDBC driver could not beinitialized.

Explanation: The JDBC driver required to access thesession management server database tables could notbe initialized.

Administrator response: Check the properties of theJDBC data source configured for use by the sessionmanagement server. The session management servermay need to be restarted.

CTGSM0602E The session management server wasnot able to load the class %s: %s.

Explanation: The session management serverconfiguration specifies that it must load the given classfor SSO mapping, session data inspection, or datareplication. The class could not be loaded, for the givenreason.

Administrator response: Verify all class namesspecified in the session management serverconfiguration are spelled correctly, and all necessaryfiles are present in the application's class path.

CTGSM0603E The session management server wasnot able to create an instance of theclass %s: %s.

Explanation: The session management serverencountered an error while trying to instantiate theclass.

Administrator response: Check the class name iscorrect, and the Java security policy allows the sessionmanagement server to instantiate the class, then restartthe application. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman



CTGSM0604E The session management serverconfiguration specifies an illegal valuefor the %s property: %s.

Explanation: The property value must be a positiveinteger, but the configuration file specifies either anon-integer or a negative value.

Administrator response: Modify the configuration fileso a positive integer is specified for the namedproperty, and restart the session management server.

CTGSM0617E An unknown single sign-onmapping, %s, was specified for thesession realm, %s.

Explanation: The single sign-on mapping namespecified in the configuration for a session realm doesnot match any of the configured single sign-onmappings.

Administrator response: Verify the single sign-onmapping name is correctly specified and restart thesession management server.

CTGSM0618E The session management server wasunable to identify the version ofWebSphere application server.

Explanation: The session management serverapplication needs to identify the application serverversion in order to perform statistics gathering. Thismessage indicates that it was not able to do so.

Administrator response: Ensure you are running thesession management server application on a supportedversion of WebSphere application server. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0619E A Java class name is required to bespecified in the session managementserver configuration by property %s.

Explanation: Each extension specified in the sessionmanagement server configuration must include thename of a Java class implementing the extensionfunctionality. The specified property does not specify aclass name.

Administrator response: Examine the sessionmanagement server configuration. Verify all extensionnames and property names are specified correctly, andeach extension configuration includes the correct Javaclass name. Restart the session management serverapplication.

CTGSM0620E The Java class, %s, specified byproperty, %s, is not a valid sessionmanagement server %s class.

Explanation: The Java class configured for thespecified property name does not an implementation ofthe expected interface.

Administrator response: Ensure all Java class namesspecified in the session management serverconfiguration are correct. Restart the sessionmanagement server application.

CTGSM0622W The session management server wasunable to read the Tivoli CommonDirectory configuration file: %s

Explanation: The session management server wasunable to read the Tivoli Common Directoryconfiguration file. The Tivoli Common Directory can beused in the logging destination configuration. Any loghandlers configured to use the Tivoli CommonDirectory variable will write to an incorrect locationuntil the problem is corrected.

Administrator response: Verify the Tivoli CommonDirectory configuration file exists and is readable.Restart the session management server once theproblem has been corrected

CTGSM0626E An error occurred while reading theconfiguration file %s: %s

Explanation: An error occurred while attempting toread the configuration file.

Administrator response: Examine the error messageto determine the cause of the problem. Once theproblem has been corrected, restart the sessionmanagement server.

CTGSM0627E An error occurred while writing theconfiguration file %s: %s

Explanation: An error occurred while attempting towrite the configuration file.

Administrator response: Examine the error messageto determine the cause of the problem. Once theproblem has been corrected, restart the sessionmanagement server.

CTGSM0633W The session management server wasunable to access the Windows registry:%s

Explanation: The session management server attemptsto access the Windows registry in order to locate theTivoli Common Directory configuration file and theproduct installation directory. In this case the sessionmanagement server was unable to access the Windowsregistry.

CTGSM0604E • CTGSM0633W


Administrator response: Examine the error messageto determine the cause of the problem. Verify theWebSphere application server configuration includes ashared library definition for the session managementserver registry access library. Check the sessionmanagement server deployment descriptor includes areference to this shared library. If Java 2 security policyis enforced, ensure the session management serverpolicy file includes the permissions required to load theregistry access shared library. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0634E The session management serverinstallation directory could not bedetermined: %s

Explanation: The session management server wasunable to determine the directory in which it is storedunder the WebSphere application server installapplications directory.

Administrator response: Examine the error messageto determine the cause of the problem. If Java 2security policy is enforced, ensure the sessionmanagement server policy file includes the permissionsrequired to read files in the WebSphere applicationserver configuration directory. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0637W An error was encountered whilereading output from the process, %s: %s

Explanation: An error was encountered while readingoutput from a process run during session managementserver configuration.

Administrator response: No action is necessary. If theconfiguration process failed, not all of the output fromthe process will be available.

CTGSM0638E The command, %s, run duringsession management serverconfiguration has exceeded the timelimit of %s seconds and has beenterminated.

Explanation: A process run during sessionmanagement server configuration has exceeded thetime limit. The process has been terminated, andsession management server configuration will fail as aresult. The captured output from the process will beincluded in a later log message.

Administrator response: Examine the output from theprocess, which is included in a later log message, todetermine the reason the process did not complete

within the time limit. Restart the session managementserver to retry the configuration process. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0639E An error was encountered whileattempting to execute the command, %s,during session management serverconfiguration: %s

Explanation: An error was encountered whileattempting to execute a process during sessionmanagement server configuration.

Administrator response: Examine the error messageto determine the cause of the problem. Restart thesession management server application to retry theconfiguration process. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0640E The directory, %s, could not becreated.

Explanation: A directory could not be created.

Administrator response: Check that the file system iswritable and has sufficient free space, and that the filesystem permissions allow the directory to be created.

CTGSM0641E An error was encountered whileconfiguring the Tivoli CommonDirectory: %s

Explanation: An error was encountered whileconfiguring the Tivoli Common Directory.

Administrator response: Examine the error messageto determine the cause of the error. Restart the sessionmanagement server application to retry theconfiguration process. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0642E Activation of the session managementserver configuration MBean failed: %s

Explanation: Activation of the session managementserver configuration MBean failed.

Administrator response: Examine the error messageto determine the cause of the error. It may be necessaryto restart the WebSphere application server deploymentmanager to correct the problem.



CTGSM0644E The session management serverconfiguration application could notcreate a new WebSphere applicationserver SSL configuration: %s

Explanation: The session management server couldnot create a new WebSphere application server SSLconfiguration.

Administrator response: Examine the error messageto determine the cause of the error. Run the sessionmanagement server configuration program again toretry the operation. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0645E The session management serverconfiguration application could notremove the WebSphere applicationserver SSL configuration, %s: %s

Explanation: The session management serverconfiguration application could not remove theWebSphere application server SSL configuration.

Administrator response: Examine the error messageto determine the cause of the error. Attempt to removethe SSL configuration manually through the WebSphereapplication server administration console. Run thesession management server configuration programagain to retry the operation. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0648E Failed to access the WebSphereapplication server configuration service.

Explanation: The session management server couldnot access the WebSphere application serverconfiguration service in order to complete itsconfiguration.


CTGSM0649E Failed to locate the WebSphereapplication server securityconfiguration.

Explanation: The session management server couldnot locate the WebSphere application server securityconfiguration in order to complete its configuration.


CTGSM0651W An error occurred while parsing theWebSphere application serverconfiguration: %s

Explanation: An error occurred while parsing theWebSphere application server configuration. Thelogging for the Session management server may notfunction correctly until the problem is resolved.

Administrator response: The message showndescribes the error condition that occurred. Take theappropriate corrective action based on the detailscontained within the message.

CTGSM0652E An error occurred while retrievingthe list of applications installed on theWebSphere application server: %s

Explanation: An error occurred while retrieving thelist of applications installed on the WebSphereapplication server. The session management serverconfiguration application will not function correctlyuntil the problem is resolved.


CTGSM0653E An error occurred while parsing theconfiguration of the application, %s: %s

Explanation: An error occurred while parsing theconfiguration of the named application. The sessionmanagement server configuration application will notfunction correctly until the problem is resolved.


CTGSM0654E An error occurred while attempting torestart the application, %s: %s

Explanation: An error occurred while attempting torestart the named application.

Administrator response: The message showndescribes the error condition that occurred. Take theappropriate corrective action based on the detailscontained within the message. The session managementserver configuration process will not proceed until thesession management server application is restarted. Ifthe session management server application is restartedmanually, the configuration process will proceed, butthe results will not be reported to the configurationprogram.



CTGSM0659E The deployment descriptor for thesession management server applicationcould not be located.

Explanation: The deployment descriptor for thesession management server application could not belocated.


CTGSM0663E The session management server wasnot able to create an instance of theclass %s.

Explanation: The session management serverencountered an error while trying to instantiate theclass.

Administrator response: Examine the log for earliermessages indicating why the class could not beinstantiated. Check the class name is correct, and theJava security policy allows the session managementserver to instantiate the class, then restart theapplication. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0666E The specified configuration session isnot active.

Explanation: The specified configuration session is notactive. This may mean that the target sessionmanagement server instance has been restarted, or thatthe configuration session has been displaced by anewer session.

Administrator response: Retry the configurationaction.

CTGSM0667E The session management server wasnot able to lock the distributedconfiguration: %s

Explanation: Before updating its configuration, thesession management server first locks the configurationto protect against concurrent updates. This failure mayindicate there are communication problems between theWebSphere application servers hosting the sessionmanagement server.

Administrator response: Examine the detailed errormessage and previous entries in the WebSphereapplication server logs for more information about theerror.

CTGSM0668E The session management server wasnot able to unlock the distributedconfiguration: %s

Explanation: Before updating its configuration, thesession management server first locks the configurationto protect against concurrent updates. This failure mayindicate there are communication problems between theWebSphere application servers hosting the sessionmanagement server.


CTGSM0669E The session management server wasnot able to retrieve the configurationstate from other instances in the cluster:%s

Explanation: This may indicate there arecommunication problems between the WebSphereapplication servers hosting the session managementserver.


CTGSM0670E The session management server wasnot able to distribute the updatedconfiguration across the cluster: %s

Explanation: The session management server was notable to distribute the updated configuration to otherinstances in the cluster. This may indicate that there arecommunication problems between the WebSphereapplication servers hosting the session managementserver. Unless this problem is corrected, futureconfiguration operations may operate on an outdatedversion of the configuration.

Administrator response: Examine the detailed errormessage and previous entries in the WebSphereapplication server logs for more information about theerror. It may be necessary to restart the applicationserver instance that logged this message.

CTGSM0671E The session management server wasnot able to distribute configurationresult information across the cluster: %s

Explanation: The session management server was notable to distribute the updated configuration to otherinstances in the cluster. This may indicate that there arecommunication problems between the WebSphereapplication servers hosting the session managementserver.

Administrator response: Examine the detailed errormessage and previous entries in the WebSphere



application server logs for more information about theerror. It may be necessary to restart the applicationserver instance that logged this message.

CTGSM0672E The new configuration is based on aprevious version of the configuration.The current configuration is version %dand the new configuration is version%d.

Explanation: An update to the session managementserver configuration has a version number older thanor equal to that of the current configuration.

Administrator response: Retry the configurationoperation.

CTGSM0673E A component with the name %salready exists in the %s component set.

Explanation: An attempt was made to add acomponent to a set using a name already present inthat component set.

Administrator response: Retry the operation using adifferent name for the component.

CTGSM0674E The component %s from componentset %s failed to initialize: %s

Explanation: An SMS component failed to initialize.The component will not be available until the problemis fixed. This may make the session management serverunavailable until the problem is fixed.

Administrator response: Examine the error messagefor details of the failure. It may be necessary toreconfigure or restart the session management server.

CTGSM0675E The component %s was not found inthe component set %s.

Explanation: The specified component does not existin the configuration.

Administrator response: Check the component nameand retry the configuration operation.

CTGSM0676E An unknown configurationcomponent set identifier, %d, wasspecified.

Explanation: The configuration component setspecified does not match any of the known componentsets.

Administrator response: Check the component setidentifier and retry the configuration operation.

CTGSM0677E The session realm, %s, cannot beremoved because it still contains replicasets.

Explanation: Session realms cannot be removed whilethey still contain replica sets.

Administrator response: Remove the replica sets thatare still in the session realm before removing thesession realm.

CTGSM0678E An unknown session realm name, %s,is specified in the configuration for thereplica set, %s.

Explanation: The configuration for the replica setspecifies a session realm name that does not match anyconfigured session realm.

Administrator response: Check the session realmname for the replica set. Either create a session realmmatching the name specified in the replica setconfiguration or change the replica set configuration tomatch an existing session realm. The replica set will notbe available until the problem is corrected.

CTGSM0679E An attempt to process an SMS eventfailed: %s.

Explanation: The session management serverencountered an error while trying to process an event.

Administrator response: Examine the log for othermessages relating to this error, and take any necessarycorrective action. If the problem persists, restart thesession management server.

CTGSM0750E The SecureRandom algorithm, %s,could not be loaded: %s

Explanation: The SecureRandom algorithm specifiedin the session management server configuration couldnot be loaded.

Administrator response: Verify the SecureRandomalgorithm specified in the session management serverconfiguration is correct, and restart the application.

CTGSM0751E The SecureRandom provider, %s, wasnot found: %s

Explanation: The SecureRandom provider specified inthe session management server configuration could notbe found.

Administrator response: Verify the SecureRandomprovider specified in the session management serverconfiguration is correct, and restart the application.



CTGSM0752E The session management server wasunable to determine the current keydetails.

Explanation: The session management server wasunable to determine the current key details. The keyinformation may have become corrupted.

Administrator response: Request a change of keyusing the administration interface. If the problempersists, restart the session management server.

CTGSM0753E The session management server wasunable to find the key with ID: %s.

Explanation: The session management server wasunable to find the key. The key information may havebecome corrupted.

Administrator response: Request a change of keyusing the administration interface. If the problempersists, restart the session management server.

CTGSM0754E An error occurred while updating thekey distribution information. Theparameter, %s, could not be associatedwith the value: %s.

Explanation: While updating the key distributioninformation, the session management serverencountered an error.

Administrator response: Examine the log for othermessages relating to this error, and take any necessarycorrective action. Request a key change using theadministration interface. If the problem persists, restartthe session management server.

CTGSM0755W An error occurred while updatingthe key distribution information. Theexpired key, %s, could not be removed.

Explanation: While updating the key distributioninformation, the session management serverencountered an error. This condition does not effect theoperation of the session management server, but it mayindicate future errors.

Administrator response: Examine the log for othermessages relating to this error, and take any necessarycorrective action. Unless the other messages indicate aserious problem, it is not necessary to request a newkey or restart the session management server.

CTGSM0901E The session management server wasnot able to initialize the IBM SecurityAccess Manager Runtime for Java: %s

Explanation: The session management server mustinitialize the IBM Security Access Manager Runtime forJava. This message indicates the initialization failed

Administrator response: Examine this and earlier log

messages for information regarding the error and takeany necessary corrective action. Verify the IBM SecurityAccess Manager Runtime for Java configuration URL isspecified correctly. The session management serverapplication must be restarted.

CTGSM0902W An error occurred while accessing aIBM Security Access Managercredential: %s

Explanation: An error occurred while accessing a IBMSecurity Access Manager credential.

Administrator response: Examine the error messagefor specific details of the error. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM0903W The session, %s, does not contain aIBM Security Access Managercredential.

Explanation: The identified session does not contain aIBM Security Access Manager credential. Allauthenticated sessions stored in the sessionmanagement server must contain a credential.


CTGSM0904E A configuration value required toconfigure the IBM Security AccessManager Runtime for Java is missing:%s.

Explanation: One of the configuration values requiredto configure the IBM Security Access Manager Runtimefor Java is missing.


CTGSM0905E Configuration of the IBM SecurityAccess Manager Runtime for Java failed:%s

Explanation: Configuration of the IBM Security AccessManager Runtime for Java has failed.

Administrator response: Examine the error messagefor information regarding the error and take anynecessary corrective action. Verify that the IBM SecurityAccess Manager policy server and the user registryserver are available. The session management serverapplication must be restarted.



CTGSM0906E Unconfiguration of the IBM SecurityAccess Manager Runtime for Java failed:%s

Explanation: Unconfiguration of the IBM SecurityAccess Manager Runtime for Java has failed.

Administrator response: Examine the error messagefor information regarding the error and take anynecessary corrective action. Verify that the IBM SecurityAccess Manager policy server and the user registryserver are available. The session management serverapplication must be restarted.

CTGSM0907E An error was encountered whilecreating the key and trust store filesused to authenticate clients of thesession management server: %s

Explanation: An error was encountered while creatingthe key and trust store files used to authenticate clientsof the session management server.

Administrator response: Examine the error messagefor information regarding the error and take anynecessary corrective action. Verify that the necessaryJava security providers are available. The sessionmanagement server application must be restarted.

CTGSM0908E IBM Security Access Managerintegration has not been enabled for thesession management server.

Explanation: A Security Access Manager configurationoperation was requested, but Security Access Managerintegration has not been enabled.

Administrator response: Enable Security AccessManager integration before attempting further SecurityAccess Manager configuration.

CTGSM0909E The IBM Security Access ManagerRuntime for Java is not currentlyavailable.

Explanation: The IBM Security Access ManagerRuntime for Java is not currently available.

Administrator response: Examine earlier log messagesto determine the cause of the problem. This mayindicate a problem with the IBM Security AccessManager policy server. The session management servermay need to be restarted.

CTGSM0910W The session, %s, does not contain auser UUID.

Explanation: The identified session does not contain auser UUID. This information is required for therecording of last login information. The informationshould be supplied either as session data, or as a partof a IBM Security Access Manager credential.


CTGSM1050E Multiple values for the %s attributeof the %s session management serveradministration interface request werespecified but no more than one valuemay be specified.

Explanation: The client sent multiple values for theindicated request attribute but the attribute may onlyhave a single value.

Administrator response: Ensure the version of theclient software in use is supported by this version ofthe session management server.

CTGSM1051E The %s attribute of the %s sessionmanagement server administrationinterface request must be an integervalue - the %s value cannot be parsed asan integer.

Explanation: The specified request attribute must bean integer but the value provided by the client cannotbe parsed as an integer value.


CTGSM1052E The %s attribute of the %s sessionmanagement server administrationinterface request has a lower bound of%s - the value %s is too low.

Explanation: The client specified a value for thespecified request attribute that is less than theidentified attribute's minimum valid value.


CTGSM1053E The %s attribute of the %s sessionmanagement server administrationinterface request has an upper bound of%s - the value %s is too high.

Explanation: The client specified a value for thespecified request attribute that is greater than theidentified attribute's maximum valid value.




CTGSM1054E The required %s attribute of the %ssession management serveradministration interface request was notprovided by the client.

Explanation: A required request attribute was not sentby the session management server administrationinterface client.


CTGSM1055E The value (%s) of the %s attribute ofthe %s session management serveradministration interface request couldnot be processed. Error: %s.

Explanation: The indicated value of the indicatedattribute is not valid when specified as part of theindicated session management server administrationinterface request.


CTGSM1059E The session realm %s specified in a%s request of the session managementserver's administration interface is notrecognized by the session managementserver.

Explanation: The request from the client specified anundefined session realm name.

Administrator response: Retry the operationspecifying a defined session realm name.

CTGSM1060E The %s request failed with error: %s

Explanation: The request from the client could not beexecuted.

Administrator response: Examine the log for furtherdetailed messages regarding the error and take anynecessary corrective action.

CTGSM1061E The %s request caused an exception:%sException stack trace:%s

Explanation: The request from the client caused theindicated exception.


CTGSM1062E No HTTP request for administrationservice authorization.

Explanation: The HTTP request object could not beaccessed while authorizing an administration serviceoperation.


CTGSM1063E The user %s is not permitted todelegate access to the administrationservice.

Explanation: The identified user is not permitted todelegate access to the administration service.

Administrator response: If the identified user isexpected to be able to delegate access to theadministration service ensure they have thesms-delegator role.

CTGSM1064E Unable to authorize access for the %soperation requiring the %s role for user%s delegated by user %s.

Explanation: Authorization of a user for this operationhas failed. For further detailed information about thefailure examine earlier messages in the log containingthis message. Correct any problems and retry theoperation.

Administrator response: Examine the log containingthis message for more information describing the errorthat occurred and take the appropriate correctiveaction.

CTGSM1065E Authorization of user %s for role %sfailed. %s exception: %s

Explanation: The specified exception occurred whileattempting to authorize the user for the role.

Administrator response: The message showndescribes the error condition that occurred. Take theappropriate corrective action.

CTGSM1066E The administration request type, %s,cannot be handled by class, %s, asspecified by handler, %s, as it is alreadyconfigured to be handled by the class,%s.

Explanation: The session management serveradministration requests may only be configured to behandled by one handler. This message indicates that asingle request type is configured to be handled by morethan one handler.

Administrator response: Ensure the sessionmanagement server administration request handlers are



configured correctly and restart the application.

CTGSM1067E Failed to locate the DSessAdminrequest dispatcher.

Explanation: The request from the client could not beexecuted.


CTGSM1363E Validation of the last logininformation database table failed.

Explanation: The last login information database tablehas not been correctly created.

Administrator response: Refer to earlier log messagesregarding the creation of the last login informationdatabase table. Check that the table exists in thedatabase. It may be necessary to modify the tablemanually to allow the table validation to succeed.

CTGSM1369E An error occurred while installing acomponent into the WebSphereapplication server runtime. The file, %s,could not be copied to the targetlocation, %s.

Explanation: An error occurred while installing acomponent into the WebSphere application serverruntime.

Administrator response: Check that the permissionson the target directory permit the file to be copied andthat there is sufficient disk space. The file may also becopied into place manually. Restart the sessionmanagement server application.

CTGSM1500W The host name of this machine couldnot be determined.

Explanation: The host name of the machine on whichthe session management server is running could not bedetermined.

Administrator response: Check that the system hostname and network devices have been configuredcorrectly. Restart the session management serverapplication.

CTGSM1501E User information is required to reportan audit event but no sessioninformation is available.

Explanation: User information is required to report anaudit event but no session information is available.

Administrator response: If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/

support/index.html?ibmprd=tivman

CTGSM1505W The session creation time, %s, is inthe future. Check time synchronizationbetween SMS and client %s.

Explanation: The session creation timestampassociated with the session being terminated is laterthan the current time. This indicates clock skewbetween the SMS and the client that created thesession.

Administrator response: Synchronize the clocks of theSMS system and its clients and restart the SMS.

CTGSM1506E The auditing emitter configurationhas been set to debug mode. Events willnot be sent to a CARS emitter, they willbe written to the log file.

Explanation: The auditing emitter configuration hasbeen set to debug mode. Events will not be sent to aCARS emitter, they will be written to the log file.


CTGSM1507E The CARS Security Event Factoryreported an error while constructing anevent: %s

Explanation: The common audit reporting service(CARS) Security Event Factory reported an error whileconstructing an event for the reported reason.

Administrator response: Examine the reason for thefailure and take any necessary corrective action.

CTGSM1509E The CARS emitter reported an errorwhile sending an event: %s

Explanation: The common audit reporting service(CARS) emitter reported an error while sending anevent for the reported reason.


CTGSM1514E The common audit and reportingservice (CARS) encountered a severeerror when initializing: Error: %s, cause:%sError stack trace:%sCause stacktrace:%s

Explanation: The common audit and reporting service(CARS) encountered a severe error when initializing.




CTGSM1515E The common auditing serviceencountered a severe error whenshutting down: Error: %s, cause: %sErrorstack trace:%sCause stack trace:%s

Explanation: The common auditing serviceencountered a severe error when shutting down.


CTGSM1654E The command line option, %s, is notrecognized.

Explanation: The identified command line option ofthe smsbackup command is not recognized by thesmsbackup command.

Administrator response: Re-run the smsbackupcommand with correct command line options.

CTGSM1655E The %s command line optionrequires an argument.

Explanation: The identified smsbackup command lineoption requires an argument.

Administrator response: Consult the documentationfor the smsbackup command and re-run it specifying avalid argument for the option.

CTGSM1656E The argument to the -list option mustbe a readable file. The value provided,%s, is not a readable file.

Explanation: The value provided for the -list option ofthe smsbackup command does not identify a readablefile.

Administrator response: Re-run the smsbackupcommand specifying a valid value for the -list option.

CTGSM1657E The file, %s, could not be opened: %s

Explanation: The identified file could not be openedfor the specified reason.

Administrator response: Ensure that the name of thefile is correct, that it exists and is that it is readable.

CTGSM1658W Line %s of the list file %s, %s,cannot be interpreted.

Explanation: Not all of the contents of the filespecified by the -list option could be interpretedcorrectly.

Administrator response: Ensure the list file name isspecified correctly and that the contents of the file arenot corrupt.

CTGSM1659E The file, %s, could not be backed up:%s

Explanation: The file was indicated to be backed upby the list file and does exist but could not be backedfor the reason indicated by the exception shown.

Administrator response: Ensure that all files requiredto be backed up are accessible to the smsbackupprogram.

CTGSM1660E The command, %s, could not beexecuted: %s

Explanation: The command was indicated to beexecuted by the list file but execution failed for thereason indicated by the exception shown.

Administrator response: Ensure that all programsrequired to be executed are accessible to the smsbackupprogram.

CTGSM1662E The directory, %s, could not becreated: %s

Explanation: The directory specified as the outputpath does not exist and could not be created.

Administrator response: Re-run the smsbackupcommand specifying a different value for -path optionor ensuring that you have permission to create thespecified directory.

CTGSM1663E An error occurred writing to the file,%s: %s

Explanation: The file specified could not be written tofor the reason indicated.

Administrator response: Ensure that the file systemcontaining the file has sufficient space and that thedirectory containing the file may be written to.

CTGSM1800E The property, %s, which is requiredto configure the Java client API ismissing.

Explanation: One of the configuration values requiredto configure the Java client API is missing.

Administrator response: Add the property to thesupplied properties object.

CTGSM1801E A configuration value required toconfigure the Java client API is missing:%s.

Explanation: The specified configuration item has notbeen supplied to the DSessClientConfig class.

Administrator response: Ensure that the specifiedconfiguration item is passed into the DSessClientConfigclass.



CTGSM1802E The session management interface ofany configured session managementserver could not be accessed.

Explanation: An unsuccessful attempt has been madeto communicate with the session management interfaceof each configured session management server.

Administrator response: Ensure the sessionmanagement interface of at least one configured sessionmanagement server is available and can be reached bythe client. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM1803E An internal error occurred within theJava client API: %s.

Explanation: An internal error occurred within theJava client API.


CTGSM1804E The MAC algorithm, %s, could not beloaded: %s

Explanation: The MAC algorithm which is used forSession ID generation and validation could not beloaded.


CTGSM1805E The provided session ID, %s, isinvalid.

Explanation: The session ID that was provided to theJava client API failed the cyrpographic check which isused to validate ID's.

Administrator response: The client of the API shoulddisregard the locally cached session and should returnan error back to the client.

CTGSM1806E The provided session ID, %s, wasincorrectly formatted.

Explanation: The session ID that was provided to theJava client API was of an incorrect format.

Administrator response: The client of the API shoulddisregard the locally cached session and should returnan error back to the client.

CTGSM1807E A request was made to send a sessionwhich contained no data to the SMS.

Explanation: The session which was to be sent to theSMS contains no session data.

Administrator response: The client of the API shouldnot be sending any empty sessions to the SMS. Areview of the client code should be conducted.

CTGSM1950E An exception occurred whileperforming a WebSphere eXtreme Scaledata replication operation: %s

Explanation: An exception occurred while performinga WebSphere eXtreme Scale data replication operation.

Administrator response: Examine the details of theWebSphere eXtreme Scale error to determine the causeand take appropriate action. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM1951E The session management server wasunable to initialize the WebSphereeXtreme Scale data replication service.

Explanation: The session management server wasunable to initialize the WebSphere eXtreme Scale datareplication service.

Administrator response: Examine previous logmessages for more details of the underlying cause ofthe failure. Once the underlying problem has beencorrected, restart the application server.

CTGSM1952E Initialization of the WebSphereeXtreme Scale data replication servicefailed: %s

Explanation: Initialization of the WebSphere eXtremeScale data replication service failed. The sessionmanagement server will not function until this problemis corrected.

Administrator response: Examine the details of theWebSphere eXtreme Scale error to determine the cause.Once the underlying problem has been corrected,restart the application server. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

CTGSM1954E An exception occurred during aremote WebSphere eXtreme Scaleoperation on server %s: %s

Explanation: An exception occurred during aWebSphere eXtreme Scale operation on a remote server.



Administrator response: Examine the details of thismessage and the logs on the named server for moreinformation on the cause of the problem and take anyappropriate action.

DPWAD0309E The WebSEAL administration servicehas not been initalized.

Explanation: The WebSEAL administration serviceplug-in failed to initialize properly.

Administrator response: Check for other initializationerrors and/or configuration problems that may havepreviously occurred.

DPWAD0312E Object list failed: %s

Explanation: The object list command failed tocomplete correctly.

Administrator response: This is a generic error whichwill contain further details when output.

DPWAD0328E The junction import commandreceived invalid data

Explanation: An error occurred when trying to extractone or more of the junction attributes sent in the admincommand.

Administrator response: Check that the data beingpassed into the junction import command is valid.

DPWAD0329E The junction import commandreceived an invalid version

Explanation: The version in the junction definition isnot supported by this version of WebSEAL

Administrator response: Check the version of thejunction in the XML definition

DPWAD0330E The junction import could not createthe junction file

Explanation: WebSEAL can not create the junction file.

Administrator response: Check the filesystem to makesure there is space available, or that the WebSEALserver has permissions to create/write the file.

DPWAD0331E The junction import could not writethe junction file

Explanation: An error occurred writing the junctiondefinition.

Administrator response: Check the filesystem to makesure there is space available, or that the WebSEALserver has permissions to create/write the file.

DPWAD0332E The junction export could not readthe junction directory

Explanation: An error occurred while trying to readthe contents of the junction database directory.

Administrator response: Check to make sure thatWebSEAL is able to read the contents of the directorywhich is configured to contain the junction definitions.

DPWAD0333E Unable to add junction attributesinto command handler

Explanation: An error occurred returning the junctiondata to the client

Administrator response: This is an internal errorwhich occurs when WebSEAL is marshalling thejunction data to the export command. Check for othererrors occurring previously.

DPWAD0334E An invalid junction point wasspecified.

Explanation: WebSEAL was unable to build thejunction filename.

Administrator response: An internal error occurred inWebSEAL when trying to build the encoded filename.Check for previous errors.

DPWAD0335E Error reading junction point %s.

Explanation: The file name representing the junctioncould not constructed.

Administrator response: An internal error occurred inWebSEAL when trying to build the encoded filename.Check for previous errors.

DPWAD0336E Error reading junction file %s.

Explanation: There was an error opening or parsingthe junction definition file.

Administrator response: Verify the .xml file exists, isreadable, and has valid data.

DPWAD0342E Error reading input user session id.

Explanation: There was an error parsing the usersession id.

Administrator response: Verify that the input is beingpassed correctly.

DPWAD0343E Error reading input user id.

Explanation: There was an error parsing the user ID.

Administrator response: Verify that user ID is beinginput correctly.

DPWAD0309E • DPWAD0343E


DPWAD0345E No matching User Session found.

Explanation: Bad input, or User session was alreadyterminated.

Administrator response: Verify validity of input, orassume session was already terminated.

DPWAD0362E The dynurl configuration file %scannot be opened for reading.

Explanation: An attempt to open the dynurlconfiguration file for reading failed

Administrator response: Ensure that the file exists onthe WebSEAL server and is readable

DPWAD0363E The jmt configuration file %s cannotbe opened for reading.

Explanation: An attempt to open the jmt configurationfile for reading failed

Administrator response: Ensure that the file exists onthe WebSEAL server and is readable

DPWAD0364E You must specify a junction point toread or write an fsso configuration file.

Explanation: A junction point is necessary todetermine which fsso configuration file to read or write

Administrator response: Add the junction point to thejunction attribute of the indata attribute list

DPWAD0365E The junction: %s is not a validjunction on this WebSEAL server.

Explanation: An invalid junction point was provided.

Administrator response: Ensure that the junctionattribute in indata is a valid junction

DPWAD0366E The junction: %s is not an fssojunction on this WebSEAL server.

Explanation: The junction specified is not an FSSOjunction.

Administrator response: Ensure that the junctionspecified is an FSSO junction.

DPWAD0367E The fsso configuration file: %s couldnot be opened for reading.

Explanation: The junction specified could not beopened.

Administrator response: Ensure that the fssoconfiguration file for the junction specified exists and isreadable.

DPWAD0368E Could not create dynurlconfiguration file: %s

Explanation: WebSEAL was unable to create thedynurl conf file.

Administrator response: Ensure that ivmgr hasfilesystem permissions to create a file in the directorywhere the dynurl configuration file will be stored

DPWAD0369E Reloading the in memory dynurltable failed

Explanation: An error occurred while trying to readthe dynurl configuration file.

Administrator response: Ensure that the new filespecified is in the proper format

DPWAD0370E Could not create jmt configurationfile: %s

Explanation: An error occured while trying to openthe jmt configuration file.

Administrator response: Ensure that ivmgr hasfilesystem permissions to create a file in the directorywhere the jmt configuration file will be stored

DPWAD0371E Reloading the in memory jmt tablefailed

Explanation: An error occurred while trying to read inthe new jmt configuration file.

Administrator response: Ensure that the new filespecified is in the proper format.

DPWAD0372W The junction specified does notexist. The configuration file: %s wascreated.

Explanation: An fsso junction may not be createdwithout the configuration file being inplace. This allowsthe file to be created before the junction

Administrator response: The junction may now becreated using this new configuration file

DPWAD0373E Could not create fsso configurationfile: %s

Explanation: An error occurred while trying to read inthe new fsso configuration file.

Administrator response: Ensure that ivmgr hasfilesystem permissions to create a file in the directorywhere the fsso configuration file will be stored



DPWAD0374E The backup operation failed for %s

Explanation: An error occurred while attempting tocreate a backup copy of the original configuration file.

Administrator response: Ensure that ivmgr hasfilesystem permissions to create a file in the directorywhere the configuration file resides.

DPWAD0375E Reloading junction: %s failed

Explanation: An error occurred while trying to loadthe fsso configuration file.

Administrator response: Ensure that the new filespecified is in the proper format.

DPWAD0376E The restore operation failed for %s

Explanation: An error occurred while trying to restorea backed up version of a configuration file.

Administrator response: Ensure that ivmgr hasfilesystem permissions to create a file in the directorywhere the configuration file resides.

DPWAD0386E Failed to open the supplied junctionarchive file.

Explanation: An error occurred when trying to accessa junction archive file.

Administrator response: Ensure that the specified filename is correct and that the WebSEAL server canaccess the file.

DPWAD0387E The supplied junction archive filecontains an invalid junction definition.

Explanation: An error occurred while trying to accessa junction archive file.

Administrator response: Ensure that the supplied fileis correctly formatted.

DPWAD0391W Failed to execute the program (%s).(Errno = %d).

Explanation: An error occurred when attempting torun the specified program.


DPWAD0394W The requested file segmentcontained binary characters.

Explanation: A request to display a binary file wassubmitted. A binary file can be displayed only if the'-encode' option is supplied.

Administrator response: Ensure that the correct file

has been requested and if so that the '-encode' option issupplied to the command.

DPWAD0404E Failed to locate the authorizationserver password, required for the serversync command.

Explanation: The server sync command is notavailable because the authorization server passwordcould not be determined.

Administrator response: Check the log file foradditional errors. For the error code from the messageand additional troubleshooting steps, see the IBMSecurity Access Manager for Web TroubleshootingGuide.

DPWAD0405E Failed to synchronize the WebSEALserver.

Explanation: The server sync command did notcomplete successfully.


DPWAD0406E The server name supplied was notvalid.

Explanation: The server name supplied to the serversync command was not valid.

Administrator response: Ensure that a valid servername is supplied with the server sync command. Theserver name must not be the same as the name of theserver that runs the command.

DPWAD0411E The TCP/IP host information couldnot be determined from the serverhostname: %s. Ensure that the serverhostname is correct and that the domainname server is functioning correctly.

Explanation: The TCP/IP address for the specifiedhost could not be determined.

Administrator response: Ensure that the IP addressfor the specified host name can be resolved. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWAD0412E The configuration entry found withinthe %s stanza was not valid: %s = %s.

Explanation: The specified configuration entrycontained a value that must be corrected.



Administrator response: Correct the configurationentry which is not valid.

DPWAD0413E An attempt to create a temporary filefailed.

Explanation: An attempt was made to create atemporary file and the file could not be created.

Administrator response: Check the log file foradditional errors. Also check the file system to ensurethat there is adequate disk space available.

DPWAD0415E An ICAP Server for the '%s' resourcewas not found.

Explanation: An unknown ICAP resource wasspecified.

Administrator response: Check the ICAPconfiguration within both the WebSEAL configurationfile and the policy database.

DPWAD0416E An ICAP Server for the specifiedresource was not found.

Explanation: An unknown ICAP resource wasspecified.

Administrator response: Check the log file foradditional errors.

DPWAD0417E A bad response was received fromthe ICAP server.

Explanation: The response which was received fromthe ICAP server was incorrectly formatted.

Administrator response: Check the configuration ofthe ICAP server.

DPWAD0418E Failed to connect to the ICAP server:%s.

Explanation: An attempt to contact an ICAP serverfailed. The ICAP server is required to be able tocorrectly service the Web request.

Administrator response: Ensure that the configurationfor the ICAP server is correct and that the ICAP serveris available. Check the log file for additional errors.

DPWAD0419E Failed to connect to a required ICAPserver.

Explanation: An attempt to contact an ICAP serverfailed. The ICAP server is required to be able tocorrectly service the Web request.

Administrator response: Ensure that the configurationfor the ICAP server is correct and that the ICAP serveris available. Check the log file for additional errors.

DPWAD0420E The maximum number of concurrentrequests which can be processed for thissession has been reached.

Explanation: The user session has reached themaximum number of simultaneous requests which canbe processed by WebSEAL.

Administrator response: Either increase theconfigured maximum number of requests which can beprocessed by a session, or wait for existing requests forthe user session to complete.

DPWAD0421W The session, owned by %s, hasreached it's soft limit of %d concurrentrequests.

Explanation: The user session has reached thewarning point for the number of simultaneous requestswhich can be processed by WebSEAL.

Administrator response: Prepare to increase the hardlimit of concurrent requests for a user session, or waitfor existing requests for the user session to complete.

DPWAD0431E Failed to locate the authorizationserver password, required for the clusterfunctionality.

Explanation: The cluster support is not availablebecause the authorization server password could not bedetermined.


DPWAD0432E Failed to execute the server task '%s'on %s: %s

Explanation: An attempt to execute a server taskcommand failed.


DPWAD0433E Failed to execute a server taskcommand

Explanation: An attempt to execute a server taskcommand failed.




DPWAD0434E Failed to create the administrationcontext for %s: %s

Explanation: An attempt to create an administrationcontext failed.


DPWAD0435E Failed to create an administrationcontext

Explanation: An attempt to create an administrationcontext failed.


DPWAD0436E An unexpected result was receivedfrom the server task command: %s (%s)

Explanation: An unexpected result was received fromthe server task command.


DPWAD0438E Failed to synchronize with the clustermaster

Explanation: An attempt to synchronize the localconfiguration with the cluster master server failed.


DPWAD0439E Failed to restart the cluster

Explanation: An attempt to restart the cluster failed.


DPWAD0440E Failed to restart the cluster: 0x%lx

Explanation: An attempt to restart the cluster failed.


DPWAD0441E Failed to restart the cluster as acluster restart is already in progress

Explanation: An attempt to restart the cluster failed asa prior request to restart the cluster is still in progress.


DPWAD0442E The server, %s, failed to restartwithin a reasonable period of time.

Explanation: The specified server did not restartwithin the allocated period of time. This restart wasperformed as a part of the cluster synchronisation.


DPWAD0445E %s

Explanation: An unspecified error has occurred.


DPWAD0446E Both the '-ripple' and '-status' optionscannot be specified at the same time.

Explanation: The cluster restart command cannot haveboth the '-ripple' and '-status' options specified in thesame command.

Administrator response: Re-issue the command witheither of the options, but not both.

DPWAD0447E The server is not fully initialized.

Explanation: An attempt to access the server faileddue to the fact that it is not fully initialized. This canoccur during server start-up or shutdown.

Administrator response: Allow extra time for theserver to finish initialization and then retry the



operation. If the problem persists check the log file foradditional errors.

DPWAD0448E The new user identity (%s) does notmatch the current authenticated useridentity (%s).

Explanation: The identity which is provided in asubsequent authentication operation must match theidentity which was used during the originalauthentication operation.

Administrator response: The user must present thesame user ID provided in the previous authenticationoperation.

DPWAD0449E The new user identity does notmatch the current authenticated useridentity.

Explanation: The identity which is provided in asubsequent authentication operation must match theidentity which was used during the originalauthentication operation.

Administrator response: The user must present thesame user ID provided in the previous authenticationoperation.

DPWAD0452E eCSSO authentication is enabled butno Master Authorization Server isdefined.

Explanation: The e-community-sso-auth has been setwithout setting a master authorization server.

Administrator response: Update the configuration fileand set a master authorization server in themaster-authn-server value under the [e-community-sso]stanza.

DPWAD0453E Duplicate eCSSO domain '%s'defined under the [e-community-domains] stanza.

Explanation: Each domain under the[e-community-domains] stanza must be unique.

Administrator response: Remove the duplicate entryand retry.

DPWAD0454E Unable to configure the eCSSOauthentication module for domain/host'%s': status 0x%lx.

Explanation: The eCSSO (consume or create)authentication module configured for the domain/hostspecified returned an error while being initialised.

Administrator response: Either a bad shared librarywas specified for the authentication module or theconfiguration is incorrect, for example the key filesspecified are missing or inaccessible.

DPWAD0455E The value '%s' is not a valid optionfor ip-support-level. Use one of'displaced-only', 'generic-only', or'displaced-and-generic'.

Explanation: An invalid setting was set for thewebseald configuration file option ip-support-level.

Administrator response: Change the setting forip-support-level to a valid one.

DPWAD0456E The value displaced-only is not avalid option for ip-support-level whenipv6-support is enabled.

Explanation: displaced-only can not be set whenipv6-support = yes.

Administrator response: Change the setting forip-support-level to generic-only or displaced-and-generic.

DPWAD0457E The authentication challenge typespecified is not valid: %s

Explanation: The challenge type string located in theWebSEAL configuration file was not valid.

Administrator response: Change the setting forauth-challenge-type to be a valid challenge type.

DPWAD0458E The corresponding authenticationmethod for the challenge type, %s, isnot enabled.

Explanation: The corresponding authenticationmethod for the specified challenge type is not enabled.

Administrator response: Either remove the failingchallenge type from the auth-challenge-typeconfiguration entry, or enable the correspondingauthentication method.

DPWAD0459E The authentication challenge typecontains multiple entries for %s.

Explanation: The challenge type string located in theWebSEAL configuration file contains multiple rule setsfor a single mechanism.

Administrator response: Remove the duplicate entriesin the auth-challenge-type configuration entry.

DPWAD0460E The following authenticationchallenge type contains a syntax error orinvalid pattern.%s

Explanation: The challenge type string located in theWebSEAL configuration file contains a syntax error.

Administrator response: Correct the syntax error forthe auth-challenge-type configuration entry.



DPWAD0600E An error occurred attempting todetermine the current installed versionof WebSEAL. WebSEAL cannot start.

Explanation: This error occurs if the current installedversion of WebSEAL cannot be determined. Thisindicates a severe problem.


DPWAD0601E The version string '%s' is invalid.

Explanation: This error occurs if an invalid versionnumber is found.


DPWAD0602E An error occurred attempting todetermine the originally installedversion of WebSEAL to verify that theconfiguration file is up-to-date.WebSEAL cannot start.

Explanation: This error occurs if the originallyinstalled version of WebSEAL cannot be determined.This indicates a severe problem.


DPWAD0603E An error occurred attempting tobackup the configuration file.

Explanation: This error occurs when WebSEAL istrying to make a backup copy of the originalconfiguration file before upgrade.

Administrator response: Examine the log file foradditional errors. More information about the problemthat occurred will be present.

DPWAD0604E An error occurred attempting torestore the configuration file.

Explanation: This error occurs when WebSEAL istrying to restore a backed up copy of the configurationfile.

Administrator response: Examine the log file foradditional errors. More information about the problemthat occurred will be present.

DPWAD0605W The configuration file entry [%s]%swas not found.

Explanation: This error occurs when WebSEAL istrying to determine the version of the WebSEAL serverthat created the configuration file.

Administrator response: No action is necessary - theWebSEAL server will try another method to determinethe original version of WebSEAL installed, and updatethe configuration file as necessary.

DPWAD0606E An error occurred attempting tomigrate the configuration file entry[%s]%s.

Explanation: This error occurs when WebSEAL istrying to perform migration of a configuration fileentry.

Administrator response: You may need to manuallyupdate the entry to allow migration to proceed.Examine the configuration file and documentation formore information on the particular entry.

DPWAD0607E An error occurred attempting tomigrate the configuration file entry [%s].

Explanation: This error occurs when WebSEAL istrying to perform migration of a configuration filestanza.

Administrator response: You may need to manuallyupdate the entry to allow migration to proceed.Examine the configuration file and documentation formore information on the particular entry.

DPWAD0611E A serious error occurred performingconfiguration file migration. You mayneed to perform manual migration ofsome configuration options.

Explanation: This message indicates that a seriousproblem occurred while attempting to update theconfiguration file.

Administrator response: Refer to other log messagesto attempt to determine the problem. You may be ableto perform manual migration of configuration fileentries. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman. If you wish toattempt to manual migration, comment the problematicentries out of the WebSEAL configuration file andrestart the WebSEAL server. Once the WebSEAL serverhas started successfully, manually modify theconfiguration file to restore the functionality you havedisabled, refering to the WebSEAL AdministrationGuide where necessary.



DPWAD0752E A replica set must be specified forthe virtual host junction '%s'.

Explanation: When the SMS is used for sessionstorage, all virtual host junctions must have a replicaset specified with the -z junction option.

Administrator response: Create the junction using the-z <replica-set> option. The <replica-set> must be oneof the replica sets listed in the WebSEAL configurationfile.

DPWAD0753E A replica set must be specified forthe junction.

Explanation: When the SMS is used for sessionstorage, all virtual host junctions must have a replicaset specified with the -z junction option.

Administrator response: Create the junction using the-z <replica-set> option. The <replica-set> must be oneof the replica sets listed in the WebSEAL configurationfile.

DPWAD0754E The Virtual Host junction '%s' musthave an eCSSO domain key in theconfiguation file for it's virtual hostname '%s'.

Explanation: When the Virtual Host junction wascreated or restored from the junction database it'svirtual host name was discovered not to have a eCSSOdomain key. These are configured using[e-community-domains] and [e-community-domain-keys:<domain>]

Administrator response: Add a eCSSO key for thedomain the Virtual Host junction is in using the[e-community-domains] and [e-community-domain-keys:<domain>] stanzas and restart WebSEAL so itrecognises the changes. Then retry creating the VirtualHost junction.

DPWAD0755E The Virtual Host junction must havean eCSSO domain key in theconfiguration file for it's virtual hostname.

Explanation: When the Virtual Host junction wascreated or restored from the junction database it'svirtual host name was discovered not to have a eCSSOdomain key. These are configured using[e-community-domains] and [e-community-domain-keys:<domain>]

Administrator response: Add a eCSSO key for thedomain the Virtual Host junction is in using the[e-community-domains] and [e-community-domain-keys:<domain>] stanzas and restart WebSEAL so itrecognises the changes. Then retry creating the VirtualHost junction.

DPWAD0756W The junction reload command didnot complete for regular junctions as aprevious reload is still in effect. Tryagain later.

Explanation: A reload command issued earlier is stillwaiting for some requests using the older junctiondefinitions to complete. New reload commands will nothave an effect until these requests complete. VirtualHost junctions are independent and you should lookfor a separate message if they are busy too.

Administrator response: The command has had noeffect on junctions, retry the command at a later time.

DPWAD0757W The junction reload command didnot complete for Virtual Host junctionsas a previous reload is still in effect. Tryagain later.

Explanation: A reload command issued earlier is stillwaiting for some requests using the older Virtual Hostjunction definitions to complete. New reloadcommands will not have an effect until these requestscomplete. Regular junctions are independent and youshould look for a separate message if they are busy too.

Administrator response: The command has had noeffect on Virtual Host junctions, retry the command at alater time.

DPWAD0782E Could not take junction offline

Explanation: This message is followed by anexplanation of why the junction could not be takenoffline.

Administrator response: Correct the problemdescribed in the message displayed after this message.

DPWAD0783E Could not take Virtual Host junctionoffline

Explanation: This message is followed by anexplanation of why the Virtual Host junction could notbe taken offline.


DPWAD0784E Could not throttle junction

Explanation: This message is followed by anexplanation of why the junction could not be throttled.




DPWAD0785E Could not throttle Virtual Hostjunction

Explanation: This message is followed by anexplanation of why the Virtual Host junction could notbe throttled.


DPWAD0786E Could not bring junction online

Explanation: This message is followed by anexplanation of why the junction could not be broughtonline.


DPWAD0787E Could not bring Virtual Hostjunction online

Explanation: This message is followed by anexplanation of why the Virtual Host junction could notbe brought online.


DPWAD0788E You can only change the operationstate of TCP, SSL, TCP Proxy, and SSLProxy junctions.

Explanation: Not all junction types supportoperational state changes.

Administrator response: Ensure you are applying thecommand to the correct junction.

DPWAD0789E You can only change the operationstate of TCP, SSL, TCP Proxy, and SSLProxy Virtual Host junctions.

Explanation: Not all Virtual Host junction typessupport operational state changes.

Administrator response: Ensure you are applying thecommand to the correct Virtual Host junction.

DPWAD0790E Invalid server ID

Explanation: The argument passed to -i was not avalid server UUID.

Administrator response: Obtain the correct UUID byusing the 'show' command.

DPWAD0791E Invalid server ID

Explanation: The argument passed to -i was not avalid server UUID.

Administrator response: Obtain the correct UUID byusing the 'virtualhost show' command.

DPWAD0792E Server %s not found at junction %s

Explanation: An attempt was made to change theoperational state of a junction server based on a UUIDwhich did not match any of the servers of the junction.

Administrator response: Use the 'show' command tofind the correct UUID.

DPWAD0793E Server %s not found at Virtual Hostjunction %s

Explanation: An attempt was made to change theoperational state of a Virtual Host junction server basedon a UUID which did not match any of the servers ofthe Virtual Host junction.

Administrator response: Use the 'virtualhost show'command to find the correct UUID.

DPWAD1050E The filename must not contain anypath information.

Explanation: A base path for the database files hasbeen statically configured and as such the supplied filename should not contain any path information.

Administrator response: Specify the name of thedatabase without any path information.

DPWAD1053E An error occurred while writing theWebSEAL flow data to disk.

Explanation: An error occured while WebSEAL wascommitting the collected flow data to disk. One ormore records may be missing for the last time period.

Administrator response: No action is required.

DPWAD1054E The %s system routine failed: %d.

Explanation: An error occured when WebSEALattempted to execute a system routine.


DPWAD1055E A system routine failed.

Explanation: An error occured when WebSEALattempted to execute a system routine.




DPWAD1056E A process terminated unexpectedly:%d.

Explanation: A process which was currently beingmonitored terminated unexpectedly. This process willbe automatically restarted.


DPWAD1059E The validation of the secret token forthe request failed.

Explanation: To help prevent cross-site request forgeryattacks the requests for certain management pages needto contain a token which can be compared against datacontained within the user session. The validation of thistoken failed because either the token was missing fromthe request, or the token did not match the valuecontained in the user session.

Administrator response: Ensure that the resourcerequest contains the correct secret token for the usersession.

DPWAD1060E Unsolicited authentication requestsare not permitted.

Explanation: The server has been configured to denyunsolicited authentication requests. The authenticationinformation must first be requested by WebSEAL inresponse to an unauthenticated request for a protectedresource.

Administrator response: First request a resourcewhich requires authentication and then supply theauthentication information to the server.

DPWAD1200E The incoming connection from %shas been blocked.

Explanation: The incoming connection has beentemporarily blocked by the Web Application Firewallfunctionality.


DPWAD1201E An invalid csv field was provided:%s

Explanation: An invalid field was provided.

Administrator response: Examine the configurationand correct the offending field.

DPWAD1202E An invalid configuration value wasprovided: %s

Explanation: An invalid configuration value wasprovided.

Administrator response: Examine the configurationand correct the offending value.

DPWAD1203E An invalid number of fields wereprovided within the csv file: %s

Explanation: An invalid number of fields werediscovered in a csv file.

Administrator response: Examine the configurationand correct the offending csv file.

DPWAD1204E An unknown issue was discovered,%d, and as such no action was taken.

Explanation: An issue was discovered for which therewas no configured action.

Administrator response: Examine the configurationand ensure that an action exists for the specified issue.

DPWAD1206E An incompatible ISS protocolanalysis module library was found.

Explanation: An incompatible ISS protocol analysismodule was specified within the WebSEALconfiguration.

Administrator response: Install a compatible ISSprotocol analysis module distribution, or disable thisfunctionality within WebSEAL.

DPWAD1207E An internal error was encounteredwithin the ISS protocol analysismodule.

Explanation: An error was returned from the ISSprotocol analysis module.

Administrator response: Check the log file foradditional errors. If necessary, look up the error codefrom the message in the IBM Security Access Managerfor Web Troubleshooting Guide for additionaltroubleshooting steps.

DPWAD1208E An unrecoverable error wasencountered within the ISS protocolanalysis module : %s.

Explanation: An error was returned from the ISSprotocol analysis module.




DPWAD1209E An insufficient amount of memorywas supplied to an internal WAFroutine.

Explanation: An insufficient amount of memory wassupplied to one of the internal WAF routines.


DPWAD1210E The client connection has beenblocked due to a security attack whichwas detected by the protocol analysismodule.

Explanation: The protocol analysis module detected apotential attack in a prior request from the client and assuch has blocked all connections from this client for aperiod of time.


DPWAD1211E An error occurred while saving theWAF statistics data to the disk.

Explanation: An error occured while WebSEAL wassaving the collected WAF statistics to the disk. One ormore records might be missing for the last time period.


DPWCA0150E Invalid UNIX user name (%s)

Explanation: See message.

Administrator response: Use a valid user name

DPWCA0151E Invalid UNIX group name (%s)

Explanation: See message

Administrator response: Put user in a valid group.

DPWCA0152E Could not change process GID (%s)


Administrator response: Contact support.

DPWCA0153E Could not change process UID (%s)



DPWCA0154E Could not become backgroundprocess (%d)



DPWCA0155W Could not start background process



DPWCA0156E Could not use RPC protocol sequence(%s,%s,0x%8.8lx)



DPWCA0157E Could not fetch RPC bindings(0x%8.8lx)



DPWCA0158E Could not release RPC bindings(0x%8.8lx)


Administrator response: Contact Support.

DPWCA0159E Caught signal (%d)



DPWCA0160E Could not create new thread (%d)



DPWCA0161E Could not cancel thread (%d)



DPWCA0162E Could not join thread (%d)



DPWCA0163E Could not set RPC authorizationfunction (0x%8.8lx)



DPWAD1209E • DPWCA0163E


DPWCA0164E Could not setup authentication info(0x%8.8lx)

Explanation: Unable to perform login.

Administrator response: Check login parameters.

DPWCA0165E Could not set server login context(0x%8.8lx)

Explanation: Unable to set the network credentials tothose specified by login context.

Administrator response: Check that networkcredentials are correct.

DPWCA0166E Could not perform network login(%s,%s,0x%8.8lx)


Administrator response: Verify that user/password iscorrect.

DPWCA0167E Could not fetch key from keytab file(%s,%s,0x%8.8lx)


Administrator response: Check that the keyfile is setup correctly, and the user information is valid.

DPWCA0168E Could not refresh login context(0x%8.8lx)

Explanation: WebSEAL was unable to refresh thelogin based on existing login information.

Administrator response: Check validity of logininformation

DPWCA0169E Could not determine login contextexpiration (0x%8.8lx)


Administrator response: Check validity of logininformation.

DPWCA0170E Could not set RPC interface(0x%8.8lx)


Administrator response: Check interfaces.

DPWCA0171E Could not register RPC endpoints(%s,0x%8.8lx)


Administrator response: Check endpoints.

DPWCA0172E Could not unregister RPC interface(0x%8.8lx)


Administrator response: Check validity and status ofinterfaces.

DPWCA0173E Could not export bindings to nameservice (%s,%s,0x%8.8lx)


Administrator response: Check status of name service.

DPWCA0174E Could not unregister RPC endpoints(0x%8.8lx)


Administrator response: Check validity and status ofendpoints.

DPWCA0175E Could not unexport bindings fromname service (%s,0x%8.8lx)


Administrator response: Check validity of interfacesand name service.

DPWCA0176E Malloc failure (0x%8.8lx)


Administrator response: Check status of memory onthe system.

DPWCA0177E This CDAS does not support thisauthentication style: (%d)


Administrator response: Check validity ofauthentication style

DPWCA0178E General CDAS (Cross DomainAuthentication Service) failure (%s,0x%8.8lx)


Administrator response: See message.

DPWCA0179E Pthread error occurred: %d


Administrator response: Check system resources.

DPWCA0164E • DPWCA0179E


DPWCA0180E An invalid rule was supplied: %s

Explanation: An invalid rule was retrieved from therules file.

Administrator response: Correct the rule within thespecified rules file.

DPWCA0181E No rules were found in the rules file

Explanation: No valid rules were found in the rulesfile.

Administrator response: Add a valid rule to the rulesfile, or specify a different rules file.

DPWCA0182W The cache entries have exceeded themaximum cache size.

Explanation: The cache has reached its configuredlimit.

Administrator response: Increase the permitted size ofthe cache.

DPWCA0300E API internal error: (%s, %d)



DPWCA0301W A timeout occurred while waitingfor authentication information from %s.

Explanation: A requested authentication operationrequired further authentication information. Thisinformation was not received in a timely fashion.


DPWCA0458E malloc() failure

Explanation: The application was unable to allocatethe required memory.

Administrator response: Ensure that there is enoughsystem memory.

DPWCA0751E There is no user authenticationinformation available.

Explanation: The user did not provide theirinformation for authentication

Administrator response: Check user information forauthentication

DPWCA0753E Unable to encode certificate data


Administrator response: Verify that xauthn_cert isvalid

DPWCA0754E Failure reading string key or value ofreplacementString from WebSEALconfiguration file.


Administrator response: Ensure the value exists forthe replacementString in the WebSEAL configurationfile.

DPWCA0755E Unable to perform DN mapping.

Explanation: An internal error has occurred. Afunction was called with invalid parameters.


DPWCA0756E Error building replacement string.

Explanation: An error occurred while preparing anLDAP search filter.

Administrator response: Check for other errors in theconfiguration file which may provide more information.If no other errors are found, call support.

DPWCA0757E Failure extracting key-value pairsfrom CERT-DN.

Explanation: An error occurred while parsing the DNfrom a certificate.

Administrator response: Check that the certificate DNis valid.

DPWCA0759E Invalid parameter passed toget_name_value

Explanation: An internal error has occurred.

Administrator response: Call support.

DPWCA0760E Invalid replacement string entryfound

Explanation: The entries in the replacement stringstanza must contain '=' characters.

Administrator response: Check that all entries in thereplacement string stanza contain an equals sign.

DPWCA0761E Out of memory in get_name_valuefunction

Explanation: Memory allocation failed.

Administrator response: Check per process memoryallocation limits.



DPWCA0762E Calloc function could not allocatememory



DPWCA0763E The last character in the DN was the= following the name

Explanation: The format of the certificate DN was notvalid.

Administrator response: Make sure the certificate DNis valid.

DPWCA0764E Unexpected end of stringencountered parsing certificate DN


Administrator response: Check the format of the laststring in certifcate DN

DPWCA0765E The search string is NULL



DPWCA0766E The return dn is NULL



DPWCA0768E Error loading XKMS CDASconfiguration file.

Explanation: There was an error in the XKMS CDASconfiguration file.

Administrator response: Look for other log messagesindicating which entries were not found.

DPWCA0769E Error searching suffix '%s', returnstatus = 0x%x

Explanation: An LDAP search failed.

Administrator response: Verify the LDAP server isrunning and that the suffix exists.

DPWCA0770E Bad Parameters passed tobuild_search_filter function.


Administrator response: Call support

DPWCA0771E Error retrieving value from certificateDN.

Explanation: Make sure that the DN contains all ofthe strings specified in the replacement strings list.

Administrator response: An error occurred whiletrying to replace a value from the certificate DN.

DPWCA0774E Unable to attach thread to existingJVM.

Explanation: An error occurred when trying to attacha thread to a JVM.

Administrator response: Make sure the JVM beingused is a supported JVM.

DPWCA0775E Unable to create JVM or attach to anexisting JVM.

Explanation: An error occurred when trying todiscover whether or not a JVM already existed in thecurrent process.

Administrator response: Make sure the JVM beingused is a supported JVM.

DPWCA0778E Unable to attach thread in shutdown.Aborting cleanup.

Explanation: An error occurred while trying to attachto the JVM to perform clean up activities.

Administrator response: None necessary.

DPWCA0779E Cannot load class: %s

Explanation: An error occurred while trying to load ajava class.

Administrator response: Make sure the classpath inwebseald.conf is correct and that the class can be foundin a jar file in the classpath.

DPWCA0780E Cannot create new object: %s

Explanation: An error occurred while creating a newobject.

Administrator response: Make sure the classpath inwebseald.conf is correct and that the class can be foundin a jar file in the classpath.

DPWCA0781E Cannot load class method: %s.init

Explanation: An error occurred while trying to loadthe init method for the class.

Administrator response: Make sure that the class isvalid and implements the 'init' method.



DPWCA0782E Exception ocurred in %s.init(%s)

Explanation: An exception occurred while invokingthe init method of a class.

Administrator response: Check the log file for otherdetails about the exception and make sure theproperties file contains no errors.

DPWCA0783E Cannot load class method:%s.validate

Explanation: An error occurred while trying to loadthe validate method for the class.

Administrator response: Make sure that the class isvalid and implements the 'validate' method.

DPWCA0785E Exception ocurred in validate,certificate DN = %s

Explanation: An exception occurred while invokingthe validate method of a class with the specifiedcertificate DN.

Administrator response: Check the log file for otherdetails about the exception.

DPWCA0787E DN of first entry is NULL.

Explanation: An LDAP search returned an entrywithout a DN.


DPWCA0788E Parsing the names and values forreplacement string failed.

Explanation: An error occurred retrieving valuesneeded to certificate DN mapping.

Administrator response: Check the log file foradditional errors. Verify the replacement strings inwebseald.conf are correct.

DPWCA0900E Unable to open ITIM CDASconfiguration file.

Explanation: An error occurred while opening theITIM CDAS configuration file.

Administrator response: Check the file path in theWebSEAL configuration file and verify that the ITIMCDAS configuration file exists.

DPWCA0901E Incorrect number of arguments usedfor ITIM CDAS initialization.

Explanation: Bad number of arguments used in ITIMCDAS configuration.

Administrator response: Verify that the correctnumber of arguments are specified in the WebSEALconfiguration file for initializaion of the ITIM CDAS.

DPWCA0902E No ITIM CDAS configuration file oraction in the WebSEAL configurationfile.

Explanation: Bad parameter for ITIM CDASconfiguration file name or action type.

Administrator response: Verify that the ITIM CDASconfiguration file name path are correct in theWebSEAL configuration file and that the CDAS actiontype is either 'check' or 'sync'.

DPWCA0904E Could not create the sending messageto ITIM.



DPWCA0905W Function call, func, failed error: errorcode error text.

Explanation: The specified GSKit function failed whilesetting up for SSL connections to junctions or frombrowsers. Or perhaps the initial handshake failed dueto invalid certificates or the browser simply closed theconnection abruptly.

Administrator response: Examine the error text fordetails. Typical problems might be that the PKCS#11library is incorrectly specified, or the PKCS#11 token ortoken password is incorrect, or the PKCS#11 token isnot set up.

DPWCA0906E Could not create socket (%d)

Explanation: This message is overloaded in itsmeaning. It can mean there was a failure in creating asocket for connecting, setting socket options on it, orcreating sockets for HTTP and HTTPS connections.

Administrator response: Check WebSEAL has notexceeded system resource limits. Examine the errno inthe system error header file for details.

DPWCA0907E Could not connect socket (%d)

Explanation: This message means that there was afailture to connect to a specific socket.

Administrator response: Examine the errno in thesystem error header file for details.

DPWCA0908E Could not get the ITIM server hostaddress

Explanation: See the message.

Administrator response: Check whether ITIM serveris already running. If ITIM is running, check the ITIMCDAS configuration file to verify the ITIM server URLis specified correctly.



DPWCA0909E Windows library call failed. Couldnot call the function WSAStartup.

Explanation: The WSAStartup function must be thefirst Windows Sockets function called by an applicationor DLL. It allows an application or DLL to specify theversion of Windows Sockets required and to retrievedetails of the specific Windows Sockets implementation.The application or DLL can only issue further WindowsSockets functions after a successfully callingWSAStartup.

Administrator response: Check WS2_32.DLL in thesystem environment.

DPWCA0910E Unable to allocate memory



DPWCA0911E Could not find host name or IPaddress of ITIM server in the ITIMCDAS configuration file.


Administrator response: Check the ITIM PasswordURL part in the ITIM CDAS configuration file.

DPWCA0912E Could not find KeyDataBase in theITIM CDAS configuration file.


Administrator response: Verify that the KeyDataBaseentry exists in the ITIM CDAS configuration file.

DPWCA0913E Could not find KeyDataBasePassword in the ITIM CDASconfiguration file.


Administrator response: Verify that the KeyDataBasePassword entry exists in the ITIM CDAS configurationfile.

DPWCA0914E Could not find Source DN in theITIM CDAS configuration file.


Administrator response: Verify that the Source DNentry exists in the ITIM CDAS configuration file.

DPWCA0915E Could not find ITIM Principal Namein the ITIM CDAS configuration file.


Administrator response: Verify that the ITIM PrincipalName entry exists in the ITIM CDAS configuration file.

DPWCA0916E Could not find ITIM PrincipalPassword in the ITIM CDASconfiguration file.


Administrator response: Verify that the ITIM PrincipalPassword entry exists in the ITIM CDAS configurationfile.

DPWCA0917E Could not find ITIM message header.

Explanation: ITIM server replied with an invalidHTTP message header.

Administrator response: Check ITIM server for errormessage details. Verify the version of the reversepassword server component.

DPWCA0922E The password could not be changedin ITIM. The password has beeenchanged in TAM.

Explanation: Message indicates that module failed tochange the password in ITIM. Password in TAM hasbeen changed.


DPWCF0450E The IBM Security Access ManagerRuntime installation directory could notbe found. Install IBM Security AccessManager Runtime.

Explanation: The installation directory for AMRTEcould not be found in the registry. This is probablybecause AMRTE is not installed.

Administrator response: Make sure that AMRTE isinstalled.

DPWCF0451E The IBM Security Access ManagerWebSEAL installation directory couldnot be found. Install IBM SecurityAccess Manager WebSEAL.

Explanation: The installation directory for AMWebcould not be found in the registry. This is probablybecause AMWeb is not installed.

Administrator response: Make sure that IBM SecurityAccess Manager WebSEAL is installed.

DPWCF0452E The configuration file '%s' could notbe opened.

Explanation: The configuration file may not exist, orfile system permissions may prevent it from beingopened.

Administrator response: Make sure that theconfiguration file exists and can be read and written.

DPWCA0909E • DPWCF0452E


DPWCF0453E The file '%s' could not be opened.Error code: %d

Explanation: The file could not be opened. The systemfunction returned the indicated error code

Administrator response: Make sure that the file existsin the system, and that it is readable and writable. Ifnecessary, look up the system error code to determinethe problem.

DPWCF0454E The file '%s' could not be closed.Error code %d.

Explanation: A file could not be closed because of theindicated system error.

Administrator response: Make sure that the filesystem on which the file is located is not full. Alsomake sure that the directory for the file exists and iswritable. If necessary, look up the system error code toidentify the problem.

DPWCF0455E The directory '%s' could not beopened. Error code: %d

Explanation: The directory could not be openedbecause of the indicated system error code.

Administrator response: Make sure that the directoryexists and file system permissions allow it to be read.

DPWCF0456E The directory '%s' could not beclosed. Error code: %d

Explanation: Closing a directory failed because of theindicated system error code.

Administrator response: Make sure that the directoryexists and is writable.

DPWCF0457E The instance name '%s' is already inuse.

Explanation: The instance name is already in use.

Administrator response: Use a different instancename.

DPWCF0458E The length of the instance name '%s'is more than %d characters.

Explanation: The provided instance name is morethan 20 characters.

Administrator response: Use an instance name thathas less than 20 characters.

DPWCF0459E The instance name '%s' containsinvalid characters. Instance names mustconsist of alphanumeric characters plusthe symbols: '-' '_' '.'

Explanation: The provided instance name containsillegal characters.

Administrator response: Use an instance name thatcontains only valid characters.

DPWCF0460E The IP address '%s' does not exist inthe system.

Explanation: The provided IP address does not existin the system.

Administrator response: Make sure that the providedIP address exists in the system.

DPWCF0461E The key file '%s' does not exist in thesystem.

Explanation: The provided key file does not exist inthe system.

Administrator response: Make sure the provided keyfile exists in the system.

DPWCF0462E The key file password is incorrect.

Explanation: The key file password may have beenentered incorrectly.

Administrator response: Make sure that the key filepassword is entered correctly.

DPWCF0463E The LDAP server could not becontacted through SSL on port %d.

Explanation: The SSL LDAP port may have beenentered incorrectly, or the LDAP server may not berunning.

Administrator response: Make sure the LDAP serveris running. Correct the SSL LDAP port if necessary.

DPWCF0464E The key file for SSL communcationwith the LDAP server is invalid.

Explanation: The wrong key file may have beenentered.

Administrator response: Make sure that the providedkey file is a valid key file for SSL communication withthe LDAP server

DPWCF0465E SSL environment could not beopened. Error: %s.

Explanation: An internal SSL error occurred.

Administrator response: The action to correct thisproblem depends on details in the error message.

DPWCF0453E • DPWCF0465E


DPWCF0466E Port '%s' is already in use.

Explanation: The provided port is already in use.

Administrator response: Use a different port, orremove the service that is using the port.

DPWCF0467E Fields marked with an asterisk (*) arerequired.

Explanation: Not all required inputs were provided.

Administrator response: Fill in values for all of therequired fields.

DPWCF0468E The Policy Server could not becontacted. Make sure the Policy Serveris running and try again.

Explanation: The Policy Server must be running inorder to configure WebSEAL.

Administrator response: Make sure the Policy Serveris functioning properly. Restart the Policy Server ifnecessary.

DPWCF0469E The file '%s' could not be copied to'%s'

Explanation: An error occurred when trying to copy afile.

Administrator response: Make sure the orginal fileexists and the directory for the new file exists. Makesure the file system has sufficient space to copy the file.Make sure the destination directory is writable.

DPWCF0470E The directory '%s' could not be copiedto the directory '%s'.

Explanation: The original directory or the path of thenew directory may not be existed.

Administrator response: Make sure the orginaldirectory exists and the path of the new directory alsoexists.

DPWCF0471E The directory '%s' could not becreated.

Explanation: The path to the directory that want to becreated may be not existed in the system.

Administrator response: Make sure the path to thedirectory that want to be created exists in the system.

DPWCF0472E The random password could not begenerated.

Explanation: Memory allocation operation failed.

Administrator response: Check memory limits onyour machine, and increase availabel memory ifpossible

DPWCF0473E The WebSEAL instance '%s' failed toconfigure.

Explanation: WebSEAL instance cannot be configureddue to the error that displayed before this message

Administrator response: Unconfigure this WebSEALinstance and run configuration program again.

DPWCF0474E The WebSEAL instance '%s' failed tounconfigure.

Explanation: WebSEAL instance cannot beunconfigured due to the error that displayed before thismessage

Administrator response: Run unconfigurationprogram again.

DPWCF0475E The specified document root directory'%s' does not exist.

Explanation: The provided document root directorydoes not exist.

Administrator response: Make sure the document rootdirectory exists in the system.

DPWCF0476E The specified option '%s' is invalid.

Explanation: The specified option is invalid. Only theflags in the usage message are valid.

Administrator response: The specified option isinvalid. Use one of the options from the usage and tryagain.

DPWCF0477E The specified option '%s' needs aparameter.

Explanation: The specified option must have aparameter.

Administrator response: Need to specify a parameterfor the specified action.

DPWCF0478E The action option needs to bespecified.

Explanation: The "action" option needs to be specifiedto configure or unconfigure WebSEAL instance fromcommand line.

Administrator response: Need to specify the "action"option in the command line inputs.

DPWCF0479E The specified certificate label '%s' isinvalid.

Explanation: The provided certificate label is incorrect.

Administrator response: Make sure the certificatelabel is entered correctly.



DPWCF0480E The response file '%s' could not beopened.

Explanation: The provided response file does notexist.

Administrator response: Make sure the response fileexists.

DPWCF0481E The instance name '%s' does not existto unconfigure.

Explanation: No instance with the provided name wasfound on the system.

Administrator response: Make sure the instance namewas typed correctly.

DPWCF0482E Could not determine the hostname ofthe machine. Error code: %d

Explanation: An error occurred when attempting todetermine the host name of the local system.

Administrator response: Make sure the networkconfiguration on the machine is correct.

DPWCF0483E The entry '%s' in the response filedoes not have a value

Explanation: A needed entry in the response file didnot have a value.

Administrator response: Make sure that the value ofthe entry exists in the response file.

DPWCF0484E Error: the configuration program mustbe run as root.

Explanation: The configuration program needs to berun as the root user in order to be able to functionproperly.

Administrator response: Run the configurationprogram as the root user.

DPWCF0485E The ownership of '%s' cannot bechanged to user ivmgr, group ivmgr.Error code: %d.

Explanation: An attempt to change the ownership of afile or directory failed. The system error number can beused to determine the cause of the failure.

Administrator response: Make sure the file ordirectory exists.

DPWCF0486E Could not create symbolic link from'%s' to '%s'. Error code: %d.

Explanation: An attempt to create a symbolic linkfailed.

Administrator response: Make sure the destination

directory for the symlink exists, and no file or directoryexists in that location already. Look up the system errorcode for further information if necessary.

DPWCF0487E The hash table for configurationoptions cannot be initialized.

Explanation: The hash table can not be initializedbecause the allocation of the options failed.

Administrator response: Check memory limits onyour machine, and increase available memory ifpossible

DPWCF0488E The file '%s' could not be moved to'%s'

Explanation: An error occurred when trying to movea file.

Administrator response: Make sure the orginal fileexists and the directory for the new file exists. Makesure the file system has sufficient space to move thefile. Make sure the destination directory is writable.

DPWCF0489E ERROR: For WebSEAL to functioncorrectly the maximum number ofthreads per process should be at least96. This value can be increased bymodifying the MAXTHREADPROC orMAX_THREAD_PROC kernel parameterthrough the sam utility.

Explanation: The MAXTHREADPROC orMAX_THREAD_PROC must be greater than 96 forWebSEAL to function correctly.

Administrator response: Use the sam utility toincrease the MAXTHREADPROC orMAX_THREAD_PROC and run the configurationprogram again.

DPWCF0490E The configuration status could not beset.

Explanation: This problem should not occur. If it doeshappen, the machine should be restarted and run theconfiguration program again.

Administrator response: Restart the machine and runthe configuration program again.

DPWCF0491E The file '%s' could not be deleted.Error code: %d.

Explanation: An attempt to delete a file failed.

Administrator response: Make sure that the file andthe directory containing the file are both writable.



DPWCF0492E The socket could not be created. Errorcode: %d

Explanation: An error occured when attempting toinitialize a socket.

Administrator response: Look up the system errorcode for additional information. Check system resourcelimits on the number of file descriptors, and increasethe limits if necessary.

DPWCF0493E The -interactive option is notsupported on this platform.

Explanation: The amwebcfg utility does not supportthe -interactive flag on Windows.

Administrator response: Should not use interactiveoption for the amwebcfg utility on windows

DPWCF0494E The executable file 'ldapsearch' couldnot be found.

Explanation: The installlation directory for the LDAPclient could not be found.

Administrator response: Make sure the LDAP client isinstalled correctly.

DPWCF0495E The configuration value of an entry[%s] '%s' could not be retrieved from theconfiguration file '%s'.

Explanation: An attempt to retrieve an entry from aconfiguration file failed.

Administrator response: Check logs for additionalerrors. The configuration file may not exist or mightnot be readable. The entry might not exist in theconfiguration file.

DPWCF0496E The user '%s' does not havepermission to unconfigure the server.

Explanation: Only IBM Security Access ManagerAdministrators are allowed to configure or unconfigureWebSEAL.

Administrator response: Run the configurationprogram again, supplying the ID and password of anAdministrative user.

DPWCF0497E The response file '%s' does not exist.

Explanation: The provided response file does not existor is not readable.

Administrator response: Make sure the response fileexists and is readable.

DPWCF0498E The user '%s' could not be removedfrom the group '%s'. Error message: '%s'

Explanation: The functionivadmin_group_removemember failed to remove theuser from the group because of the indicated error.

Administrator response: Fix the problem indicated bythe error message.

DPWCF0499E The objectspace '%s' could not becreated. Error message: '%s'

Explanation: The function ivadmin_objectspace_createfailed to create the objectspace because of the indicatederror.


DPWCF0500E The ACL '%s' could not be createdwith an error: '%s'

Explanation: The function ivadmin_acl_create failed tocreate the ACL because of the indicated error.


DPWCF0501E The description of ACL '%s' could notbe set to '%s'. Error message: '%s'

Explanation: The function ivadmin_acl_setdescriptionfailed because of the indicated error.


DPWCF0502E The permissions for group '%s' in theACL '%s' could not be set. Errormessage: '%s'

Explanation: The function ivadmin_acl_setgroup failedto set the group permissions because of the indicatederror.


DPWCF0503E The permissions for user '%s' in theACL '%s' could not be set. Errormessage: '%s'

Explanation: The function ivadmin_acl_setuser failedto set the user permissions because of the indicatederror.




DPWCF0504E The permissions for anyother in theACL '%s' could not be set. Errormessage: '%s'

Explanation: The function ivadmin_acl_setanyotherfailed to set the permissions for anyother because of theindicated error.


DPWCF0505E The permissions for unauthenticatedin the ACL '%s' could not be set to '%s'.Error message: '%s'

Explanation: The function ivadmin_acl_setunauthfailed to set the permissions for unauthenticatedbecause of the indicated error.


DPWCF0506E The ACL '%s' could not be attached tothe protected object '%s'. Error message:'%s'

Explanation: The function ivadmin_protobj_attachaclfailed to attach the acl to a protected object because ofthe indicated error.


DPWCF0507E The protected object '%s' could not becreated. Error message: '%s'

Explanation: The function ivadmin_protobj_createfailed to create a protected object because of theindicated error.


DPWCF0508E The protected object '%s' could not bedeleted. Error message: '%s'

Explanation: The function ivadmin_protobj_createfailed to delete the protected object because of theindicated error.


DPWCF0509E The group '%s' could not be retrieved.Error message: '%s'

Explanation: The function ivadmin_group_get fails toretrieve the group because of the indicated error.


DPWCF0510E The group '%s' could not be created.Error message: '%s'

Explanation: The function ivadmin_group_createfailed to create a group because of the indicated error.


DPWCF0511E The descript for group '%s' could notbe set to '%s'. Error message: '%s'

Explanation: The functionivadmin_group_setdescription failed because of theindicated error.


DPWCF0512E The DN of the group '%s' could notbe retrieved. Error message: '%s'

Explanation: The function ivadmin_group_getdnfailed because of the indicated error.


DPWCF0513E The directory '%s' could not bedeleted.

Explanation: The directory may not exist.

Administrator response: Make sure the directoryexists.

DPWCF0514E The ivadmin context could not becreated. Error message '%s'. Usepdadmin to manually create 'su-admins'and 'su-excluded' groups as instructed inthe appendix of WebSEAL upgradedocument.

Explanation: The functionivadmin_context_createdefault2 failed because of theindicated error.


DPWCF0515E Use pdadmin to manually create'su-admins' or 'su-excluded' groups asinstructed in the appendix of WebSEALupgrade document.

Explanation: The 'su-admins' or 'su-groups' could notbe created in the upgrade process. It should be createdmanually.

Administrator response: Fix the problem indicated bythe message.



DPWCF0516E The tivoli_common_dir entry in thelog.properties file has an empty value.

Explanation: The tivoli_common_dir entry mustcontain Tivoli Common Directory in log.properties fileif Tivoli Common Directory is used.

Administrator response: Add a Tivoli CommonDirectory to tivoli_common_dir entry in log.propertiesfile.

DPWCF0517E The log.properties file does not exist.

Explanation: The log.properties file must exist inTivoli Common Directory if Tivoli Common Directoryis used.

Administrator response: Make sure the log.propertiesfile exists in Tivoli Common Directory.

DPWCF0518E Failed to create Tivoli CommonDirectory for WebSEAL.

Explanation: An error occurred when creating TivoliCommon Directory for WebSEAL.

Administrator response: The action to correct thisproblem depends on details displayed in previous errormessages.

DPWCF0519E Failed to relocate Tivoli CommonDirectory for WebSEAL.

Explanation: An error occurred when relocating theTivoli Common Directory for WebSEAL.

Administrator response: The action to correct thisproblem depends on details displayed in previous errormessages.

DPWCF0520E The '%s' option must be provided onthe command line.

Explanation: The option displayed in the messagemust be provided in the command line in order tosuccessfully configure WebSEAL.

Administrator response: Provide the option displayedin the message on the command line.

DPWCF0521E The '%s' option only uses 'y' or 'n' forits parameter.

Explanation: The option displayed in the messagerequires 'y' or 'n' for its value.

Administrator response: Need to provide 'y' or 'n' asthe value of the option displayed in the message on thecommand line.

DPWCF0522E The administrator ID or password isinvalid.

Explanation: A valid administrator ID and validpassword are required to configure WebSEAL.

Administrator response: Make sure that theadministrator ID and password provided are correct.

DPWCF0523E The request-log-format entry in thelogging stanza contains an invaliddirective: %s

Explanation: The request-log-format value is invalid.

Administrator response: Correct the invalidrequest-log-format configuration value.

DPWCF0524E The request-log-format entry in thelogging stanza contains an invalidparameter for a directive.

Explanation: The request-log-format value is invalid.

Administrator response: Correct the invalidrequest-log-format configuration value.

DPWCF0525W The ping-method value of '%s' is nota valid ping-method, defaulting toHEAD.

Explanation: The ping-method specified is notsupported. A default value of 'HEAD' has been used.


DPWCF0527W The configuration item (%s, %s) ismissing, defaulting to a value of: '%s'.

Explanation: The required configuration entry ismissing, a default value will be used.

Administrator response: Add the requiredconfiguration entry to the configuration file.

DPWCF0528W The configuration file entryencountered is not valid.

Explanation: A configuration entry was retrieved fromthe configuration file which was not of the expectedtype or formatting.

Administrator response: Examine the log files foradditional information.

DPWCF0529E Domain cookies cannot be sharedwhen the session management serverhas been configured.

Explanation: The configuration items [session]shared-cookie-name and [session] dsess-enabled aremutually exclusive. If you are attempting to acheivesingle sign-on in an SMS environment, Disable the



shared-cookie-name configuration entry. If you are inan environment without the SMS, disable thedsess-enabled configuration entry.

Administrator response: Correct the configuration asneeded and restart the WebSEAL daemon.

DPWCF0530E A login redirect page cannot bespecified when JavaScript redirection isenabled.

Explanation: The configuration items [acnt-mgt]enable-js-redirect and [acnt-mgt] login-redirect-page aremutually exclusive.


DPWCF0531E The configured single sign-offresource is invalid. The resource mustreside on a standard junction.

Explanation: The single sign-off resource must resideon a standard junction and the URI specified mustbegin with a '/'.


DPWCF0532E The configured list of user-agentpatterns will not match all user-agentstrings. The list must contain amatch-all pattern.

Explanation: The configured list of user-agent patternswill not match against all possible user-agent strings.Add a new entry to the [user-agents] stanza with thepattern '*'.


DPWCF0533E The [user-agents] stanza must beconfigured when flow data is enabled.

Explanation: The configuration stanza [user-agents]must be configured and contain at least one entry whenusing the flow data functionality.


DPWDS0150E An attempt to create a UUID hasfailed with the following error: %s(error code: 0x%x)

Explanation: An attempt to create a UUID has failed.

Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Restart the process. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/

sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0151E An attempt to retrieve the machineaddress code (MAC) failed: %s (errorcode: 0x%lx)

Explanation: An attempt to retrieve the MAC of theserver failed.

Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Restart the process. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0152E Memory could not be allocated.

Explanation: An error occurred when the processattempted to allocate memory. There is not enough freememory available to complete the request.

Administrator response: Examine the system forprocesses consuming excessive memory and restartthem. Ensure the system has sufficient physical andvirtual memory for its expected load. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0153E No more entries were found in thespecified list.

Explanation: An operation requested another entryfrom a list when there were no remaining entries.

Administrator response: This message is logged as aclarifying addition to another error message. Refer tothe recommended action for that error message. Forfurther detailed information about the failure examineearlier messages in the log containing this message.Correct any problems and retry the operation.

DPWDS0154E An invalid number was supplied.

Explanation: The system was expecting a number tobe supplied, but something else was supplied instead.

Administrator response: Examine other errormessages for more detail, correct any problem, andretry the operation.

DPWDS0155E The number which was supplied istoo large.

Explanation: The number which was supplied to thesystem was too large to fit into the allocated memory.

Administrator response: Examine other error

DPWCF0530E • DPWDS0155E


messages for more detail, correct any problem, andretry the operation.

DPWDS0156E A system routine failed.

Explanation: A system routine failed.

Administrator response: Examine the log foradditional information. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0157E The %s system routine failed: systemerror code: %d

Explanation: A system routine failed for the reasonindicated by the system error code.

Administrator response: Examine the log foradditional information. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0158E The requested data is not available.

Explanation: An operation requested data that wasnot available.

Administrator response: This message is logged asthe reason part of an error message. Refer to therecommended action for that error message. For furtherdetailed information about the failure examine earliermessages in the log containing this message. Correctany problems and retry the operation.

DPWDS0159E A command line option was not ofthe correct format.

Explanation: A command line option was notspecified correctly.

Administrator response: Re-run the configurationprogram ensuring the correct command line options areprovided.

DPWDS0160E The supplied configuration data wasnot valid.

Explanation: A configuration entry was found to beinvalid.

Administrator response: Examine the log for furtherdetails of the error, correct the configuration, and retrythe operation.

DPWDS0161E The command line option, -%s, is notvalid.

Explanation: The command line option is not valid forthe current program.

Administrator response: Check the usage of theprogram and re-run it with the correct options.

DPWDS0162E A binary has been executed withincorrect arguments.

Explanation: A binary has been executed withincorrect arguments.

Administrator response: Examine the log files forfurther error messages, correct any problem, and retrythe operation.

DPWDS0163W The '%s' parameter of the commandis invalid.

Explanation: The specified parameter, supplied for anadministration task, was invalid.

Administrator response: Review the format of thecommand text to ensure all parameters are correct.

DPWDS0164W An invalid command parameter wassupplied.

Explanation: One of the command parameters,supplied for an administration task, was invalid.


DPWDS0165E Could not open file %s (system errorcode: %d).


Administrator response: Check to ensure that the fileexists and has the correct permissions.

DPWDS0166E The configuration file could not beopened.

Explanation: The specified file could not be opened.

Administrator response: Check that the file exists andhas the correct permissions.

DPWDS0167E Expected configuration data could notbe located in the configuration file.

Explanation: An expected configuration item is notpresent in the configuration file.

Administrator response: Examine the log for furtherdetails of the error, correct the configuration, and retrythe operation.

DPWDS0156E • DPWDS0167E


DPWDS0168E The %s stanza of %s requiresspecification of the %s configurationparameter.

Explanation: An expected configuration item is notpresent in the configuration file.

Administrator response: Correct the configuration andretry the operation.

DPWDS0169E Could not open configuration file'%s' due to error: '%s'.


Administrator response: Check to ensure that the fileexists and has the correct permissions.

DPWDS0300E The distributed session cache clientfailed to initialized.

Explanation: The client for the distributed sessioncache interface could not be initialized.


DPWDS0301E A general failure has occured withinthe distributed session cache client.

Explanation: An error has occured within thedistributed session cache client.


DPWDS0302E A replica set which is unknown tothe distributed session cache client hasbeen supplied (%s).

Explanation: An operation on a unknown distributedsession cache replica set has been requested.


DPWDS0303E A replica set which is unknown tothe distributed session cache client hasbeen supplied.

Explanation: An operation on a unknown distributedsession cache replica set has been requested.


DPWDS0304E The requested version %d of thesession key was not found for replica%s in replica set %s.

Explanation: A request was made for a session keywhich is not currently stored. This error occurs whenan old session ID is used.

Administrator response: Either increment the keyexpiration time within the configuration file, or ensurethat old session ID's are not used.

DPWDS0305E The requested key was not found.

Explanation: A request was made for a session keywhich is not currently stored. This will usually occurwhen an old session ID is used.

Administrator response: Either increment the keyexpiration time within the configuration file, or ensurethat old session ID's are not used.

DPWDS0306E No session keys are currentlyavailable.

Explanation: A request was made for the currentsession key, but no key has been stored in the key table.


DPWDS0307E An error occurred when attempting tocommunicate with the SOAP serverURL %s: %s (error code: %d/0x%x).

Explanation: An attempt was made to communicatewith the SOAP server and a failure occured within theunderlying communications layer.

Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Ensure that the SOAP server is running and



reachable. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0309E An error was returned from theSOAP server in cluster %s when callingthe %s interface: %s (code: 0x%x).

Explanation: The distributed session cache serverreturned an error.

Administrator response: Examine messages within thedistributed session cache server log. If the problempersists, check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0310E An invalid key size was returned bythe distributed session cache server: %d,whereas it should be: %d.

Explanation: The distributed session cache server haspassed a key to the client which is not the expected keysize.


DPWDS0311E An incorrect key version wasreturned by the distributed sessioncache server to replica %s in replica set%s: %d, whereas it should be: %d.

Explanation: The distributed session cache server haspassed a key to the client which is not the expectedversion.


DPWDS0312E The distributed session cache servercould not be reached.

Explanation: An unsuccessful attempt has been madeto communicate with an interface of the distributedsession cache server.

Administrator response: Ensure that the distributedsession cache server is running and can be reached bythe client. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0313E The cryptographic routine, %s, failed: %s (error code: 0x%x).

Explanation: A call in to a cryptographic routine hasfailed.


DPWDS0314E The cryptographic routine, %s, failed.

Explanation: A call in to a cryptographic routine hasfailed.


DPWDS0315W An invalid session key was providedto the distributed session cache serverclient.

Explanation: A session key with an invalid formatwas provided to the distributed session cache serverclient.

Administrator response: Ensure that the distributedsession cache server is running and can be reached bythe client. Restart the process. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0316E The distributed session cache serverdid not return a response.

Explanation: The distributed session cache server didnot return a response to a request made by the shareddistributed session cache client.

Administrator response: Ensure that the distributedsession cache server is running and can be reached bythe client. Examine the distributed session cacheserver's logs for error messages relating to this failure.If the problem persists, check IBM Electronic Supportfor additional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman



DPWDS0319E The distributed session cache serverclient attempted to join the replica set'%s' twice with the replica name '%s'.

Explanation: The distributed session cache serverclient has been configured to join a replica set twiceusing the same replica name. The client must usedifferent replica names for each server instance in areplica set.

Administrator response: Modify the configuration fileto specify different replica names for each serverinstance joining the same replica set. Restart the server.

DPWDS0320E The DN contained within the servercertificate, %s, is not recognised byreplica %s in replica set %s.

Explanation: The DN found within the servercertificate was not listed as a valid DN within theconfiguration file.

Administrator response: Ensure that the correct servercertificate is supplied, or modify the list of valid DN'swithin the configuration file.

DPWDS0321E The replica %s in replica set %s doesnot have permission to access thedistributed session cache server.

Explanation: The distributed session cache server hasbeen configured to require authentication, but thedistributed session cache client either did notauthenticate, or authenticated using an identity thatdoes not have permission to access the distributedsession cache server.

Administrator response: Ensure the distributedsession cache client has been configured to use HTTPSto access the distributed session cache server, and thatthe configuration file specifies the correct clientcertificate. Check that the distributed session cacheserver security role mappings are correct. It may benecessary to restart the client.

DPWDS0322E The distributed session cache serverfor the replica set, %s, of the replica, %s,could not be reached.

Explanation: An unsuccessful attempt has been madeto communicate with an interface of the distributedsession cache server.

Administrator response: Ensure that the distributedsession cache server is running and can be reached bythe client. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0323E No session keys are currentlyavailable for replica %s in replica set%s.

Explanation: A request was made for the currentsession key, but no key has been stored in the key table.


DPWDS0450E Error parsing STS response elementline %d, column %d: '%s'. The elementtext was '%s'.

Explanation: The STS returned an unintelligible XMLresponse.

Administrator response: If other elements of the STSresponse are complete, SSO will continue. Otherwise,SSO will fail. If SSO fails, exmaine the element todetermine why the STS response was invalid.

DPWDS0451E Unable to parse timestamp '%s'

Explanation: The timestamp returned from the STSwas unintelligible.

Administrator response: Examine the element todetermine why the timestamp was invalid.

DPWDS0452E Unable to parse timestamp.

Explanation: The timestamp returned from the STSwas unintelligible.

Administrator response: Examine the element todetermine why the timestamp was invalid.

DPWDS0453E The STS response did not contain theelement '%s'

Explanation: The STS response was incomplete.

Administrator response: The TFIM server may not befunctioning properly, or the STS module may need tobe modified to return the necessary data.

DPWDS0454E The STS response did not contain anecessary element.

Explanation: The STS response was incomplete.

Administrator response: Examine other entries in thelogs to determine which element was missing. TheTFIM server may not be functioning properly, or theSTS module may need to be modified to return thenecessary data.



DPWDS0455E Token types other than 'kerberos'require that you specify an HTTPheader name with the 'header-name'configuration option or an HTTP cookiename with the 'cookie-name'configuration option.

Explanation: A configuration option was missing fromthe configuration file

Administrator response: Add the needed entries tothe configuration file.

DPWDS0456E Error %08x occurred when retrievinga token for user '%s' to access '%s'. Referto other log messages for additionaldetail.

Explanation: An attempt to retrieve a token to accessa resource failed. Other messages with greater detailhave been logged.

Administrator response: Examine other entries in thelogs to determine the root cause of the failure.

DPWDS0600E An unexpected AXIS exception wascaught while processing a client request.Error message %s (0x%x) was returnedwith the exception.

Explanation: AXIS returned an exception conditionwhile process a client request.

Administrator response: Refer to the error log todetermine if an error message accompanied theexception.

DPWDS0601E A failure occurred while processing areceived distributed session request.

Explanation: An error occurred when processing adistributed session request.


DPWDS0602E The server could not bind to theconfigured address: %s

Explanation: An error occurred when the serverattempted to bind to the configured IP address.

Administrator response: Chck the configured IPaddress to ensure that it is a valid local address on theserver.

DPWDS0604W The distributed session cache serverhas started.

Explanation: The distributed session cache server hasstarted.

Administrator response: No action required.

DPWDS0605W The distributed session cache serverhas been stopped.

Explanation: The distributed session cache server hasbeen stopped by the administrator.


DPWDS0606E Could not accept incomingconnection on '%s:%d': system errornumber = %d

Explanation: The Operating System returned an errorwhen the server attempted to accept an incomingconnection.

Administrator response: Check the server has notexceeded system resource limits. For further details onthe problem refer to the system error number in theoperating system documentation.

DPWDS0607E Could not accept incomingconnection

Explanation: The Operating System returned an errorwhen the server attempted to accept an incomingconnection.

Administrator response: Check the server has notexceeded system resource limits.

DPWDS0608E Could not poll for any incomingconnections: system error number = %d

Explanation: The Operating System returned an errorwhen the server attempted to poll for an incomingconnection on the configured addresses and port.


DPWDS0609E Could not poll for incomingconnection

Explanation: The Operating System returned an errorwhen the server attempted to poll for an incomingconnection on the configured addresses and port.




DPWDS0610E Could not determine the localnetwork address of a connection: systemerror number = %d

Explanation: The Operating System returned an errorwhen the server attempted to determine the networkinterface over which the incoming connection wasreceived.


DPWDS0611E Could not determine the localnetwork address of a connection

Explanation: The Operating System returned an errorwhen the server attempted to determine the networkinterface over which the incoming connection wasreceived.


DPWDS0612E The %s '%s' is a duplicate or a subsetof another configured %s entry.

Explanation: It is not valid to specify the sameaddress twice, or to specify an address like '::' or 0.0.0.0with additional addresses as they cover all addresses.

Administrator response: Modify the serverconfiguration file and remove the listen-addressconfiguration entry which is causing the problem.

DPWDS0613E A configured address is a duplicateor a subset of another.

Explanation: It is not valid to specify the sameaddress twice, or to specify an address like '::' or'0.0.0.0' with additional addresses as they cover alladdresses.

Administrator response: Modify the serverconfiguration file and remove the address causing theproblem.

DPWDS0614E accept-admin-address values must bea subset of the listen-address addresses.

Explanation: It is not valid to specify anaccept-admin-address that is not also included by thelisten-address configuration.

Administrator response: Modify the serverconfiguration file and correct the accept-admin-addressconfiguration entry which is causing the problem.

DPWDS0615E Could not determine the remotenetwork address of a connection: systemerror number = %d

Explanation: The Operating System returned an errorwhen the server attempted to determine the remotenetwork address from which the incoming connectionwas received.


DPWDS0616E Could not determine the remotenetwork address of a connection

Explanation: The Operating System returned an errorwhen the server attempted to determine the remotenetwork address from which the incoming connectionwas received.


DPWDS0617W Entering standby mode.

Explanation: The DSC server is changing mode, orstarting up in standby mode. This is likely expectedbehavior caused by the startup of the server, or by thechanging of the server mode by an administrator.

Administrator response: This is likely expectedbehavior and no action is required.

DPWDS0618W Entering active mode.

Explanation: The DSC server is changing mode intoactive mode. At startup the server begins in standbymode and if appropriate will change to active mode. Orthe active Distributed Session Cache server may havefailed and this server is taking over as the active. Orthe administrator has changed the mode of the server.

Administrator response: If this is not a startup modechange, then check the previous primary DSC serverfor failure.

DPWDS0619E A database operation failed on line%d with error %d: '%s'. Native error %d.SQL state: '%s'

Explanation: An error was encountered while savingor reading session data to or from the database.

Administrator response: Check the SQL error messagefor the possible cause.



DPWDS0620E A database operation failed.

Explanation: An error was encountered while savingor reading session data to or from the database.

Administrator response: Check the log for an SQLerror message which contains a possible cause.

DPWDS0621E The command 'ADMIN COMMAND'hsb state' failed with an error %d: '%s'.

Explanation: An error was encountered whileattempting to determine the HSB state of the embeddedSolidDB server.

Administrator response: Check the error code andmessage for a possible cause.

DPWDS0622E Unable to start the embeddedSolidDB server. Error %d.

Explanation: An error was encountered whileattempting to start the embedded SolidDB server.

Administrator response: Check the error code for thepossible cause, such as invalid permissions on thedatabase and log files.

DPWDS0623E Unable to start the embeddedSolidDB server.

Explanation: An error was encountered whileattempting to start the embedded SolidDB server.

Administrator response: Check the error code in thelog for a possible cause, such as invalid permissions onthe database and log files.

DPWDS0624E Unable to register a shutdownnotifier function with the SolidDBserver. Error %d.

Explanation: An error was encountered whileattempting to register a call back function with theembedded SolidDB server. This call back is required fordetection of the shutdown of the embedded SolidDBserver.

Administrator response: Check the error code for thepossible cause.

DPWDS0625E Unable to register a shutdownnotifier function with the embeddedSolidDB server.

Explanation: An error was encountered whileattempting to register a call back function with theembedded SolidDB server. This call back is required fordetection of the shutdown of the embedded SolidDBserver.

Administrator response: Check the error code in thelog for the possible cause.

DPWDS0626E Unable to load and extract functionsfrom the SolidDB shared library.

Explanation: An error was encountered whileattempting to load the library containing the embeddedSolidDB server.

Administrator response: Check the log for additionalerror messages.

DPWDS0627E The configuration value of %d fornumber-of-nodes is not valid. It must be0, 1, 2 or 4.

Explanation: The number-of-nodes configurationvalue has an incorrect value.

Administrator response: Change the configuration filevalue to be correct and retry.

DPWDS0628E The configuration value fornumber-of-nodes is not valid. It must be0, 1, 2 or 4.

Explanation: The number-of-nodes configurationvalue has an incorrect value.


DPWDS0629E The configuration value of %d fornode-number is not valid. It must be 0for number-of-nodes = 0, else a valuefrom 1 to number-of-nodes.

Explanation: The node-number configuration valuehas an incorrect value.


DPWDS0630E The configuration value fornode-number is not valid. It must be 0for number-of-nodes = 0, else a valuefrom 1 to number-of-nodes.

Explanation: The node-number configuration valuehas an incorrect value.


DPWDS0631E The option -n '%s' is not valid for -N'%s'. For -N 0 the value for -n must be 0,else a value from 1 to the value of -N.

Explanation: The -n command line option value hasan incorrect value.

Administrator response: Correct the command lineoption and retry.



DPWDS0632E The password option -p must besupplied and must not be an emptystring.

Explanation: The -p command line option value wasnot provided or was an empty string.

Administrator response: Correct the command lineoption and retry.

DPWDS0633E The option '%s' must be supplied.

Explanation: A required command line option valuewas not provided.

Administrator response: Add the missing option tothe command line and then retry.

DPWDS0634E The option -N '%s' is not valid. Itmust be one of 0, 1, 2 or 4.

Explanation: The -N command line option value hasan incorrect value.

Administrator response: Correct the -N command lineoption and retry.

DPWDS0636E Only one of the '-C', '-U' or '-X'options must be provided.

Explanation: Either none of the -C, -U or '-X' optionswere provided, or more than one was provided.

Administrator response: Either ensure that only oneof the -C, -U, or -X options are provided.

DPWDS0637E The Distributed Session Cache serveris already configured or there is anunexpected problem with theconfiguration file '%s'

Explanation: Either the Distributed Session Cacheserver configuration file exists, indicating it is alreadyconfigured, or there was a problem attempting to checkif the file exists.

Administrator response: Unconfigure the DistributedSession Cache server before attempting to configure itagain. If the specified configuration file does not existthen ensure the directory which would contain the fileis valid.

DPWDS0638E Unable to contact the remote DSCserver at '%s'.

Explanation: A test probe of the specified DistributedSession Cache server failed. This indicates that it maynot be operational, the network connection is down, orthe address and port used to access it are not correct.

Administrator response: Ensure that the specifiedDistributed Session Cache server is running.

DPWDS0639E Unable to open the file '%s' error %d:'%s'.

Explanation: The configuration process failed to openthe template configuration file.

Administrator response: Examine the error code andmessage for the cause of the failure and correct it.

DPWDS0640E Unable to create the file '%s' error%d: '%s'.

Explanation: The configuration process failed to createa new configuration file.

Administrator response: Examine the error code andmessage for the cause of the create failure and correctit.

DPWDS0641E Error processing the configurationfile '%s' line %d: '%s'.

Explanation: An error occured while processing theconfiguration file.

Administrator response: Examine the specified linefor the cause of the error and correct it.

DPWDS0642E Unable to remove the file '%s' error%d: '%s'.

Explanation: The unconfiguration process failed toremove a file.

Administrator response: Examine the error code andmessage for the cause of the failure and correct it.

DPWDS0643E Failed to create and initialize thebacking database.

Explanation: The DSC uses a backing SolidDBdatabase to replicate session data for failover scenarios.The configuration tool was unable to create andinitialize the database.

Administrator response: Retry the operation to see ifthe problem persists.

DPWDS0644E Failed to put the backing databaseinto a writable mode.

Explanation: The DSC uses a backing SolidDBdatabase to replicate session data for failover scenarios.The configuration tool was unable to put the databaseinto a mode which will allow the data to be modified.




DPWDS0645E Failed to cleanly shutdown thebacking database.

Explanation: The DSC uses a backing SolidDBdatabase to replicate session data for failover scenarios.The configuration tool was unable cleanly shutdownthe database.


DPWDS0646E Failed to copy the data from theprimary distributed session cachebacking database to the secondary.

Explanation: The DSC uses a backing SolidDBdatabase to replicate session data for failover scenarios.The configuration tool failed to perform the initial copyof the data from the primary database to the secondary.

Administrator response: Ensure that the primarydistributed session cache server is running andcorrectly configured as the primary node forreplication.

DPWDS0647E Failed to change the ownership of thebacking database or configuration files.

Explanation: The ownership of the DSC backingSolidDB database or configuration files could not bechanged to the user and group ID specified in thetemplate configuration file.


DPWDS0648E Failed to send updates to the masterDistributed Session Cache server. State%d with error %d '%s'. Attempting torecover.

Explanation: When an isolated Replica DistributeSession Cache server reconnects with the Master it willsend it's updates to the Master. This error messageindicates that the send failed and an attempt is beingmade to recover automatically.

Administrator response: The server will attempt torecover. Monitor for additional message in caserecovery is not successful. Ensure the network and allDistribute Session Cache servers are functioningcorrectly.

DPWDS0651W The Distribute Session Cache serveris waiting for the initial copy of thedatabase to be send to it.

Explanation: The embedded SolidDB server isconfigured as a Secondary in a Highly Available pairand is waiting for the Primary in the pair to send theinitial copy of the database.

Administrator response: If the copy does not occur

then ensure the associated Distributed Session Cacheservers are running so they can provide the database.

DPWDS0653W The Distribute Session Cache serverhas applied the updated copy ofdatabase.

Explanation: The embedded SolidDB server hasreceived a complete replacement copy of the databasefrom the primary and is now using it.


DPWDS0654E Failed to unregister this replica fromthe master database.

Explanation: While unconfiguring the node the toolwas not able to unregister it from the master database.

Administrator response: If the master node will alsobe unconfigured you can ignore this error. If the masternode is not running then start it and attempt to clearthis issue by configuring and unconfiguring this node.The configure may experience an error as the node mayhave been left registered, but this can be ignored andthe unconfigure should clear the issue.

DPWDS0655E The tool was not able to create thetempory file '%s', error: '%s'.

Explanation: While unconfiguring the node the toolwas not able to create a tempory file of SQL commandsto unregister it from the master database.

Administrator response: If the master node will alsobe unconfigured you can ignore this error.

DPWDS0750E The administration interface of thedistributed session cache server did notreturn all expected data.

Explanation: Return data from a distributed sessioncache server administration operation was missing.

Administrator response: Ensure the correct version ofthe distributed session cache server and client is beingused. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0751E The administration interface of thedistributed session cache server returnedsome unexpected data.

Explanation: The return data from a distributedsession cache server administration operation was of anunexpected format.

Administrator response: Ensure the correct version ofthe distributed session cache server and client is beingused. If the problem persists, check IBM ElectronicSupport for additional information -



http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0752E The %s operation of the distributedsession cache server administrationinterface did not return all expecteddata: %s.

Explanation: The indicated return data from adistributed session cache server administrationoperation is missing.


DPWDS0753E The %s operation of the distributedsession cache server administrationinterface returned some data for the %sattribute which was not in the expectedformat.

Explanation: The return data from a distributedsession cache server administration operation was of anunexpected format.


DPWDS0754E An error occurred when attempting tocommunicate with the administrationinterface of the distributed session cacheserver using the URL %s: %s (0x%x).

Explanation: An attempt was made to communicatewith the administration interface of the distributedsession cache server and a failure occurred within theunderlying communications layer.

Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Ensure the administration interface of thedistributed session cache server is available andreachable. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0755E The administration interface of thedistributed session cache server couldnot be accessed.

Explanation: An unsuccessful attempt has been madeto communicate with the administration interface of thedistributed session cache server.

Administrator response: Ensure the administrationinterface of the distributed session cache server isavailable and can be reached by the client. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWDS0762W No replicas were found for thespecified replica set.

Explanation: A request was made to display aspecified replica set, but no replicas are currentlyregistered with the replica set.

Administrator response: No action is required, this isa status message.

DPWDS0766W No sessions were found whichmatch the specified search criteria.

Explanation: A request was made to list sessionswhich match specified criteria, but no matchingsessions were found.

Administrator response: No action is required, this isa status message.

DPWDS0767W The '%s' instance is invalid.

Explanation: The specified instance, supplied for anadministration task, was invalid.


DPWDS0768E The administration operation is notpermitted on the interface which wasused to contact the distributed sessioncache server.

Explanation: The Distributed Session Cache server canbe configured to restrict access for administrationcommands to a subset of the network interfaces it isconfigured to use. The administration request was notreceived on one of the permitted interfaces.

Administrator response: Change the interface of theDistributed Session Cache server being addressed, oradjust the configuration of the Distributed SessionCache server.

DPWDS0769E The administration operation from'%s' is not permitted on the interface'%s'.

Explanation: The Distributed Session Cache server canbe configured to restrict access for administrationcommands to a subset of the network interfaces it isconfigured to use. The administration request was notreceived on one of the permitted interfaces.

Administrator response: Change the interface of the



Distributed Session Cache server being addressed, oradjust the configuration of the Distributed SessionCache server.

DPWDS0770E Function call, func, failed error: errorcode error text.

Explanation: The specified GSKit function failed whilesetting up for SSL connections to the DistributedSession Cache server. Or perhaps the initial handshakefailed due to invalid certificates or the client simplyclosed the connection abruptly.

Administrator response: Examine the error text togain insight on the problem.

DPWIV0151E Could not initialize serviceabilitycomponent (%s, 0x%8.8lx)

Explanation: WebSEAL was unable to register theservice component with the serviceibility subsystem orregister an in memory catalog. The error code output inthe message will give finer details as to why. Mostlikely it will be due to a lack of memory or a designflaw.

Administrator response: Check memory ulimit onUNIX platforms, and available memory on all types ofplatforms. Increase available memory to the WebSEALprocess if applicable.

DPWIV0152E Could not register serviceabilitymessage table (%s, 0x%8.8lx)

Explanation: WebSEAL was unable to register an inmemory catalog. The error code output in the messagewill give finer details as to why. Most likely it will bedue to a lack of memory or a program design flaw.

Administrator response: Check memory ulimit onUNIX platforms, and available memory on all types ofplatforms. Increase available memory to the WebSEALprocess if applicable.

DPWIV0154E Could not open configuration file (%s,%d)

Explanation: The configuration file output in themessage was not able to be opened. The error code alsooutput in the message will give finer details. This codeis likely to be one of: 8, failed to lock the file, genericlocking catch-all code. 10, unable to open the file,general open catch-all code. 11, bad argument tofunction from program design flaw. 12, failed to lockthe file, it is already locked. 13, File permissions don'tallow the program to open the file. 14, Insufficentmemory available to the program.

Administrator response: Based on the error codeoutput in the message do one of the following actions.8 or 12, the program may already be running, or theanother process may have the file open and locked. 10or 13, check the file exists and in the case of 13, check

the ownership and access permissions. WebSEAL canchange the user it is running as so examine theWebSEAL configuration file for unix-user. 11 contacttechnical support. 14, check the data ulimit for theprocess and the available memory. Increase it ifpossible.

DPWIV0155E Configuration stanza missing (%s)

Explanation: A necessary configuration file stanza wasnot found.

Administrator response: Make sure the name of thestanza is spelled correctly in the configuration file.

DPWIV0156E Configuration item missing (%s, %s)

Explanation: The configuration entry, output in theerror message, is missing from under the stanza, alsooutput in the error message. The entry is not optional.Possibly a spelling mistake, or a new WebSEAL binarywas installed that requires additional new entries.

Administrator response: Fix any spelling errors oradd the missing entry.

DPWIV0157E Could not initialise servicibilitymessaging (0x%8.8lx)


Administrator response: The message contains anerror code that gives more specific details on the cause.Also until the servicibility messaging is setup, Englishmessages may be output, and on UNIX platforms thesemay additionally be put into syslog under the userfacility. Once the first servicibility message file isinitialised successfully errors may be output tostandard error log files. Check for these messages formore specific details. Also check the language pack forthe locale has been installed.

DPWIV0158E Could not set process rlimit.

Explanation: The UNIX process attempted to set it'sulimit values for the number of file handles and onsome platforms the virtual memory size. If theoperatining system has set hard ulimits smaller thanthe ones requested then it could fail.

Administrator response: Increase relevant operatingsystem kernel specific limits. Typically WebSEAL needs2048 file handles (except on Solaris, where it is 1024).On Solaris WebSEAL attempts to ensure it has aminimum virtual memory ulimit of 192MB. Anotherreason this might fail is that the process was not startedby root.

DPWDS0770E • DPWIV0158E


DPWIV0161E Server is already running (PID %d)

Explanation: The program can not have multipleinstances running. In the case of WebSEAL, only oneWebSEAL process can be running per instance. Theconfilicting program was determined by reading it'sProcess ID (PID) from the a file and determining if thatPID was active.

Administrator response: Ensure only one instance isrunning. On UNIX examine the output of the pscommand to determine the offending instance. It ispossible that if an old PID is in the PID file, andanother process has aquired this old PID that themessage is in error. In that case simply remove the PIDfile and start the process again.

DPWIV0162E Could not create PID file (%s, %d)

Explanation: The program could not create the file,specified in the message text. The reason can bedetermined in more detail from the error number, alsofound in the error text. On UNIX the meaning of thiserror code can typically be found in/usr/include/sys/errno.h. Windows may need tocontact technical support as the included files are notshipped with the operating system. Typical problemsmight be insufficent priviledges, or lack of disk space.

Administrator response: Check the ownership andpermissions on the file, or directory containing the file,allow the process to create or recreate it. Check there issufficent disk space on the file system/partition tocontain the file.

DPWIV0163E Could not become backgroundprocess because output redirectionfailed (%d)

Explanation: One of the four steps to creating abackground daemon process has failed. If the errornumber specified in the error text is -1 or -2, then itwas unable to connect standard error or standard outto a log file. For WebSEAL this log file is the server-logentry in the configuration file. Typically this can becaused by insufficent priviledges on the file or thedirectory containing the file for WebSEAL.

Administrator response: Examine the error code, if -1or -2 then check the ownership and permissions of theservers log file and containing directory.

DPWIV0164W Could not start background process

Explanation: If this message is generated during anattempt to start WebSEAL then the attempt byWebSEAL to fork itself into the background has failed.Typpically some initialization failed in the child processand an additional message will be logged by thebackground child process. But it could also be due toinsufficent operating system resources.

Administrator response: For WebSEAL startup check

for additional errors that indicate why the backgroundprocess stopped.

DPWIV0166E Could not load configuration

Explanation: Unable to load WebSEAL configuration(typically webseald.conf) for for locating LDAPconfiguration information or unable to load ldapconfiguration file (typically ldap.conf). Additionalmessages should be logged detailing why.

Administrator response: Locate additional loggedmessage to determine the problem. If no additionalmessages, examine the ownership, permissions, andexistance of these files.

DPWIV0167E Invalid UNIX user name (%s)

Explanation: The server (typically WebSEAL) failed toget information for the user. It is likely that it is aninvalid user name.

Administrator response: Update the WebSEALconfiguration file (typically webseald.conf) and correctthe user name for 'unix-user' to a valid one.

DPWIV0168E Invalid UNIX group name (%s)

Explanation: The server (typically WebSEAL) failed toget information for the group. It is likely that it is aninvalid group name.

Administrator response: Update the WebSEALconfiguration file (typically webseald.conf) and correctthe group name for 'unix-group' to a valid one.

DPWIV0169E Could not change process GID (%s)

Explanation: The server (typically WebSEAL) failed tochange the processes group ID to the one specified.This can happen if the server does not have theprivaledges required.

Administrator response: Start the server as root orchange the owner of the program to root and set the 's'bit in it's perms.

DPWIV0170E Could not change process UID (%s)

Explanation: The server (typically WebSEAL) failed tochange the processes user ID to the one specified. Thiscan happen if the server does not have the privaledgesrequired.

Administrator response: Start the server as root orchange the owner of the program to root and set the 's'bit in it's perms.

DPWIV0161E • DPWIV0170E


DPWIV0172E Unexpected end of byte stream

Explanation: Message is not used. This is purely usedas in internal status code.

Administrator response: No action is required

DPWIV0173E Could not stop background process(errno %d)



DPWIV0174E Could not change the workingdirectory (errno %d)

Explanation: A child CGI process of WebSEAL isunable to change to the directory containing the CGI.The meaning of the errno value can typically be foundin /usr/include/sys/errno.h and will give finer detailson the cause.

Administrator response: Lookup the errno in errno.hfor the cause.

DPWIV0175E Could not open a pipe (errno %d)

Explanation: WebSEAL failed to create a pipe forcommunicating to a child CGI process of WebSEAL.The meaning of the errno value can typically be foundin /usr/include/sys/errno.h and will give finer detailson the cause.

Administrator response: Lookup the errno in/usr/include/sys/errno.h for the cause.

DPWIV0176E Could not fork (errno %d)

Explanation: WebSEAL failed for fork so that it couldexecute a CGI. This could be due to insufficentoperating system resources.


DPWIV0177E Could not duplicate file descriptor(errno %d)

Explanation: A CGI created by WebSEAL failed toredirect it's standard out or standard in to the pipesused to communicate with the parent WebSEALprocess.


DPWIV0178E Operation forbidden by the operatingsystem



DPWIV0179E Unknown user



DPWIV0180E Missing .conf file setting

Explanation: The expected bind-dn or bind-pwdentries in the ldap configuration file (typicallyldap.conf) are missing.

Administrator response: Add the missing bind-pwdor bind-dn entry.

DPWIV0181E %s: Missing [%s] setting: %s

Explanation: An ldap entry is missing from theconfiguration file.

Administrator response: Add the missing entry.

DPWIV0186E Unable to setup a connection to theLDAP server



DPWIV0187E Invalid LDAP 'replica' entry in configfile



DPWIV0189E Unable to configure LDAP replicainto server.



DPWIV0192W LDAP server %s has failed

Explanation: The LDAP server named in the messageis not responding to requests.

Administrator response: Check the LDAP server isoperational. Once operational WebSEAL will start usingit again automatically. Check the LDAP server name iscorrect.

DPWIV0172E • DPWIV0192W


DPWIV0193W LDAP server %s has recovered

Explanation: The LDAP server named in the messagewas previously non-operational. It is now respondingcorrectly to requests and will be used again.


DPWIV0194E Could not become backgroundprocess because pipe failed. (%d)

Explanation: The pipe() function failed. This errorvalue can typically be found in /usr/include/sys/errno.h and will give finer details on the cause.

Administrator response: Make sure server has thepermission to create interprocess pipes.

DPWIV0195E Could not become backgroundprocess because fork failed. (%d)

Explanation: The fork() function failed. This functionfails when insufficient memory is available, or machineprocess limit is reached. The error value can typicallybe found in /usr/include/sys/errno.h and will givefiner details on the cause.

Administrator response: Make sure server machineresources are available.

DPWIV0196W Could not start background process:%s

Explanation: This is due to the failure to execute aCGI program. Either the program is not executable, orsystem resources are not available to run the program.

Administrator response: WebSEAL could notsuccessfully start a child process. Most likely theprogram does not exist or is not executable.

DPWIV0197E Error in stanza file %s on line %d: %s

Explanation: An error occurred while attempting toread data from a stanza file.

Administrator response: Correct the problem in thestanza file.

DPWIV0198E Error in stanza file.

Explanation: An error occurred while attempting toread data from a stanza f ile. Log files will containmore information.

Administrator response: Examine log files to identifythe error in the stanza file.

DPWIV0199E An unexpected exception occurred atline %s:%d

Explanation: An internal error occurred.


DPWIV0200E An unexpected exception occurred



DPWIV0201E The azn-api function '%s' returned0x%lx

Explanation: An unexpected azn-api function failureoccurred.


DPWIV0202E An azn-api function unexpectedlyfailed

Explanation: An unexpected azn-api function failureoccurred.

Administrator response: Check log files for additionaldetails. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWIV0203E Additional information from azn-api:%s = %s

Explanation: An azn-api error occurred, and thismessage contains more detail about the error.

Administrator response: Check log files for additionaldetails. The exact action to take depends on the contextof the error.

DPWIV0204E An invalid permission string, %s, waslocated for the %s method within the %sstanza.

Explanation: A configured permission string is invalidand not recognized by the IBM Security AccessManager Authorization engine.

Administrator response: Correct the specifiedpermission string within the configuration file andensure that the permission string is valid.

DPWIV0193W • DPWIV0204E


DPWIV0205E The system function '%s' returned0x%lx.

Explanation: An unexpected system function failureoccurred.


DPWIV0450E Could not create new thread (%d)

Explanation: WebSEAL failed to create an additionalthread. This may be due to running out of operatingsystem resources or exceeding process limits.

Administrator response: Check memory and threadlimits for the process, and available memory. The errornumber can be looked up in /usr/include/sys/errno.hfor more details on the problem.

DPWIV0452E Could not cancel thread (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to stop a thread that monitors ajunctions health.

Administrator response: Contact technical support,this is an unexpected internal error. The error numbercan be looked up in /usr/include/sys/errno.h for moredetails on the problem.

DPWIV0453E Could not join thread (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to cleanup a stopped thread thatmonitors junction health.


DPWIV0454E Could not create mutex (%d)

Explanation: WebSEAL failed to create a mutex usedto protect internal resources. This may be due toinsufficent Operating System resources or exceedingprocess limits such as memory.

Administrator response: Check memory limits for theprocess, and available memory. The error number canbe looked up in /usr/include/sys/errno.h for moredetails on the problem.

DPWIV0455E Could not destroy mutex (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to cleanup a mutex used to protectsystem resources.

Administrator response: Contact technical support,

this is an unexpected internal error. The error numbercan be looked up in /usr/include/sys/errno.h for moredetails on the problem.

DPWIV0456E Could not lock mutex (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to lock a mutex used to protectsystem resources.


DPWIV0457E Could not unlock mutex (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to lock a mutex used to protectsystem resources.


DPWIV0458E Could not create condition variable(%d)

Explanation: WebSEAL failed to create a conditionvariable used to wait for events to occur. This may bedue to insufficent Operating System resources orexceeding process limits such as memory.

Administrator response: Check memory limits for theprocess, and available memory. The error number canbe looked up in /usr/include/sys/errno.h for moredetails on the problem.

DPWIV0459E Could not destroy condition variable(%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to release resources used by acondition variable.


DPWIV0460E Could not wait on condition variable(%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to wait on a condition variable.




DPWIV0461E Could not broadcast on conditionvariable (%d)

Explanation: This message indicates a serious internalerror involving the threading library.


DPWIV0462E Could not signal on conditionvariable (%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to signal a condition variable.


DPWIV0463E Could not set thread cancelability(%d)

Explanation: WebSEAL has an unrecoverable internalerror when trying to modify a threads cancel state.


DPWIV0465E Error msg returned from stanzafunction: (%s).For entry: %s/%s.

Explanation: The migrate tool has had an error whilemanipulating a configuration file full of stanzas andentries. The bracketted error string within the errormessage gives more detail.

Administrator response: Correct the error specified bythe bracketted error string.

DPWIV0466E Unsupported configuration item type(%d)

Explanation: The migrate tool has had anunrecoverable internal error. It has encountered anunknown entry type.

Administrator response: Contact technical support,this is an unexpected internal error.

DPWIV0467E Could not create new pthread key(%d)


Administrator response: Contact product support.

DPWIV0468E Could not create default pthreadattributes.

Explanation: WebSEAL failed to create pthreadattributes.

Administrator response: Check available memory forthe process.

DPWIV0469E pthread_attr_setdetachstate() failed(%d)



DPWIV0470E Could not destroy pthread attributes.

Explanation: WebSEAL failed to delete pthreadattributes.

Administrator response: Check available memory forthe process.

DPWIV0471E pthread_rwlock_init() failed (%d)



DPWIV0750E Could not unlink file (%s, %d)

Explanation: Unable to remove the file used to storethe process ID (PID) of the server (typically WebSEAL).This file is used when WebSEAL is started to detect ifWebSEAL is already running. Only one process perinstance of WebSEAL can be running.

Administrator response: Remove the file by hand.Check the permissions and ownership of the directorywhere the file is stored to ensure the server can updateit. Check the error number returned for greater detailsof the cause. It can be looked up in/usr/include/sys/errno.h.

DPWIV0752E Could not open file (%s, %d)

Explanation: Unable to open the file specified in theerror text. This error message is only used internally byWebSEAL and some test programs.

Administrator response: The error number specifiedin the error text gives more details. It can be looked upin /usr/include/sys/errno.h.



DPWIV0753E Error resetting file pointer (%d)

Explanation: An attempt to setup for reading orwriting a file from the start failed. This file is beingused to supply content for a local junction.

Administrator response: This is unexpected and if itpersists should be reported to technical support. Theerror number in this message can be looked up in/usr/include/sys/errno.h for additional details on thecause.

DPWIV0754E Could not close file (%d)

Explanation: Closing a file used for supplying contentfor a local junction failed.


DPWIV0755E Could not truncate file (%d)

Explanation: Truncating a file in a local junctionfailed.


DPWIV0756E Could not deallocate file descriptor%d. (errno: %d)

Explanation: Unable to close unused file handles inchild CGI process.


DPWIV0759W Directory (%s) could not be created.(Errno = %d)

Explanation: Unable to create the directory specifiedin the error message. The directory is created to storecontent from a PUT HTTP request.

Administrator response: This may be due to lack ofdisk space or permissions on parent directories. Formore details on the cause lookup the errno in/usr/include/sys/errno.h

DPWIV0760W The specified path is invalid. (%s)

Explanation: The path specified to the DELETE HTTPrequest is not valid on the local junction.

Administrator response: Correct the HTTP URL tocontain a valid path on the local junction.

DPWIV0761W The file (%s) attributes cannot beobtained. (Errno = %d)

Explanation: Unable to fetch information on the filespecified in the error message. This file is possiblygoing to be the target of a HTTP PUT request.

Administrator response: This may be due topermissions on the file. For more details on the causelookup the errno in /usr/include/sys/errno.h

DPWIV0762W Can't delete non-empty directory (%s)

Explanation: This is only used as an internal status. Itoccurs either during a PUT or DELETE HTTP requestwhen the replaced or deleted directory is not empty.

Administrator response: Don't PUT or DELETE onthis directory until it is empty.

DPWIV0763W Failed to delete file (%s) (Errno = %d)

Explanation: A HTTP PUT or DELETE request iseither replacing or deleting a file on a local junction.This failed.


DPWIV0764E Could not rename file (%s, %s, %d)

Explanation: Unable to rename/move the file to thedestination. This is done in response to a HTTPDELETE request when the delete files are to bearchived.

Administrator response: This may be due topermissions on the source or destination file or theirdirectories. For more details on the cause lookup theerrno in /usr/include/sys/errno.h

DPWIV0766W Write to file (%s) failed. (Errno = %d)

Explanation: The server failed to write to an open file.

Administrator response: This may be due topermissions on the file or because there is insufficientroom in the file system. For more details on the causelookup the errno in /usr/include/sys/errno.h



DPWIV0767E List of directory (%s) failed. (Errno =%d)

Explanation: A system error occurred while trying toread a directory's contents.

Administrator response: Examine the directoryspecified and attempt to determine and correct theproblem that caused the system error.

DPWIV0768E Could not copy file (%s, %s, %d)

Explanation: Unable to copy the file to thedestination. The source of this error depends on thecontext of the operation that failed.

Administrator response: This may be due topermissions on the source or destination file or theirdirectories. For more details on the cause lookup theerrno in /usr/include/sys/errno.h

DPWIV0769W Read from file (%s) failed. (Errno =%d)

Explanation: The server was unable to read from thefile specified.


DPWIV0770W Could not close file (%s). (Errno =%d)

Explanation: The server was unable to close an openfile.

Administrator response: This may be due toinsufficient file system space. For more details on thecause lookup the errno in /usr/include/sys/errno.h

DPWIV1050E Could not create socket: ERRNO = %d

Explanation: WebSEAL failed to create a socket forconnections to junctions, or failed to create the listeningsockets for HTTP and HTTPS connections from clientbrowsers.

Administrator response: Check WebSEAL has notexceeded system resource limits. For more details onthe cause lookup the errno in /usr/include/sys/errno.h.

DPWIV1051E Could not bind socket to port (%d,%d)

Explanation: WebSEAL failed to bind a socket to theHTTP or HTTPS port specified in it's configuration file.

Administrator response: Check WebSEAL has notexceeded system resource limits. Check the portnumbers are valid in the WebSEAL configuration file.Check these ports don't clash with other servers on the

same system. For more details on the cause lookup theerrno in /usr/include/sys/errno.h.

DPWIV1052E Could not bind socket to port %d,interface %s (errno %d)

Explanation: WebSEAL failed to bind a socket to theHTTP or HTTPS port specified in it's configuration fileon a specific network interface address.

Administrator response: Check WebSEAL has notexceeded system resource limits. Check the portnumbers and interface addresses are valid in theWebSEAL configuration file. Check these ports don'tclash with other servers on the same system. For moredetails on the cause lookup the errno in/usr/include/sys/errno.h.

DPWIV1053E Cannot understand requested networkinterface %s

Explanation: WebSEAL failed to validate the HTTP orHTTPS network interface address specified in itsconfiguration file.

Administrator response: Check the interface addressesare valid in the WebSEAL configuration file.

DPWIV1054E Could not connect

Explanation: WebSEAL was unable to connect to ajunctioned Web server.

Administrator response: Check that the host nameand port number specified for the junction are correct.Check that the junctioned Web server is available andresponding.

DPWIV1055E Could not read from socket

Explanation: WebSEAL was unable to read from ajunctioned Web server, or from a browser. The browseror Web server may have closed the connectionprematurely.

Administrator response: Retry the operation, the errorcondition may be temporary. If the error reoccurs checklog files for related messages. Verify that the browser orjunctioned Web server is functioning properly.

DPWIV1056E Could not write to socket

Explanation: WebSEAL was unable to write to ajunctioned Web server, or to a browser. The browser orWeb server may have closed the connectionprematurely.

Administrator response: Retry the operation, the errorcondition may be temporary. If the error reoccurs checklog files for related messages. Verify that the browser orjunctioned Web server is functioning properly. If thisoccurs when WebSEAL is writing to a junctioned Webserver, try sending the request to the junctioned Web



server directly and examine the response from theserver.

DPWIV1057E Could not close socket (errno %d)

Explanation: WebSEAL encountered an error whenattempting to close a socket.


DPWIV1058E Could not call select() on socket

Explanation: WebSEAL encountered an error whileusing the select function on a socket.


DPWIV1059E Timeout occurred while attempting toread from socket

Explanation: A timeout occurred when WebSEAL wasattempting to read from a socket.


DPWIV1060E Could not read from socket (%d)

Explanation: A timeout occurred when WebSEAL wasattempting to read from a socket.


DPWIV1061E Could not write to socket (%d)

Explanation: An unexpected error occurred whilewriting to a socket.


DPWIV1062E Unable to resolve IP address forhostname '%s' (Error %d: %s)

Explanation: An attempt to resolve a hostname to anIP address failed. There are many possible reasons forfailure, and the system error code and error text can beused to isolate the problem.

Administrator response: The source for this errordepends on the exact context of the error.Administrators should verify that the hostnamespecified is correct, and that DNS can resolve thehostname properly. Check the DNS configuration theserver logging this error. The system error code anderror text may provide more detail about the problem.

DPWIV1063E Unable to resolve IP address forhostname.

Explanation: An attempt to resolve a hostname to anIP address failed.

Administrator response: Check the logs for additionalerror messages. Other messages will contain moredetail about the problem.

DPWIV1064E Could not set socket options (%d)

Explanation: There was a failure in setting socketoptions.

Administrator response: Check that WebSEAL has notexceeded system resource limits. For more details onthe cause, lookup the errno in /usr/include/sys/errno.h.

DPWIV1065E Could not get socket options (%d)

Explanation: There was a failure trying to get socketoptions.

Administrator response: Check that WebSEAL has notexceeded system resource limits. For more details onthe cause, look up the errno in /usr/include/sys/errno.h.

DPWIV1066E Could not obtain the socket details:ERRNO = %d

Explanation: WebSEAL failed to obtain the connectiondetails for a connected socket.

Administrator response: Check WebSEAL has notexceeded system resource limits. For more details onthe cause lookup the errno in /usr/include/sys/errno.h.

DPWIV1200E Could not write to SSL connection

Explanation: This is used only as an internal errorcode. It should not be visible.


DPWIV1201E Could not read from SSL connection



DPWIV1203E Could not create new SSL connection



DPWIV1210W Function call, func, failed error: errorcode error text.

Explanation: The specified GSKit function failed whilesetting up for SSL connections to junctions or frombrowsers. Or perhaps the initial handshake failed dueto invalid certificates or the browser simply closed theconnection abruptly.

Administrator response: Examine the error text togain insite on the problem. Typical problems might bethat the PKCS#11 library is incorrectly specified, or the



PKCS#11 token or token password is incorrect, or thePKCS#11 token is not setup.

DPWIV1212W No server DN is defined for '%s'.The junctioned server DN verification isnot performed.

Explanation: No server DN is defined in the junctiondatabase. DN verification against server certificate willbe ignored.

Administrator response: Recreate the junctionspecifying the junctioned servers certificate DN or turnoff mutual authentication on the junction.

DPWIV1213E Could not get junctioned server (%s)certificate

Explanation: The SSL connection to the specifiedjunction did not have a certificate presented from thejunctioned server.

Administrator response: Check the server side'scertificate has been configured.

DPWIV1214E Could not get junctioned server (%s)certificate's DN


Administrator response: Check the junctioned serveris presenting a certificate that has a printable DNpresent

DPWIV1215E Error in junctioned server DNverification (%s)

Explanation: The DN in the certificate presented bythe junctioned server contains a DN that does notmatch the one specified when the junction was created.

Administrator response: Check the junctioned server'sDN with the one specified during the junction creation.

DPWIV1216E The junctioned server presented aninvalid certificate.

Explanation: The certificate presented by the backendserver failed validation.

Administrator response: Install the CA root certificatein the WebSEAL certificate key database.

DPWIV1217W SSL connection error.

Explanation: This is an internal error status notvisible. Error code returned when an ssl connectionfailed

Administrator response: Check logs for more details.

DPWIV1218E Error in junctioned server DNverification.

Explanation: The DN specified when the junction wascreated did not match the DN in the certificatepresented by the server.

Administrator response: Check the junctioned server'sDN with the one specified during the junction creation.

DPWIV1219E An SSL toolkit failure occured whilecalling %s. Error: %s.

Explanation: An internal SSL error occurred.

Administrator response: The action to correct thisproblem depends on details in the error message.

DPWIV1220E An ICC toolkit failure occurred.

Explanation: An internal ICC error occurred.

Administrator response: This error is alwaysaccompanied with a serviceability log error messagedetailing the ICC routine which failed and the reasonfor the failure. The action to correct this problemdepends on details in the serviceability log message. Ifthe problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWIV1221E An ICC toolkit failure occurred whilecalling %s. Error: %s.

Explanation: An internal ICC error occurred.

Administrator response: The action to correct thisproblem depends on details in the error message. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWIV1222E An ICC toolkit failure occurred whilecalling %s. No further details areknown.

Explanation: An internal ICC error occurred.However, no details about the error we able to bedetermined beyond the name of the ICC functionwhich failed.


DPWIV1212W • DPWIV1222E


DPWIV1350E An error occurred when loading ashared library.

Explanation: This message indicates that a problemoccurred when loading a shared library. Other logmessages will have additional information.

Administrator response: Examine log files for moredetailed error messages.

DPWIV1351E The shared library '%s' could not beloaded because of system error code %d.System error text: %s.

Explanation: Opening a shared library failed. Theshared library may not exist, permissions on the librarymay be incorrect, or it may contain other errors thatprevent it from loading.

Administrator response: Examine the system errorcode and text to determine the nature of the problem.Make sure the shared library exists and is readable.Make sure all of the symbols in the library can beresolved.

DPWIV1352E The symbol '%s' in the shared library'%s' could not be loaded because ofsystem error code %d. System error text:%s.

Explanation: Resolving a symbol from a shared libraryfailed after the library was initially loaded. The symbolmay not exist in the library or other symbols on whichthis symbol depends might not be available.

Administrator response: Examine the system errorcode and text to determine the nature of the problem.Make sure the shared library implements and exportsthe function being resolved. Make sure all of thesymbols required by the shared library can be resolved.

DPWNS0150E Process can't access directory '%s',error: 0x%8.8lx

Explanation: The process is trying to change it'sworking directory

Administrator response: Check the UID running theprocess has the correct permissions

DPWNS0165E The certificate revocation check resultwas undetermined. The subject issuer is'%s'.

Explanation: An OCSP CRL check could notdetermine if the certificate is revoked. This is usuallydue to an unresponsive OCSP responder.

Administrator response: Check the OCSP responder isoperating.

DPWNS0166E The junction server, '%s', certificaterevocation check result wasundetermined. The subject issuer is '%s'.

Explanation: An OCSP CRL check could notdetermine if the junctions certificate is revoked. This isusually due to an unresponsive OCSP responder.

Administrator response: Check the OCSP responder isoperating.

DPWNS0301W Junction server '%s:%d' isrenegotiating SSL sessions at a rate of%ld per minute.

Explanation: The SSL server junctioned behindWebSEAL is forcing WebSEAL to renegotiate new SSLSessions at a rate higher than specified by [junction]jct-ssl-reneg-warning-rate.

Administrator response: Ensure the junctioned SSLserver has SSL session caching enabled and functioningcorrectly, or check that any intervening load balancersare not causing this issue by forcing WebSEAL toalternate between two SSL servers.

DPWNS0450E The pattern '%s' is not a valid MIMEtype matching pattern.

Explanation: MIME type patterns must be either exact(type/subtype), subtype wild cards (type/*), or typeand subtype wildcards (*/*).

Administrator response: Make sure the mime typespecified is valid.

DPWNS0451E Invalid MIME matching pattern.

Explanation: Mime type patterns must be either exact(type/subtype), subtype wild cards (type/*), or typeand subtype wildcards (*/*).

Administrator response: Make sure the mime typespecified is valid.

DPWNS0452E Invalid MIME type '%s'.

Explanation: An attempt was made to lookup a matchfor a MIME type that did not contain a '/'.

Administrator response: Check the MIME typeconfiguration of your servers to verify that they arereturning valid MIME types for all documents.

DPWNS0453E Invalid MIME type.

Explanation: An attempt was made to lookup a matchfor a MIME type that did not contain a '/'.

Administrator response: Check the MIME typeconfiguration of your servers to verify that they arereturning valid MIME types for all documents.

DPWIV1350E • DPWNS0453E


DPWNS0600E Compression initialization failedwith error code %d (%s).

Explanation: Initialization of compression failed. Thiserror should never occur.


DPWNS0601E Compression failed with error code%d (%s).

Explanation: Compression of a document failed. Thiserror should never occur.


DPWNS0602E Completion of compression failedwith error code %d (%s).

Explanation: The completion of documentcompression failed. This error should never occur.


DPWNS0603E An error occured during documentcompression.

Explanation: This error is returned when a problemwas encountered during document compression.

Administrator response: Examine log files foradditional information.

DPWNS0750E The HTTP header key '%d' is invalid.

Explanation: This message indicates an internal error.An attempt was made to reference an HTTP headerusing an invalid key.


DPWNS0900E The client certificate EAI requestfailed: %s (0x%lx)

Explanation: This error is returned when the EAIrequest which has been generated by WebSEAL doesnot return a valid HTTP response.

Administrator response: Examine log files foradditional information.

DPWNS0901E No EAI authentication data wasprovided with the EAI response.

Explanation: This error is returned when the EAIresponse lacks all of the configured EAI authenticationheaders.

Administrator response: Examine the log files foradditional information. Check the EAI application toensure that valid authentication headers are being set.

DPWNS1050E Session cache creation failed.

Explanation: This message can indicate a failure dueto system resource limitations.

Administrator response: Check available systemmemory and process resource usage limits.

DPWNS1051E Addition or update of a session cacheentry failed.

Explanation: This message indicates an internal error.


DPWNS1052W A session cache entry was not found.

Explanation: This message indicates that an expectedsession cache entry was not found.

Administrator response: No action is necessary unlessother problems are experienced.

DPWNS1053E Session owner tracking is notsupported in this configuration.

Explanation: This message indicates that an attemptwas made to get a list of the sessions associated with auser when session owner tracking was not enabled.

Administrator response: Refer to the WebSEALAdministration Guide for instructions on how to enabletracking of session owners.

DPWNS1054E Invalid session ID.

Explanation: This message indicates that an invalidsession ID was encountered when trying to generate aninternal representation of the ID. The most likely causeof this error is a malformed session cookie from abrowser.

Administrator response: No action is necessary. Anew session and session cookie is created as needed.

DPWNS0600E • DPWNS1054E


DPWNS1055E You are already logged in fromanother client. You can either wait forthe other login to end or contact yourlocal support personnel to cancel theexisting login.

Explanation: This message indicates that themaximum number of concurrent sessions for the userhas been reached and no new sessions will bepermitted until one of the existing sessions has ended.

Administrator response: Refer to the WebSEALAdministration Guide discussion of concurrent loginsessions for more complete information.

DPWNS1056W You are already logged in fromanother client. Do you want to terminateyour existing login or cancel this newlogin request?

Explanation: This message indicates that themaximum number of concurrent sessions for the userhas been reached, and that the user can choose toreplace an existing session.

Administrator response: The action depends on thereason for the previous session. If the user closed theirbrowser without properly logging out or does not needtheir old session, they can press the 'Terminate existinglogin' button. If the user does need their old session,they should press the 'Cancel this new login' button.

DPWNS1057E Unable to intialize the distributedsession API (error code 0x%08lx)

Explanation: Initialization of the distributed sessionAPI failed. This error should never occur. The errorcode in the message might reveal more informationabout the problem.

Administrator response: Look up the error codeincluded in the message in the IBM Security AccessManager for Web Troubleshooting Guide.

DPWNS1058E Unable to join the replica set '%s'(error code 0x%08lx)

Explanation: The WebSEAL server attempted to join aparticular replica set but the operation failed. The SMSmight not be available, or may have prevented theWebSEAL server from joining the replica set for somereason.

Administrator response: Make sure the correctprotocol, host name, and port for the SMS in theWebSEAL configuration file are correct. Make sure theSMS server is running and can be reached from theWebSEAL server machine. Make sure the SMS server isconfigured to host the specified replica set. Check thelog file for additional errors. If necessary, look up theerror code from the message in the IBM Security AccessManager for Web Troubleshooting Guide for additionaltroubleshooting steps.

DPWNS1059E Unable to shut down the distributedsession API (error code 0x%08lx)

Explanation: Shutdown of the distributed session APIfailed. This error should never occur. The error code inthe message might reveal more information about theproblem.


DPWNS1060E Unable to leave the replica set '%s'(error code 0x%08lx)

Explanation: The WebSEAL server attempted to leavea particular replica set but the operation failed. TheSMS might not be available or there might have beenanother problem when leaving the replica set.


DPWNS1061E An attempt to create a session failedwith error code 0x%08lx.

Explanation: An attempt to create a session at theSMS failed.

Administrator response: Repeat the operation. If theproblem continues to occur, look up the error codeincluded in the message in the IBM Security AccessManager for Web Troubleshooting Guide. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWNS1062E An attempt to update a session failedwith error code 0x%08lx.

Explanation: An attempt to update a session at theSMS failed.


DPWNS1063E An attempt to delete a session failedwith error code 0x%08lx.

Explanation: An attempt to delete a session at theSMS failed.

Administrator response: Repeat the operation. If theproblem continues to occur, look up the error codeincluded in the message in the IBM Security Access



Manager for Web Troubleshooting Guide. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWNS1064E Unknown replica set '%s'

Explanation: An attempt was made to locate a replicaset that was not configured.

Administrator response: Check that the replica setrequested is included in the WebSEAL configurationfile as a replica set that the WebSEAL server shouldjoin.

DPWNS1065E Unknown replica set.

Explanation: An attempt was made to locate a replicaset that was not configured.

Administrator response: Check that the replica setrequested is included in the WebSEAL configurationfile as a replica set that the WebSEAL server shouldjoin.

DPWNS1066E An error with code 0x%08lx occurredwhen decoding a session from the SMS.

Explanation: An attempt to decode a session from theSMS failed.


DPWNS1067E An attempt to generate a newexternal session ID failed with errorcode 0x%08lx.

Explanation: An attempt to generate a new externalsession ID for a session failed.


DPWNS1068E An attempt to register anauthentication failure for user '%s' failedwith status code 0x%08lx.

Explanation: An attempt to notify the SMS of anauthentication failure was unsuccessful.

Administrator response: Check the log file foradditional errors. If necessary, look up the error codefrom the message in the IBM Security Access Manager

for Web Troubleshooting Guide for additionaltroubleshooting steps.

DPWNS1070E Session version mismatch whiledeserializing session data.

Explanation: WebSEAL attempted to deserializesession data but encountered an invalid session version.This indicates that the session was not compatible withthe WebSEAL server that generated this error. Thesession was discarded.

Administrator response: No action is necessary. Anew session will be created as needed. Refer to thedocumentation for the server that generated the invalidsession version for information on compatibility withthe WebSEAL server that generated this error.

DPWNS1071E The max-concurrent-web-sessionspolicy value of '%d' is invalid.

Explanation: The max-concurrent-web-sessions policyreturned from the IBM Security Access ManagerRuntime had an unexpected value. A default value of'unlimited' has been assumed.

Administrator response: Reset themax-concurrent-web-sessions policy for the user. If theproblem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWNS1072W WebSEAL received notification thatthe distributed session cache forreplica-set '%s' was cleared. All localreferences to sessions are beingdiscarded to synchronize the localsession cache with the distributedsession cache.

Explanation: The DSC server notified the WebSEALserver that the distributed session cache was lost. Anysessions remaining on the WebSEAL server are nolonger valid and will be removed. This message willalso be displayed when the WebSEAL server firstregains contact with the DSC server after WebSEAL isrestarted.


DPWNS1074E The single sign-off attempt for theuser '%s' failed because the singlesign-off resource is unavailable.

Explanation: The single sign-off attempt failedbecause the configured single sign-off resource is notaccessible by WebSEAL.

Administrator response: Check that the configuredsingle sign-off resource URI points to a resource on ajunction which is accessible by WebSEAL.



DPWNS1075E The single sign-off attempt to %s foruser '%s' failed because the configuredsingle sign-off resource is notresponding.

Explanation: A single sign-off request was sent to theconfigured single sign-off resource but no response wasreceived.

Administrator response: Check that the configuredsingle sign-off application is running and functioningcorrectly.

DPWNS1076E The single sign-off attempt to %s foruser '%s' failed because the configuredsingle sign-off resource returned aresponse with the HTTP status code %d.

Explanation: An unexpected response was receivedfrom the configured single sign-off resource. WebSEALexpects a response with the HTTP status code 200.

Administrator response: Check that the configuredsingle sign-off application is running and functioningcorrectly.

DPWNS1200W The application server you areaccessing has been taken offline by thesystem administrator.

Explanation: The application server being accessedhas been taken offline or throttled by the systemadministrator.

Administrator response: Try again at a later time orcontact the system administrator for more information.

DPWNS1201E The server is temporarily unable toservice your request. Try again later.

Explanation: The WebSEAL server is unable to servicea request because a needed resource is unavailable.

Administrator response: The WebSEAL server log filewill have more detailed information about why theWebSEAL server is unable to service the request. Checkthe WebSEAL server log file and correct the problem.

DPWNS1202E An error occurred processing a HTTPtransformation.

Explanation: The WebSEAL server is unable to servicea request because a HTTP transformation rule causedan error.

Administrator response: The WebSEAL server log filewill have more detailed information about why theHTTP transformation failed. Check the WebSEALserver log file and correct the HTTP transformationrule.

DPWNS1203E An invalid XML message documentwas used as part of a HTTPtransformation operation.

Explanation: The WebSEAL server is unable to servicea request because an invalid XML message documentwas used as part of a HTTP transformation operation.

Administrator response: The WebSEAL server log filewill have more detailed information about the XMLobject used. Check the WebSEAL server log file andcorrect the HTTP transformation rule.

DPWNS1204E The XML element %s was missingfrom the document generated by aHTTP transformation operation.

Explanation: The WebSEAL server is unable to servicea request because an expected XML element wasmissing from the output document of a HTTPtransformation operation.

Administrator response: Correct the HTTPtransformation rule to ensure the rule includes allrequired elements.

DPWNS1205E The XML attribute %s was missingfrom the %s element for the documentgenerated by a HTTP transformationoperation.

Explanation: The WebSEAL server is unable to servicea request because an expected XML attribute wasmissing from the output document of a HTTPtransformation operation.


DPWNS1206E The XML element %s was missingfrom the request change documentgenerated by a HTTP transformationoperation.

Explanation: The WebSEAL server is unable to servicea request because an expected XML element wasmissing from the request change document as part of aHTTP transformation operation.


DPWNS1207E The XML element %s was missingfrom the response change documentgenerated by a HTTP transformationoperation.

Explanation: The WebSEAL server is usable to servicea request because an expected XML element wasmissing from the response change document as part ofa HTTP transformation operation.




DPWNS1208E The action attribute %s is unknownand therefore cannot be used by a HTTPtransformation operation.

Explanation: The WebSEAL server is unable to servicea request because an unexpected action attribute wasfound as part of a HTTP transformation operation.

Administrator response: Correct the HTTPtransformation rule to ensure the rule outputssupported actions.

DPWNS1209W A configuration entry for theresource %s was not defined in thehttp-transformation stanza of theWebSEAL configuration file andtherefore HTTP transformation cannottake place.

Explanation: A HTTPTransformation resource wasdefined as an extended attribute on a POP but theWebSEAL configuration does not include atransformation rule for this resource.

Administrator response: Correct the WebSEALconfiguration or the POP HTTPTransformation attributeto ensure the resource references an appropriatetransformation rule.

DPWNS1210E The cookie attribute %s is unknownand therefore cannot be used by a HTTPtransformation operation.

Explanation: The WebSEAL server is unable to servicea request because an unexpected cookie attribute wasfound as part of a HTTP transformation operation.

Administrator response: Correct the HTTPtransformation rule so that it does not referenceunsupported cookie attributes.

DPWNS1211W The cookie %s already exists in theHTTP message and as such it cannot beadded by the transformation rule.

Explanation: The WebSEAL server is unable to add acookie to a HTTP message as it already exists in theHTTP message being transformed.

Administrator response: Modify the HTTPtransformation so that it either checks for the existenceof the cookie before adding the new cookie, or specifiesthe update action so that the cookie is updated.

DPWNS1212W The authentication challenge typerules could not be applied becauseWebSEAL received a request withoutthe User-Agent HTTP header.

Explanation: A client which did not present a UserAgent header in their request has made a request toauthenticate with WebSEAL. WebSEAL was unable todetermine the authentication challenge type for thisrequest.


DPWNS1350W Failed to load ARM library '%s':error code %d: error message '%s'. ARMsupport will be disabled.

Explanation: WebSEAL attempted to dynamically loadthe ARM shared library and failed.

Administrator response: Check the shared libraryname is correct and present on the system. Refer to theerror message for more specific information. The sharedlibrary name is specified by the library entry under the[arm] stanza. If loading the ARM library is not desiredset enable = no under the [arm] stanza.

DPWNS1351W ARM library is missing function'%s': error code %d: error message '%s'.ARM support will be disabled.

Explanation: WebSEAL dynamically loaded the ARMshared library and can not find a required function init.

Administrator response: Check the shared libraryname is correct. Refer to the error message for morespecific information. The shared library name isspecified by the library entry under the [arm] stanza.

DPWNS1352W Failed to register the WebSEALapplication with ARM: error code %d:error message '%s'. ARM support willbe disabled.

Explanation: WebSEAL was unable to register itselfwith ARM.

Administrator response: Check ARM setup isoperational. Refer to the error message for morespecific information.

DPWNS1353W Failed to register WebSEALtransaction '%s' with ARM: error code%d: error message '%s'. ARM supportwill be disabled.

Explanation: WebSEAL was unable to register thetransaction with ARM.

Administrator response: Check ARM setup. Refer tothe error message for more specific information.

DPWNS1208E • DPWNS1353W


DPWNS1354W Failed to start WebSEAL as an ARMapplication: error code %d: errormessage '%s'. ARM support will bedisabled.

Explanation: WebSEAL was unable to start as an ARMapplication.

Administrator response: Check ARM setup. Refer tothe error message for more specific information.

DPWNS1356W Failed to stop WebSEAL running asan ARM application: error code %d:error message '%s'.

Explanation: WebSEAL was unable to stop running asan ARM application using arm_stop_application().

Administrator response: Refer to the error messagefor more specific information.

DPWNS1357W Failed to unregister the WebSEALapplication from ARM: error code %d:error message '%s'.

Explanation: WebSEAL was unable to unregister as anARM application using arm_destroy_application().


DPWNS1358W Failed to get ARM transaction '%s'arrival time: error code %d: errormessage '%s'.

Explanation: The call to ARM functionarm_get_arrival_time() failed unexpectedly. Thetransaction will not be reported.


DPWNS1359W Failed to get the length of an ARMcorrelator: error code %d: error message'%s'.

Explanation: The call to ARM functionarm_get_correlator_length() failed unexpectedly. Thecorrelator will not be used.


DPWNS1360W An invalid correlator string waspassed to WebSEAL: '%s'. It will not beused for subsequent transactions.

Explanation: An ARMCorrelator header was receivedby WebSEAL with an invalid value.

Administrator response: Check the applicationmaking the request to WebSEAL. Or disable WebSEALfrom using incoming ARM Correlator by setting

accept-correlators = no in the [arm] stanza.

DPWNS1361W Failed to start ARM transaction '%s':error code %d: error message '%s'. Thetransaction will not be reported.

Explanation: The call to ARM functionarm_start_transaction() failed unexpectedly. Thetransaction will not be reported.

Administrator response: ARM can limit the numberof concurrent transactions being reported. It may bepossible to increase the limit. Also refer to the errormessage for more specific information.

DPWNS1362W Failed to stop ARM transaction '%s':error code %d: error message '%s'.

Explanation: The call to ARM functionarm_stop_transaction() failed unexpectedly.


DPWNS1363W Unable to start ARM transactionreporting as ARM initialization failed.See log files for more information.

Explanation: The 'arm on' command cannot completeas the ARM initialization failed.

Administrator response: Examine the log files for thereason ARM initization failed. Correct this, restartWebSEAL and try again.

DPWNS1364W Unable to start ARM transactionreporting as WebSEAL ARM supporthas been disabled.

Explanation: The 'arm on' command cannot completeas the WebSEAL ARM support has been disabled in theconfiguration file.

Administrator response: To enable ARM support setenable = yes in the [arm] stanza and restart WebSEAL.

DPWNS1365W ARM transaction reporting isalready on.

Explanation: The 'arm on' command is redundant andwill be ignored as arm transaction reporting is alreadyon.

Administrator response: Don't run the 'arm on'command while transaction reporting is on.

DPWNS1366W ARM transaction reporting isalready off.

Explanation: The 'arm off' command is redundant andwill be ignored as arm transaction reporting is alreadyoff.

DPWNS1354W • DPWNS1366W


Administrator response: Don't run the 'arm off'command while transaction reporting is off.

DPWNS1367W Failed to load ARM library '%s':error code %d: error message '%s'. ARMsupport will be disabled.

Explanation: WebSEAL attempted to dynamically loadthe ARM shared library and failed.

Administrator response: Check the shared libraryname is correct and present on the system. Refer to theerror message for more specific information. The sharedlibrary name is specified by the library entry under the[arm] stanza. If loading the ARM library is not desiredset enable-arm = no under the [arm] stanza.

DPWNS1368W Unable to start ARM transactionreporting as WebSEAL ARM supporthas been disabled.

Explanation: The 'arm on' command cannot completeas the WebSEAL ARM support has been disabled in theconfiguration file.

Administrator response: To enable ARM support setenable-arm = yes in the [arm] stanza and restartWebSEAL.

DPWNS1500E The interface '%s', defined in the [%s]stanza, contains an invalid value for'%s'. You must specify either 'http' or'https'.

Explanation: The web-http-protocol andweb-https-protocol interface settings can only contain'http' or 'https'.

Administrator response: Set the value to either 'http'or 'https'

DPWNS1501E The option '%s', defined in the [%s]stanza, contains an invalid value. Youmust specify either 'http' or 'https'.

Explanation: The web-http-protocol andweb-https-protocol settings can only contain 'http' or'https'.

Administrator response: Set the value to either 'http'or 'https'

DPWNS1502E The option '%s' defined in the [%s]stanza contains an invalid port value.

Explanation: The port value provided is either out ofthe valid range, or is not a number.

Administrator response: Provide a valid value for aTCP/IP port in the range 1 to 65535.

DPWWA0150E Cannot allocate memory

Explanation: Memory allocation operation failed.

Administrator response: Check memory limits onyour machine, and increase available memory ifpossible.

DPWWA0151E An insufficient amount of memorywas supplied.

Explanation: An insufficient amount of memory waspassed into a function.


DPWWA0305E The '%s' routine failed for '%s', errno= %ld

Explanation: This is a major internal server failure. Aninternal function call failed.

Administrator response: Contact customer support.

DPWWA0306E Error in configuration file: %s

Explanation: The configuration file contained an error.

Administrator response: Edit the configuration file tocorrect the error.

DPWWA0308W Function name failed with errnovalue

Explanation: This is a generic message used toidentify specific non-fatal function calls failing.

Administrator response: Determine why the functioncall failed.

DPWWA0309E Badly formatted config entry for %scache

Explanation: The configuration defined in the[content-cache] stanza was incorrect.

Administrator response: Correct the values in the[content-cache] stanza of the configuration file.

DPWWA0310E Could not open IBM Security AccessManager WebSEAL configuration file(%s)


Administrator response: Correct problem preventingconfiguration file from being opened.

DPWNS1367W • DPWWA0310E


DPWWA0314E Initialization of authorization APIfailed. Major status=0x%x, minor status= 0x%x


Administrator response: Look up the specifiedmajor/minor status codes either through the ErrorMessage Reference Book or the pdadmin errtxtcommand. Analyze and fix the error based on thatinformation.

DPWWA0315E Initialization of authentication layerfailed: %s

Explanation: One of the authentication libraries failedto load.

Administrator response: Correct the entries for theauthentication libraries in webseald.conf

DPWWA0316W Configuration item value has beenassumed for %s

Explanation: The configuration item value did notmake sense and a default value was assumed

Administrator response: Correct the configurationvariable in webseald.conf

DPWWA0318E Error in configuration file, invalidaccept-client-certs value: %s


Administrator response: Correct the accept-client-certsparameter in webseald.conf

DPWWA0319E Error in configuration file. Whenaccept-client-certs is set to optional orrequired, you must specify a librarywith the cert-ssl option, or you mustspecify an eai-uri option.


Administrator response: Set the cert-ssl parameter inwebseald.conf

DPWWA0320W Error in configuration. Clients andMPAs cannot use the same sessiontypes.

Explanation: Clients and MPAs cannot use the samesession types.

Administrator response: Configure clients and MPAsto use different session types.

DPWWA0321E Value for stanza [%s] entry '%s'contains an illegal trailing backslashcharacter.

Explanation: Backslash characters are used to removeany special meaning of the character following it. Theend of line cannot be treated this way.

Administrator response: Remove the trailing \\character from the the entries value.

DPWWA0322E Value for stanza [%s] entry '%s'contains an unmatched quote.

Explanation: Quote characters are used to allowsvalues to have leading and trailing space characters.The values that have this requirement must have aquote at the begining and end of the region of chars. Aunpaired quote is not legal unless its special meaning isremoved using the backslash character.

Administrator response: Remove the unmatched "character from the the entries value or place a \\ charbefore it to remove its special meaning.

DPWWA0323E Value for stanza [%s] entry '%s'contains a 'name = value' with a missingname.

Explanation: Stanza entries of this type have a specialformat. This format consists of multiple name = valuepairs separated by semicolon characters. In this case thename part of a pair is missing or empty.

Administrator response: Provide a name before the =character.

DPWWA0324E Value for stanza [%s] entry '%s'contains a 'name = value' with a missing= character.

Explanation: Stanza entries of this type have a specialformat. This format consists of multiple 'name = value'pairs separated by semicolon characters. In this case the= separating the pair is missing.

Administrator response: Insert the missing =character.

DPWWA0325E Value for stanza [%s] entry '%s'contains two name value pairs with thesame name '%s'.

Explanation: Stanza entries of this type have a specialformat. This format consists of multiple 'name = value'pairs separated by semicolon characters. In this casethere are two of these pairs with the same name. Thisis illegal as all names must be unique.

Administrator response: Remove or rename one ofthe name value pair with the duplicate name.

DPWWA0314E • DPWWA0325E


DPWWA0326E Stanza [%s] contains an illegalduplicate entry '%s'.

Explanation: This stanza expects entries with uniquenames.

Administrator response: Remove or rename one ofthe entry names.

DPWWA0327W The default WebSEAL TCP and SSLinterfaces have both been disabled,which also disables the defaultWebSEAL worker threads.

Explanation: When both the default WebSEALinterfaces are disabled using [server] https = no andhttp = no the default worker threads are also notcreated. This will make WebSEAL unaccessable unlessadditional interfaces are defined under [interfaces]stanza. Note that these additional interfaces will not beable to share the 'default' worker threads as they willnot have been created.

Administrator response: No action required, it just anunusual situation.

DPWWA0328E The interface '%s' defined in the [%s]stanza contains an illegal empty valuefor '%s'.

Explanation: The worker threads setting in theconfiguration of an interface must be set to either thenumber of worker threads to create, or the name ofanother interface to share worker threads with.Typically this entry will look like 'worker-threads = 50'

Administrator response: Supply a non-empty valuefor worker-threads.

DPWWA0329E The interface '%s' defined in the [%s]stanza contains an illegal value for '%s'.

Explanation: The worker threads setting in theconfiguration of an interface must be set to either thenumber of worker threads to create, or the name ofanother interface to share worker threads with.Typically this entry will look like 'worker-threads = 50'

Administrator response: Provide the name of aninterface that has it's own worker threads or providethe number of worker threads it should create for itself.

DPWWA0330E The interface '%s' defined in the [%s]stanza contains an invalid value for '%s'.

Explanation: The port value provided is either out ofthe legal range or is not a number.

Administrator response: Provide a legal value for aTCP/IP port in the range 1 to 65535.

DPWWA0331E The interface '%s' defined in the [%s]stanza contains an illegal TCP/IPaddress value for '%s'.

Explanation: The TCP/IP value provided is either255.255.255.255 or not a valid string for an TCP/IPaddress

Administrator response: Provide a legal value for aTCP/IP port.

DPWWA0332E Invalid certificate authenticationconfiguration for interface '%s' definedin the [%s] stanza. Incompatiblecombination of accept-client-certs andssl-id-sessions values.


Administrator response: Change theaccept-client-certs or ssl-id-sessions parameter inwebseald.conf.

DPWWA0333E Invalid certificate cacheconfiguration to support interface '%s'defined in the [%s] stanza.


Administrator response: Change the values of thecertificate cache configuration items.

DPWWA0334E Error in configuration file, invalidaccept-client-certs value: %s for interface'%s' defined in the [%s] stanza.


Administrator response: Correct the accept-client-certsparameter in webseald.conf

DPWWA0335E Error in configuration file relating tointerface '%s' defined in the [%s] stanza.When accept-client-certs is set tooptional, required, orprompt_as_needed, specify a librarywith the cert-ssl option or the eai-urioption.


Administrator response: Set the cert-ssl parameter inwebseald.conf

DPWWA0336E The interface '%s' defined in the [%s]stanza must have one of http-port orhttps-port enabled.

Explanation: An interface has no function unless atleast one port is defined.

Administrator response: Assign a port to either orboth of http-port or https-port.



DPWWA0337W The '%s' routine failed in '%s' forinterface %s:%d, errno = %d

Explanation: A non-fatal error was reported from thespecified function, called in a specified function inrelation to the specified interface and port. The systemerror code is given to help diagnose the reason.WebSEAL will continue to function. Typically thisoccurs when a connection from a browser is endedabnormally.

Administrator response: Keep an eye on this and ifthis occurs too often contact WebSEAL customersupport.

DPWWA0338E Not enough free file descriptors inthe process to configure even one of theworker threads wanted by the workerpool named '%s'.

Explanation: Each interface defined can have it's ownworker thread pool. If previous definintions haveconsumed all available resources in creating their ownworker thread pools then there may be nothing left forthis interface. Each worker thread requires 2 filedescriptors. The number of available file descriptors isdependent on the Operating System WebSEAL is runon and is fixed when WebSEAL is constructed.

Administrator response: Reduce the number ofworker threads used by other worker pools.

DPWWA0339W Worker list '%s' has configured %dworker threads which is greater than thesystem can support. It has automaticallybeen reduced to %d.

Explanation: Each operation system has differentlevels of support for threads and open files. Thatcombined with compile time options will provide limitson the configurable number of worker threads.

Administrator response: The software automaticallyreduced the value. However to stop this messageappearing you may set the value in the configurationfile lower.

DPWWA0340E Unable to listen on interface %s:%d,errno = %d

Explanation: The attempt to listen for connections onthe specified interface and port failed. The system errorcode is given to help diagnose the reason.

Administrator response: It is likely the reason forfailure is that another process or WebSEAL interface isalready listening on the same port and networkaddress. Change the port and/or network address toone not in use.

DPWWA0341E Error in configuration file, unknownsetting '%s' for interface '%s' defined inthe [%s] stanza.

Explanation: The interface has an unknownname=value pair in it's configuration. This could bedue to a spelling error.

Administrator response: Remove the unknown settingin the WebSEAL configuration file

DPWWA0342W The configuration data for thisWebSEAL instance has been logged in'%s'

Explanation: This is an informational message.

Administrator response: Informational. No action isrequired.

DPWWA0343E An error occurred trying to log theWebSEAL configuration data at startup.

Explanation: Check the server's error log file forspecific error conditions that could have led to thisfailure. It is possible that there are permission issueswith the configuration data log file or there are spacelimitations in the filesystem.

Administrator response: It is likely that logging theserver's configuration data failed because the desiredlocation for the log file is missing or was specifiedincorrectly in the server's configuration file.

DPWWA0345E The request was too large to store inthe session cache.

Explanation: The request size exceededrequest-max-cache or the message body exceededrequest-body-max-read, so the request could not bestored in the session cache.

Administrator response: Re-submit the request afterauthentication or increase request-max-cache and/orrequest-body-max-read

DPWWA0600E The requested single sign-on serviceis not supported by this server

Explanation: Junction created with an SSOspecification that the server was not built to support

Administrator response: Do not use the single-sign-onservice specified by the junction definition

DPWWA0601E Could not fetch SSO info for user(%s,0x%8lx)

Explanation: Could not map from username/pwd toprincipal/target in SSO

Administrator response: Check mappings fromprincipal/target to username/pwd in SSO

DPWWA0337W • DPWWA0601E


DPWWA0602E User '%s' does not have anyassociated SSO info

Explanation: SSO data either does not exist or isincorrect.

Administrator response: Check that SSO data for thisuser exists and is correct.

DPWWA0603E User '%s' does not have a matchingSSO target

Explanation: The user was found in SSO, but notarget exists for them.

Administrator response: Create a target in SSO forthis user.

DPWWA0605E Can't perform single sign-on. User'%s' is not logged in

Explanation: User must be authenticated to use SSO.

Administrator response: Informative only. User mustbe logged in.

DPWWA0606E Could not sign user '%s' on due toincorrect target

Explanation: Could not sign user on due to incorrecttarget in SSO.

Administrator response: Check the target in SSO forthis user

DPWWA0607E Received basic authenticationchallenge for junction where filtering isbeing applied

Explanation: The junction type filters out BasicAuthentication data, but the junctioned server sent aBA challenge.

Administrator response: Either create the junctionwithout the -filter flag or modify the junctioned serverto not use Basic Authentication.

DPWWA0608E Unable to obtain binding to LDAPserver

Explanation: Unable to obtain binding to LDAP server

Administrator response: Check that LDAP server isrunning and can be accessed.

DPWWA0609E Unable to obtain binding toLDAP-GSO server (0x%8lx)

Explanation: Unable to obtain binding to LDAP-GSOserver

Administrator response: Check that LDAP-GSOserver is running and can be accessed.

DPWWA0625E Either the configuration file ismissing or it has errors.

Explanation: The iv.conf file is either missing, or theLDAP stanza does not have enough information tobind to the LDAP server.

Administrator response: Make sure that theconfiguration file has the ldap stanza and all the LDAPinformation is included in the stanza.

DPWWA0626E This script can only be used todecode form results.

Explanation: This error occurs when the user invokesthe update password URL directly from the browser.

Administrator response: The user needs to invoke thecgi-bin program and change the password from thebrowser.

DPWWA0627E Could not get the LDAPdistinguished name (DN) for the remoteuser.

Explanation: The ira_get_dn(), to get the distinguishedname, failed.

Administrator response: Make sure that the LDAPentry is set for the remote user.

DPWWA0628E The selected resource or resourcegroup does not exist.

Explanation: The user selected a resource or aresource group that does not exist in the LDAPdatabase.

Administrator response: Make sure that the resourceor the resource group exists for the user.

DPWWA0629E Could not bind to the LDAP server.

Explanation: The ira_rgy_init call failed. Contact yourAdministrator.

Administrator response: Make sure that the LDAPserver can be reached and try again.

DPWWA0630E This script should be referencedwith a METHOD of POST.

Explanation: This error occurs when the user invokesthe update password URL directly from the browser.

Administrator response: The user needs to invoke thecgi-bin program and change the password from thebrowser.



DPWWA0631E Passwords don't match.

Explanation: The user attempted to change their GSOtarget password and failed to confirm the newpassword.

Administrator response: The user must correct theirentries in the update password form, ensuring that thepasswords match.

DPWWA0632E Unable to retrieve user identity.

Explanation: This error occurs because theREMOTE_USER cgi environment variable was notpassed to the GSO chpwd program by WebSEAL.

Administrator response: Verify that the cgi-program isbeing invoked by WebSEAL and not called directly.

DPWWA0633E Either a user ID or a password mustbe specified.

Explanation: Either the user ID or a password mustbe specified to update the resource.

Administrator response: Enter the user ID orpassword and try again.

DPWWA0634E Select a resource or resource group.

Explanation: The required resource information wasmissing from the cgi form used to update a user's GSOtarget information.

Administrator response: The user must specify theproper resource information in the cgi form.

DPWWA0635E Completed successfully.

Explanation: Operation completed successfully.


DPWWA0636E No TFIM single sign-on tokens wereavailable.

Explanation: WebSEAL is correctly retrieving SSOtokens from TFIM, but these tokens have expired. Theproblem is most likely caused by the clocks on theWebSEAL server and the TFIM server being set todifferent times.

Administrator response: Check the timesynchronization between the TFIM server and theWebSEAL server.

DPWWA1055E Operation has insufficient Quality ofProtection

Explanation: This error occurs when a person tries toaccess an object that requires a secure communicationschannel over an insecure channel such as TCP.

Administrator response: Either access the object over

SSL/TLS or modify the policy associated with theobject to reduce the QOP required.

DPWWA1061E Provide your authentication detailsfor method:

Explanation: This error is printed when a userattempts to access an object that requires a higher levelof authentication than they have provided.

Administrator response: The user should eitherprovide the higher level of authentication, or the policyassociated with the object should be modified to reducethe level of authentication required.

DPWWA1062E An invalid authentication level hasbeen detected in a POP object.

Explanation: A POP object specified an authenticationlevel that is not supported by the current WebSEALconfiguration.

Administrator response: Either modify the POP objectto correct the authentication level, or modify theWebSEAL configuration file to specify an authenticationmethod that can provide the required level.

DPWWA1076E Privacy required

Explanation: Indicates that requested object has theprivacy bit set, but the request is not using privacy

Administrator response: The user must connect usingprivacy to access the resource.

DPWWA1082E Invalid HTTP status code present inresponse. The response could have beensent either by a third-party server or bya local resource, such as a CGI program.

Explanation: An invalid status code was received in aresponse. The response could have been sent either bya third-party server or by a local resource, such as aCGI program.

Administrator response: Check the status code in theresponse. The response could have been sent either bya third-party server or by a local resource, such as aCGI program.

DPWWA1083E Could not read HTTP status line inresponse. Possible causes: non-specHTTP response, connection timeout, nodata returned. The response could havebeen sent either by a third-party serveror by a local resource, such as a CGIprogram.

Explanation: Data read failure. Possible causes:non-spec HTTP response, connection timeout, no datareturned. The response could have been sent either by



a third-party server or by a local resource, such as aCGI program.

Administrator response: Check response for a missingHTTP status line. Also investigate a possible connectiontimeout problem. The response could have been senteither by a third-party server or by a local resource,such as a CGI program.

DPWWA1084E Could not read HTTP headers inresponse. Possible causes: non-specHTTP headers, connection timeout, nodata returned. The response could havebeen sent either by a third-party serveror by a local resource, such as a CGIprogram.

Explanation: Data read failure. Possible causes:non-spec HTTP headers, connection timeout, no datareturned. The response could have been sent either bya third-party server or by a local resource, such as aCGI program.

Administrator response: Check response for badHTTP headers. Also investigate a possible connectiontimeout problem. The response could have been senteither by a third-party server or by a local resource,such as a CGI program.

DPWWA1085E An HTTP message body sent in aresponse is too short. The responsecould have been sent either by athird-party server or by a local resource,such as a CGI program.

Explanation: The actual length of the response body isshorter that indicated by the Content-length HTTPheader in the response.

Administrator response: Correct problem with theresponse. The actual length of the response body isshorter that indicated by the Content-length HTTPheader of the response.

DPWWA1086E Could not read request line. Possiblecauses: non-spec HTTP headers,connection timeout, no data returned

Explanation: Data read failure. Possible causes:non-spec HTTP data, connection timeout, no datareturned

Administrator response: Check client request. Couldcontain bad HTTP headers or there might be aconnection timeout problem.

DPWWA1087E Invalid URL

Explanation: A client request contained a URL thatdoes not conform to HTTP specifications.

Administrator response: Check request from client.Does not conform to HTTP specifications.

DPWWA1088E Bad cookie header (or data readfailure)

Explanation: Data read failure. Possible causes:timeout, connection problems, no data returned

Administrator response: Check response from eitherjunctioned server or client. Could be bad Cookieheader, Set-cookie header or a connection timeoutproblem.

DPWWA1089E Invalid date string in HTTP header

Explanation: Invalid date string in HTTP header inclient request.

Administrator response: Check request from client.Contains invalid date string in HTTP header.

DPWWA1091W Failed to load portal map (0x%8lx)

Explanation: The portal service failed to load correctlydue to a problem with the information in the[portal-map] stanza of the configuration file.

Administrator response: Correct errors in the[portal-map] stanza of the configuration file.

DPWWA1092E Unable to open stanza file to readportal information

Explanation: The configuration file containing theportal mapping service information could not beopened for reading.

Administrator response: Ensure that the configurationfile exists and is readable.

DPWWA1093W Unable to find [portal-map] stanza

Explanation: The [portal-map] stanza was not foundin the configuration file.

Administrator response: Ensure that the [portal-map]stanza has been added to the configuration file.

DPWWA1094E Unable to read the URL field of theportal map

Explanation: The URL attribute of a portal map entryin the configuration file was not found.

Administrator response: Ensure that the [portal-map]stanza of the configuration file contains the URL field.

DPWWA1095E Unable to read the Protected Objectfield of the portal map

Explanation: The Protected Object field of a portalmap entry in the configuration file was not found.

Administrator response: Ensure that the [portal-map]stanza of the configuration file contains the ProtectedObject field.



DPWWA1096E Unable to read the Action field ofthe portal map

Explanation: The Action field of a portal map entry inthe configuration file was not found.

Administrator response: Ensure that the [portal-map]stanza of the configuration file contains the Actionfield.

DPWWA1097E the Protected Object supplied to theportal map is invalid

Explanation: The Protected Object field in the[portal-map] stanza of the configuration file is not avalid Protected Object name

Administrator response: Correct the value entered inthe Protected Object field of the [portal-map] stanza ofthe configuration file.

DPWWA1100W POST request larger thanrequest-body-max-read, cannot applydynurl matching.

Explanation: WebSEAL attempted to apply dynurlmatching to a request, but received too much POSTdata from the client.

Administrator response: Increase therequest-body-max-read in the configuration file orrearchitect your site so that WebSEAL does not need toapply dynurl rules to large POSTs.

DPWWA1110E Unable to build original URL forAttribute Retrieval Service

Explanation: WebSEAL was unable to obtain thehostname of the URL that client has requested. Theresult of this is that the original URL cannot beconstructed for consumption by the Attribute RetrievalService.

Administrator response: Ensure that configuraion iscomplete.

DPWWA1111E The SOAP client returned the errorcode: %d

Explanation: The SOAP request failed, and the gSOAPclient returned the error code contained in the messagetext.

Administrator response: Consult gSOAPdocumentation for error code definitions.

DPWWA1112E Attribute Retrieval Service internalerror: %s

Explanation: The SOAP request succeeded, but theAttribute Retrieval Service returned the error containedin the message text.

Administrator response: Ensure that the AttributeRetrieval Service is configured correctly.

DPWWA1113E URL specifies an invalid Win32object name

Explanation: The client request specifies the objectname using a Win32 alias that points to the actualobject. The authorization check will have beenperformed on the alias, and not the actual object, so therequest cannot be allowed.

Administrator response: Ensure that client requestsdo not use Win32 aliases.

DPWWA1114E URL contains invalid Win32characters or abbreviations

Explanation: The client request contains Win32abbreviations or '\' characters that are invalid.

Administrator response: Ensure that client requestsdo not contain invalid Win32 characters orabbreviations.

DPWWA1115E URL contains an illegal bytesequence

Explanation: The client request contains an illegal bytesequence, possibly from an attempted multibytecharacter encoding.

Administrator response: Ensure that client requestsdo not contain illegal byte sequences.

DPWWA1116E The requested method is notsupported

Explanation: One of the supported HTTP methods(that is: GET, PUT, POST, etc...) must be specified byeach client request. This request either contains anunsupported method, or none at all.

Administrator response: Ensure that client requestscontain a valid method.

DPWWA1117E The content-length of the clientrequest is invalid

Explanation: The content-length is either less thanzero, or it doesn't accurately describe the length of thePOST-body, or it should not be provided with therequest.

Administrator response: Ensure that thecontent-length specified correctly describes thecharacteristics of the request, and that this is not achunked request.



DPWWA1118E The 'host' header is not present inthe client request

Explanation: The client request specifies an HTTPversion of 1.1, but doesn't include the host header thatis required for this version.

Administrator response: Ensure that the host headeris present in request who's HTTP version is 1.1.

DPWWA1119E The HTTP version specified by theclient request is not supported

Explanation: See Message.

Administrator response: Ensure that the HTTPversion of the request is correct and supported.

DPWWA1120E The POST body of the client requestcontains misformated or invalid data


Administrator response: Ensure that the POST bodiesof client requests contain valid data.

DPWWA1121E An error occurred while reading thePOST body of the request


Administrator response: Ensure that the POST bodiesof client requests are valid.

DPWWA1122W Corrupted session cookie: %s.

Explanation: A session cookie was presented that wascorrupted. This could be a spoof attempt, a browser ornetwork problem, or a WebSEAL internal problem.

Administrator response: Investigate spoof attempt orsource of corruption.

DPWWA1123W The login data entered could not bemapped to an IBM Security AccessManager user

Explanation: A mapping function, such as that in alibrary or CDAS, failed to map the login information toan IBM Security Access Manager user.

Administrator response: Check the login data,registry, or mapping function.

DPWWA1124W A client certificate could not beauthenticated

Explanation: A client certificate could not beauthenticated

Administrator response: Check the client certificate

DPWWA1125W The data contained in the HTTPheader %s failed authentication

Explanation: The request an HTTP header that IBMSecurity Access Manager was configured to use asauthentication data. This data failed authentication.

Administrator response: Check the request, the proxyserver (if one is used), and the mapping library

DPWWA1126W IP address based authenticationfailed with IP address: %s

Explanation: IBM Security Access Manager isconfigured to authenticate using the client IP address,which was either unavailable or invalid

Administrator response: Check IBM Security AccessManager configuration and/or authentication library

DPWWA1128E The current authentication methoddoes not support reauthentication.Contact the IBM Security AccessManager WebSEAL Administrator.

Explanation: Reauthentication is not supported by thecurrent WebSEAL authentication method. The user canabort the reauthentication process (by accessing anotherURL) and still participate in the secure domain byaccessing other resources that do not requirereauthentication.

Administrator response: Notify the IBM SecurityAccess Manager WebSEAL Administrator.

DPWWA1129E A reauthentication operation wasattempted with an initial authenticationmethod for which reauthentication isnot supported.

Explanation: A reauthentication misconfiguration hasoccurred. Administrators should not put areauthentication POP on a resource for clients whocannot actually perform a reauthentication.

Administrator response: The resource requestedrequires reauthentication but reauthentication issupported only by Forms, Token, and EAIauthentication.

DPWWA1130E Authentication level mismatch whenperforming reauthentication

Explanation: The authentication level supplied whilereauthenticating does not match the authenticationlevel of the existing authenticated user.

Administrator response: The user's authenticationlevel must be the same when reauthenticating as whenthey originally authenticated.



DPWWA1131W An entry in the [portal-map] stanzais invalid.

Explanation: [portal-map] stanza in the configurationfile contains an invalid entry.

Administrator response: Ensure that all entries in the[portal-map] stanza are valid.

DPWWA1132W Entry '%s = %s' in the [portal-map]stanza is invalid.

Explanation: [portal-map] stanza in the configurationfile contains an invalid entry.

Administrator response: Correct the entry in the[portal-map] stanza.

DPWWA1133E The 'host' header presented in theclient request does not conform toHTTP specifications.

Explanation: The client request contains a host headerwhich does not conform to the HTTP specification.

Administrator response: Ensure that the host headerconforms to the HTTP specification.

DPWWA1200E The requested junction type is notsupported by this server

Explanation: The requested junction type is notsupported by this server

Administrator response: Change junction definition.

DPWWA1201E Junction not found

Explanation: The named junction does not exist.

Administrator response: Verify the name, and ifincorrect try the operation again.

DPWWA1202E Requested object does not exist

Explanation: Object on junctioned server does notexist.

Administrator response: Informational only.

DPWWA1203E Permission denied

Explanation: You do not have permission to mount orunmount at this location.

Administrator response: Check the acl at this locationfor mount or unmount permissions.

DPWWA1204E Requested object is not a directory

Explanation: Requested object is not a directory

Administrator response: Informational only.

DPWWA1205E No query-contents on this server

Explanation: To list object space, a query_contents cgiprogram must be configured on the junctioned server.

Administrator response: To list object space, configurea query_contents cgi program on the junctioned server.

DPWWA1206E Illegal name for a junction point

Explanation: The junction point is illegal.

Administrator response: Use a different junction pointfor the new junction.

DPWWA1207E Trying to add wrong type of serverat this junction point

Explanation: Trying to add wrong type of server atthis junction point

Administrator response: Change junction definition.

DPWWA1208E Trying to add two servers with thesame UUID at a junction point

Explanation: Trying to add two servers with the sameUUID at a junction point

Administrator response: Change junction definition

DPWWA1209E Trying to add the same server twiceat the same junction point

Explanation: Trying to add the same server twice atthe same junction point


DPWWA1210E Could not open junction database(%s,0x%8x)

Explanation: Indicates a problem accessing thejunction database maintained by the IBM SecurityAccess Manager server.

Administrator response: Check junction databasedirectory existance and permissions.

DPWWA1211E Could not load junction database(%s,0x%8lx)

Explanation: An error occured when loading thejunction database.

Administrator response: Check that all of the files inthe junction database can be read by the ivmgr userand are not corrupted. Check other error messages forother information about the error. If necessary, removeall of the files in the junction database and then addthem back one by one to isolate the problem to aspecific file.



DPWWA1212E Could not delete entry from junctiondatabase (%s,0x%8lx)

Explanation: The XML File representing the junctioncould not be deleted.

Administrator response: Check the file permissions onthe junction XML file

DPWWA1213E Could not write entry to junctiondatabase (%s,0x%8lx)

Explanation: Internal status code only. Database wasopened, but could not be written to.

Administrator response: Check system memory anddisk space.

DPWWA1214W Could not fetch entry from junctiondatabase (%s,0x%8lx)

Explanation: Internal status code only. Database wasopened, but this junction could not be read.

Administrator response: Check that the xml filerepresenting the junction is not corrupt.

DPWWA1215E Invalid junction flags for thisjunction type

Explanation: Invalid junction flags for this junctiontype

Administrator response: Correct junction definition.

DPWWA1216E Invalid parameters for junction

Explanation: Invalid parameters for junction

Administrator response: Correct junction definition.

DPWWA1217E An error occurred when writing arequest to a junction. WebSEAL wasunable to dispatch the request toanother junction server.

Explanation: WebSEAL tried to send a request to ajunction server. Sending the request failed. WhenWebSEAL is unable to send a request to a junction,WebSEAL attempts to 'rewind' the request from theclient so that it can be sent to another junction server. Ifthe request from the client is large, it may not bepossible to retry the request. In that case, this error isreturned to the client.

Administrator response: Retry the request. If theproblem continues to occur, attempt to discover whythe request could not be written to the junction server.Check WebSEAL and junction server log files forunusual error messages. Try sending the requestdirectly to the junction.

DPWWA1218E Unknown junction server host

Explanation: Could not resolve a hostname usinggethostbyname()

Administrator response: Check the hostname in thejunction configuration and make sure it is resolveable.

DPWWA1219E Could not build junction server URLmappings (0x%8lx)



DPWWA1220E Cannot delete the junction at theroot of the Web space. Try replacing itinstead

Explanation: Cannot delete the junction at the root ofthe Web space. Try replacing it instead

Administrator response: Cannot delete the junction atthe root of the Web space. Try replacing it instead

DPWWA1221E Cannot add two servers withdifferent options (case-sensitive, etc) atthe same junction

Explanation: Cannot add two servers with differentoptions (case-sensitive, etc) at the same junction


DPWWA1222E A third-party server is notresponding. Possible causes: the serveris down, there is a hung application onthe server, or network problems. This isnot a problem with the WebSEALserver.

Explanation: A junctioned server is not responding torequests. Possible causes: junctioned server down,network problems, hung application on junctionedserver.

Administrator response: Determine why thejunctioned server is not responding and fix it.

DPWWA1224E Could not load junction database

Explanation: The database couldn't be loaded forsome reason.

Administrator response: Check the log files for moredetails.

DPWWA1225E Could not delete entry from junctiondatabase

Explanation: The file representing the junction couldnot be deleted from the filesystem.



Administrator response: Check the log files for moredetails.

DPWWA1226E Could not write entry to junctiondatabase



DPWWA1227W Could not fetch entry from junctiondatabase

Explanation: Internal status code only. Database wasopened, but this junctio n could not be read.

Administrator response: Check that the xml filerepresenting the junction is not corrupt.

DPWWA1228E Unable to contact junction serverhost at mount point: %s

Explanation: Could not resolve a hostname usinggethostbyname()

Administrator response: Check for networkconectivity with the junctioned server

DPWWA1229E Unable to load junction file %s: %s

Explanation: An error occurred while loading a filefrom the junction database. The reason for the error isincluded in the message.

Administrator response: Correct the error.

DPWWA1230E Error building junction %s from file%s: %s

Explanation: An error occurred while building ajunction from an XML file loaded from the junctiondatabase. The XML file may have specified invalidjunction options.

Administrator response: Fix the problem in the XMLfile.

DPWWA1231E No such junction.

Explanation: A particular junction was not found inthe junction database.

Administrator response: Verify that the junction fileexists.

DPWWA1232E Could not remove file.

Explanation: The junction database was unable toremove a file.

Administrator response: Verify that all files in the

junction database are writable by the ivmgr user andgroup.

DPWWA1233E Invalid junction file name.

Explanation: The junction file name specified did notmap to a valid junction name.

Administrator response: Make sure the junction filename ends with .xml and is a valid mime 64 encoding.

DPWWA1234E An invalid status code was receivedin a response sent by a third-partyserver. This is not a problem with theWebSEAL system.

Explanation: A junctioned server has sent an invalidstatus code in a response.

Administrator response: Check status code returnedfrom junctioned server.

DPWWA1235E Could not read the response statusline sent by a third-party server.Possible causes: non-spec HTTPheaders, connection timeout, no datareturned. This is not a problem with theWebSEAL server.

Explanation: Data read failure. Possible causes:non-spec HTTP headers, connection timeout, no datareturned

Administrator response: Check response fromjunctioned server. Could be bad HTTP headers or aconnection timeout problem.

DPWWA1236E Could not read the response headerssent by a third-party server. Possiblecauses: non-spec HTTP headers,connection timeout, no data returned.This is not a problem with theWebSEAL server.

Explanation: Data read failure. Possible causes:non-spec HTTP headers, connection timeout, no datareturned

Administrator response: Check response fromjunctioned server. Could be bad HTTP headers or aconnection timeout problem.

DPWWA1237E An invalid HTTP header was sent bya third-party server. This is not aproblem with the WebSEAL server.

Explanation: An HTTP response from a junctionedserver does not conform to HTTP specs.

Administrator response: Check response fromjunctioned server for non-spec HTTP headers.



DPWWA1238E An HTTP message body sent in aresponse by a third-party server is tooshort. This is not a problem with theWebSEAL server.

Explanation: The actual length of the response bodysent by a junctioned server is shorter that indicated bythe Content-length HTTP header in the response.

Administrator response: Correct problem withjunctioned server response. The actual length of theresponse body is shorter that indicated by theContent-length HTTP header of the response.

DPWWA1239E A third-party server is notresponding. Possible causes: the serveris down, there is a hung application onthe server, or network problems. This isnot a problem with the WebSEALserver.

Explanation: A junctioned server is not responding torequests. Possible causes: junctioned server down,network problems, hung application on junctionedserver.

Administrator response: Determine why thejunctioned server is not responding and fix it.

DPWWA1240E Could not build Virtual HostJunction host mappings (0x%8lx)



DPWWA1241E Virtual Host Junction '%s' loadedfrom database illegally partners VirtualHost Junction '%s'. Virtual Host Junctionskipped.

Explanation: An error occured when loading theVirtual Host Junction from it's database file. It mayhave been incorrectly manually modified. The problemis the the Virtual Host Junction being loaded refers toone that also refers to another.

Administrator response: Manually edit the offendingVirtual Host Junction Database file and correct it.

DPWWA1242E Virtual Host Junction '%s' loadedfrom database illegally partners VirtualHost Junction '%s' that already haspartner '%s'. Virtual Host Junctionskipped.

Explanation: An error occured when loading theVirtual Host Junction from it's database file. It mayhave been incorrectly manually modified.


DPWWA1243E Virtual Host Junction '%s' loadedfrom database illegally partners VirtualHost Junction '%s' with different virtualhostname. Virtual Host Junctionskipped.

Explanation: An error occured when loading theVirtual Host Junction from it's database file. It mayhave been incorrectly manually modified. Virtual HostJunctions that are partnered must have the same virtualhostname (excluding the ports).


DPWWA1244E Virtual Host Junction attempted topartner (-g) non-existant Virtual HostJunction

Explanation: See text.

Administrator response: Use 'virtualhost list'command to find a valid partner.

DPWWA1245E Virtual Host Junction attempted topartner (-g) a Virtual Host Junction witha different virtual hostname.


Administrator response: Use 'virtualhost show'command to help match virtual hostnames.

DPWWA1246E Virtual Host Junction illegallyattempted to partner (-g) itself.


Administrator response: Choose another partner.

DPWWA1247E Virtual Host Junction can not bechanged to partner (-g) another as it iscurrently being partnered.


Administrator response: Do not use -g for thisoperation.

DPWWA1248E Could not write entry to Virtual HostJunction database





DPWWA1249E Could not write entry to Virtual HostJunction database (%s,0x%8lx)



DPWWA1250E Virtual Host Junction can not bedeleted until it's partner is deleted.


Administrator response: Delete the Partner VirtualHost Junction first.

DPWWA1251E Virtual Host Junctions created using-g don't have their own object space.List the partner's object space instead.

Explanation: Virtual Host Junctions created using -gshare their partnered Virtual Host Junction's protectedobject space. They don't have their own.

Administrator response: List the partnered VirtualHost Junctions object space instead as this Virtual HostJunction uses it for access control.

DPWWA1252E Virtual Host Junctions partneredusing -g must have different protocoltypes (TCP and SSL).

Explanation: The concept of -g is to have the samecontent but opposite protocol, this was violated in thisattempt to create a Virtual Host junction using -g.

Administrator response: Either don't use -g or ensurethe type of the Virtual Host junction are ofcomplementry protocols. For example localtcp andlocalssl will partner successfully.

DPWWA1253E The Virtual Host junction you areattempting to partner with using -g isalready in a partnership.

Explanation: The concept of -g is to have only twoVirtual host junctions in partnership, a third is notpermitted.

Administrator response: Either don't use -g or ensurethe Virtual Host junction being partnered to is notalready in a partnership.

DPWWA1254E Can't replace a Virtual Host junctionbeing partnered too with a new junctionhaving a different protocol type (TCPand SSL).

Explanation: The concept of -g is to have the samecontent but opposite protocol, this was violated in thisattempt to replace an existing Virtual Host junction.

Administrator response: Ensure the type of theVirtual Host junction is the same protocol as the VirtualHost juntion being replaced.

DPWWA1255E Can't replace a Virtual Host junctionbeing partnered too with a new junctionhaving a different virtual hostname.


Administrator response: Use 'virtualhost show'command to help match virtual hostnames.

DPWWA1256E Virtual Host junction has duplicatevirtual hostname (specificed by -v) asanother Virtual Host junction.

Explanation: Virtual Host junctions are selected basedon the host header in the client request matching thevirtual hostname (specified by -v) of the Virtual Hostjunction. Thus the virtual hostname must be unique tobe able to uniquely identify a Virtual Host junction.

Administrator response: Remove the Virtual Hostjunction with the duplicate virtual hostname beforeadding this one.

DPWWA1257E Could not load the local junction,%s, as the local junction functionalityhas been disabled.

Explanation: Local Junctions are disabled for thisinstance and a previously configured local junction,"%s", could not be loaded.

Administrator response: Remove the local junction orenable local junctions in the WebSEAL configurationfile.

DPWWA1350E Could not initialize mutex

Explanation: A resource required for properconcurrency could not be created. The global variableerrno may provide more specific information.

Administrator response: This is a fatal error. Norecovery is possible.

DPWWA1352E Could not lock mutex

Explanation: A resource required for properconcurrency could not be locked. The global variableerrno may provide more specific information.


DPWWA1353E Could not unlock mutex

Explanation: A resource required for properconcurrency could not be unlocked. The global variableerrno may provide more specific information.




DPWWA1503E SSL function function failed, error0xerror code

Explanation: An SSL toolkit function has failed.

Administrator response: This is a fatal error. Norecovery is possible. Contact Support

DPWWA1504W SSL function function failed, error0xerror code

Explanation: An SSL toolkit function failed.

Administrator response: This is a warning message.Operation continues. If the warning persists contactsupport.

DPWWA1505W HTTP request does not containauthentication information

Explanation: HTTP request does not containauthentication information

Administrator response: Internal status code only.

DPWWA1506E Unknown HTTP authenticationscheme

Explanation: An authorization header contained aninvalid authentication scheme.

Administrator response: Check Authorization headerin request.

DPWWA1507E No password supplied in HTTPauthentication header

Explanation: No password supplied in HTTPAuthorization header

Administrator response: Check Authorization headerin request.

DPWWA1518W The specified certificate key label%s is incorrect. The default one will beused instead.

Explanation: The specified certificate key label cannotbe retrieved from the key database

Administrator response: check the webseald.confssl-keyfile-label option and the key database

DPWWA1950E Stanza '%s' is missing fromconfiguration file

Explanation: A necessary stanza is missing fromconfiguration file

Administrator response: The stanza should be addedto the configuration file

DPWWA1951E Configuration item '[%s]%s' ismissing from configuration file

Explanation: A necessary configuration item ismissing from configuration file

Administrator response: The configuration itemshould be added to the configuration file

DPWWA1952E Received invalid HTTP header inresponse. The response could have beensent either by a third-party server or bya local resource, such as a CGI program.

Explanation: Response HTTP headers do not conformto HTTP specs. The response could have been senteither by a third-party server or by a local resource,such as a CGI program.

Administrator response: Check HTTP headers inresponse. The response could have been sent either bya third-party server or by a local resource, such as aCGI program.

DPWWA1953E HTTP document fetch failed withstatus %d

Explanation: Could not retrieve requested resource.

Administrator response: Check request forcorrectness.

DPWWA1954E HTTP list request failed

Explanation: Could not list directory on junctionedserver

Administrator response: Check permissions andexistence of directory being listed

DPWWA1955E Field missing from HTTP header

Explanation: Internal status code only.


DPWWA1962W CGI Script Failed



DPWWA1964E Invalid Content-Length headerreturned by TCP junction server

Explanation: The content-length is either less thanzero, or it doesn't accurately describe the length of thePOST-body.

Administrator response: Ensure that thecontent-length specified correctly describes thecharacteristics of the request.



DPWWA1965E Overflow of output buffer



DPWWA1966E Overflow of HTML filter workspace



DPWWA1967E Overflow of HTTP filter workspace



DPWWA1968E HTTP response truncated



DPWWA1969E HTTP request truncated



DPWWA1970E Cannot rewind HTTP response towrite error message (%lx)

Explanation: An internal error has occoured trying torewing the HTTP response.

Administrator response: MRQ Contact support

DPWWA1971E Cannot write HTTP error response toclient (%lx,%lx)

Explanation: An internal error has occoured trying towrite the error response to the client.

Administrator response: MRQ Contact support

DPWWA1972E Cannot read HTTP request fromclient



DPWWA1973E HTTP response aborted



DPWWA1975W Unable to decode %s

Explanation: The decode of the specified token hasfailed.


DPWWA1976W Unable to encode %s

Explanation: The encode of the specified token hasfailed. This is an unexpected internal error.


DPWWA1977W %s for user %s, in domain %s hasexpired

Explanation: cdsso authentication token for a user hasexpired

Administrator response: The token has expired. Thiscould be due to clock skew, in which case fix the clocksor change the authentication token lifetime inconfiguration file. But beware of replay attacks

DPWWA1978W Badly formed single-sign-on URL

Explanation: Badly formed single-sign-on URL

Administrator response: Fix the cdsso link on the webpage.

DPWWA1979W Failover cookie contents haveexpired

Explanation: Failover cookie contents for a user hasexpired


DPWWA1980W Could not retrieve key for failovercookie



DPWWA1981W An internal error occurred whileencoding/decoding the %s



DPWWA1982W Could not find SSO key forserver/domain %s

Explanation: The SSO key file has not been correctlyconfigured for the server

Administrator response: Set up configuration toprovide correct key file for the specified server.

DPWWA1965E • DPWWA1982W


DPWWA1983W CDSSO cryptography error %doccurred



DPWWA1984W Unable to use failover cookies. Nofailover cookie key configured

Explanation: Failover cookies have been enabled, butno keyfile has been specified.

Administrator response: Either turn failover cookiesoff, or specify the keyfile for the failover cookie.

DPWWA1985W Unable to retrieve CDSSO refererfrom request

Explanation: Either the agent has not provided thereferer header or the client has directly typed in thelink and not been directed by a link


DPWWA1986W Error reading key file %s

Explanation: The CDSSO keyfile could not be readfrom

Administrator response: Check the keyfile forexistence and permissions.

DPWWA1987W Error writing key file %s

Explanation: The CDSSO keyfile could not be writtento

Administrator response: Check the keyfile forpermissions.

DPWWA1988E This action requires HTTP forms tobe enabled in the configuration file

Explanation: HTTP forms are required for this actionbut are not enabled in the configuration file

Administrator response: The forms-auth configurationitem should be set to both

DPWWA1989W Invalid protection level for %s

Explanation: The received token is of an insufficentprotection level

Administrator response: Ensure that vf-token-privacyand vf-token-integrity have the same settings on bothWebSEAL servers.

DPWWA1990W The e-community name %s does notmatch the configured name %s

Explanation: Another WebSEAL has passed ane-community name which does not match this serversconfigured e-community name

Administrator response: Synchronize thee-community names

DPWWA1991W The e-community cookie passed hasexpired

Explanation: The contents of the e-community cookiepassed have expired


DPWWA1992E Can't retrieve fully qualified hostname for server. Disabling e-communitysingle-sign-on

Explanation: The fully qualified host name could notbe retrieved

Administrator response: Ensure that networkconfiguration allows gethostbyname to retrieve thefully qualified name

DPWWA1993E Can't determine server domain name.Disabling e-community single-sign-on

Explanation: The domain name could not bedetermined

Administrator response: Specify value forec-cookie-domain setting or ensure that gethostbynamereturns the fully qualified host name

DPWWA1994E Disabling e-communitysingle-sign-on

Explanation: An error occurred when looking up thekey associated with the domain name for this server.

Administrator response: Ensure that networkconfiguration allows gethostbyname to retrieve thefully qualified name. You may need to place the fullyqualified host name of this server first in the hosts file.

DPWWA1995E Invalid master authentication serverconfiguration. Disabling e-communitysingle-sign-on

Explanation: master-authentication-server andis-master-authentication-serverare mutually exclusivesettings

Administrator response: Correctly configure thesettings for master authentication server



DPWWA1996E e-community-name has not beenspecified. Disabling e-communitysingle-sign-on

Explanation: An e-community name was notspecified. This is mandatory

Administrator response: Correctly configure ane-community name

DPWWA1997W The machine %s could not vouchfor the user's identity

Explanation: The specified machine returned a tokenindicating that it could not vouch for the user's identity

Administrator response: Correct e-communityconfiguration

DPWWA1998W Unable to open the LTPA key filefor reading

Explanation: The LTPA key file configured for ajunction could not be opened for reading

Administrator response: Check junction configuration

DPWWA1999W The version of the LTPA key file isnot supported

Explanation: Only certain versions of LTPA keyfilesare supported

Administrator response: Obtain right version of thekey file

DPWWA2000W Error parsing LTPA key file

Explanation: The LTPA Keyfile is either corrupt or thewrong version

Administrator response: Obtain new copy of keyfile

DPWWA2001W LTPA key file: password invalid orfile is corrupt

Explanation: The password specified could notdecrypt keyfile

Administrator response: Use correct key file passwordor ensure file is not corrupted

DPWWA2002W The LTPA cookie passed hasexpired

Explanation: An expired LTPA cookie was passed


DPWWA2004W LTPA text conversion error

Explanation: An iconv routine failed

Administrator response: Check locale settings

DPWWA2005W An error occurred while encodingan LTPA token

Explanation: Internal Error


DPWWA2006W An error occurred while decodingan LTPA token

Explanation: Internal Error


DPWWA2008E Error reading stanza '[%s]': %s

Explanation: One of the entries in the stanza couldn'tbe parsed.

Administrator response: Fix the malformed entry inthe stanza.

DPWWA2009E The forms single-sign-on argument'%s' needs a colon.

Explanation: One of the request arguments isn'tformatted properly.

Administrator response: Fix the argument.

DPWWA2010E Forms single-sign-on GSO argument'%s' is not valid. GSO arguments mustbe either 'gso:username' or'gso:password.'

Explanation: One of the request arguments isn'tformatted properly.


DPWWA2011E The forms single-sign-on argument'%s' is not valid.

Explanation: Most likely a typo in the config file.


DPWWA2012E Forms single-sign-on configurationerror.

Explanation: This is a summary of the problem, andwill be preceded by a better explanation of the error.

Administrator response: Fix the configurationproblem.



DPWWA2013E Forms single-sign-on URLs must berelative to the junction point.

Explanation: The fsso URL from the configuration filedoes not begin with a / character.

Administrator response: Make the fsso URL relativeto the junction point.

DPWWA2014E An internal error in the formssingle-sign-on module occurred.

Explanation: This should never happen - perhapssome kind of unexpected configuration problem hasresulted in an internal error.

Administrator response: Call tech support.

DPWWA2015E A forms SSO authentication requestwould have been dispatched to adifferent junction than the loginrequest. The request has been aborted.

Explanation: For security reasons, forms SSO does notallow an authentication request to be dispatched to adifferent junction than the login page was returnedfrom.

Administrator response: Make sure that theapplication does not dispatch the authentication requestto a different junction than returned the login page.

DPWWA2016E No HTML form for single-sign-onwas found.

Explanation: This occurs when no HTML form withan action URI matching the login-form-action wasfound in the document returned from the junction.

Administrator response: Examine the login pagebeing returned from the junction. Is it an HTML orWML document? Does it contain an HTML form? Doesthe form action URI match the login-form-action entryin the forms SSO configuration file?

DPWWA2017E The login form returned by thejunction did not contain all requiredform attributes.

Explanation: This occurs when the login formreturned from a junction did not cpontain an 'action' or'method' attribute in the form start tag.

Administrator response: Examine the login formbeing returned from the junction. Did the login formcontain both the action and method attributes? Doesthe form action URI match the form action URIspecified in the configuration file?

DPWWA2018E The action URI in the login formreturned by the junction did not matchany WebSEAL junction.

Explanation: In order to dispatch a forms SSOauthentication request, WebSEAL must match theaction URI returned with the login form to a WebSEALjunction. That match could not be made.

Administrator response: Examine the login formbeing returned by the junction. You may need to createa junction to the host referenced by the actoin URI.

DPWWA2019E The action URI in the login formreturned by the junction was invalid.

Explanation: An action URI such as '/../foo' will berejected by WebSEAL because /.. is not a valid location.

Administrator response: Examine the login form.Does it contain any invalid characters, or is the pathinvalid?

DPWWA2020E One or more of the argumentspassed to the SU authentication modulewere invalid.

Explanation: The suauthn library can take anargument to specify the authentication level for thecredential. It prints this error if the arguments areincorrect.

Administrator response: Check the flags being passedto the authentication library.

DPWWA2021E The SU authentication methodspecified is not enabled.

Explanation: The POST to /pkmssu.form takes anauth_method parameter. This must correspond to anauthentication mechanism that is enabled in theconfiguration file.

Administrator response: Check the auth_method fieldin the SU form submission.

DPWWA2023E Configuration item '[%s]%s' has aninvalid value '%s'

Explanation: A configuration item in the configurationfile has a bad value. For example it is expecting aninteger and was provided with a string

Administrator response: The configuration itemshould be changed to a valid entry

DPWWA2024E %s [%s] %s: Value is out of range. Itmust be value from 0 to 100.

Explanation: WebSEAL will not start if theworker-thread-hard-limit or worker-thread-soft-limit isnot in the range 0 to 100 inclusive



Administrator response: You must edit theconfiguration file and adjust the value to a valid one

DPWWA2025W IBM Security Access ManagerWebSEAL has lost contact with junctionserver: %s


Administrator response: Check the network conectionbetween WebSEAL and the junctioned server, and thatthe backend application server is running.

DPWWA2026W IBM Security Access ManagerWebSEAL has regained contact withjunction server: %s

Explanation: WebSEAL has regained contact with ajunctioned server that was previously unreachable.


DPWWA2027E One or more of the form argumentsis either missing or invalid.

Explanation: One or more of the arguments passed inthe form submission is either missing or invalid.

Administrator response: Check the completed fieldsin the form submission.

DPWWA2028E New password verification failed.Make sure both new password fieldscontain the same data.

Explanation: New password double-check failed.Make sure both new passwords are the same.

Administrator response: Check the new passwordfields in the form submission.

DPWWA2029E Pam Module Internal Error

Explanation: Error with the Pam Handle. This is anunexpected internal error.

Administrator response: Notifiy the IBM SecurityAccess Manager WebSEAL Administrator.

DPWWA2030W Mismatch of Auth Token versions,check pre-410-compatible-tokens setting.

Explanation: A new encoding method for Auth tokenswas introduced in version 4.1.0 which is enabled bydefault. This can be overridden and made compatablewith earlier versions using the webseald.conf file entry,[server] pre-410-compatible. All WebSEAL servers mustbe using the same version.

Administrator response: Update all WebSEAL serversto use the same setting for [server]pre-410-compatible-tokens.

DPWWA2031W Mismatch of %s Auth Tokenversions, check pre-410-compatible-tokens setting.

Explanation: A new encoding method for Auth tokenswas introduced in version 4.1.0 which is enabled bydefault. This can be overridden and made compatablewith earlier versions using the webseald.conf file entry,[server] pre-410-compatible. All WebSEAL servers mustbe using the same version.

Administrator response: Update all WebSEAL serversto use the same setting for [server]pre-410-compatible-tokens.

DPWWA2032E CDSSO library error.

Explanation: The CDSSO library returned a failingstatus.

Administrator response: Check configuration andusage. See msg__webseald.log for details.

DPWWA2033E Invalid configuration file name.

Explanation: An invalid parameter was passed to afunction, indicating an internal error.


DPWWA2034E Some PKCS#11 options are missing.You must specify either all or none ofthe the options: pkcs11-driver-path,pkcs11-token-label, pkcs11-token-pwd

Explanation: WebSEAL will not start if only some ofthe PKCS#11 options are specified.

Administrator response: You must edit theconfiguration file and set all PKCS#11 settings

DPWWA2035E Credential generation failed duringthe credential refresh operation. Errorcode 0x%lx

Explanation: The azn-api function azn_id_get_credswas called to retrieve a new credential for a user. Theoperation failed.

Administrator response: Use the pdadmin 'errtext'command to look up the corresponding error code, andtake further action from there.

DPWWA2036E Credential generation failed duringthe credential refresh operation.

Explanation: The azn-api function azn_id_get_credswas called to retrieve a new credential for a user. Theoperation failed.

Administrator response: Check error logs for furtherinformation on the failure.



DPWWA2037E An invalid result for a credentialrefresh rule was specified.

Explanation: Credential refresh rules require that therule result be either 'preserve' or 'refresh.'

Administrator response: Verify that the syntax ofcredential refresh configuration in configuration files iscorrect.

DPWWA2038E An internal error occurred during thecredential refresh operation.

Explanation: This error should not occur.


DPWWA2039W A credential attribute value of type%lu not supported by credential refreshwas found. The value was removedfrom the new credential.

Explanation: Credential attribute values can be ofseveral types. Credential refresh is able to preservestring, buffer, unsigned long, and protected objectvalues. Other value types are removed from thecredential.

Administrator response: You may ignore this warningif you are not experiencing other difficulties involvingcredential refresh. If the problem persists, check IBMElectronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2040E User session IDs must be enabled inorder to use the credential refreshfeature.

Explanation: Refreshing a user's credential based ontheir username requires that user session IDs areenabled.

Administrator response: Enable User Session IDs inthe WebSEAL configuration file.

DPWWA2041E An invalid session cache entry wasfound while refreshing a user'scredential.

Explanation: This message indicates that the usersession cache and the credential cache are inconsistent.


DPWWA2042W The user is not logged in to the webserver.

Explanation: If a user is not logged in to the webserver, their credential cannot be refreshed. There isalso no need to refresh their credential, since the nexttime they log in to the web server they will receive anew credential.


DPWWA2044E Invalid certificate authenticationconfiguration. Incompatiblecombination of accept-client-certs andssl-id-sessions values.


Administrator response: Change theaccept-client-certs or ssl-id-sessions parameter inwebseald.conf

DPWWA2045W A client attempted to Step-up tocertificates, but the server is notconfigured for Step-up to certificates.


Administrator response: Change theaccept-client-certs parameter to prompt_as_needed inwebseald.conf or unconfigure the step-up POPs.

DPWWA2046E Invalid certificate cacheconfiguration.


Administrator response: Change the values of thecertificate cache configuration items.

DPWWA2047E The activity timestamp is missingfrom the failover cookie.

Explanation: A request was made to update the lastactivity timestamp of the failover cookie, but theattribute was not found in the cookie.

Administrator response: An internal error occurred. Ifthe problem persists, check IBM Electronic Support foradditional information - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2048E The original authentication methodin the failover cookie is not recognizedfor failover authentication on thisserver. The value %s is invalid.

Explanation: A request could not be authenticatedusing the supplied failover cookie because theauthentication level specified in the cookie is not validfor this server.



Administrator response: Update the supportedfailover authentication methods in the configuration fileor correct the configuration of the server that generatedthe failover cookie.

DPWWA2049E The original authentication methodin the failover cookie is not recognizedfor failover authentication on thisserver.

Explanation: A request could not be authenticatedusing the supplied failover cookie because theauthentication level specified in the cookie is not validfor this server.

Administrator response: Update the supportedfailover authentication methods in the configuration fileor correct the configuration of the server that generatedthe failover cookie.

DPWWA2050E An authentication system failure hasoccurred.

Explanation: A call to the authentication system failedwith an unexpected error.

Administrator response: Examine the log for thecontext of the failure and correct any indicatedproblem. In particular, ensure that your user registry isavailable and accessible. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2051E An authentication system failure hasoccurred: error: %s (error code: %#lx).

Explanation: A call to the authentication system failedwith an unexpected error.

Administrator response: Examine the log for thecontext of the failure and correct any indicatedproblem. In particular, ensure that your user registry isavailable and accessible. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2052E The cross domain single sign-onoperation failed.

Explanation: A call into the cross domain singlesign-on system failed with an unexpected error.

Administrator response: Examine the log for thecontext of the failure. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2053E The cross domain single sign-onsystem failed with an unexpected error:%#x

Explanation: A call into the cross domain singlesign-on system failed with an unexpected error.

Administrator response: Examine the log for thecontext of the failure. If the problem persists, checkIBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2054E No default HTTP method permissionmap has been specified.

Explanation: A default HTTP method permission mapmust be specified in the configuration file but none hasbeen.

Administrator response: Specify a value for thedefault HTTP method permission map in theconfiguration file.

DPWWA2055E The HTTP method permission mapconfiguration information could not befound in the configuration file.

Explanation: No HTTP method permission mapconfiguration information could be found in theconfiguration file.

Administrator response: Ensure that HTTP methodpermission map configuration information is present inthe configuration file.

DPWWA2056E HTTP method permission mapvalidation failed: API error: %s (APIerror code: [%#x:%#x]).

Explanation: The authorization API failed whilevalidating the configured HTTP method permissionmap.

Administrator response: Perform the action requiredto resolve the problem indicated by the identified APIerror. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2057E The SSO token moduleconfiguration data was missing orinvalid.

Explanation: The process using the SSO tokenmodules must provide some input data to configurethe modules. This data was not provided correctly. Thisis an unexpected internal error.





DPWWA2058E The integer value '%s' for the '%s'entry in the '%s stanza is not valid.

Explanation: The specified value is required to be anon-negative integer.

Administrator response: Correct the invalidconfiguration value.

DPWWA2059W The %s attribute could not beextracted from a credential: API error:%s (API error code [%x:%x]).

Explanation: The specified attribute could not beextracted from a credential. This may be due toresource exhaustion, and as such be transient.


DPWWA2060W The %s attribute could not beextracted from a credential: API errorcode [%x:%x].

Explanation: The specified attribute could not beextracted from a credential. This may be due toresource exhaustion, and as such be transient.


DPWWA2061W The number of values for the %sattribute could not be retrieved from anattribute list: API error: %s (API errorcode [%x:%x]).

Explanation: The number of values for the specifiedattribute could not be retrieved from an attribute list.This may be due to resource exhaustion, and as such betransient.


DPWWA2062W The number of values for the %sattribute could not be retrieved from anattribute list: API error code [%x:%x].

Explanation: The number of values for the specifiedattribute could not be retrieved from an attribute list.This may be due to resource exhaustion, and as such betransient.

Administrator response: If the problem persists, checkIBM Electronic Support for additional information -

http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2063W The type of value %d for the %sattribute from an attribute list could notbe determined: API error: %s (API errorcode [%x:%x]).

Explanation: The type of a values for the specifiedattribute in an attribute list could not be determined.This may be due to resource exhaustion, and as such betransient.


DPWWA2064W The type of value %d for the %sattribute from an attribute list could notbe determined: API error code [%x:%x].

Explanation: The type of a values for the specifiedattribute in an attribute list could not be determined.This may be due to resource exhaustion, and as such betransient.


DPWWA2065W Value %d of the %s attribute cannotbe included in an SSO token, as it is oftype %s.

Explanation: The specified attribute value cannot beincluded in an SSO token, because it is of the wrongtype. Only string and unsigned long data types can beincluded in SSO tokens.

Administrator response: Remove the token attributespecification which matched this attribute, or, forcustom attributes, change the attribute type to onesuitable for inclusion in tokens.

DPWWA2066W The %s attribute could not beextracted from an attribute list: APIerror: %s (API error code [%x:%x]).

Explanation: The specified attribute could not beextracted from an attribute list. This may be due toresource exhaustion, and as such be transient.




DPWWA2067W The %s attribute could not beextracted from an attribute list: APIerror code [%x:%x].

Explanation: The specified attribute could not beextracted from an attribute list. This may be due toresource exhaustion, and as such be transient.


DPWWA2068W The attribute list could not beretrieved from a credential: API error:%s (API error code [%x:%x]).

Explanation: The attribute list could not be extractedfrom a credential. This may be due to resourceexhaustion, and as such be transient.


DPWWA2069W The attribute list could not beretrieved from a credential: API errorcode [%x:%x].

Explanation: The attribute list could not be extractedfrom a credential. This may be due to resourceexhaustion, and as such be transient.


DPWWA2070W The list of entry names could not beretrieved from an attribute list: APIerror: %s (API error code: [%x:%x]).

Explanation: The list of entry names could not beextracted from an attribute list. This may be due toresource exhaustion, and as such be transient.


DPWWA2071W The list of entry names could not beretrieved from an attribute list: APIerror code [%x:%x].

Explanation: The list of entry names could not beextracted from an attribute list. This may be due toresource exhaustion, and as such be transient.



DPWWA2072E No cryptographic keys areconfigured for cross domain singlesign-on in the stanza '%s'.

Explanation: No keys are configured for CrossDomain Single Sign-On in the specified stanza. ForCross Domain Single Sign-On to operate, keys must beconfigured in this stanza.

Administrator response: Correct the configuration, oruse the cdsso_key_gen utility to create keys for use byCDSSO. CDSSO keys must be securely shared by, andinstalled on, all CDSSO participant servers.

DPWWA2073E No cryptographic keys areconfigured for e-community singlesign-on in the stanza '%s'.

Explanation: No keys are configured for e-CommunitySingle Sign-On in the specified stanza. Fore-Community Single Sign-On to operate, keys must beconfigured in this stanza.

Administrator response: Correct the configuration, oruse the cdsso_key_gen utility to create keys for use byeCSSO. eCSSO keys must be securely shared by andinstalled on all servers participating in thee-Community.

DPWWA2074W The machine '%s' could not vouchfor the user's identity: error: %s (errorcode: %#lx)

Explanation: The specified machine returned a tokenindicating that it could not vouch for the user's identity.This means that either the user's account is disabled, orthat the user was unable to authenticate to the specifiedmachine.

Administrator response: If the message indicates thatthe user's account is disabled, check whether thisshould be the case. If the message indicates anauthentication failure, the user may need to have theirpassword changed. If possible, check the log messageson the specified machine for more information.

DPWWA2075E The stanza '%s' contains an invalidSSO token incoming attributeconfiguration item: '%s = %s'.

Explanation: The SSO token incoming attributestanzas specify attributes that are accepted and rejectedfrom incoming eCSSO or CDSSO tokens. The righthand side of the items in this stanza must be either'accept' or 'reject'.

Administrator response: Locate and correct theinvalid configuration item and try again.



DPWWA2076E Failed to construct a credential froma PAC supplied by an EAI server. Majorstatus = 0x%x, minor status = 0x%x.

Explanation: An EAI server constructed a PAC toauthenticate a user, but the PAC could not be convertedto a credential.

Administrator response: Investigate the PACconstruction and verify that the PAC data is valid forIBM Security Access Manager.

DPWWA2077E Could not authenticate user. An EAIserver returned invalid authenticationdata.

Explanation: An EAI server failed to return properauthentication data in an authentication response. Thisis typically due to a misconfigured EAI server.

Administrator response: Investigate and correct anyproblems with the authentication headers returned bythe EAI server.

DPWWA2078E Could not authenticate user. Anexternal authentication service did notreturn required authentication data.

Explanation: An EAI server did not return requiredauthentication data in an authentication response. Thisis typically due to a misconfigured EAI server notreturning attributes that it must return.

Administrator response: Investigate and correct anyproblems with the authentication headers returned bythe EAI server.

DPWWA2079E Configuration of the SSO createand/or consume authenticationmodule(s) failed: %s'.

Explanation: ECSSO and/or CDSSO is configured tocreate and/or consume authentication tokens, but themodules could not be configured. This means that theyare either not properly loaded, or there is a fatalproblem with the current configuration settings.

Administrator response: Ensure that thesso-create/sso-consume libraries are properly specifiedin the configuration file.

DPWWA2080E The session inactivity timestamp ismissing from the failover cookie.

Explanation: WebSEAL is configured to requireinactivity timestamps in all received failover cookies,and a failover cookie was received that did not havethe session inactivity timestamp.

Administrator response: Set failover-validate-inactivity-timestamp to optional.

DPWWA2081E The session lifetime timestamp ismissing from the failover cookie.

Explanation: WebSEAL is configured to requirelifetime timestamps in all received failover cookies, anda failover cookie was received that did not have thesession inactivity timestamp.

Administrator response: Set failover-validate-lifetime-timestamp to optional.

DPWWA2082E This system error code could not beconverted to an error string.

Explanation: The system error code has no equivalenterror string.


DPWWA2083E The shared library could not beopened.

Explanation: The shared library could not be opened.

Administrator response: Examine earlier messages inthe log containing this message to identify the modulethat could not be opened. Check that the identifiedlibrary exists and is found within the configured librarypath.

DPWWA2084E Could not find the requestedsymbol.

Explanation: The requested symbol was not foundwithin the shared library.


DPWWA2085E The shared library file '%s' could notbe opened: %s

Explanation: The specified shared library file couldnot be opened. The system error string is given.

Administrator response: Ensure the specified sharedlibrary file exists and has appropriate permissions.Restart the process.

DPWWA2086E The symbol '%s' could not beresolved in the shared library '%s': %s

Explanation: The specified symbol could not beresolved. The system error string is given.

Administrator response: Ensure the specified sharedlibrary file is the appropriate type of library file. Restartthe process. If the problem persists, check IBM



Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2087E The '%s' flag to the authenticationmodule requires an argument.

Explanation: The authentication module flag musthave an argument.

Administrator response: Add an argument to thespecified flag.

DPWWA2088E Unknown authentication moduleflag '%s'.

Explanation: An invalid option was provided to theauthentication module.

Administrator response: Provide correctauthentication module option.

DPWWA2089E The authentication module flag '%s'requires an integer argument.

Explanation: The argument of the authenticationmodule flag must be an integer.

Administrator response: Ensure that the argument ofthe authentication module flag is an integer.

DPWWA2090E The session activity timestamp ismissing from the failover cookie.

Explanation: WebSEAL is configured to requireactivity timestamps in all received failover cookies, anda failover cookie was received that did not have thesession activity timestamp.

Administrator response: Set failover-require-activity-timestamp-validation to no.

DPWWA2091E Bad EAI trigger URL pattern '%s' inconfiguration file.

Explanation: The EAI trigger is not formattedcorrectly. If it is a Virtual Host junction trigger it mustbegin with HTTP[S]://hostname[:port]/.

Administrator response: Correct the syntax of the EAItrigger.

DPWWA2092E Could not reset the cache sessionlifetime because the EAI serverprovided a bad value ('%s') in the'am_eai_xattr_session_lifetime' header.

Explanation: WebSEAL could not reset the cachesession lifetime because the header value returned bythe EAI server is invalid. The value must contain onlynumeric digits.

Administrator response: Investigate and correct any

problems with the 'am_eai_xattr_session_lifetime'extended attribute header returned by the EAI server.

DPWWA2093E Configuration item '[%s]%s' has aninvalid value '%s'

Explanation: A configuration item in the configurationfile has a bad value. For example it is expecting aninteger and was provided with a string

Administrator response: The configuration itemshould be changed to a valid entry

DPWWA2100E The new user ID does not match theuser ID previously presented toauthenticate.

Explanation: In the event of a step-up operation withverify-step-up-user set to true, the user ID presented tothis authentication level must match the user IDauthenticated to the previous level.

Administrator response: The user must present thesame user ID provided in the previous authenticationlevel.

DPWWA2101E The new user ID (%s) does notmatch the user ID (%s)previouslypresented to authenticate.

Explanation: In the event of a step-up operation withverify-step-up-user set to true, the user ID presented tothis authentication level must match the user IDauthenticated to the previous level.

Administrator response: The user must present thesame user ID provided in the previous authenticationlevel.

DPWWA2250E The ACL attached to the requestedresource does not permit the Traverseoperation.

Explanation: The ACL attached to the requestedresource does not permit the Traverse operation.

Administrator response: Modify the ACL if necessary,or inform the user that they are not permitted to accessthe resource.

DPWWA2251E The ACL attached to the requestedresource does not allow access by thisuser.

Explanation: The ACL attached to the requestedresource does not allow access by the client.

Administrator response: Modify the ACL if necessary,or inform the user that they are not permitted to accessthe resource.



DPWWA2252E The requested resource is protectedby a policy that restricts access tospecific time periods. This request isprohibited at this time.

Explanation: A time-of-day POP is attached to therequested resource that has prohibited access at thetime of the request.

Administrator response: Modify the POP if necessary,or inform the user of the policy details.

DPWWA2253E An External Authorization Serverhas denied access to the requestedresource.

Explanation: An External Authorization Server hasdenied access to the requested resource.

Administrator response: Modify the EAS if necessary,or inform the user that they are not permitted to accessthe resource.

DPWWA2254E The requested resource is protectedby a policy that restricts access tospecific clients. This request isprohibited for this client.

Explanation: Step-up is configured for the requestedresource, but the client IP address is forbidden tostep-up.

Administrator response: Modify the POP if necessary,or inform the user that they are not permitted to accessthe resource.

DPWWA2255E This user does not have permissionsto perform a delegated operation.

Explanation: This user does not have permissions toperform a delegated operation.

Administrator response: Modify the ACL attached tothe resource to grant the user delegation permissions,or inform the user that they are not permitted toperform the requested operation.

DPWWA2400E Invalid challenge header

Explanation: SPNEGO Authentication requiresdecoding a challenge header from the client. Thatheader had an invalid format.

Administrator response: Make sure that the client isone supported by WebSEAL.

DPWWA2401E An internal error occurred duringSPNEGO processing.

Explanation: SPNEGO authentication failed because ofan internal error. This indicates a serious problem.

Administrator response: If the problem persists, check

IBM Electronic Support for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2402E Initialization of Kerberosauthentication failed.

Explanation: Initialization of Kerberos authenticationfailed.

Administrator response: Check for additional errormessages in log files. Check your SPNEGOconfiguration entries to make sure they match thedocumentation.

DPWWA2403E Your browser supplied NTLMauthentication data. NTLM is notsupported by WebSEAL. Make sureyour browser is configured to useIntegrated Windows Authentication.

Explanation: If a browser is improperly unconfigured,it will supply NTLM authentication data instead ofSPNEGO data.

Administrator response: Make sure that the browseris located in the same domain as the WebSEAL server.Refer to your browser documentation to make sure it isconfigured properly for Integrated WindowsAuthentication.

DPWWA2404E An error occurred when creating theSPNEGO token.

Explanation: An error occurred when creating theSPNEGO token for the GSS-API token.

Administrator response: This problem is most likelydue to an internal error or misconfiguration. Check theSPNEGO related configuration items in your server forerrors.

DPWWA2405W Cannot update failover cookie forswitch-user admins

Explanation: A switch-user admin cannot get afailover cookie for the user impersonated; this is aknown limitation of failover with switch-user


DPWWA2406W Could not find the failover sessionID in the user's failover token

Explanation: A user is trying to authenticate with afailover token that should have a session ID encodedfrom another WebSEAL replica. The session ID ismissing from the token, indicating a configuration errorat one of the replicas.

Administrator response: Ensure failover-include-session-id configuration settings are correct.



DPWWA2407W The failover session ID in the user'sfailover token does not match thesession ID in the user's session cookie.

Explanation: When trying to establish a session withfailover-include-session-id enabled, the session IDstored in the session cookie and the user's failovertoken must match. A mismatch indicates a possiblesecurity breach. WebSEAL will issue new session andfailover cookies for the user.

Administrator response: Ensure failover-include-session-id configuration settings are correct.

DPWWA2408W Cannot find the session cookie inthe user's request for use in comparingwith the failover cookie.

Explanation: When attempting to establish a nonstickyfailover session, WebSEAL could not find the user'ssession cookie. The cookie is required for a comparisonwith the session id in the failover token. Ensureconfiguration settings are correct.

Administrator response: Check cookie and nonstickyfailover settings.

DPWWA2409W Reverse lookup for host '%s'returned an alternate host name '%s'.This might prevent SPNEGOauthentication from functioningproperly.

Explanation: The SPNEGO authentication moduleattempted to validate the SPNEGO principal name bychecking that the reverse lookup for the specified hostname resolves to the same host name as the original.The host name returned for the reverse lookup did notmatch the original host name.

Administrator response: If server startup succeedsand SPNEGO authentication functions properly, noaction need be taken. If there are problems withSPNEGO authentication, make sure that your hostname resolution is properly configured. Refer to theTAM WebSEAL Administration Guide for additionalinformation about the problem.

DPWWA2410E Initialization of Kerberosauthentication for server principal '%s'failed.

Explanation: Initialization of Kerberos authenticationfor the specified principal failed.

Administrator response: Check for additional errormessages in log files. Refer to the TAM WebSEALAdministration Guide for additional information.

DPWWA2411E No SPNEGO service principalcredential found for Virtual HostJunction '%s'.

Explanation: SPNEGO authentication cannot completeunless the SPNEGO keytab file contains a serviceprincipal matching the host name of the virtual hostjunction and the service principal is listed in theWebSEAL configuration file.

Administrator response: Verify that the client is usingthe correct hostname to contact the virtual host. Verifythat the WebSEAL configuration file contains an entry'[spnego]spnego-krb-service-name =HTTP@<hostname>' for the virtual host. The SPNEGOkeytab file must contain a key for the principal.

DPWWA2550E Error initializing the credentialpolicy entitlements service

Explanation: An error occurred when loading thecredential policy entitlements service.

Administrator response: Check the log file foradditional error messages. The other error messagescontain more information about the problem.

DPWWA2551E Policy retrieval for user %s failed: %s(error code: 0x%lx)

Explanation: An error occurred when trying toretrieve credential policy attributes for the specifieduser.

Administrator response: Examine the status messageand code embedded in this message to identify the rootcause of the problem.

DPWWA2734W The authentication type isunknown. The audit event will not berecorded.

Explanation: An authentication event has occurred.However, the authentication type utilized is not aknown value and, as such, the audit event will not berecorded.


DPWWA2735W The reason for the sessiontermination is unknown. The auditevent will not be recorded.

Explanation: A session has been terminated. Thereason for this termination, however, is unknown.Because of this the audit record of this event could beconsidered broken and, as such, will not be audited.


DPWWA2407W • DPWWA2735W


DPWWA2850E A general failure has occured withinthe SOAP client.

Explanation: An error has occured within the SOAPclient.


DPWWA2851E An error was returned from theSOAP server in cluster %s when callingthe %s interface: %s (code: 0x%x).

Explanation: The web service returned an error.

Administrator response: Examine messages within thesession management server log. If the problem persists,check IBM Electronic Support for additionalinformation - http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2852E An error occurred when attemptingto communicate with the SOAP serverURL %s: %s (error code: %d/0x%x).

Explanation: An attempt was made to communicatewith the SOAP server and a failure occured within theunderlying communications layer.

Administrator response: Examine additional messagesto determine the cause of the error and correct theproblem. Ensure that the SOAP server is running andreachable. If the problem persists, check IBM ElectronicSupport for additional information -http://www.ibm.com/software/sysmgmt/products/support/index.html?ibmprd=tivman

DPWWA2853E The SOAP client failed to initialized.

Explanation: The SOAP client for a Web service couldnot be initialized.


DPWWM1299E Invalid flag '-%c'

Explanation: An invalid flag was passed to acommand.

Administrator response: Read the manual to identifythe flag you want to use.

DPWWM1300E Flag '-%c' does not take an argument

Explanation: An invalid argument was passed to acommand.

Administrator response: Correct the syntax of thecommand.

DPWWM1301E Missing argument for '-%c' flag

Explanation: An argument is required for the optionused.


DPWWM1302E Basic authentication type must beone of: ignore, filter,supply or gso

Explanation: An invalid argument followed the -bflag.


DPWWM1314E Must specify the junction typeusing the '-t' flag

Explanation: The junction type was not passed withthe create command.

Administrator response: Pass the junction type as anargument to the -t flag.

DPWWM1315E Must specify a junction point

Explanation: No junction point was passed as anargument.


DPWWM1316W WARNING: A junction alreadyexists at %s

Explanation: A junction already exists at the specifiedjunction point.

Administrator response: Either replace the existingjunction or specify a different junction point.

DPWWM1318E Cannot create junction

Explanation: A junction create command failed.

Administrator response: This message is preceded bya detailed explanation of why the junction could not becreated. Correct the problem and try to create thejunction again.

DPWWA2850E • DPWWM1318E


DPWWM1320E Must specify the junction serverhostname using the '-h' flag

Explanation: No hostname was passed to the add orcreate command.

Administrator response: Include the hostname in thecommand.

DPWWM1321E Invalid port %s

Explanation: The port number specified was invalid.Port numbers must be integers greater than zero.

Administrator response: Specify a valid port number.

DPWWM1322E Invalid proxy port %s

Explanation: An invalid port number was passedusing the -P flag. Port numbers must be integersgreater than zero.

Administrator response: Pass a valid port number tothe create or add command.

DPWWM1323E A proxy TCP port must be suppliedwith the -P option

Explanation: No -P argument was specified to the addor create command even though the -H argument wasspecified.

Administrator response: Include the -P argument inthe command.

DPWWM1324E Can only use -T flag when using '-bgso'

Explanation: The -T flag was specified to the createcommand without the -b flag.

Administrator response: If you want to use GSO forthe junction, pass -b gso as an argument to the junctioncreate command. If you do not want to use GSO, thendo not pass the -T flag to the create command.

DPWWM1325E Must also use -T flag when using'-b gso'

Explanation: The -b gso flag was passed to the createcommand without a corresponding -T flag.

Administrator response: Include the name of the GSOtarget which should be used for the junction.

DPWWM1327E Must specify a file system directoryusing the '-d' flag

Explanation: No directory was specified when tryingto create a local junction.

Administrator response: If you want to create a localjunction, pass the full path to the directory to use withthe -d flag. If you want to create another type of

junction, pass the correct type using the -t flag.

DPWWM1330E Must specify a server to removeusing the '-i' flag

Explanation: No -i flag was passed to the 'remove'command.

Administrator response: If you want to delete thejunction entirely, use the 'delete' command. If you wantto remove a particular server, use the 'show' commandto loook up the UUID of the server to remove, andthen pass the UUID as the argument to the -i flag.

DPWWM1332E Invalid server ID

Explanation: The argument passed to -i was not avalid UUID.

Administrator response: Obtain the correct UUID byusing the 'show' command and pass a valid UUID asan argument to the 'remove' command.

DPWWM1333E Could not fetch junction definition

Explanation: This message is followed by anexplanation of the problem.

Administrator response: Correct the problemdescribed by the following message.

DPWWM1334E Can only remove servers from aTCP, SSL or mutual junction

Explanation: It is not possible to remove a server froma local junction.

Administrator response: Correct the junction pointspecified in the remove command. The junction pointshould belong to a TCP, SSL or mutual junction.

DPWWM1335E Server %s not found at junction %s

Explanation: An attempt was made to remove ajunction server based on a UUID which did not matchany of the servers on the junction point.

Administrator response: Use the 'show' command tofind the correct UUID and pass the correct UUID to the'remove' command.

DPWWM1336E Could not delete junction

Explanation: This message is followed by anexplanation of why the junction could not be deleted.


DPWWM1320E • DPWWM1336E


DPWWM1337E Could not update junction

Explanation: This message is followed by anexplanation of why the junction could not be modified.


DPWWM1339E Junction not found at %s.

Explanation: An attempt was made to add or removea server from a junction point which does not exist.

Administrator response: Use the 'list' and 'show'commands to figure out which junction point youshould use.

DPWWM1341E Create junction

Explanation: This message is followed by anexplanation of why the creation failed.

Administrator response: Fix the problem described inthe message following this message.

DPWWM1342E Can't add servers to this type ofjunction

Explanation: It is not possible to add servers to localjunctions.

Administrator response: Only add servers to TCP,SSL, TCP proxy, SSL proxy or mutual junctions. Figureout which junction you wish to add a server to usingthe 'list' and 'show' commands, and then pass thecorrect junction point to the 'add' command.

DPWWM1343E Add server

Explanation: An attempt to add a server failed.

Administrator response: This message is followed byan explanation of why the server could not be added.Correct the problem.

DPWWM1345E Cannot list junctions

Explanation: This message is followed by anexplanation of why junctions could not be listed.Correct the problem described in that message.

Administrator response: Correct the problemdescribed in the following message.

DPWWM1346E Cannot show junction

Explanation: This message is followed by anexplanation of the problem. Correct the problemdescribed in that message.


DPWWM1392E Bad value for path attribute.

Explanation: An item from a configuration file whichshould be set to a path name is an empty stringinstead.

Administrator response: Add the path to theconfiguration file.

DPWWM1416E Error: No filename specified inrequest.

Explanation: WebSEAL was unable to locate atemplate file to return to the user. The file may havebeen specified using the /pkms.....?filename=name.htmlconstruct or may have been one of the default responsefiles.

Administrator response: If the link which producedthis error was a PKMS page that included a?filename=-name- query, make sure the format of thequery portion of the link is correct. If the link whichproduced this error was not a PKMS page thatincluded a file name specification, make sure that allfiles in the www/lib/-lang- directories are readable bythe ivmgr user (on UNIX systems) or by all users (onWindows systems.)

DPWWM1417E Error: Could not retrieve file data.

Explanation: WebSEAL was unable to locate atemplate file to return to the user. The file may havebeen specified using the /pkms.....?filename=name.htmlconstruct or may have been one of the default responsefiles.

Administrator response: If the link which producedthis error was a PKMS page that included a?filename=-name- query, verify that the file specified by-nameis located in the www/lib/-lang- (where -lang-is the language appropriate to the user's browser)directory and is readable by the ivmgr user (on UNIXsystems) or by all users (on Windows systems.) If thelink which produced this error was not a PKMS pagethat included a file name specification, make sure thatall files in the www/lib/-lang- directories are readableby the ivmgr user (on UNIX systems) or by all users(on Windows systems.)

DPWWM1419E You can only use the -u flag with astateful junction.

Explanation: The -u flag was passed to the add orcreate command without the -s flag. UUIDs can only bespecified for stateful junctions.

Administrator response: If you wish to specify theUUID of the junction, then specify the -s flag as well asthe -u flag.



DPWWM1420E The UUID specified with the -u flagis in an invalid format.

Explanation: An invalid UUID was specified with the-u flag to the 'add' or 'create' commands.

Administrator response: Correct the format of theUUID. If you are unsure of the proper format for aUUID, examine the output of the 'show' command for ajunction. The 'ID' entry will contain a valid UUID.

DPWWM1427E -D flag only supported with ssl,sslproxy or mutual junctions.

Explanation: The -D flag can only be used for SSL,SSL proxy or mutual junctions.

Administrator response: Either make this an SSL/SSLProxy or Mutual junction or do not specify the DN ofthe junctioned server.

DPWWM1432W NOTE: Ensure the CA rootcertificate used to sign the junctionedserver certificate is installed in theWebSEAL certificate key database.

Explanation: WebSEAL was unable to communicatewith an SSL junction because the junction presented acertificate WebSEAL could not validate.


DPWWM1435E -C flag only supported with ssl orsslproxy junctions.

Explanation: The -C flag can only be used for SSL orSSL proxy junctions.

Administrator response: Either make this an SSL orSSL Proxy junction or do not make the junction aWebSEAL to WebSEAL junction.

DPWWM1436E Either -K or -B can be defined for ajunction.

Explanation: Both -K and -B were specified in thejunction creation command. The two options cannot beused simultaneously on the same junction.

Administrator response: Read the manual and figureout whether you want to use -K, -B, or neither.

DPWWM1437E Both -K and -B flag only supportedwith ssl, sslproxy or mutual junctions.

Explanation: The -K and -B flags can only be used forSSL, SSL proxy or mutual junctions.

Administrator response: Either make this an SSL/SSLProxy or Mutual junction or do not make the junctionmutually authenticated.

DPWWM1438E The -b option cannot be specifiedwith the -B option.

Explanation: Both -b and -B were specified in thejunction creation command. The two options cannot beused simultaneously on the same junction.

Administrator response: Read the manual and figureout whether you want to use -b, -B, or neither.

DPWWM1439E -U <username> and -W <password>must be supplied with the -B option.

Explanation: The -B flag was specified without the -Uand -W flags.

Administrator response: Specify the username andpassword for the junction with the -U and -W flags.

DPWWM1451W Too few authentication methodsconfigured.

Explanation: Too few authentication methods havebeen specified.

Administrator response: Add 1 or moreauthentication methods to the authentication levelsstanza configuration.

DPWWM1452W No unauthenticated methodconfigured.

Explanation: The unauthenticated method has notbeen specified

Administrator response: Ensure that theunauthenticated method occurs first in theauthentication levels stanza configuration.

DPWWM1453E Invalid authentication method.

Explanation: The specified authentication method iseither invalid or unsupported in the current productconfiguration.

Administrator response: Verify the validity of thespecified authentication method.

DPWWM1454E The requested operation is not valid

Explanation: IBM Security Access Manager wasunable to perform a requested operation beca use it isnot valid. An example would be a token authenticationuser attempting to change their password

Administrator response: Consult documentation foroperation.



DPWWM1461E Failed loading JMT table

Explanation: The JMT file could not be read fromdisk.

Administrator response: Make sure the JMT filespecifed in webseald.conf is present in the installationdirectory and is readable by the ivmgr user.

DPWWM1490E No dynurl.conf file found. Nochanges were made.

Explanation: No dynurl.conf file was present whenthe dynurl update command was issued.

Administrator response: Create the dynurl.conf file.

DPWWM1493E Junction '%s' has reached it's workerthread hard limit.

Explanation: The configured maximum number ofworker threads for this junction has been reached. Theoverloaded requests are being retured with 503, ServiceUnavailable. This could be due to either a slow junctionor too many requests.

Administrator response: Increase number of workerthreads, increase hard limit or decrease load.

DPWWM1494W Junction '%s' has reached it'sworker thread soft limit

Explanation: A configured warning level has beenreached for this junction on the number of workerthreads currently active on it. This could be due toeither a slow junction or too many requests.

Administrator response: Prepare to increase numberof worker threads, increase soft limit or decrease load.

DPWWM1499W The configured number of workerthreads, %d, is greater than the systemcan support, %d. It has automaticallybeen reduced.

Explanation: Each operation system has differentlevels of support for threads and open files. Thatcombined with compile time options will provide limitson the configurable number of worker threads.

Administrator response: The software automaticallyreduced the value. However to stop this messageappearing you may set the value in the configurationfile lower.

DPWWM1510E One or more entries in dynurl.confdo not specify URLs


Administrator response: Examine dynadi.conf forformatting and content errors.

DPWWM1513W The stanza '%s' in the configurationfile contains an unrecognised P3Pcompact policy element: '%s'.

Explanation: The given entry is not a valid P3P HTTPheader configuration entry.

Administrator response: Correct the configuration fileentry. The list of valid P3P compact policy elements isgiven in the documentation.

DPWWM1514W The stanza '%s' in the configurationfile contains an unrecognised value forthe P3P compact policy element '%s':'%s'.

Explanation: The specified P3P HTTP headerconfiguration entry contains an invalid value.

Administrator response: Correct the configuration fileentry. The list of accepted values for each P3P compactpolicy element is given in the documentation.

DPWWM1515E The configuration for P3P HTTPheader insertion is invalid.

Explanation: One or more aspects of the P3P HTTPheader configuration are invalid. Earlier log messagesgive more specific details.

Administrator response: Examine other log messagesto determine the specific error or errors in theconfiguration file, and correct the configuration.

DPWWM1516W No P3P policy elements areconfigured in the stanza '%s', but P3Pheader insertion has been enabled.

Explanation: P3P header insertion has been enabled inthe configuration file, but no P3P policy has beenconfigured. P3P headers cannot be inserted until theP3P policy is configured.

Administrator response: Either add P3P policyelements to the stanza, or disable P3P header insertion.

DPWWM1517E The -H and -P flags are valid onlyfor tcpproxy and sslproxy typejunctions.

Explanation: The -H and -P parameters are only validfor tcpproxy or sslproxy type junctions. Either createone of those types of junctions or remove the -H and -Pparameters from this command.

Administrator response: Create a tcpproxy or sslproxytype junction.



DPWWM1518E A proxy hostname must be suppliedwith the -H option

Explanation: No -H argument was specified to theadd or create command even though the -P argumentwas specified.

Administrator response: Include the -H argument inthe command.

DPWWM1522E Only 'onfocus', 'inhead', 'xhtml10'and 'trailer' are supported with the -Joption.

Explanation: An invalid option was supplied with the-J flag.


DPWWM1523E You can not specify both -C and -Bflags when creating a junction.

Explanation: The -C and -B flags use the same methodto transmit authentication data and thus wouldoverwrite each other if used together.

Administrator response: Do not specify both flagswhen creating the junction.

DPWWM1524E The -P flag is valid only for mutual,tcpproxy and sslproxy type junctions.

Explanation: The -P parameter is only valid formutual, tcpproxy or sslproxy type junctions. Eithercreate one of those types of junctions or remove the -Pparameter from this command.

Administrator response: Create a mutual, tcpproxy orsslproxy type junction.

DPWWM1527E The supplied TCP and SSL portsmust be different.

Explanation: The TCP and SSL port values whichhave been supplied point to the same port. This is nota valid configuration.

Administrator response: Specify different port valuesfor the TCP and SSL port options.

DPWWM1528E The -V flag is valid only for mutualjunctions.

Explanation: The -V parameter is only valid formutual type junctions. Either create one of those typesof junctions or remove the -V parameter from thiscommand.

Administrator response: Remove the -V flag or createa mutual type of junction.

DPWWM1531W Error: The supplied keyfile mustnot contain any path information.

Explanation: A base path for LTPA keyfiles has beenstatically configured and as such the supplied file nameshould not contain any path information.

Administrator response: Specify the name of thekeyfile without any path information.

DPWWM1532W Error: The supplied FSSOconfiguration file must not contain anypath information.

Explanation: A base path for FSSO configuration fileshas been statically configured and as such the suppliedfile name should not contain any path information.

Administrator response: Specify the name of theFSSO configuration file without any path information.

DPWWM2041E Cannot create Virtual Host Junction

Explanation: A virtualhost create command failed.

Administrator response: This message is preceded bya detailed explanation of why the Virtual Host Junctioncould not be created. Correct the problem and try tocreate the Virtual Host Junction again.

DPWWM2044E Create Virtual Host Junction

Explanation: This message is followed by anexplanation of why the creation failed.

Administrator response: Fix the problem described inthe message following this message.

DPWWM2045E Can't add servers to this type ofVirtual Host Junction

Explanation: It is not possible to add servers to localVirtual Host Junctions.

Administrator response: Only add servers to TCP,SSL, TCP proxy, or SSL proxy Virtual Host Junctions.Figure out which Virtual Host Junction you wish toadd a server to using the 'virtualhost list' and'virtualhost show' commands, and then pass the correctVirtual Host Junction label to the 'virtualhost add'command.

DPWWM2047E Must specify the Virtual HostJunction type using the '-t' flag

Explanation: The Virtual Host Junction type was notpassed with the create command.

Administrator response: Pass the Virtual HostJunction type as an argument to the -t flag.



DPWWM2050W WARNING: A Virtual HostJunction already exists using label %s

Explanation: A Virtual Host Junction already existsusing the specified Virtual Host Junction label.

Administrator response: Either replace the existingVirtual Host Junction or specify a different Virtual HostJunction label.

DPWWM2051E -C flag only supported with ssl orsslproxy Virtual Host Junctions.

Explanation: The -C flag can only be used for SSL orSSL proxy Virtual Host Junctions.

Administrator response: Either make this an SSL/SSLProxy Virtual Host Junction or do not make the VirtualHost Junction a WebSEAL to WebSEAL Virtual HostJunction.

DPWWM2052E Can only use -T flag when using '-bgso'

Explanation: The -T flag was specified to thevirtualhost create command without the -b flag.

Administrator response: If you want to use GSO forthe Virtual Host Junction, pass -b gso as an argumentto the virtualhost create command. If you do not wantto use GSO, then do not pass the -T flag to thevirtualhost create command.

DPWWM2053E Must also use -T flag when using'-b gso'

Explanation: The -b gso flag was passed to thevirtualhost create command without a corresponding -Tflag.

Administrator response: Include the name of the GSOtarget which should be used for the Virtual HostJunction.

DPWWM2054E Either -K or -B can be defined for aVirtual Host Junction.

Explanation: Both -K and -B were specified in thevirtualhost create command. The two options cannot beused simultaneously on the same Virtual Host Junction.

Administrator response: Read the manual and figureout whether you want to use -K, -B, or neither.

DPWWM2055E Both -K and -B flag only supportedwith ssl or sslproxy Virtual HostJunctions.

Explanation: The -K and -B flags can only be used forSSL or SSL proxy Virtual Host Junctions.

Administrator response: Either make this an SSL/SSLProxy Virtual Host Junction or do not make the Virtual

Host Junction mutually authenticated.

DPWWM2056E -U <username> and -W <password>must be supplied with the -B option.

Explanation: The -B flag was specified without the -Uand -W flags.

Administrator response: Specify the username andpassword for the Virtual Host Junction with the -U and-W flags.

DPWWM2057E The -b option cannot be specifiedwith the -B option.

Explanation: Both -b and -B were specified in thevirtualhost create command. The two options cannot beused simultaneously on the same Virtual Host Junction.

Administrator response: Read the manual and figureout whether you want to use -b, -B, or neither.

DPWWM2058E Must specify the Virtual HostJunction server hostname using the '-h'flag

Explanation: No hostname was passed to thevirtualhost add or create command.

Administrator response: Include the hostname in thecommand.

DPWWM2059E The -H and -P flags are valid onlyfor tcpproxy and sslproxy type VirtualHost Junctions.

Explanation: The -H and -P parameters are only validfor tcpproxy or sslproxy type Virtual Host Junctions.Either create one of those types of Virtual HostJunctions or remove the -H and -P parameters from thiscommand.

Administrator response: Create a tcpproxy or sslproxytype Virtual Host Junction.

DPWWM2060E A proxy hostname must be suppliedwith the -H option

Explanation: No -H argument was specified to thevirtualhost add or create command even though the -Pargument was specified.

Administrator response: Include the -H argument inthe command.

DPWWM2062E You can only use the -u flag with astateful Virtual Host Junction.

Explanation: The -u flag was passed to the virtualhostadd or create command without the -s flag. UUIDs canonly be specified for stateful Virtual Host Junctions.

Administrator response: If you wish to specify the

DPWWM2050W • DPWWM2062E


UUID of the Virtual Host Junction, then specify the -sflag as well as the -u flag.

DPWWM2063E -D flag only supported with ssl orsslproxy Virtual Host Junctions.

Explanation: The -D flag can only be used for SSL orSSL proxy Virtual Host Junctions.

Administrator response: Either make this an SSL/SSLProxy Virtual Host Junction or do not specify the DNof the Virtual Host Junctioned server.

DPWWM2064E The UUID specified with the -u flagis in an invalid format.

Explanation: An invalid UUID was specified with the-u flag to the 'virtualhost add' or 'virtualhost create'commands.

Administrator response: Correct the format of theUUID. If you are unsure of the proper format for aUUID, examine the output of the 'virtualhost show'command for a Virtual Host Junction. The 'ID' entrywill contain a valid UUID.

DPWWM2065W NOTE: Ensure the CA rootcertificate used to sign the Virtual HostJunctioned server certificate is installedin the WebSEAL certificate keydatabase.

Explanation: WebSEAL was unable to communicatewith an SSL Virtual Host Junction because the VirtualHost Junction presented a certificate WebSEAL couldnot validate.


DPWWM2067E Must specify a virtual hostnameusing the '-v' flag

Explanation: No virtual hostname was specified whentrying to create a localtcp or localssl Virtual HostJunction.

Administrator response: If you want to create alocaltcp or localssl Virtual Host Junction, you must setit's virtual hostname using the -v flag.

DPWWM2068E Must specify a file system directoryusing the '-d' flag

Explanation: No directory was specified when tryingto create a localtcp or localssl Virtual Host Junction.

Administrator response: If you want to create alocaltcp or localssl Virtual Host Junction, pass the fullpath to the directory to use with the -d flag. If youwant to create another type of Virtual Host Junction,pass the correct type using the -t flag.

DPWWM2069E Must specify a server to removeusing the '-i' flag

Explanation: No -i flag was passed to the 'virtualhostremove' command.

Administrator response: If you want to delete theVirtual Host Junction entirely, use the 'virtualhostdelete' command. If you want to remove a particularserver, use the 'virtualhost show' command to loook upthe UUID of the server to remove, and then pass theUUID as the argument to the -i flag.

DPWWM2071E Could not delete Virtual HostJunction

Explanation: This message is followed by anexplanation of why the Virtual Host Junction could notbe deleted.


DPWWM2072E Invalid server ID

Explanation: The argument passed to -i was not avalid UUID.

Administrator response: Obtain the correct UUID byusing the 'virtualhost show' command and pass a validUUID as an argument to the 'virtualhost remove'command.

DPWWM2073E Virtual Host Junction not foundwith label %s.

Explanation: An attempt was made to add or removea server from a Virtual Host Junction which does notexist.

Administrator response: Use the 'virtualhost list' and'virtualhost show' commands to figure out whichVirtual Host Junction point you should use.

DPWWM2074E Could not fetch Virtual HostJunction definition

Explanation: This message is followed by anexplanation of the problem.

Administrator response: Correct the problemdescribed by the following message.

DPWWM2075E Can only remove servers from aTCP or SSL Virtual Host Junction

Explanation: It is not possible to remove a server froma local Virtual Host Junction.

Administrator response: Correct the Virtual HostJunction label specified in the remove command. TheVirtual Host Junction label should belong to a TCP orSSL Virtual Host Junction.



DPWWM2076E Server %s not found at Virtual HostJunction %s

Explanation: An attempt was made to remove aVirtual Host Junction server based on a UUID whichdid not match any of the servers on the Virtual HostJunction.

Administrator response: Use the 'virtualhost show'command to find the correct UUID and pass the correctUUID to the 'virtualhost remove' command.

DPWWM2077E Could not update Virtual HostJunction

Explanation: This message is followed by anexplanation of why the Virtual Host Junction could notbe modified.


DPWWM2080E Cannot list Virtual Host junctions

Explanation: This message is followed by anexplanation of why Virtual Host junctions could not belisted. Correct the problem described in that message.


DPWWM2081E Cannot show Virtual Host Junction

Explanation: This message is followed by anexplanation of the problem. Correct the problemdescribed in that message.


DPWWM2088E Must specify a Virtual Host Junctionlabel

Explanation: No Virtual Host Junction label waspassed as an argument.


DPWWM2089E A Virtual Host Junction label cannotcontain the '/' character


Administrator response: Correct the syntax of thecommand and try again.

DPWWM2090E A junction mount point must beginwith '/'


Administrator response: Correct the syntax of thecommand and try again.

DPWWM2091E The existing Virtual Host Junction isin an inconsistent state as it is missingit's virtual host name.


Administrator response: Contact product support.

DPWWM4023E Error reading configuration file %s:%s

Explanation: There was an error opening aconfiguration file.

Administrator response: Make sure the file exists andis readable.

DPWWM4024E Stanza '%s' is missing fromconfiguration file.

Explanation: A needed stanza was not found.

Administrator response: The stanza should be addedto the configuration file

DPWWM4025E Unknown configuration item'[%s]%s' in configuration file.

Explanation: Probably a typo of the configuration itemin the configuration file.

Administrator response: Correct the configurationitem in the configuration file.

DPWWM4041E Unable to read the stanza [%s]. Addthe stanza to theWebSEAL configurationfile to enable TFIM SSO for thejunction '%s'.


Administrator response: Add the configurationoptions to the WebSEAL config file and restart theWebSEAL server.

DPWWM4042E Unable to enable TFIM junctionSSO.


Administrator response: Add the configurationoptions to the WebSEAL config file and restart theWebSEAL server.

DPWWM4045E The address supplied with the -aoption, %s, is not a valid local address.


Administrator response: Ensure that the addresswhich is supplied is a valid local address for theWebSEAL server.



Chapter 3. Protocol Service Messages

These messages are provided by the protocol service component.

FBTADM002E The invoked command failed.

Explanation: The executed command did not completesuccessfully.

System action: Command execution halted.

Administrator response: Check the log files orexamine any returned exceptions.

FBTADM004E There are no SAML Artifact Servicesconfigured.



Administrator response: No response required.

FBTADM005E There are no SAML Artifact Servicesconfigured with the given configurationidentifier.




FBTADM006E The given name for the creation ofthe new Tivoli Federated IdentityManager domain already exists. Supplya different domain name or remove theexisting domain first.




FBTADM007E A Tivoli Federated Identity Managerdomain name is required for thisoperation to complete.



Administrator response: Specify the domain nameusing the parameter fimDomainName

FBTADM008E A WebSphere cluster or server nameis required for this operation. If thetarget environment is on a cluster, enterthe clustername. If the targetenvironment is not a cluster, provide thename of the application server (typicallyserver1). To find the name of the clusteror the server use the Application Serverspanel on the WebSphere administrativeconsole.




FBTADM009E One or more parameters have to beprovided for this operation.



Administrator response: View the usage and pass therequired parameters to the command.

FBTADM010E The Tivoli Federated IdentityManager domain specified for thisoperation does not exist.



Administrator response: Run the list operation of thecommand manageItfimDomain to view the domainname.

FBTADM011E The Tivoli Federated IdentityManager runtime is not currentlydeployed into the selected domain. Todeploy the runtime use the deployoperation of this command.



Administrator response: Run the deploy operation ofthe command manageItfimDomain to deploy theruntime.

FBTADM013E A file name to read from or write toneeds to be provided for this command.




Administrator response: Specify a file name for thiscommand.

FBTADM014E Required Tivoli Access Managerparameters were not passed to thisoperation. When a Tivoli FederatedIdentity Manager domain uses TivoliAccess Manager the followingparameters are required, tamAdminId,tamtamPolicyServer, tamAuthzServers,tamAuthzPorts.



Administrator response: Check the documentation orview the command help for usage.

FBTADM017E The following error ocurred whilereloading the Tivoli Federated IdentityManager Management Service.

Explanation: Errors from the Tivoli Federated IdentityManager Management Service is returned as a result ofexecuting the reloadItfimManagementServicecommand.


Administrator response: Check the log files on theTivoli Federated Identity Manager Management Servicemachine for the exception details.

FBTADM018E One of the parameters passed needsto be an integer but it is not.




FBTADM019E One or more parameters passed arein an incorrect format.




FBTADM020E The configuration type passed to thecommand is in an unrecognized format.Acceptable values are ldap or jdbc.




FBTADM021E This operation requires that theconfiguration type for the alias serviceis set to ldap but the currentconfiguration is jdbc. Run the configureoperation to change the configuration toldap.



Administrator response: Run the configure operationof the manageItfimNameIdSvc command.

FBTADM022E The provided server, hostname andport, already exists in the configuration.If you need to modify the parametersuse the modifyHost operation.



Administrator response: Run the modifyHostoperation of the manageItfimNameIdSvc command.

FBTADM023E The provided server, hostname andport, is not defined in the configuration.Create this server entry using theaddHost operation.



Administrator response: Run the addHost operationof the manageItfimNameIdSvc command.

FBTADM024E The parameter insert is required forthis operation.




FBTADM025E The partner insert associated tofederation insert was not found. Checkthat both partner and federation namesare correct. You can use the listoperation of the manageItfimPartnercommands to get a list of existingpartners and federations.



Administrator response: Run the list operation of themanageItfimPartner command.

FBTADM014E • FBTADM025E


FBTADM026E The property insert is required forthis operation.



Administrator response: Check the documentation forresponse file property requirements for this operation.

FBTADM028E The parameter insert is required forthis operation but it was not given.

Explanation: The command requires parameters thatwere not passed in.



FBTADM029E The Tivoli Federated IdentityManager domain name, server name,server port, and report name are notspecified.




FBTADM030E The Tivoli Federated IdentityManager domain name, server name,and server port are not specified.




FBTADM031E No runnable reports were found.


System action: No action taken.


FBTADM032E The Report Engine could not bestarted. Check the log files or examineany returned exceptions.




FBTADM033E The Report Engine could not be shutdown. Check the log files or examineany returned exceptions.




FBTADM034E No reports are currently running.








FBTADM036E No archived reports were found.








FBTADM038E A report design is required for thisoperation to complete.



Administrator response: Specify the report designusing the reportDesign parameter.

FBTADM039E A hostname is required for thisoperation to complete.





Administrator response: Specify the host name usingthe hostName parameter.

FBTADM040E A port is required for this operationto complete.



Administrator response: Specify the port using thehostPort parameter.

FBTADM041E A render type is required for thisoperation to complete.



Administrator response: Specify the render type usingthe renderType parameter.

FBTADM042E The supplied keystore was not foundin the domain. Verify that the kesytorename is correct and that it does exist.




FBTADM043E No keys are defined inside thesupplied Key Store.




FBTADM044E The domain supplied does not haveany keystores defined.




FBTADM045E The supplied response file does notcontain a valid federation name to becreated.



Administrator response: Add the FedName propertyto the response file.

FBTADM046E The federation insert already exists.Specify a different name in the responsefile.




FBTADM047E Unable to create partner responsefile. Verify that the parameters suppliedwere correct and verify the logs.



Administrator response: Check the log files on theTivoli Federated Identity Manager Management Servicemachine for errors.

FBTADM048E The file insert specified in propertyinsert does not exist.



Administrator response: Check the path to the file.

FBTADM049E This operation requires the TivoliAccess Manager administrator passwordin order to complete. Provide thispassword by specifying the-tamAdminPwd option.




FBTADM050E Unable to create federation responsefile. Verify that the parameters suppliedwere correct and verify the logs.




FBTADM051E A Tivoli Federated Identity Managerdomain already exists in the targetcluster or server insert. Remove thatdomain before attempting to create anew one.






FBTADM052E The federation insert is not anidentity provider. A query requesterpartner can only be added to an identityprovider federation.




FBTADM053E Unable to import the key insert intokeystore insert. Make sure that thekeystore name and supplied passwordare correct.




FBTADM054E The export operation failed to writethe domain to the supplied file. Checkthe name and path of the supplied fileand that its location can be written.




FBTADM055E Unable to undeploy runtime from:insert.




FBTADM056E This operation is not supported forthe specified Single Sign-On protocol.




FBTADM057E The callback id: insert is not defined.Publish the Point of Contact callbackplug-ins to the runtime node if creatinga custom point of contact or check theexisting callback names using thelistCallbacks operation.




FBTADM058E The callback property: insert forcallback insert is not defined. Check theavailable properties for a callback usingthe listCallbacks operation.




FBTADM059E The specified Point of Contactprofile: insert was not found.




FBTADM060E The specified Chain RequestMapping with uuid: insert was notfound.




FBTADM061E The module instance with uuid: insertwas not found.




FBTADM062E The module type with uuid: insertwas not found.




FBTADM063E The module chain with uuid: insertwas not found.




FBTADM064E The number of instances provideddoes not match the number of modesprovided. These two numbers mustmatch.






FBTADM065E The mode: insert for module instance:insert is not supported.




FBTADM066E The chain mapping for chain: insertwas not found.




FBTADM067E The custom properties cannot beloaded into the specified domain.

Explanation: The custom properties cannot beimported.



FBTADM068E The given name for the TivoliFederated Identity Manager domaindoes not exist. Supply a differentdomain name.

Explanation: The specified domain name does notexist.



FBTADM069E A Tivoli Federated Identity Managerfederation name is required for thisoperation to complete.

Explanation: This operation requires the name of anexisting federation.


Administrator response: Specify the federation nameusing the parameter federationName

FBTADM070E The federation insert does not exist.Specify a different name.

Explanation: The specified federation name does notexist.



FBTADM071E The operation operation is unknownfor the current command.

Explanation: An operation was specified that is notimplemented for the current command.


Administrator response: Please enter a validoperation for this command.

FBTADM072E A key with alias 'key alias' was notfound in the keystore 'keystore'.

Explanation: An alias was specified for a signing orencryption key, but no key with that alias was found inthe specified keystore.


Administrator response: Please enter a valid alias.

FBTADM073E The partner role value insert specifiedon parameter insert is not supported forthis operation.

Explanation: The partner role specified is notsupported by the federation.



FBTADM074E The migration type is required forthis operation to complete.

Explanation: This operation requires the migrationtype to be performed.


Administrator response: Specify the migration typeusing the parameter migrationType

FBTADM075E The migration type value insertspecified on parameter insert is notsupported by the runtime.

Explanation: The migration type specified is notsupported by the runtime.


Administrator response: List the supported migrationtypes for the runtime.

FBTADM076E The migration type insert does notsupport the use of a response file.

Explanation: The migration type specified does notsupport the use of a response file.


Administrator response: Execute the operation



without using a response file.

FBTADM077E The federation name can containonly characters from the set 'a-z', 'A-Z'and '0-9'. Specify a different name in theresponse file using only the validcharacters.




FBTADM078E A module chain with the displayname name already exists.

Explanation: A module chain with the specified namealready exists. Module chain display names must beunique.


Administrator response: Specify a different name forthe new module chain.

FBTADM079E A module instance with the namename already exists.

Explanation: A module instance with the specifiedname already exists. Module instance names must beunique.


Administrator response: Specify a different name forthe new module instance.

FBTADM080E The module instance instance isprotected and cannot be deleted.

Explanation: The specified module instance cannot bedeleted because it is a protected instance.



FBTADM081E The module instance instance cannotbe deleted because it is currently usedin one or more module chains.

Explanation: The specified module instance cannot bedeleted because it is used in one or more modulechains.


Administrator response: If the module instance mustbe deleted, remove it from the module chains that useit, or delete those module chains.

FBTADM082E The module type for module instanceinstance cannot be changed from oldtypeto newtype.

Explanation: The module type for a module instancecannot be changed.


Administrator response: Create a new moduleinstance with the required type, then reconfigure anymodule chains using the existing module instance touse the new one. If the existing module instance is nolonger required, it may then be deleted.

FBTADM083E The name of module instance instancecannot be changed from oldname tonewname.

Explanation: The name of a module instance cannotbe changed.


Administrator response: Create a new moduleinstance with the specified name. If the existing moduleinstance is no longer required, delete it.

FBTADM084E The minimum length for clientidentifier is <number> characters.

Explanation: The length of the client identifier in theresponse file does not meet the required length.


Administrator response: Ensure the client identifiermeets the minimum length requirement.

FBTADM085E The client identifier can contain onlycharacters from the set 'a-z', 'A-Z' and'0-9'. Specify a different client identifierusing the valid characters.

Explanation: The client identifier in the response filecontains a character that is not valid.


Administrator response: Provide the valid clientidentifier in the response file.

FBTADM086E An error occurred when verifying theclient identifier. A client with thespecified client identifier already exists.

Explanation: The client identifier in the response fileis not valid because it is already in use.


Administrator response: Ensure the client identifierspecified is unique for this federation.



FBTADM087E The minimum length for the clientshared-secret is <number> characters.

Explanation: The length of the client shared-secret inthe response file does not meet the required length.


Administrator response: Ensure that the clientshared-secret meets the minimum length requirement.

FBTADM089E The client callback URI is not valid.Specify a valid client callback URI. Ifthis is not applicable, specify 'oob'.

Explanation: The client callback URI in the responsefile is not valid.


Administrator response: Provide the valid clientcallback URI in the response file.

FBTADM090E The client identifier cannot bemodified.

Explanation: The client identifier in the response fileis different from the registered one.


Administrator response: Provide the registered clientidentifier in the response file.

FBTADM091E The minimum length for clientidentifier is <number> characters.

Explanation: The length of the client identifier in theresponse file does not meet the required length.



FBTADM092E The client identifier can contain onlycharacters from the set 'a-z', 'A-Z' and'0-9'. Specify a different client identifierusing the valid characters.

Explanation: The client identifier in the response filecontains a character that is not valid.


Administrator response: Provide a valid clientidentifier in the response file.

FBTADM093E An error occurred when verifying theclient identifier. A client with thespecified client identifier already exists.

Explanation: The client identifier in the response fileis not valid because it is already in use.



FBTADM094E The minimum length for the clientshared-secret is <number> characters.




FBTADM096E The client redirection URI is notvalid. Specify a valid client redirectionURI.

Explanation: The client redirection URI in theresponse file is not valid.


Administrator response: Provide a valid clientredirection URI in the response file.

FBTADM097E The client identifier cannot bemodified.

Explanation: The client identifier in the response fileis different from the registered one.


Administrator response: Provide the registered clientidentifier in the response file.

FBTADM098E An OAuth partner cannot be createdfor the federation insert.

Explanation: An external client provider was selectedfor the federation. IBM Tivoli Federated IdentityManager internal partners are not allowed when anexternal client provider is selected.


Administrator response: Add clients externally basedon your implementation, or change the OAuth clientprovider configuration to add partners to IBM TivoliFederated Identity Manager.

FBTADM099E The partner insert that is associated tofederation insert cannot be deleted.

Explanation: Global entity partners are used in anOAuth 2.0 flow. You must not delete any of the globalentity partners. Note that if an OAuth 2.0 federation isdeleted, its associated global entity partners are alsodeleted.


Administrator response: No action taken.



FBTADM100E The partner insert that is associated tofederation insert cannot be deleted.

Explanation: Global entity partner is used in anOAuth 1.0 flow. You must not delete the global entitypartner. Note that if an OAuth 1.0 federation is deleted,its associated global entity partner is also deleted.


Administrator response: No action taken.

FBTADM101E The XML file format is not valid forinsert.

Explanation: The XML file that you provided is notformatted correctly.


Administrator response: Check your XML file forsyntax errors, and fix the errors.

FBTADM102E Error occured when writing the fileinsert.

Explanation: There are several causes of this error.Some of these causes are the following. First, the filethat you provided is a directory. Second, the file thatyou provided cannot be created. Third, the file that youprovided but cannot be opened. Check the log files todetermine the cause of the error.


Administrator response: Check the log files todetermine the cause of the error.

FBTADM103E Error occurred when reading the fileinsert.

Explanation: There are several possible causes of thiserror. Some of these causes are the following. First, thefile that you provided is a directory. Second, the filethat you provided cannot be opened for reading. Pleasecheck the log files to determine the cause of the error.


Administrator response: Check the log files todetermine the cause of the error.

FBTADM104E The mapping rule type specified inthe property insert is not valid.

Explanation: You specified a mapping rule type that isnot valid.


Administrator response: Specify the correct mappingrule type.

FBTADM105E The insert mapping rule specified inthe property insert is not syntacticallyvalid.

Explanation: The mapping rule is not syntacticallyvalid.


Administrator response: Specify a syntactically validmapping rule. Check the log files for more detailsabout this error.

FBTADM106E The OTP Type or the OTP ProviderModule Id insert specified in theproperty insert does not correspond toany OTP Type or any OTP ProviderModule Id specified in the propertyinsert.



Administrator response: Ensure that the specifiedOTP Type or OTP Provider Module Id is valid.

FBTADM107E The Delivery Type or the OTPDelivery Module Id insert specified inthe property insert does not correspondto any Delivery Type or any OTPDelivery Module Id specified in theproperty insert.



Administrator response: Ensure that the specifiedDelivery Type or OTP Delivery Module Id is valid.

FBTADM108E The format of the response file insertis not valid.

Explanation: You used a response file with invalidformat.


Administrator response: Specify a response file with avalid format. Check the log files for more details aboutthis error.

FBTADM109E An error occurred while committingyour changes. The changes have beenrolled back. Check the log files todetermine the cause of the error.

Explanation: Changes were not commited because ofan error.

System action: Changes have been rolled back.

Administrator response: Check the log files todetermine the cause of this error.



FBTADM110E Error occurred while rolling backyour changes. Check the log files todetermine the cause of the error.

Explanation: Your changes were rolled back becausean error occurred while committing them. While rollingback your changes, another error occurred. Check thelog files to determine the cause of these errors.



FBTADM111E OTP Provider Module with Id insertdoes not exist. Specify a different OTPProvider Module Id.



Administrator response: Ensure that the OTPProvider Module with the specified Id exist.

FBTADM112E OTP Delivery Module with Id insertdoes not exist. Specify a different OTPDelivery Module Id.



Administrator response: Ensure that the OTP DeliveryModule with the specified Id exist.

FBTADM113E Error occurred while obfuscating theproperty insert. Check the log files todetermine the cause of the error.




FBTADM114E Error occurred while unobfuscatingthe property insert. Ensure that theproperty is a valid obfuscated value.Otherwise, check the log files todetermine the cause of the error.



Administrator response: Ensure that the property is avalid obfuscated value. Otherwise, check the log files todetermine the cause of this error

FBTAUD001E Check the audit configuration toensure that it is correct.

Explanation: The audit configuration settings mightcontain errors or ommissions.

System action: System will not audit.

Administrator response: Check the audit properties ortry restarting the server.

FBTAUD002E The passed-in audit provider is notsupported.

Explanation: This error occurs due to problems in theaudit configuration.


Administrator response: Check the audit properties ortry restarting the server.

FBTAUD003E The audit configuration propertyinsert is not defined or is incorrect.



Administrator response: Correctly specify theproperty and restart the server.

FBTAUD004E An error was encountered whileinitializing the file logger.



Administrator response: Check the file loggerproperties and the encapsulated exception to solve theproblem.

FBTAUD005E An error was encountered whileinitializing context to the CommonAudit Serivice server. Check the JNDIconnection property and emitter profilefor possible errors.



Administrator response: Check the propertiesmentioned in the error and the encapsulated exceptionto solve the problem.

FBTADM110E • FBTAUD005E


FBTAUD006E An error was encountered whilesending the audit event to the CommonAudit Service server.

Explanation: This error occurs because of problems inthe audit configuration, or because of connectivityproblems with the Common Audit Service server.

System action: System will not audit this particularevent.

Administrator response: Ensure that the CommonAudit Service server is running and check theencapsulated exception to solve the problem.

FBTAUD007E An error was encountered whileinitializing the audit component.

Explanation: This error occurs because of problems inthe audit configuration, or because of connectivityproblems with the Common Audit Service server.

System action: System will not audit this particularevent.

Administrator response: Ensure that the CommonAudit Service server is running and check the previousexceptions in the log to determine the cause of theproblem.

FBTAUD008E An event completion exception wasencountered because all of the eventdata is not filled in correctly.

Explanation: This error occurs if any of the requiredelements in the event are not set.

System action: System will not audit this particularevent and will log an exception.

Administrator response: Check the encapsulatedexception to solve the problem.

FBTAUD009E System could not audit a call becausea required parameter to the API is notavailable.


System action: System will not audit this particularevent and will log an exception.

Administrator response: Check the parameter that isnot being passed correctly.

FBTAUD010E An event validation exception wasencountered because all of the eventdata is not correctly filled in.


System action: System will not audit this particularevent and log an exception.

Administrator response: Check the encapsulatedexception to solve the problem.

FBTCDS001E The received request is missing therequired parameter: parameter

Explanation: The current request is not valid.

System action: The request will be halted.

Administrator response: Validate the incomingmessage.

FBTCDS002E Token exchange failed.

Explanation: The current request could not becompleted because the token exchange failed.


Administrator response: Validate the incomingmessage and the trust service configuration. Inaddition, examine the trace logs to see why the tokenexchange failed.

FBTCDS003E The security token could not bedecrypted.

Explanation: The encrypted security token could notbe decrypted.

Administrator response: Ensure that the decryptionkeys and decryption parameters are configuredproperly for the provider that sent the message.

FBTCDS004E The security token signature could notbe validated.

Explanation: The security token signature could notbe validated.

Administrator response: Ensure that the validationkeys are configured properly for the provider that sentthe message.

FBTCDS005E The request was missing the TARGETparameter.

Explanation: The login page must contain a TARGETparameter either in the Query string or in a hiddeninput field.

System action: The operation will be halted.

Administrator response: Modify the login page tocontain a TARGET parameter, which should point tothe target SSO URL.

FBTCDS006E While processing action: action thefollowing configuration parameter wasdetermined to be missing or incorrect:param

Explanation: The current request could not be

FBTAUD006E • FBTCDS006E


completed because the configuration is not valid.


Administrator response: Validate that the system isconfigured correctly.

FBTCDS007E The current user making the requestis not authenticated.




FBTCDS008E The Security Token Service wasunable to generate a token for thisrequest.



Administrator response: Validate the incomingmessage, and the system configuration.

FBTCDS009E The card used for authentication tothe STS mapped to the alias: action andcould not be mapped to a local useraccount.

Explanation: The alias service could not resolve thealias generated from the token presented forauthentication to a local user account. This may bebecause the alias was not written correctly when thecard was created, or that the alias has been deletedfrom the alias service.


Administrator response: Validate that the alias serveris configured and working, and that the alias for theuser exists.

FBTCDS010E The incoming request to the InfoCardSTS has an AppliesTo address whichdoes not contain the identityinformation of the relying party:appliesTo

Explanation: The AppliesTo element from the clientshould either not contain an AppliesTo element, or if itdoes, it must contain the identity information(including the X509 certificate) of the relying party. Thiscan be caused if the metadata policy response toInfoCard does not contain the<wsaw:UsingAddressing/> directive.


Administrator response: Validate that the configuredmetadata policy contains <wsaw:UsingAddressing/>

FBTCDS011E The incoming request to the InfoCardSTS does not contain a validauthentication token for this federation.

Explanation: The incoming request may contain noauthentication token, or it may contain anauthentication token which does not match theauthentication mechanism supported by this federation.


Administrator response: Validate that the incomingrequest contains the correct authentication token.

FBTCDS012E The incoming metadata exchangerequest contains an invalid 'action'header in the SOAP request: action

Explanation: The incoming request contained an'action' header other than: http://schemas.xmlsoap.org/ws/2004/09/transfer/Get


Administrator response: Validate that the client issending a valid metadata exchange request.

FBTCDS013E The incoming metadata exchangerequest contains an invalid 'to' header inthe SOAP request: to. We were expectingour metadata exchange endpoint:mexEndpoint

Explanation: The incoming request contained a 'to'header which did not match our metadata exchangeendpoint.


Administrator response: Validate that the client issending a valid metadata exchange request.

FBTCDS014E The request for a card contained asupport claim parameter in an invalidformat: sClaim

Explanation: The incoming request contained asupported claim in an invalid format.


Administrator response: Validate that the getcardHTML template has supported claims in the correctformat.

FBTCDS015E The supplied card alias, ppid, isalready in-use by another user.

Explanation: The user supplied a self-issued card thatis already associated with another user's account.


Administrator response: No administrative responseis necessary.

FBTCDS007E • FBTCDS015E


FBTCFG001E An error occurred while reading aconfiguration document.

Explanation: An attempt to read a configurationstream has failed.

System action: The configuration request will behalted.

Administrator response: Validate the Tivoli FederatedIdentity Manager configuration.

FBTCFG002E The expected root for this document,type documentroottype was not found inthe document.

Explanation: The expected document root was missingbecause the parsed configuration file does not containthe correct configuration document.



FBTCFG003E The configuration for the componentcomponent was not found in thisdocument.

Explanation: The expected document root was missingbecause the parsed configuration file does not containthe correct configuration document.



FBTCFG004E An error occurred while saving aconfiguration document.

Explanation: An attempt to save a configurationstream has failed.


Administrator response: Validate the Tivoli FederatedIdentity Manager environment configuration.

FBTCFG005E An error occurred while readingconfiguration information from file:filename.




FBTCFG006E The configuration file parser hasencountered an unexpected exception:exception text.




FBTCLI001E The configuration entry entry is notcorrect or not supported.

Explanation: The configuration entry is either notcorrect or not supported.

System action: The processing has been halted.

Administrator response: Check the documentationand ensure that the specified configuration entry iscorrect and supported.

FBTCLI002E The configuration entry entry is requiredand was not given.

Explanation: The required configuration entry was notgiven.


Administrator response: Check the documentationand ensure that all required configuration entries aregiven.

FBTCLI003E The entry entry and entry entry are notcorrect.

Explanation: The specified configuration entries arenot correct.


Administrator response: Check the documentationand ensure that all required configuration entries aregiven correctly.

FBTCLI005E The properties file [filename] was notfound.

Explanation: A required properties file was not given.


Administrator response: Ensure that the path given tothe properties file is correct.

FBTCLI008E The upgrade finished with errors.Enable a more detailed trace todetermine the problem.

Explanation: The upgrade of the configuration filesfailed.

FBTCFG001E • FBTCLI008E



Administrator response: To determine the problem,enable finer tracing and re-execute the upgrade tool.

FBTCLI010E The given source JAR is not theexpected version.

Explanation: The given JAR file was not exportedfrom the expected product version.


Administrator response: Ensure that the source JAR isfrom the expected product version.

FBTCLI026E Unable to create domain (domain)

Explanation: An error occurred creating the domain.



FBTCLI032E Federation(fed) does not exist




FBTCLI033E Unable to create file (file)



Administrator response: Check the name and path ofthe supplied file and make sure it can be written to.

FBTCLI034E File (file) not found



Administrator response: Verify the file exists.

FBTCLI036E Partner (partner) does not exist infederation (fed)




FBTCLI043E The property you are trying to set,(prop), is not appropriate for role=(fed)and protocol=(fed) federation.




FBTCLI051E Unable to parse property (lhs=rhs) in file(fed)



Administrator response: Verify the file exists.

FBTCLI054E Unable to import federation (fed)




FBTCLI055E Unable to import partner (part) intofederation (fed) in domain domain)




FBTCLI056E Unable to get federation (fed)




FBTCLI058E Unable to delete federation (fed) indomain (domain)




FBTCLI059E No federations exist in domain (domain)




FBTCLI010E • FBTCLI059E


FBTCLI060E No partners exist for federation (fed) indomain (domain)




FBTCLI062E Federation (fed) does not exist in domain(domain)




FBTCLI065E Unable to delete partner (partner) infederation (fed)




FBTCLI066E Unable to delete all partners infederation (fed)




FBTCLI068E Domain (domain) already exists




FBTCLI069E No domains exist



Administrator response: Cerate a domain to proceed.

FBTCLI070E EAR File [EAR File] does not exist. Theinstallation failed.

Explanation: The given EAR file did not exist, theinstallation could not continue.


Administrator response: Ensure that the EAR file islocated at the expected location.

FBTCLI071W The IVT application failed to install,attempting to recover by removing anyexisting IVT applications.

FBTCLI074E Installation of IVT application failed.

Explanation: An error occurred while installing theIVT application and the installation did not complete.


Administrator response: Check the log for the causeof the error. If the error was not logged, enable debugtracing to determine the cause of the problem.

FBTCLI075E Usage: java -jar itfimbgha.jar -action<mode> [options] The itfimbgha toolhas two modes of operation. Each modeuses different command line options.-action export: Used to gatheringrequired configuration from theexported federation configurationarchive. This option is used whenrunning the tool on the node beingreplicated, to gather the required files.Options: -inputfile <file> (Required):The jar file created by federationconfiguration export. -outputfile <file>(Optional): The resultant archivecontaining the files needed to create areplica node. If it is not specified theoutput file will be ./bg_ha_files.jar.-action import: Used to import theconfiguration files from the archive fileto the replica node. This option is usedwhen running the tool on the replicanode to put the required configurationfiles into place. Options: -inputfile<file> (Required): The jar filecontaining the output from running thetool in export mode. -wasprofiledir<directory> (Required): The absolutefilepath to the WebSphere profiledirectory that Federated IdentityManager is running in.

Explanation: The options provided to the HA toolwere not valid.

System action: The tool will exit without updatingany configuration files.

Administrator response: Specify valid options to thespokeHA tool.

FBTCLI076E Directory (directory) does not exist




FBTCLI060E • FBTCLI076E


FBTCLI077E An unexpected error occurred: (exception)

Explanation: An unexpected error occurred. Check thelogs for any errors.



FBTCLI078E Could not delete: (file)



Administrator response: Verify the file exists and canbe deleted.

FBTCLI081E The input jar file (file) was not createdby the Federated Identity Managerexport function.

Explanation: The input jar file was not determined tohave been created by the export feature in theFederated Identity Manager console.

System action: The Federated Identity Manager highavailability tool will not continue.

Administrator response: Re-export the FederatedIdentity Manager configuration jar and run the highavailability tool again.

FBTCLI082E The output jar file (file) could not becreated by the high availability tool.

Explanation: An error occurred which prevented thehigh availability tool from completing successfully.


Administrator response: Check the log file for moredetails.

FBTCLI083E Failed to backup the Federated IdentityManager configuration files.

Explanation: An error occurred which prevented thehigh availability tool from backing up the currentconfiguration.



FBTCLI088E The domain (domain) does not exist.




FBTCON001E An error occurred while modifyingcomponent host names and ports.

Explanation: This error occurs due to a problemwriting to the console properties file.

System action: The system will leave the propertiesfile unchanged.

Administrator response: Check the file consoleproperties or try restarting the server.

FBTCON002E An error occurred retrieving the ISClaunch service.

Explanation: The ISC launch service could not beretrieved.

System action: The system might have problemslaunching some pages and portlets.

Administrator response: See the exception stack trace.

FBTCON003E An error occurred while loadingcomponent host names and ports fromthe properties file.

Explanation: This error occurs due to a problemloading the console properties file.

System action: The console will be unable tocommunicate with the various components.

Administrator response: Check that the consoleproperties file is in your classpath.

FBTCON004E The ISC launch service could not findthe following page: insert

Explanation: An error occurred while launching apage using the ISC launch service.



FBTCON005E An error occurred while setting thetrust service endpoint.

Explanation: This error can occur if the protocol ismissing from the trust service endpoint (for examplehttp://) or if your management context wasinvalidated.

System action: Trust service endpoint is leftunchanged. The system rolls back the session to try tocreate a valid context.

Administrator response: Make sure the trust serviceendpoint is correctly formatted and includes theprotocol (for example http://).

FBTCLI077E • FBTCON005E


FBTCON006E An error occurred setting the identityservice endpoint.

Explanation: This error can occur if the identityservice endpoint is incorrectly formatted.

System action: The identity service endpoint is leftunchanged

Administrator response: Make sure the identityservice endpoint is correct.

FBTCON007E Error setting the Key Serviceendpoint

Explanation: This error can occur if the key serviceendpoint is incorrectly formatted.

System action: The key service endpoint is leftunchanged.

Administrator response: Make sure that the keyservice endpoint is correct.

FBTCON008E An error occurred retrieving thecomponent endpoint.

Explanation: This error occurs if there is a problemretrieving the trust service, identity service, or keyservice endpoint from the single sign-on protocolservice.

System action: The console is unable to display theendpoint.


FBTCON009E An error occurred while creating afederation.

Explanation: A single sign-on protocol serviceencountered a problem creating a federation.



FBTCON010E An error occurred while committingthe session in the single sign-onprotocol service.

Explanation: The configuration changes could not besaved to the single sign-on protocol service.



FBTCON011E The token list could not be retrievedfrom the trust service.

Explanation: This error can occur if the console isunable to communicate with the trust service.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the trust service. Check that thetrust service is running.

FBTCON012E The partner list could not beretrieved from the single sign-onprotocol service.

Explanation: This error can occur if the console isunable to communicate with the single sign-on protocolservice.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the single sign-on protocol service.Check that the single sign-on protocol service isrunning.

FBTCON013E The federation with ID insert couldnot be retrieved from the single sign-onprotocol service.




FBTCON014E The list of identity mappings couldnot be retrieved from the trust service.




FBTCON015E The partner configurations could notbe applied.




FBTCON006E • FBTCON015E


FBTCON016E The federation partners table couldnot be refreshed.




FBTCON017E The token table could not be filtered.




FBTCON018E An error occurred while creating afederation partner.

Explanation: The single sign-on protocol serviceencountered a problem while creating a federationpartner.



FBTCON019E An error occurred while getting a listof federations from the single sign-onprotocol service.




FBTCON020E An error occurred while deleting afederation: insert.

Explanation: The single sign-on protocol service wasunable to delete this federation.



FBTCON021E The list of token types could not beretrieved from the trust service.




FBTCON022E The identity mapping with ID insertcould not be retrieved from the trustservice.




FBTCON023E An error occurred while committing asession in the trust service.

Explanation: The configuration changes could not besaved to the trust service.


Administrator response: Check the exception stacktrace.

FBTCON024E An error occurred while creating anidentity mapping.

Explanation: The trust service encountered a problemwhile creating an identity mapping.



FBTCON025E The XSLT is not valid. The rule couldnot be applied.

Explanation: This error occurs if there was a problemparsing the XSLT.


Administrator response: Check that your rule iscorrectly formatted XSL.



FBTCON026E The token with ID insert could not beretrieved from the trust service.




FBTCON027E The token configurations could notbe applied.




FBTCON028E The token configuration could not belaid out.

Explanation: This error occurs when the console isunable to retrieve the configuration XML from the trustservice.



FBTCON029E The type of the token could not beretrieved.

Explanation: An error occurred while trying toretrieve the type of this token from the trust service.



FBTCON030E The federation configurations couldnot be applied.




FBTCON031E The identity mapping configurationscould not be applied.




FBTCON032E An error occurred while deletingidentity mapping: insert.

Explanation: This error can occur if the identitymapping is being used in a module chain for afederation.


Administrator response: Check that this identitymapping is not being used in any federations beforedeleting it.

FBTCON033E An error occurred while deletingtoken: insert.

Explanation: This error can occur if the token is beingused in a module chain for a federation.


Administrator response: Check that this token is notbeing used in any federations before deleting it.

FBTCON034E An error occurred while creating atoken.

Explanation: A trust service encountered a problemwhile trying to create a token.



FBTCON035E An error occurred while rendering thetoken configuration layout.

Explanation: This error occurs when there is aproblem parsing the token configuration XML that wasretrieved from the trust service.





FBTCON036E The token type with id insert couldnot be retrieved from the trust service.

Explanation: This error can occur if the console isunable to communicate with the trust service or if themodule type is not in the config repository.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the trust service. Check that thetrust service is running. Publish all module plugins tothe config repository.

FBTCON037E The token type configurations couldnot be applied.




FBTCON038E An error occurred while deletingtoken type: insert.

Explanation: This error can occur if the token type isbeing used as the type for existing tokens.

System action: No action taken

Administrator response: Check that there are noexisting tokens of this token type before deleting.

FBTCON039E An error occurred while creating atoken type.

Explanation: This error can occur if the classname forthe token module is not valid.


Administrator response: Make sure that yourclassname specifies the full package name and class.

FBTCON040E You must enter a name for thisfederation.

Explanation: You cannot create a federation without adisplay name.


Administrator response: Enter a display name for thefederation in the appropriate text entry.

FBTCON041E You must select your role.

Explanation: You cannot select a federation withoutspecifying your role (Identity Provider or ServiceProvider).


Administrator response: Select the radio buttoncorresponding to your role in the federation.

FBTCON042E You must select at least onefederation service.

Explanation: You cannot create a federation withoutselecting at least one federation service (Web SingleSign-On, Provisioning, or SOAP Security, or acombination of these services).


Administrator response: Select the check boxescorresponding to your desired federation services.

FBTCON043E You must select Single Sign-Onprotocol.

Explanation: You cannot configure this federationwithout selecting the Single Sign-On protocol (Liberty,WS-Federation, or SAML).


Administrator response: Select the radio buttoncorresponding to the protocol that you want to use forthis federation.

FBTCON044E You must select a Liberty SingleSign-On profile.

Explanation: You cannot configure this federationwithout selecting a Liberty Single Sign-On profile(Browser Post, Browser Artifact).


Administrator response: Select the liberty profiles thatyou want to use for this federation.

FBTCON045E You must select the federation towhich you want to add a new partner.

Explanation: You cannot create a partner withoutselecting an existing federation.


Administrator response: Select the federation towhich you want to add a partner from the table. If nofederations exist, you must create one before creating apartner.



FBTCON046E Must enter the name of your partnercompany

Explanation: The company name you enter is used asa display name for this partner, and is thus a requiredfield.


Administrator response: Enter the name of yourpartner company in the appropriate text entry field.

FBTCON047E You must select an identity mappinginstance for this federation.

Explanation: The identity mapping is required to mapyour source token to the federated token.


Administrator response: Select an existing identitymapping instance from the table or create a new one.

FBTCON048E You must enter the WS-FederationRealm.

Explanation: The WS-Federation realm is a requiredfield.


Administrator response: Enter the WS-Federationrealm in the appropriate text entry field.

FBTCON049E You must enter the WS-FederationEndpoint.

Explanation: The WS-Federation endpoint is arequired field.


Administrator response: Enter the WS-Federationendpoint in the appropriate text entry field.

FBTCON050E You must enter the Provider ID.

Explanation: The Provider ID is required for theLiberty protocol.


Administrator response: Enter the Provider ID in theappropriate text entry field.

FBTCON051E You must enter the SOAP Endpoint.

Explanation: The SOAP Endpoint is required for theLiberty profile you selected.


Administrator response: Enter the SOAP Endpoint inthe appropriate text entry field.

FBTCON052E You must enter the Single Sign-OnService URI.

Explanation: The Single Sign-On Service URI isrequired for the Liberty protocol.


Administrator response: Enter the Single Sign-OnService URI in the appropriate text entry field.

FBTCON053E You must enter the Register NameIdentifier Service URI.

Explanation: The Register Name Identifier Service URIis required for the Liberty protocol.


Administrator response: Enter the Register NameIdentifier Service URI in the appropriate text entryfield.

FBTCON054E You must enter the Single LogoutService URI.

Explanation: The Single Logout Service URI isrequired for the Liberty protocol.


Administrator response: Enter the Single LogoutService URI in the appropriate text entry field.

FBTCON055E You must enter the Single LogoutService Return URI.

Explanation: The Single Logout Service Return URI isrequired for the Liberty protocol.


Administrator response: Enter the Single LogoutService Return URI in the appropriate text entry field.

FBTCON056E You must enter the AssertionConsumer URI.

Explanation: The Assertion Consumer URI is requiredfor the Liberty protocol.


Administrator response: Enter the AssertionConsumer URI in the appropriate text entry field.

FBTCON057E You must select a token for thisfederation.

Explanation: A token instance is required.


Administrator response: Select an existing tokeninstance from the table or create a new one.



FBTCON058E You must enter a name for thisidentity mapping.

Explanation: A display name for the mapping instanceis required.


Administrator response: Enter a name for the identitymapping in the appropriate text entry field.

FBTCON059E You must select the token type forthis token instance.

Explanation: The token type is required forconfiguration.


Administrator response: Select a token type from thetable.

FBTCON060E You must enter a name for this token.

Explanation: A display name for the token is required.


Administrator response: Enter a name for this tokenin the appropriate text entry field.

FBTCON061E You must enter a name for this tokentype.

Explanation: A display name for the token type isrequired.


Administrator response: Enter a name for this tokentype in the appropriate text entry field.

FBTCON062E You must enter the classname for themodule.

Explanation: The full classname including packagename must be specified.


Administrator response: Enter the classname in theappropriate text entry field.

FBTCON063E Class not found: insert

Explanation: The trust service was unable to find theclass that you specified for this module.


Administrator response: Check that you have enteredthe full and correct classname, including package name.Check that this class exists at the trust service.

FBTCON064E An error occurred while deletingpartner: insert.

Explanation: The single sign-on protocol service wasunable to delete this partner.



FBTCON065E You must enter a name for thismapping rule.

Explanation: A display name for the mapping rule isrequired.


Administrator response: Enter a name for the XSLTrule in the appropriate text entry field.

FBTCON066E The service manager cannotdetermine whether trace is enabled forcomponent insert.

Explanation: An exception was thrown when trying toget trace information from the service manager.


Administrator response: Make sure that theserviceability management EAR is deployed on thisserver.

FBTCON067E The maximum trace file size for thisserver cannot be retrieved.

Explanation: An exception was thrown when trying toget the maximum trace file size from the servicemanager.



FBTCON068E The maximum message file size forthis server cannot be retrieved.

Explanation: An exception was thrown when trying toget the maximum message file size from the servicemanager.





FBTCON069E The trace level for this server cannotbe retrieved.

Explanation: An exception was thrown when trying toget the trace level from the service manager.



FBTCON070E The message level for this servercannot be retrieved.

Explanation: An exception was thrown when trying toget the message type from the service manager.


Administrator response: Make sure the serviceabilitymanagement EAR is deployed on this server.

FBTCON071E An error occurred when trying toapply logging configurations.

Explanation: An exception was thrown by the servicemanager when trying to apply logging configurations.



FBTCON072E The maximum audit file size for thisserver cannot be retrieved.

Explanation: An exception was thrown when trying toget the maximum audit file size from the servicemanager.



FBTCON073E The audit level for this server cannotbe retrieved.

Explanation: An exception was thrown when trying toget the audit level from the service manager.



FBTCON074E An error occurred when trying toapply auditing configurations.

Explanation: An exception was thrown by the servicemanager when trying to apply auditing configurations.



FBTCON075E The ISC launch service could not findthe following portlet: insert

Explanation: An error occurred launching a portletusing the ISC launch service.



FBTCON076E The trace configuration forcomponent insert cannot be applied.

Explanation: An exception was thrown by the servicemanager when trying to set trace information.



FBTCON077E You must select the metadata inputoption.

Explanation: You cannot proceed without selecting themetadata input option.


Administrator response: Select the appropriate button.

FBTCON078E You must enter LECP Provider Name.

Explanation: The LECP Provider Name is required forthe Liberty protocol.


Administrator response: Enter the LECP ProviderName in the appropriate text entry field.

FBTCON079E You must enter the RNI Return URL.

Explanation: The RNI Return URL is required for theLiberty protocol.


Administrator response: Enter the RNI Return URL inthe appropriate text entry field.

FBTCON080E You must enter the RNI Service URL.

Explanation: The RNI Service URL is required for theLiberty protocol.


Administrator response: Enter the RNI Service URL inthe appropriate text entry field.



FBTCON081E You must enter the FTN Return URL.

Explanation: The FTN Return URL is required for theLiberty protocol.


Administrator response: Enter the FTN Return URLin the appropriate text entry field.

FBTCON082E You must enter the FTN Service URL.

Explanation: The FTN Service URL is required for theLiberty protocol.


Administrator response: Enter the FTN Service URLin the appropriate text entry field.

FBTCON083E You must enter SLO Return URL.

Explanation: The SLO Return URL is required for theLiberty protocol.


Administrator response: Enter the SLO Return URL inthe appropriate text entry field.

FBTCON084E You must enter SLO Service URL.

Explanation: The SLO Service URL is required for theLiberty protocol.


Administrator response: Enter the SLO Service URLin the appropriate text entry field.

FBTCON085E You must enter IPI Service URL.

Explanation: The IPI Service URL is required for theLiberty protocol.


Administrator response: Enter the IPI Service URL inthe appropriate text entry field.

FBTCON086E You must enter the Common DNSDomain.

Explanation: The Common DNS Domain is requiredfor the Liberty protocol.


Administrator response: Enter the Common DNSDomain in the appropriate text entry field.

FBTCON087E You must enter the name of yourcompany.

Explanation: The company name you enter is used asa display name, and is therefore a required field.


Administrator response: Enter the name of yourcompany in the appropriate text entry field.

FBTCON088E You must enter a base URL for yourprotocol endpoints.

Explanation: A common base URL is required for allprotocol endpoints.


Administrator response: Enter your base URL in theappropriate text entry field.

FBTCON089E You must enter a Signing KeyIdentifier.

Explanation: An identifier for your signing key isrequired.


Administrator response: Enter your Signing KeyIdentifier in the appropriate text entry field.

FBTCON090E An error occurred when trying toretrieve SAML properties.

Explanation: An exception was encountered whentrying to retrieve SAML properties. This error could becaused by improperly formatted endpoint URLs.



FBTCON091E An error occurred while importingthe Liberty metadata file. Check that thefile contains correctly formatted Libertymetadata.

Explanation: The specified metadata file could not beimported. This error could be the result of malformedmetadata.


Administrator response: Check that your metadatafile conforms to the Liberty 1.1 metadata schema. Seethe exception stack trace for more details.

FBTCON092E An error occurred while exporting theLiberty metadata file.

Explanation: An exception was encountered whentrying to export this federation to a Liberty metadatafile.





FBTCON093E You must specify the metadata file toimport.

Explanation: No metadata file was specified toimport. Enter the file location in the file chooser.



FBTCON094E The partner's status could not beupdated.




FBTCON095E You must enter Provider ID.

Explanation: The provider ID is required for theLiberty protocol.



FBTCON096E All endpoints must begin with baseURL: insert.

Explanation: Every protocol endpoint must beprefixed with the base URL defined on the previousscreen.


Administrator response: Make sure all endpointsbegin with the same base URL defined on the previousscreen.

FBTCON097E The Liberty Message Lifetime mustbe at least 60 seconds.

Explanation: The Liberty Protocols and SchemaSpecification defines a minimum Liberty MessageLifetime of 60 seconds.


Administrator response: Enter a value of 60 secondsor greater for the Liberty Message Lifetime.

FBTCON098E Liberty Artifact Lifetime must be atleast 120 seconds.

Explanation: The Liberty Protocols and SchemaSpecification defines a minimum Liberty ArtifactLifetime of 120 seconds.


Administrator response: Enter a value of 120 secondsor greater for the Liberty Artifact Lifetime.

FBTCON099E The SOAP Client Authentication KeyPassword and Re-enter SOAP ClientAuthentication Key Password fieldsmust match.

Explanation: The SOAP Client Authentication KeyPassword must be entered twice for accuracy. The twopassword fields contain different values.


Administrator response: Re-enter your SOAP ClientAuthentication Key Password in both password fields.

FBTCON100E The New SOAP ClientAuthentication Key Password andRe-enter New SOAP ClientAuthentication Key Password fieldsmust match.

Explanation: The New SOAP Client AuthenticationKey Password must be entered twice for accuracy. Thetwo password fields contain different values.


Administrator response: Re-enter your New SOAPClient Authentication Key Password in both passwordfields.

FBTCON101E The New SOAP ClientAuthentication Key Password fieldcannot be blank.

Explanation: You must enter a value for the NewSOAP Client Authentication Key Password.


Administrator response: Enter your New SOAP ClientAuthentication Key Password in both password fieldsor click 'Cancel' if you do not want to change thepassword.

FBTCON102E The Signing Key Password andRe-enter Signing Key Password fieldsmust match.

Explanation: The Signing Key Password must beentered twice for accuracy. The two password fieldscontain different values.




Administrator response: Re-enter your Signing KeyPassword in both password fields.

FBTCON103E An error occurred while setting theSOAP Client Authentication KeyPassword.

Explanation: An exception was encountered whentrying to set the SOAP Client Authentication KeyPassword.



FBTCON104E An error occurred while deleting amodule chain: insert.

Explanation: This error can occur if the module chainis being used in a federation.


Administrator response: Check that this module chainis not being used in any federation before deleting.

FBTCON105E The chain mapping list could not beretrieved from the trust service.




FBTCON106E The New Signing Key Password andRe-enter New Signing Key Passwordfields must match.

Explanation: The New Signing Key Password must beentered twice for accuracy. The two password fieldscontain different values.


Administrator response: Re-enter your New SigningKey Password in both password fields.

FBTCON107E The New Signing Key Password fieldcannot be blank.

Explanation: You must enter a value for the NewSigning Key Password.


Administrator response: Enter your New Signing KeyPassword in both password fields or click 'Cancel' ifyou do not want to change the password.

FBTCON108E An error occurred while setting theSigning Key Password.

Explanation: An exception was encountered whentrying to set the Signing Key Password.



FBTCON109E You must enter a Verification KeyIdentifier.

Explanation: An identifier for the key that will beused to verify your partner's signature is required.


Administrator response: Enter the Verification KeyIdentifier in the appropriate text entry field.

FBTCON110E You must enter the Common DomainCookie Service URL.

Explanation: The Common Domain Cookie ServiceURL is required for the Liberty protocol.


Administrator response: Enter the Common DomainCookie Service URL in the appropriate text entry field.

FBTCON111E The Common Domain Cookie ServiceURL must use the Common DNSDomain.

Explanation: The Common Domain Cookie ServiceURL must include the Common DNS Domain.


Administrator response: Modify the CommonDomain Cookie Service URL, or Common DNSDomain, or both so that the Common Domain CookieService URL includes with the Common DNS Domain.

FBTCON112E Error deleting key: insert.

Explanation: This error can occur if the key is beingused in a federation.


Administrator response: Check that this key is notbeing used in any federations before deleting.

FBTCON113E Error committing session in KeyEncryption Signature Service

Explanation: Could not save the configurationchanges to the Key Encryption Signature Service





FBTCON114E Error deleting keystore: insert.

Explanation: This error can occur if the keys in thiskeystore are being used in a federation.


Administrator response: Check that there are no keysin this keystore that are being used in any federationsbefore deleting.

FBTCON115E Must enter a name for this modulechain.

Explanation: A display name for the module chain isrequired.


Administrator response: Enter a name for this modulechain in the appropriate text entry field.

FBTCON116E Must enter at least one of thefollowing: Applies To URI, Issuer URI

Explanation: Either an Applies To URI or an IssuerURI is required.


Administrator response: Enter an Applies To URI, anIssuer URI, or both in the appropriate text entry fields.

FBTCON117E Could not get chain mapping requesttype list from the Trust Service

Explanation: This error can occur if the console isunable to communicate with the Trust Service


Administrator response: Check the ServiceConfigurations to ensure that you have the correcthostname and port for the Trust Service. Check that theTrust Service is running.

FBTCON118E Error adding module chain

Explanation: Trust Service encountered a problemadding module chain.



FBTCON119E Could not get chain mapping with idinsert from the Trust Service



Administrator response: Check the ServiceConfigurations to ensure that you have the correct

hostname and port for the Trust Service. Check that theTrust Service is running.

FBTCON120E Error occurred when trying to retrievethe Module Chain properties.

Explanation: An exception was encountered whentrying to retrieve the Module Chain properties.



FBTCON121E Could not apply module chainproperties



Administrator response: Check the ServiceConfigurations to ensure that you have the correcthostname and port for the Trust Service. Check that theTrust Service is running.

FBTCON122E Could not upload file

Explanation: Encountered a FileUploadException



FBTCON123E Error creating a WSSM Partner

Explanation: Encountered a problem creating a WSSMpartner



FBTCON124E Error getting list of Web ServicesSecurity partners from the ManagementService

Explanation: This error can occur if the console isunable to communicate with the Management Service



FBTCON125E Error rolling back session

Explanation: Could not save the configurationchanges to the Management Service





FBTCON127W In order to change the currentdomain, all open Management pagesmust be closed. Continue?

Explanation: If all open pages are closed, unsavedchanged may be lost.

System action: The system will close any openManagement pages and change the currentmanagement domain to the selected domain.

Administrator response: Press OK to proceed, orCancel to leave all Management pages open and notchange the current management domain.

FBTCON128E No management domains are defined.You must define and activate a domainin order to proceed.

Explanation: There are no management domainsdefined. In order to manage a domain, a domain mustbe defined and activated.


Administrator response: Press the Change Domainbutton to define and activate a domain.

FBTCON129E No domain is currently active. Youmust activate a domain in order toproceed.

Explanation: There are defined domains, but none arecurrently active. In order to manage a domain, adomain must be activated.


Administrator response: Press the Change Domainbutton to activate a domain.

FBTCON130E Error loading the partner properties.

Explanation: Exception encountered while loading thepartner properties.



FBTCON131E Error loading the federationproperties.

Explanation: Exception encountered while loading thefederation properties.



FBTCON137E An error occurred during the deployoperation.

Explanation: The Runtime could not be deployed toall nodes in the domain.


Administrator response: Check the exception stacktrace in the logs.

FBTCON138E An error occurred during theconfigure operation. If the domain isusing Tivoli Access Manager check thatthe policy server is reachable and thatyou have provided the correct usernameand password.

Explanation: The configure operation failed whileconfiguring one of the specified nodes.



FBTCON139E An error occured during the enableoperation.

Explanation: The configure operation failed whileenabling one of the specified nodes.



FBTCON140E An error occured during the removeoperation.

Explanation: The Runtime could not be removed fromall nodes in the domain.



FBTCON141E An error occured during theunconfigure operation.

Explanation: The configure operation failed whileunconfiguring one of the specified nodes.



FBTCON142E An error occured during the disableoperation.

Explanation: The configure operation failed whiledisabling one of the specified nodes.


FBTCON127W • FBTCON142E



FBTCON143E Could not get the list of Web ServicesSecurity Applications

Explanation: Unable to retrieve the property sets forthe WSSM applications.



FBTCON144E Error exporting key

Explanation: Management Service encountered anexception exporting the key.



FBTCON145E Error importing key. Please make surethat the correct file format wasprovided.

Explanation: Management Service encountered anexception importing the key.



FBTCON146E Error listing keys

Explanation: Management Service encountered anexception listing keys.



FBTCON147E Error listing keystores

Explanation: Management Service encountered anexception listing keystores.



FBTCON148W Remove domain insert from server?

Explanation: Deleting a domain from the server willdelete configuration files on the domain. You have theoption to remove the domain from the console withoutdeleting the domain configuration from the server.


Administrator response: Choose the appropriate

action from the message box.

FBTCON149E One or more nodes in domain insertare configured or have the Runtimedeployed. Unconfigure all nodes andremove the Runtime before deleting thisdomain.

Explanation: A domain cannot be removed withoutensuring that all nodes are unconfigured and theRuntime is removed from the nodes.


Administrator response: Go to the Runtime NodeManagement task and ensure all nodes areunconfigured and the Runtime is removed from thedomain.

FBTCON150E Error committing session changes

Explanation: Could not save the configurationchanges to the Management Service



FBTCON151E The field insert requires a value

Explanation: The field specified in the message isempty and requires a value. Please enter an appropriatevalue.


Administrator response: Enter the appropriate valuefor the field marked invalid.

FBTCON152E The port number specified for fieldinsert must be between 0 and 65536

Explanation: The value entered for a port is outside ofthe legal values for port numbers. The port must bebetween 0 and 65536.


Administrator response: Enter the appropriate portnumber.

FBTCON153E A Domain cannot be named default.Please choose another name.

Explanation: While creating a domain, the namedefault is reserved for system use. Please choose adifferent domain name.


Administrator response: Choose a domain name otherthan default



FBTCON154E Please select the type of WebSphereenvironment.

Explanation: You must choose either a clustered orsingle server environment for the Domain. The choicemust match the environment where the ManagementService is deployed.


Administrator response: Choose the appropriateenvironment type.

FBTCON155E The server insert listening on portinsert cannot be contacted. Check theserver settings and try again.

Explanation: Cannot open a socket to the server andport specified. This indicates ether incorrect serversettings or the server is unreachable.


Administrator response: Check the server settings andtry again.

FBTCON156E An error occured while importing thedomain configuration archive. Check theserver logs for more information.

Explanation: An unknown error occured whileimporting the domain configuration archive. An errorwill be logged in the server logs.


Administrator response: Check the logs on theconsole and server for an exception.

FBTCON159E A federation with display name insertalready exists.

Explanation: An existing federation uses the displayname that you entered. Each federation must have aunique display name.


Administrator response: Please enter a differentdisplay name for this federation.

FBTCON160E Error occurred when verifying thedisplay name.

Explanation: An exception was encountered whenchecking the uniqueness of the display name youentered.



FBTCON161E Error occurred when creating domaininsert.

Explanation: An exception was encountered whencreating the specified domain.



FBTCON162E The Assertion Consumer Service URLinsert is already being used.

Explanation: An existing Trust Service Chain Mappingcontains an AppliesTo field that matches the AssertionConsumer Service URL you entered. This field must beunique in order for the Trust Service to invoke thecorrect module chain.


Administrator response: Please enter a differentAssertion Consumer Service URL.

FBTCON163E The WS-Federation Realm insert isalready being used.

Explanation: An existing Trust Service Chain Mappingcontains an Issuer field that matches the WS-FederationRealm you entered. This field must be unique in orderfor the Trust Service to invoke the correct modulechain.


Administrator response: Please enter a differentWS-Federation Realm.

FBTCON164E The WS-Federation Endpoint insert isalready being used.

Explanation: An existing Trust Service Chain Mappingcontains an AppliesTo field that matches theWS-Federation Endpoint you entered. This field mustbe unique in order for the Trust Service to invoke thecorrect module chain.


Administrator response: Please enter a differentWS-Federation Endpoint.

FBTCON165E The Provider ID insert is alreadybeing used.

Explanation: An existing Trust Service Chain Mappingcontains an Issuer field that matches the Provider IDyou entered. This field must be unique in order for theTrust Service to invoke the correct module chain.


Administrator response: Please enter a differentProvider ID.



FBTCON166E An error was encountered whileretrieving environment settings. Checkthe environment settings and try again.

Explanation: There was an error communicating withthe management service endpoint while attempting tolist the clusters or servers in the environment. Thiserror can be caused by: 1) Incorrect WebSphere GlobalSecurity settings. Check the WebSphere Global Securitysettings (if applicable) and try again. 2) An unstableWebSphere environment. Restart the WebSphereenvironment and try again.


Administrator response: Ensure all settings are correctand try again. If this message reappears, restart theWebSphere environment and try again.

FBTCON167E One or more nodes in this domainare configured. Unconfigure all nodesbefore undeploying the Runtime.

Explanation: The Runtime cannot be undeployedwithout ensuring that all nodes are unconfigured.


Administrator response: Ensure all nodes areunconfigured before attempting to remove the Runtime.

FBTCON168E The Issuer address insert is alreadybeing used.

Explanation: An existing Trust Service Chain Mappingcontains an Issuer field that matches the issuer youentered. This field must be unique in order for theTrust Service to invoke the correct module chain.


Administrator response: Please enter a different Issueraddress.

FBTCON169E The Applies To address insert isalready being used.

Explanation: An existing Trust Service Chain Mappingcontains an AppliesTo field that matches the Applies Toyou entered. This field must be unique in order for theTrust Service to invoke the correct module chain.


Administrator response: Please enter a differentWS-Federation Endpoint.

FBTCON170E Must select a file format

Explanation: Must select a format (PEM or PKCS#12)for the keystore file you want to import.


Administrator response: Make the appropriate radio

button selection for the format of the file you want toimport.

FBTCON171E Must select a keystore for yourpartner's key.

Explanation: The liberty metadata that you importedfor your partner contains KeyInfo that must be savedin a keystore. Please choose the keystore where youwould like to store it.


Administrator response: Select a keystore from thetable.

FBTCON172E Must enter a keystore password.

Explanation: A password for the keystore must besupplied in order to perform operations on thiskeystore.


Administrator response: Enter the keystore passwordin the appropriate text entry field.

FBTCON173E Must supply a label for your partner'skey.

Explanation: Your partner's key will be stored in thekeystore you select under the label that you give it.Please enter the label that you would like to give toyour partner's key.


Administrator response: Enter a label for yourpartner's key in the appropriate text entry field.

FBTCON174E More than one key alias exists in thisfile. Please restart the wizard and selectthe Contains multiple key pairscheckbox.

Explanation: If your file contains multiple key aliases,the wizard does not know which alias to import.Checking the appropriate checkbox to indicate thatmultiple aliases exist allows the wizard to prompt youfor the specific alias that you would like to import.


Administrator response: Restart the wizard and selectthe Contains multiple key pairs checkbox.

FBTCON175E Must enter a New Key Label.

Explanation: The key you are importing must bestored under a key label. You can choose any label youlike for this key.


Administrator response: Enter a label for this key in



the appropriate text entry field.

FBTCON176E Must enter the name of the key thatyou want to import.

Explanation: You selected the Contains multiple keypairs checkbox, which means that you must specify thekey pair you want to import by providing the keylabel. If there are no key labels in the file, you shouldrestart the wizard and unselect the Contains multiplekey pairs checkbox.


Administrator response: Enter the name of the keythat you want to import in the appropriate text entryfield.

FBTCON177E Key label does not exist in this file.

Explanation: The key label that you specified does notexist in the keystore file you provided, so the KeyService is unable to import this key.


Administrator response: Verify that you have thecorrect key label. If there are no key aliases in the file,leave the field blank.

FBTCON178E Must provide a valid keystore file toupload.

Explanation: You entered an empty keystore file toupload or the keystore file could not be found. Pleaseverify the location and contents of the keystore file youwant to upload and try again.


Administrator response: Browse to a valid keystorefile on your local system to upload.

FBTCON179E Incorrect keystore password.

Explanation: The password you supplied for thekeystore is incorrect. Please try again.


Administrator response: Enter the correct keystorepassword in the appropriate text entry field.

FBTCON180E Must enter a Module Name.

Explanation: You must enter the name a of a pluginmodule that exists in the configuration repository forthe current domain.


Administrator response: Please enter a Module Namein the appropriate text entry field.

FBTCON181E Must enter a Module Version.

Explanation: You must enter the version number ofthe module.


Administrator response: Please enter a ModuleVersion in the appropriate text entry field.

FBTCON182E Error creating keystore.

Explanation: The system encountered an error whiletrying to create a new keystore.


Administrator response: Please check the console andManagement Service logs for more information.

FBTCON183E Keystore import failed. The keystoreis invalid or the password is incorrect.

Explanation: The system encountered an error whiletrying to import the keystore.


Administrator response: Please check the console andManagement Service logs for more information.

FBTCON184W Was not able to import all the keysin the keystore because the keystorepassword does not match the passwordfor all contained keys.

Explanation: The Key Service only supports keystoreswith a single password. All keys in the keystore musthave the same password as the keystore itself.


Administrator response: Please view the keys in thenewly imported keystore to verify the contents.

FBTCON185E Must enter an Exposed Class ID.

Explanation: You must enter the Exposed Class IDthat is used to identify this module in module.xml.


Administrator response: Please enter an ExposedClass ID in the appropriate text entry field.

FBTCON186E insert is not a valid key identifier.Please use the Key Service managementpage to view all existing keys.

Explanation: You have entered a key identifier for akey does not exist in the Key Service. Use the KeyService management to find an existing key.


Administrator response: Please enter a valid key



identifier in the appropriate text entry field.

FBTCON187E Must fill in all required values.

Explanation: You have left a required field blank onthe token configuration screen. Please fill in all requiredfields.


Administrator response: Please fill in all requiredfields

FBTCON188E Must select a signing key. Select akey from the table after using the ListKeys button to display the keyscontained in a keystore.

Explanation: You have not selected any key in thetable. You must first choose a keystore and enter thekeystore password to display the keys for this keystorein the table. Then, you must select a key from the table.


Administrator response: Please use the key selectionlayout to select a signing key.

FBTCON189E Must select a key for SOAP ServerCertificate Validation. Select a key fromthe table after using the List Keysbutton to display the keys contained ina keystore.



Administrator response: Please use the key selectionlayout to select a key for validating your partner'sserver certificate.

FBTCON190E Must select a client certificate forSOAP. Select a key from the table afterusing the List Keys button to displaythe keys contained in a keystore.

Explanation: You selected the check box for ClientCertificate Authentication, which means that you arerequired to choose a client certificate. You have notselected any key in the table. You must first choose akeystore and enter the keystore password to display thekeys for this keystore in the table. Then, you mustselect a key from the table.


Administrator response: Please use the key selectionlayout to select a key for client certificateauthentication.

FBTCON191E Must enter a username for ClientBasic Authentication.

Explanation: You have selected the checkbox forClient Basic Authentication, which requires a usernameand password. You must enter input values for both ofthese fields.


Administrator response: Please enter the usernamefor Client Basic Authentication in the appropriate textentry field.

FBTCON192E Must enter a password for ClientBasic Authentication.

Explanation: You have selected the checkbox forClient Basic Authentication, which requires a usernameand password. You must enter input values for both ofthese fields.


Administrator response: Please enter the password forClient Basic Authentication in the appropriate textentry field.

FBTCON193E Must enter a keystore name.

Explanation: You must give a name to the keystoreyou are importing.


Administrator response: Enter a name for thekeystore in the appropriate text entry field.

FBTCON194E Must select a keystore type.

Explanation: Must specify what this keystore will beused for. It can be designated for eitherSigning/Encryption Keys or CA Certificates.


Administrator response: Make a radio buttonselection for the keystore type.

FBTCON195E Must select a key for validating yourpartner's signature. Select a key fromthe table after using the List Keysbutton to display the keys contained ina keystore.



Administrator response: Please use the key selectionlayout to select a key for validating your partner'ssignature.



FBTCON196E insert field cannot contain whitespace.

Explanation: You have entered whitespace in a fieldthat should not contain whitespace characters.


Administrator response: Please remove all whitespacefrom this field.

FBTCON197W Recent configuration changes needto be reloaded to the Tivoli FederatedIdentity Manager runtime. Allconfiguration changes will not takeeffect until the reload completes.

Explanation: In order for the configuration changesmade to take effect, you must restart WebSphere.


Administrator response: Please select whether torestart WebSphere now, or dismiss this message. If youdismiss this message, you will not be reminded again.If you have deployed FIM in a cluster, your cluster willbe ripple started; single servers will be restartedindividually. See the Runtime Node Management pagefor node status.

FBTCON198E An error ocurred when modifying thedomain properties on the server.

Explanation: An attempt to modify domain propertieson the server failed. Check that the ManagementService is running and try again.


Administrator response: Check the server logs formore information about the error.

FBTCON199E A chain mapping with the givenAppliesTo and Issuer values alreadyexists.

Explanation: A chain mapping with the givenAppliesTo-Issuer pairing already exists. Remove theexisting mapping or choose a different pairing.


Administrator response: Determine if the new chainmapping is different from the one that already exists.Resolve the error by either removing the currentmapping or using the current mapping.

FBTCON200W Warning: This domain is currentlybeing managed by multiple users.

Explanation: When multiple users are working on thesame domain, this may cause undesireable results. Forexample, someone could restart the domain while youare working on it. Make sure when you are finishedworking to log out of the console so this message is

cleared immediately for other people.


Administrator response: Make sure you coordinatewith the other console users so you don't clobber eachothers work.

FBTCON201E You must enter the ArtifactResolution Service URL.

Explanation: The Artifact Resolution Service URL isrequired for the SAML profile you selected.


Administrator response: Enter the Artifact ResolutionService URL in the appropriate text entry field.

FBTCON202E You must enter the Artifact CacheLifetime.

Explanation: The Artifact Cache Lifetime is requiredfor the SAML profile you selected.


Administrator response: Enter the Artifact CacheLifetime in the appropriate text entry field.

FBTCON203E You must enter the Intersite TransferService URL.

Explanation: The Intersite Transfer Service URL isrequired for the SAML profile you selected.


Administrator response: Enter the Intersite TransferService URL in the appropriate text entry field.

FBTCON204E You must enter the Source ID.

Explanation: The Source ID is required for the SAMLprofile you selected.


Administrator response: Enter the Source ID in theappropriate text entry field.

FBTCON205E You must enter the AssertionConsumer Service URL.

Explanation: The Assertion Consumer Service URL isrequired for the SAML profile you selected.


Administrator response: Enter the AssertionConsumer Service URL in the appropriate text entryfield.



FBTCON206E You must enter the SOAP ServerValidation Certificate.

Explanation: The SOAP Server Validation Certificate isrequired for the SAML profile you selected.


Administrator response: Enter the SOAP ServerValidation Certificate in the appropriate text entry field.

FBTCON207E You must enter the SOAP ClientCertificate for Authentication.

Explanation: You have selected the checkbox forClient Certificate Authentication, which requires aSOAP Client Certificate for Authentication name. Youmust enter a value.


Administrator response: Enter the SOAP ClientCertificate for Authentication in the appropriate textentry field.

FBTCON208E An error occurred while exporting theSAML metadata file.

Explanation: An exception was encountered whentrying to export this federation to a SAML metadatafile.



FBTCON209E An error occurred while importingthe SAML metadata file. Check that thefile contains correctly formatted SAMLmetadata.

Explanation: The specified metadata file could not beimported. This error could be the result of malformedmetadata.


Administrator response: Check that your metadatafile conforms to the SAML 2.0 metadata schema. Seethe exception stack trace for more details.

FBTCON211E Failed to upload the mapping rule.

Explanation: Encountered a problem when uploadingthe mapping rule.



FBTCON212E Failed to build the FederationSummary panel.

Explanation: Encountered a problem when buildingthe summary panel.


Administrator response: See the exception stack traceand try to build the federation again.

FBTCON213E A partner with the AppliesTo, insert,and Issuer, insert, already exists.

Explanation: A partner with the givenAppliesTo-Issuer pairing already exists. Remove theexisting partner or choose a different pairing.


Administrator response: Determine if the new partneris different from the one that already exists. Resolve theerror by either removing the current partner orensuring that your partner's configuration is correct.

FBTCON214E The Source ID does not meet therequirements for a SAML Source ID.

Explanation: The Source ID must be a valid Base64encoded value, 28 characters long.


Administrator response: Ensure that the string is ofthe correct format and try again.

FBTCON215E Must select at least one SingleSign-On Binding (Browser Artifact,Browser POST, Browser Redirect,Enhanced Client Proxy)

Explanation: No binding was selected for SingleSign-On.


Administrator response: Select one or more bindingsfor Single Sign-On.

FBTCON216E Must select at least one NameIdentifier Management Binding (HTTPRedirect, HTTP POST, Artifact, SOAP)

Explanation: The checkbox to enable Name IdentifierManagement was checked, but no binding wasselected.


Administrator response: Select one or more bindingsfor Name Identifier Management or uncheck the NameIdentifier Management enablement checkbox if you donot want to support this profile.



FBTCON217E Must select at least one Single LogoutBinding (HTTP Redirect, HTTP POST,Artifact, SOAP)

Explanation: The checkbox to enable Single Logoutwas checked, but no binding was selected.


Administrator response: Select one or more bindingsfor Single Logout or uncheck the Single Logoutenablement checkbox if you do not want to supportthis profile.

FBTCON218E Must enter a value for CommonDomain Name

Explanation: No value was entered for CommonDomain Name.


Administrator response: Enter a value for CommonDomain Name.

FBTCON219E Must enter a value for CommonDomain Service Host

Explanation: No value was entered for CommonDomain Service Host.


Administrator response: Enter a value for CommonDomain Service Host.

FBTCON220E Must enter a value for CommonDomain Cookie Lifetime

Explanation: No value was entered for CommonDomain Cookie Lifetime.


Administrator response: Enter a value for CommonDomain Cookie Lifetime.

FBTCON221E Must enter an integer value forCommon Domain Cookie Lifetime

Explanation: The value entered for Common DomainCookie Lifetime is not an integer.


Administrator response: Enter an integer value forCommon Domain Cookie Lifetime.

FBTCON222E Must enter a value for MessageLifetime

Explanation: No value was entered for MessageLifetime.


Administrator response: Enter a value for MessageLifetime.

FBTCON223E Must enter a value for ArtifactLifetime

Explanation: No value was entered for ArtifactLifetime.


Administrator response: Enter a value for ArtifactLifetime.

FBTCON224E Must enter a value for SessionTimeout

Explanation: No value was entered for SessionTimeout.


Administrator response: Enter a value for SessionTimeout.

FBTCON225E Must enter an integer value forMessage Lifetime

Explanation: The value entered for Message Lifetimeis not an integer.


Administrator response: Enter an integer value forMessage Lifetime.

FBTCON226E Must enter an integer value forArtifact Lifetime

Explanation: The value entered for Artifact Lifetime isnot an integer.


Administrator response: Enter an integer value forArtifact Lifetime.

FBTCON227E Must enter an integer value forSession Timeout

Explanation: The value entered for Session Timeout isnot an integer.


Administrator response: Enter an integer value forSession Timeout.

FBTCON228E Must enter a value for SOAPEndpoint URL

Explanation: SOAP Endpoint URL is a required value.




Administrator response: Enter a value for SOAPEndpoint URL.

FBTCON229E Must select a keystore for yourpartner's key.

Explanation: The metadata that you imported for yourpartner contains KeyInfo that must be saved in akeystore. Please choose the keystore where you wouldlike to store it.



FBTCON230E Must enter a value for DefaultPost-Authentication Target URL

Explanation: Default Post-Authentication Target URLis a required value.


Administrator response: Enter a value for DefaultPost-Authentication Target URL.

FBTCON231E One of appliesTo address, issueraddress or token type field must have avalue.

Explanation: The appliesTo address or issuer addressmust have a value if the token type is not specified.


Administrator response: Enter a value for theappropriate fields.

FBTCON232E The table cannot be reordered. Theorder entry insert is not a number.

Explanation: The text field for ordering the table mustbe a number.


Administrator response: Enter a number for theappropriate fields.

FBTCON233W The module chain you haveassembled does not meet therecommended Trust Service modulechain structure. It is recommended thateither one of the following 2 conditionsbe met: 1.The chain consists of only onemodule and the mode on that module iseither Issue or Validate. 2.The chainconsists of modules matching thefollowing mode sequence:Validate-Map-...-MapN-Issue

Explanation: Press continue to go to the next wizardstep or press cancel to change the module chain

structure to meet the specifications.


Administrator response: Enter a number for theappropriate fields.

FBTCON234E Error modifying the module chain

Explanation: Trust Service encountered a problemmodifying the module chain.



FBTCON235W This chain was automaticallygenerated by TFIM. Modifying thischain could break the associatedfunctionality. Review TFIMdocumentation for typical Trust Servicechain structures and examples.

Explanation: Modify chains automatically generatedby TFIM at your own risk.

System action: No action take

Administrator response: Review TFIM documentationfor typical Trust Service chain structures and examples.

FBTCON236E Must select a keystore for yourpartner's encryption key.

Explanation: The liberty metadata that you importedfor your partner contains encryption KeyInfo that mustbe saved in a keystore. Please choose the keystorewhere you would like to store it.



FBTCON237E The web service URL is not properlyformatted.

Explanation: The web service URL you entered is thewrong format.


Administrator response: Enter the URL in the properformat, [protocol]://[host]:[port]/[path].

FBTCON238E Must select a module instance.

Explanation: Select a module instance to continue oruse the default XSL transformation map module.


Administrator response: Select a module instancefrom the table.



FBTCON239E You must enter the Single Sign-OnService URL.

Explanation: The Single Sign-On Service URL isrequired for the protocol.


Administrator response: Enter the Single Sign-OnService URL in the appropriate text entry field.

FBTCON240E You must enter the Name IdentifierManagement Service URL.

Explanation: The Name Identifier ManagementService URL is required for the bindings you haveselected.


Administrator response: Enter the Name IdentifierManagement Service URL in the appropriate text entryfield.

FBTCON241E You must enter the Single LogoutService URL.

Explanation: The Single Logout Service URL isrequired for the bindings you have selected.


Administrator response: Enter the Single LogoutService URL in the appropriate text entry field.

FBTCON242E You must specify the mapping rulefile to import.

Explanation: No mapping rule file was specified toimport. Enter the file location in the file chooser.



FBTCON244E Must select an encryption key. Selecta key from the table after using the ListKeys button to display the keyscontained in a keystore.



Administrator response: Please use the key selectionlayout to select an encryption key.

FBTCON245E Must enter a value for Number ofseconds before the issue date that anassertion is considered valid

Explanation: Missing value from a required field.


Administrator response: Enter a value for Number ofseconds before the issue date that an assertion isconsidered valid in the appropriate text entry field

FBTCON246E Must enter a value for Amount oftime the assertion is valid after beingissued

Explanation: Missing value from a required field.


Administrator response: Enter a value for Amount oftime the assertion is valid after being issued in theappropriate text entry field

FBTCON247E Must enter an integer value for insert

Explanation: The value entered is not an integer.


Administrator response: Enter an integer value.

FBTCON248E The web service URL is using https.You must select a signing key for SSLSettings.

Explanation: When using https you must select asigning key for SSL.


Administrator response: Select a signing key in thetable.

FBTCON249E You must select a signing key forclient certification authentication.

Explanation: A signing key is required when usingclient certificate authentication.


Administrator response: Select a signing key in thetable.

FBTCON250E A number greater than 0 is requiredfor insert.

Explanation: A number must be entered greater than 0


Administrator response: Enter a number greater than0



FBTCON251E The web service URL is using http.Certificate authentication is not valid.Select basic authentication or none forthe authentication type.

Explanation: Certificate authentication is not valid forhttp.


Administrator response: Use basic authentication ornone.

FBTCON252E The web service URL is using http.SSL Settings are not supported. Unselectthe signing key for SSL.

Explanation: SSL is not valid for http.


Administrator response: None

FBTCON253E The Common Domain Cookie ServiceURL must be a valid URL that beginswith http:// or https://.

Explanation: The Common Domain Cookie ServiceURL must be a valid URL that begins with http:// orhttps://.


Administrator response: Modify the CommonDomain Cookie Service URL so that it is a valid URLthat begins with http:// or https://.

FBTCON254E Metadata for Identity Providerpartner must contain anIDPSSODescriptor element

Explanation: The specified metadata file could not beused to create an Identity Provider partner.


Administrator response: Check that you are importingthe correct metadata file and that it conforms to theSAML 2.0 metadata schema.

FBTCON255E Metadata for Service Provider partnermust contain an SPSSODescriptorelement

Explanation: The specified metadata file could not beused to create an Service Provider partner.


Administrator response: Check that you are importingthe correct metadata file and that it conforms to theSAML 2.0 metadata schema.

FBTCON256E Partner metadataprotocolSupportEnumeration attributedoes not specify SAML insert protocol

Explanation: The specified metadata file is notcompatible with the SAML protocol for this federation.


Administrator response: Check that you are importingthe correct metadata file and that theprotocolSupportEnumeration attribute value is correct.

FBTCON257E An error occurred communicatingwith the Management Service. Checkthe server log files for moreinformation.

Explanation: An error occurred while the console wascommunicating with the domain. Check the server logfiles for the specific exception.


Administrator response: Check the server log files forthe specific exception. Check that the server is running.

FBTCON258E The portlet page could not bedisplayed. Check the server log files formore information.

Explanation: An error occurred while creating theportlet page. Check the server log files for the specificexception.


Administrator response: Check the server log files forthe specific exception.

FBTCON259E Failed to upload the keytab file. Thekeytab file format is invalid.

Explanation: An error occurred uploading the keytabfile. The keytab file is generated with the ktpasscommand, which is part of the Windows Support Toolsshipped on the Windows 2003 Server CD.


Administrator response: Generate a valid keytab fileusing the ktpass command and import the file. See theTivoli Federated Identity Manager documentation formore details.

FBTCON260E You must specify the keytab file toimport.

Explanation: No keytab file was specified to import.Enter the file location in the file chooser.


Administrator response: None.



FBTCON261E There are no federations created. Youmust create a federation before creatinga partner.

Explanation: You cannot create a partner withoutselecting an existing federation



FBTCON262E No clusters or servers are availablefor use with Federated IdentityManager.

Explanation: You must create a cluster or serverbefore trying to create a Federated Identity ManagerDomain.


Administrator response: Bring up the WebSphereAdministrator Console and create cluster or server.

FBTCON263E An error occurred when connecting todomain insert.

Explanation: An exception was encountered whenconnecting to the specified domain.



FBTCON264E The Tivoli Federated IdentityManager Business Gateway domaininsert was not found.

Explanation: You can only connect to an existingTivoli Federated Identity Manager Business Gatewaydomain.


Administrator response: Change the host and/or portto point to an existing Tivoli Federated IdentityManager Business Gateway Management Service.

FBTCON265E No management domains are defined.Click Domain Properties to connect toan existing domain or click Domains tocreate a new domain.

Explanation: There are no management domainsdefined. In order to manage a domain, a domain mustbe defined and activated. Use the Domain Propertiespanel to connect to an existing domain, or create a newdomain.


Administrator response: Click Domain Properties toconnect to an existing domain.

FBTCON266E Tivoli Federated Identity Managerwas not found on the target WebSphere.The FIM Management Service could bedown or may not be installed.

Explanation: You need to install the FIM ManagementService on the target WebSphere


Administrator response: Install the FIM ManagementService

FBTCON267E The domain name insert alreadyexists. Specify another domain name.

Explanation: The console will not allow you to createa domain with the same name as an existing domainthe console is currently managing. You need to specifya different name for the domain.


Administrator response: Specify a different domainname.

FBTCON268E The contact information cannotcontain a comma.

Explanation: The console will not allow you to entercontact information with a comma. Change the contactinformation to not use any commas.


Administrator response: Change the contactinformation.

FBTCON269E The keystore does not contain anyprivate keys. Try another keystore or usethe Key Service to import a private key.

Explanation: The console is looking in the keystore fora private key to sign or encrypt with and the keystoreselected does not contain one. Use the Key Service toadd a private key to the keystore or try anotherkeystore.


Administrator response: Select another keystore.

FBTCON270E The keystore does not contain anypublic keys. Try another keystore or usethe Key Service to import a public key.

Explanation: The console is looking in the keystore fora public key to validate with and the keystore selecteddoes not contain one. Use the Key Service to add apublic key to the keystore or try another keystore.




Administrator response: Select another keystore.

FBTCON273E An error occurred publishing to thedomain.

Explanation: An error occurred publishing files to thedomain.

System action: No action


FBTCON274E An error occurred applying the aliasservice configuration

Explanation: An error occurred applying the aliasservice configuration. The configuration type is storedin the idservice.xml for the domain.

System action: No action


FBTCON275E The insert is required. Select from thetable after using the List Keys button todisplay the keys contained in akeystore.



Administrator response: Please use the key selectionlayout to select a key.

FBTCON276E The point of contact profiles couldnot be retrieved from the single sign-onprotocol service.




FBTCON277E An error occurred while deleting apoint of contact profile: insert.

Explanation: This error will occur if the point ofcontact profile is readonly or the current active profile.It can also occur if the profile does not exist.


Administrator response: Check that this profile is notthe current active profile and not readonly.

FBTCON278E An error occurred activating the pointof contact profile: insert.

Explanation: Check to make sure the profile exists andis configured correctly. This error can also occur if theconsole is unable to communicate with the singlesign-on protocol service.


Administrator response: Check to make sure theprofile contains at least a Sign In and Local ID callback.Check the status of management service.

FBTCON279E An error occurred retrieving theproperties for the point of contactprofile: insert.

Explanation: Check to make sure the profile exists.Close the portlet page and try again. This error canoccur if the console is unable to communicate with thesingle sign-on protocol service.



FBTCON280E An error occurred modifying theproperties for the point of contactprofile: insert.

Explanation: Check to make sure the profile exists.Close the portlet page and try again. This error canoccur if the console is unable to communicate with thesingle sign-on protocol service.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the single sign-on protocol service.Check that the single sign-on protocol service isrunning. See the exception stack trace.

FBTCON281E The list of available point of contactcallbacks could not be retrieved fromthe single sign-on protocol service.

Explanation: Close the portlet page and try again.This error can occur if the console is unable tocommunicate with the single sign-on protocol service.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the single sign-on protocol service.



Check that the single sign-on protocol service isrunning. See the exception stack trace.

FBTCON282E An error occurred while creating apoint of contact profile.

Explanation: A single sign-on protocol serviceencountered a problem creating a point of contactprofile.



FBTCON283E An error occurred retrieving theproperties of the point of contact profilewith ID: insert.

Explanation: A single sign-on protocol serviceencountered a problem creating a point of contactprofile.



FBTCON284E A decryption key must be selected.Select the Point-of-Contact SSL keyfrom the table after using the List Keysbutton to display the keys contained ina keystore.



Administrator response: Please use the key selectionlayout to select a decryption key.

FBTCON285E You must select one of the choicespresented on this dialog.

Explanation: You cannot configure this federationwithout selecting whether or not to add a standardpartner.


Administrator response: Select the radio buttoncorresponding to your choice.

FBTCON286E You must enter the URL for the issuerof the Security token.

Explanation: The URL identifier of the IdentityProvider is required for the Information Card protocol.



FBTCON287E You must enter an integer value forthe clock skew.

Explanation: The value entered for clock skew is notan integer.


Administrator response: Enter an integer value for theclock skew.

FBTCON288E A new password for the keystoremust be entered.

Explanation: In order to change the keystorepassword a new password needs to be entered.


Administrator response: Enter a non empty newpassword.

FBTCON289E New password mismatch. Pleaseconfirm the new password.

Explanation: In order to change the keystorepassword a new password needs to be entered andproperly confirmed.


Administrator response: Make sure the new passwordand its confirmation matches.

FBTCON290E The new password is the same as theoriginal.

Explanation: In order to change the keystorepassword a new password different than the originalpassword must be entered .


Administrator response: Make sure the new passwordis different than the original.

FBTCON291E An error occurred discovering theTivoli Directory Integrator configurationsettings.

Explanation: An error occurred discovering the TDIconfiguration settings. Check the host name and portand make sure host is allowed to access the TDI server.


Administrator response: Enter the correct host nameand port and if using SSL, ensure the SSL settings areconfigured correctly.



FBTCON292E You must enter a Server Hostnameand Server Port to discover the TivoliDirectory Integrator configurationsettings.

Explanation: Enter a host name and port and makesure host is allowed to access the TDI server.


Administrator response: Enter the correct host nameand port and if using SSL, ensure the SSL settings areconfigured correctly.

FBTCON293E An error occurred retrieving thehardware cryptographic device settings.

Explanation: This error can occur if the console isunable to communicate with the kess service.


Administrator response: Check the system stack tracefor more information.

FBTCON294E An error occurred applying thehardware cryptographic device settings.

Explanation: This error can occur if the console isunable to communicate with the kess service.



FBTCON295E The event insert requires a valid filename for the HTML page that isdisplayed.

Explanation: The specified field requires a valid filename.


Administrator response: Enter the appropriate valuefor the specified field.

FBTCON296E The page locale cannot be empty.Specify the page locale and page rootdirectory.

Explanation: The page locale and page root directoryvalues are required to continue.


Administrator response: Enter the required values inthe table.

FBTCON297E The event pages cannot be displayedbecause the page factory configurationis missing the default page identifiermappings.

Explanation: The event pages are retrieved from thedefault page identifier mappings in the sps.xml file.


Administrator response: Ensure that the sps.xml file isconfigured with the appropriate page identifiermappings. Refer to the Tivoli Federated IdentityManager Configuration Guide for information onconfiguring these settings.

FBTCON298E An error occurred while modifyingthe event pages configuration. Checkthe system stack trace for moreinformation.

Explanation: The specified changes to the event pagesconfiguration were not applied.



FBTCON300W Warning: the module chain is sharedwith other trust chain mappings.Modifications to the chain identificationor chain structure affects other trustchain mappings that use this chain.

Explanation: The chain is shared. Modifications to thechain affect other trust chain mappings that use thischain.


Administrator response: Ensure that the effects of thespecified changes on all of the trust chain mappings aredesired before you enact the changes.

FBTCON301W Warning: keystore keys or certificatesin this keystore have expired or willexpire in less than 30 days.

Explanation: The validity period of a key or certificatein the specified keystore will expire or has expiredalready.


Administrator response: An expired key or certificatecannot be used, and will generate a message during thevalidation process.

FBTCON292E • FBTCON301W


FBTCON302E The self-signed certificate could notbe created.

Explanation: An error occurred while attempting tocreate the self-signed certificate.


Administrator response: Check the console andManagement Service logs to determine the source ofthe error.

FBTCON303E The certificate signature request(CSR) could not be created.

Explanation: An error occurred on the managementserver side while attempting to create the CSR.



FBTCON304E A valid host name is required toestablish an SSL connection.

Explanation: You must specify a host name toestablish an SSL connection.


Administrator response: Specify a host name.

FBTCON305E A valid port value is required toestablish an SSL connection.

Explanation: You must specify a valid port value toestablish an SSL connection.


Administrator response: Specify a port value.

FBTCON306E An alias is required to store thecertificate in the keystore.

Explanation: You must specify an alias to store thecertificate in the keystore.


Administrator response: Specify an alias.

FBTCON307E An error occurred while attempting toestablish an SSL connection to retrievethe certificate. Ensure that the hostnameand port are correct and that the targetSSL server is active.

Explanation: A connection could not be establishedwith the specified parameters. Either the specifiedvalues for the host and port are incorrect, or the targetSSL server is not actively monitoring for incomingrequests.


Administrator response: Ensure that the hostnameand port are correct and that an SSL server ismonitoring for requests.

FBTCON308E A common name is required to createa certificate.

Explanation: You must specify a common name tocreate a certificate.


Administrator response: Specify a common name.

FBTCON309E A validity period (in days) is requiredto create a certificate.

Explanation: You must specify a validity period tocreate a certificate.


Administrator response: Specify a validity period.

FBTCON310E An organization is required to createa certificate.

Explanation: You must specify an organization tocreate a certificate.


Administrator response: Specify an organization.

FBTCON311E A value is required for LogoutRequest Lifetime.

Explanation: You must enter a value for LogoutRequest Lifetime.


Administrator response: Enter a value for LogoutRequest Lifetime.

FBTCON312E The specified value for LogoutRequest Timeout must be a positiveinteger.

Explanation: The value entered for Logout RequestTimeout is not an integer.


Administrator response: Enter an integer value forLogout Request Timeout.

FBTCON313E An error occurred while invoking theITFIM Management Service. TheManagement Service may beunavailable.

Explanation: An mbean registered by the ITFIMManagement Service could not be contacted through



the WebSphere AdminClient. This is likely due to theITFIM Managent Service not running on specifiedapplication server.


Administrator response: Make sure theITFIMManagementService EAR is installed and runningon the WebSphere Application Server. In a clusterdeployment, the ITFIMManagementService is onlyinstalled on the deployment manager.

FBTCON314E While contacting the ITFIMManagement Service, a WebSphereAdminClient connector could not becreated to the Management Service'sapplication server with the given hostand port.

Explanation: An AdminClient connector can not becreated to the server if the remote server is down. Thismay also occur if host or port are erroneous.


Administrator response: Make sure the host isrunning an application server with ITFIM installed.Make sure the port is set to the SOAP port configuredfor the application server, and that the port is listening.

FBTCON315E While contacting the ITFIMManagement Service, the WebSphereAdminClient connector was unable toauthenticate to the ManagementService's application server. Make surethe WebSphere administrator credentialsare correct.

Explanation: An AdminClient connector failed toauthenticate to the application server due to incorrectWebSphere administrator credentials. This may occur ifinvalid administrator username and password arespecified.


Administrator response: Make sure a validadministrative username and password are specifiedthat can authenticate with the application server.

FBTCON316E An invalid connector type is specifiedfor connecting to the ITFIMManagement Service.

Explanation: An invalid connector type is specifiedwhen trying to create an WebSphere AdminClient tothe ITFIM Management Service. The connector type ofSOAP should always be used to contact the ITFIMManagement Service.


Administrator response: When configuring theAdminClient connector, set the connector type to

AdminClient.CONNECTOR_TYPE_SOAP.

FBTCON318E The passwords you entered do notmatch. Please enter the passwords again.

Explanation: The password re-entered does not matchthe originally entered password. This password will notbe set unless its entered twice for validation.


Administrator response: Enter the passwords again.

FBTCON319E An error occurred while retrieving theattribute filter for the partner with IDinsert.

Explanation: An attempt was made to retrieve theattributes for the attribute filter.



FBTCON320E You must select an SSL Endpoint KeyIdentifier.

Explanation: The key is required


Administrator response: Select a key

FBTCON321E You must use the https protocol withinsert.

Explanation: The HTTPS protocol is required.



FBTCON322E You cannot create a Information CardRelying Party partner for the federationinsert. A global partner was added whenyou created the federation.

Explanation: The Information Card Identity Providerfederation has the concept of a global partner andadditional partners are not allowed.





FBTCON323E The entered cache size value isinvalid. It must be a postive integerranging from 0 to 32767.

Explanation: An invalid value was entered for thecache size. It must be a postive integer ranging from 0to 32767.


Administrator response: Enter another value for thecache size.

FBTCON325E Errors occurred while saving the webplug-in configuration changes to themanagement service. Check the consoleand Management Service logs todetermine the source of the error.

Explanation: Errors occurred while saving the webplug-in configuration changes to the managementservice. Check the console and Management Servicelogs to determine the source of the error.



FBTCON326W Recent configuration changes requirethat WebSphere be restarted. Allconfiguration changes will not takeeffect until the restart completes.

Explanation: In order for the configuration changesmade to take effect, you must restart WebSphere.


Administrator response: Please select whether torestart WebSphere now, or dismiss this message. If youdismiss this message, you will not be reminded again.If you have deployed FIM in a cluster, your cluster willbe ripple started; single servers will be restartedindividually. See the Runtime Node Management pagefor node status.

FBTCON327E The Identity URL Pattern mustcontain the string @ID@.

Explanation: The Identity URL Pattern is a regularexpression and must contain the string @ID@. Forexample, https://webseald.example.com/@ID@


Administrator response: Enter a url with the string@ID@.

FBTCON328E The value entered for insert containsan improperly formatted URL.

Explanation: Enter a valid URL format.



FBTCON329E The format of the received certificateseems to be invalid for this operation.Either use a DER encoded certificate ora Base64 encoded one.

Explanation: This operation required that thecertificate is encoded either using binary DER or asciiBase64. The Certificate Authority should be able toprovide this format or import the certificate intoWebSphere (using the security menus) and export it inthe appropriate format.



FBTCON330E The CA signed certificate was notimported to the Keystore. The problemseems to be that there is no matchingcertificate that holds the same publickey. The CA certificate would replacethe temporary certificate that wascreated when the Certificate SignatureRequest was created. Please verify thatthe certificate is correct and that you areusing the appropriate keystore.

Explanation: The public key in the certificate receivedfrom the CA and the temporary one needs to match.Check that you are using the correct certificate and thecorrect keystore by trying to look at the subject of theCA certificate and the subjects in the keystore



FBTCON331E The value entered for insert cannotcontain a comma. Each value should beinput on a separate line.

Explanation: The text area used for input does notallow comma separated values. Enter each value on aseparate line.


Administrator response: Enter values on separatelines.



FBTCON332E You cannot create an OpenID partnerfor the federation insert. A globalpartner was added when you created thefederation.

Explanation: OpenID federations have the concept ofa global partner and additional partners are notallowed.



FBTCON333E The field insert requires a protocol tobe selected.

Explanation: The check boxes represent the set ofallowed protocols for those OpenID servers that theuser agent will permit connection to.


Administrator response: Select at least one of thecheckboxes. It is recommended to only allow https.

FBTCON334E In order to modify the Tivoli AccessManager properties for this domain, allthe nodes need to be unconfigured.Unconfigure the domain by using theRuntime Node Management panel.

Explanation: The Tivoli Access Manager propertiescannot be modified when the domain is configured.After unconfiguring the domain, modify the propertiesand then reconfigure.


Administrator response: Unconfigure the domain,modify the Tivoli Access Manager properties and thenreconfigure.

FBTCON335E You must select an Information CardSigning Key Identifier

Explanation: The key is required


Administrator response: Select a key

FBTCON336E An error occurred retrieving theproperties for the WSSM partner withID: insert.

Explanation: Close the portlet page and try again.This error can occur if the console is unable tocommunicate with the single sign-on protocol service.


Administrator response: Check the service

configurations to ensure that you have the correct hostname and port for the single sign-on protocol service.Check that the single sign-on protocol service isrunning.

FBTCON337E The entered keystore name containsthe invalid character insert. Pleasecorrect the name and try again.

Explanation: Certain characters cannot be used forkeystore names.


Administrator response: Enter a valid name for thekeystore in the appropriate text entry field.

FBTCON339E A point of contact profile with nameinsert already exists.

Explanation: An existing point of contact profile usesthe display name that you entered. Each point ofcontact profile must have a unique display name.


Administrator response: Please enter a differentdisplay name for this point of contact profile.

FBTCON340E The given keystore or key could notbe read. Please verify that the file existsin the filesytem, that it is not corrupted,that the correct password was suppliedor that your Java CryptographyExtension setup is appropriate for thetype of keystore/key you are trying touse. Detailed information about thisfailure can be found in the log file.

Explanation: A keystore or key could not be read.This is a problem seen when the password to thekeystore is incorrect, the file is corrupted or when theJava Cryptography Extension is not properly setup forthe use of strong keys.


Administrator response: Check the exception stacktrace and/or the logs.

FBTCON341E Error displaying report parameters.Check system logs for more details.

Explanation: A problem occurred while attempting todisplay report parameters to display in console. Checksystem logs for more details.





FBTCON342E Error building layout for reportparameters. Check system logs for moredetails.

Explanation: A problem occurred while attempting tobuild report parameters layout. Check system logs formore details.



FBTCON343E Error executing report. Check systemlogs for more details.

Explanation: A problem occurred while attempting toexecute report. Check system logs for more details.



FBTCON344E Error determining report render type.Check system logs for more details.

Explanation: A problem occurred while attempting todetermine report render type. Check system logs formore details.



FBTCON345E Error building layout for reports.Check system logs for more details.

Explanation: A problem occurred while attempting tobuild reports layout. Check system logs for moredetails.



FBTCON347E Error downloading report. Checksystem logs for more details.

Explanation: A problem occurred while attempting todownload report. Check system logs for more details.



FBTCON348E Error deleting report. Check systemlogs for more details.

Explanation: A problem occurred while attempting todelete report. Check system logs for more details.



FBTCON350E An error occurred importing fileinsert. The file is not a valid LTPA keyfile.

Explanation: Either the file is not a valid LTPA key fileor an unexpected error occurred.



FBTCON351E An authorization server host-port pairis repeated. Please ensure that differentauthorization servers are supplied.

Explanation: The same host and port has been givenfor an authorization server.


Administrator response: Check the pairs of host-portsgiven

FBTCON352W A request to deploy the TivoliFederated Identity Manager Runtime isin progress. New deployment requestswill be ignored until the previousrequest is complete.

Explanation: A request to deploy the Tivoli FederatedIdentity Manager runtime as an application into theWebSphere Application Server environment has beenstarted. Another request to deploy the Tivoli FederatedIdentity Manager runtime cannot be started until theprevious one is complete.

System action: The Deploy Runtime button is notactive.

Administrator response: If you want to deploy theTivoli Federated Identity Manager runtime again, waitfor the current deployment to complete. This may takeup to 10 minutes. If you want to check if a deploymentis complete, click the Deploying Tivoli FederatedIdentity Manager Runtime text or refresh the page ofthe console. Click the Deploy Runtime button when itis activated.

FBTCON353E An error occurred while reloading theconfigurations. Check the server log forerror details.

Explanation: An error occurred while reloading theconfigurations.

System action: None of the configuration updateswere completed.

Administrator response: Check the server log formore information about the error, make the updates to



the configuration, and try reloading the configurationagain.

FBTCON356W Some of the keys within thesupplied keystore could not be read.Make sure that the keystore file haskeys and that those keys are notprotected by a different password thanthe keystore itself.

Explanation: Some of the keys in the suppliedkeystore could not be read. This happens when thekeys have a different password than the keystore itselfor when the file itself is damaged.


Administrator response: No action taken

FBTCON358E You must specify the Subject DNexpression for the allowable X.509certificates.

Explanation: You have not specified the Subject DN.


Administrator response: Please use the entry field tospecify the required DN expression.

FBTCON359E The artifact resolution service indexentry insert must be 0 or a positiveinteger.

Explanation: The text field for the artifact resolutionservice index must be 0 or a positive number.


Administrator response: Enter 0 or a positive integerfor the artifact resolution service index field.

FBTCON360E The artifact resolution service indexesmust be unique.

Explanation: The artifact resolution service indexesmust be unique.


Administrator response: Enter 0 or a positive integerfor the artifact resolution service index field.

FBTCON361E Only one artifact resolution serviceendpoint is allowed to be the defaultendpoint.

Explanation: You have specified more than onedefault artifact resolution service endpoint.


Administrator response: Select only one artifactresolution service endpoint to be the default endpoint.

FBTCON362E The OP Generated Claimed IdentifierPattern must contain the string @ID@.

Explanation: The OP Generated Claimed IdentifierPattern must contain the string @ID@. For example,https://webseald.example.com/@ID@


Administrator response: Enter a URL with the string@ID@.

FBTCON363E The maximum authentication agemust be 0, a positive integer, or -1 todisable.

Explanation: The maximum authentication age mustbe in the correct range. An age of 0 forcesauthentication.


Administrator response: Enter -1, 0, or a positiveinteger.

FBTCON364E An unknown error was encounteredwhen processing the specified mappingrule.

Explanation: The mapping rule validator cannotdetermine the exact error when processing the specifiedmapping rule.


Administrator response: Check the log file to see ifthere is an exception that indicates the errorencountered.

FBTCON365E An XSL syntax error was encounteredwhen processing the specified mappingrule. The specific error in the log file is[[loggederror]].

Explanation: The mapping rule validator encounteredan XSLT syntax error when it attempted to process theXSLT file.


Administrator response: Check the log file to see ifthere is an exception that indicates the error.

FBTCON366E A JavaScript syntax error wasencountered when processing thespecified mapping rule. The specificerror in the log file is [[loggederror]].

Explanation: The mapping rule validator encountereda JavaScript syntax error when it attempted to processthe JavaScript file.


Administrator response: Check the log file to see if

FBTCON356W • FBTCON366E


there is an exception logged that might indicate theerror encountered.

FBTCON367E The mapping rule type cannot bedetermined. Ensure that the mappingrule file has a known file extension andthat there are no syntax errors in thegiven rule.

Explanation: The mapping rule validator cannotdetermine the mapping rule type.


Administrator response: Check the log file to see ifthere is an exception that indicates the error.

FBTCON368E The audit client profiles could not beretrieved from the management service.

Explanation: This error can occur if the console cannotcommunicate with the management service.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the management service. Check thatthe management service is running.

FBTCON369E An error occurred while deleting anaudit client profile: insert.

Explanation: This error occurs if the audit clientprofile is the current active profile. It can also occur ifthe profile does not exist.


Administrator response: Check that this profile is notthe current active profile.

FBTCON370E An error occurred activating the auditclient profile: insert.

Explanation: Ensure that the profile exists and isconfigured correctly. This error can also occur if theconsole cannot communicate with the single sign-onprotocol service.


Administrator response: Check the status ofmanagement service.

FBTCON371E The audit events list could not beretrieved from the management service.



Administrator response: Check the serviceconfigurations to ensure that you have the correct host

name and port for the management service. Check thatthe management service is running.

FBTCON372E The audit events list could not beupdated.




FBTCON373E An error occurred while creating anaudit client profile.

Explanation: A single sign-on protocol serviceencountered a problem creating an audit client profile.



FBTCON374E An error occurred retrieving theproperties of the audit client profilewith ID: insert.

Explanation: A single sign-on protocol serviceencountered a problem creating an audit client profile.



FBTCON375E An audit client profile with nameinsert exists.

Explanation: An existing audit client profile uses thedisplay name that you entered. Each audit client profilemust have a unique display name.


Administrator response: Enter a different displayname for this audit client profile.

FBTCON376E The list of available audit eventhandlers could not be retrieved from thesingle sign-on protocol service.

Explanation: Close the portlet page and try again.This error can occur if the console cannot communicatewith the single sign-on protocol service.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the single sign-on protocol service.Check that the single sign-on protocol service isrunning. See the exception stack trace.



FBTCON377E The field names for the audit eventhandler could not be retrieved from themanagement service.




FBTCON378E An error occurred modifying theproperties for the audit client profile:insert.

Explanation: This error can occur if the console cannotcommunicate with the single sign-on protocol service.


Administrator response: Ensure that the profile exists.Close the portlet page and try again. Check the serviceconfigurations to ensure that you have the correct hostname and port for the single sign-on protocol service.Check that the single sign-on protocol service isrunning. See the exception stack trace.

FBTCON379E The key alias alias is already used byanother key in this keystore.

Explanation: Keys must have unique aliases in thekeystore.


Administrator response: Please enter a uniquekeystore alias.

FBTCON380E The field insert contains an invalidregular expression.

Explanation: You have entered an invalid regularexpression. Modify the regular expression so that it isvalid.


Administrator response: Please enter a valid regularexpression in the appropriate text entry field.

FBTCON381E The artifact resolution service indexentry insert is too large for an integer.The maximum value is insert.

Explanation: The text field for the artifact resolutionservice index must be 0 and the maximum value.


Administrator response: Enter a number between 0and the maximum for the artifact resolution serviceindex field.

FBTCON382E The event handler properties couldnot be retrieved from the managementservice.




FBTCON383E The federation display name cancontain only characters from the set set'a-z', 'A-Z' and '0-9'. Specify a differentname using only the valid characters.

Explanation: The federation display name that youentered contains an invalid character.


Administrator response: Please enter a differentdisplay name for this federation.

FBTCON384E No suitable signature algorithms arefound for the insert signing key type.

Explanation: There is no suitable signature algorithmfound for the selected federation signing key type.


Administrator response: Select a different signing keyfor the federation.

FBTCON385E Temporary credentials andverification code lifetime is not valid.

Explanation: The temporary credentials andverification code lifetime must be a positive integervalue.


Administrator response: Enter the valid temporarycredentials and verification code lifetime.

FBTCON386E The maximum OAuth tokencredentials lifetime is not valid.

Explanation: The maximum OAuth token credentialslifetime must be a positive integer value.


Administrator response: Enter the valid maximumOAuth token credentials lifetime.



FBTCON387E The skew time between OAuth serverand client is not valid.

Explanation: The skew time between OAuth serverand client must be a positive integer value.


Administrator response: Enter the valid skew timebetween OAuth server and client.

FBTCON388E Error occurred when verifying theclient identifier.

Explanation: An exception was encountered whenchecking the uniqueness of the client identifier youentered.



FBTCON389E The minimum length of clientidentifier is <number> characters.

Explanation: An exception was encountered whenchecking the length of the client identifier you entered.



FBTCON390E The client identifier can contain onlycharacters from the set 'a-z', 'A-Z' and'0-9'. Specify a different client identifierusing the valid characters.

Explanation: The client identifier that you enteredcontains a character that is not valid.


Administrator response: Please enter the valid clientidentifier.

FBTCON391E The minimum length of clientshared-secret is <number> characters.

Explanation: An exception was encountered whenchecking the length of the client shared-secret youentered.


Administrator response: Ensure the clientshared-secret meets the minimum length requirement.

FBTCON393E The client callback URI is not valid.Enter 'oob' if it is not applicable.

Explanation: The client callback URI that you enteredis not valid.


Administrator response: Enter the valid client callbackURI.

FBTCON394E An OAuth partner cannot be createdfor the federation insert.




FBTCON395E An error occurred when verifying theclient identifier. A client with thespecified client identifier already exists.

Explanation: An exception was encountered whenchecking the uniqueness of the client identifier youentered.



FBTCON396E The minimum length of clientidentifier is <number> characters.

Explanation: An exception was encountered whenchecking the length of the client identifier you entered.



FBTCON397E The client identifier can contain onlycharacters from the set 'a-z', 'A-Z' and'0-9'. Specify a different client identifierusing the valid characters.

Explanation: The client identifier that you enteredcontains a character that is not valid.


Administrator response: Enter the valid clientidentifier.

FBTCON398E The minimum length of clientshared-secret is <number> characters.

Explanation: An exception was encountered whenchecking the length of the client shared-secret youentered.


Administrator response: Ensure the client



shared-secret meets the minimum length requirement.

FBTCON400E The client redirection URI is notvalid.

Explanation: The syntax of the client redirection URIthat you entered is not valid.


Administrator response: Enter a valid clientredirection URI.

FBTCON401E The client provider is not valid.

Explanation: You have not selected a client provideroption.


Administrator response: Select the option thatcorresponds to your client provider for the federation.

FBTCON402E The external client providerimplementation is not specified.

Explanation: You have not published the externalclient provider plugin, selected an external clientprovider implementation or did not specify the externalclient provider implementation module ID.


Administrator response: Publish the external clientprovider plugin, select an external client providerimplementation for the federation or specify theexternal client provider implementation module ID inyour plugin.

FBTCON403E The configuration settings for themodule id could not be retrieved from themanagement service.

Explanation: One possible reason for this error is thatthe console cannot communicate with the managementservice.



FBTCON404W The external client providerimplementation for module id cannot beloaded.

Explanation: Make sure the external client providerplugin is published.


Administrator response: Publish the external clientprovider plugin.

FBTCON405E You must select at least oneauthorization grant type (AuthorizationCode, Implicit Grant, Client Credentials,or Resource Owner PasswordCredentials).



Administrator response: Ensure that you select theauthorization grant you want to support in yourfederation.

FBTCON406E The authorization code lifetime is notvalid.

Explanation: The authorization code lifetime must bea positive integer value.


Administrator response: Enter a valid authorizationcode lifetime.

FBTCON407E The maximum authorization grantlifetime is not valid.

Explanation: The maximum authorization grantlifetime must be a positive integer value and greaterthan the authorization code and access token lifetime.


Administrator response: Enter a valid maximumauthorization grant lifetime.

FBTCON408E The access token lifetime is not valid.

Explanation: The access token lifetime must be apositive integer value.


Administrator response: Enter a valid access tokenlifetime.

FBTCON413W There are no available access tokentypes.

Explanation: The extension manager could not loadany of the access token type modules.


Administrator response: Verify that the access tokentype module is included in the published plug-ins.

FBTCON414W The access token typeimplementation for module id cannot beloaded.

Explanation: The extension manager could not loadthe specified access token type module.


FBTCON400E • FBTCON414W


Administrator response: Verify that the extension forthe specified module ID is included in the publishedplug-ins.

FBTCON415E You must select an access token type.

Explanation: The OAuth client requires an accesstoken type to make protected resource requests.


Administrator response: Ensure that you select anaccess token type for this federation.

FBTCON415W There are no available token cacheimplementations.

Explanation: The extension manager could not loadany of the token cache modules.


Administrator response: Verify that the token cachemodule is included in the published plug-ins.

FBTCON416E You must select a token cacheimplementation.

Explanation: You must specify the method used tocache OAuth tokens.


Administrator response: Ensure that you select atoken cache implementation for this federation.

FBTCON416W The token cache implementation formodule id cannot be loaded.

Explanation: The extension manager could not loadthe specified token cache module.



FBTCON417E The specified URL value is not a validURL.

Explanation: The syntax of the URL that you haveentered is not correct.


Administrator response: Verify that the URL is correctand try again.

FBTCON418E A HTTPS URL is expected. Thespecified URL value is not a HTTPSURL.

Explanation: The URL that you have entered is not aHTTPS URL.


Administrator response: Verify that the URL beginswith https://.

FBTCON419E The specified URI value is not a validURI.

Explanation: The syntax of the URI that you haveentered is not correct.


Administrator response: Verify that the URI is correctand try again.

FBTCON420W There are no available trusted clientsmanager implementations.

Explanation: The extension manager could not loadany of the trusted clients manager modules.


Administrator response: Verify that the trusted clientsmanager module is included in the published plug-ins.

FBTCON421W The trusted clients managerimplementation for module id cannot beloaded.

Explanation: The extension manager could not loadthe specified trusted clients manager module.



FBTCON422E You must select a trusted clientsmanager implementation.

Explanation: You must specify the method used tomanage trusted client information.


Administrator response: Ensure that you select atrusted clients manager for this federation.

FBTCON424E The token cache implementationmodule ID is not specified.

Explanation: The token cache implementation moduleID is required.


Administrator response: Specify the token cacheimplementation module ID in your plugin.



FBTCON425E The trusted clients managerimplementation module ID is notspecified.

Explanation: The trusted clients managerimplementation module ID is required.


Administrator response: Specify the trusted clientsmanager implementation module ID in your plugin.

FBTCON426E An OAuth 1.0 partner cannot becreated for the federation insert.




FBTCON427E The value entered for insert is not inthe accepted URL format. Specify theURL either in http://.../sps/... orhttps://.../sps/... format.

Explanation: Enter the URL either in http://.../sps/...or https://.../sps/... format



FBTFDB001E Creation of database connection failed.Check the database configuration andnetwork connectivity to the databaseserver.

Explanation: The database connection could not becreated.

System action: Command execution is halted.

Administrator response: Ensure that the database isconfigured correctly. Also check that the networkconnectivity to the database server is available.

FBTFDB002E A database error occurred.

Explanation: An unrecoverable database erroroccurred.


Administrator response: Check the server logs formore details to trace the cause of the error.

FBTFDB003E A file database error has ocurred.

Explanation: An unrecoverable file database erroroccurred.



FBTFDB004E The database file does not exist.




FBTFDB005E Unable to reach Database.

Explanation: The database cannot be reached



FBTFDB006E Unable to get Data Access Object.

Explanation: An instance of the Data Access Objectcannot be retrieved



FBTFDB007E Unable to retrieve transaction.

Explanation: A Transaction object cannot be retrievedfrom the Data Access Object



FBTFDB008E An invalid SQL statement wasexecuted.

Explanation: The result from a SQL statement showedinvalid execution.



FBTFDB009E An invalid cleanup interval ofVALUE_0 was defined.

Explanation: The clean up interval is invalid, it mustbe a valid integer above 60000.

FBTCON425E • FBTFDB009E




FBTFDB010E The datasource VALUE_0, could not beretrieved.

Explanation: The JNDI lookup to get a datasourcefailed.



FBTFDB011E An error occured during deserializationas part of a database operation.

Explanation: The deserialization failed for a storeddata object.



FBTFDB012E An invalid configuration parameterwas specified for either the retry limit,retry delay or default TTL of thedistributed map.

Explanation: One or more of the following parametersvalues is invalid; retryLimit, retryDelay, or defaultTTL.



FBTFIR001E You have entered an invalid WebSphereApplication Server administrator username or password.

Explanation: Error results from either entering anon-administrator user name, corresponding wrongpassword, an incorrect spelling of the administratorname or password.


Administrator response: Enter the correctadministrator user name and password.

FBTFIR002E Cannot connect to the WebSphereApplication Server.

Explanation: An attempt to connect to the targetWebSphere Application Server failed. It might be dueto any of the following reasons: WebSphere ApplicationServer is not in service, or it is not responding.


Administrator response: Start or restart theWebSphere Application Server. If this error recurs,

check the WebSphere Application Server log files todetermine the source of the error.

FBTFIR003E The WebSphere Application Serverinstallation directory is not valid.

Explanation: The fim.appservers.properties file in FIMinstall directory etc folder might not have the correctentry for WebSphere Application Server installationdirectory.


Administrator response: Make sure thefim.appservers.properties has the correct value forwas.install.location.

FBTFIR004E The federation name you specifiedalready exists. Specify a differentfederation name.

Explanation: The federation name you have enteredalready exists in the system.


Administrator response: Specify a different federationname.

FBTFIR005E The federation name can contain onlycharacters from the set 'a-z', 'A-Z' and'0-9'. Change the federation name tomatch the criteria.

Explanation: The federation name does not complywith the prescribed set of characters to use.


Administrator response: Make sure that the federationname you have specified complies with the prescribedset of characters that you can use.

FBTFIR006E Unable to complete the task due to awsadmin SOAP connection timeout.

Explanation: The current process can take a long timeto complete. The wsadmin SOAP connection mighttime out before the operation is finished.


Administrator response: To avoid timeouts, modifythe com.ibm.SOAP.request.Timeout property to 800. Theproperty is in the WebSphere installation directory andthe following subdirectory: /profiles/profile_name/properties/soap.client.props. Then, restart theWebSphere server. Note: The timeout might occurduring runtime deployment. As a result, the processhalts. You can run the same configurations again, andthe tool proceeds in carrying out subsequent tasks.

FBTFDB010E • FBTFIR006E


FBTFIR007E You have multiple FIM domains. Thetool does not support multiple TivoliFederated Identity Managementdomains.

Explanation: The Federation First Steps tool currentlydoes not support a cluster environment.


Administrator response: Make sure you are notworking on a cluster environment.

FBTFIR008E You have multiple WebSphereApplication Server clusters. The tooldoes not support multiple clusters.

Explanation: The Federation First Steps tool currentlydoes not support a multiple cluster environment.


Administrator response: Make sure you are notworking in a multiple cluster environment.

FBTFIR009E The Deployment Manager has no clustermembers. The tool does not support aDeployment Manager without clustermembers.

Explanation: The tool does not support a DeploymentManager without cluster members.


Administrator response: Make sure you are notworking with a Deployment Manager that has nocluster members.

FBTFIR010E The type of process connected is nothandled.

Explanation: Only WebSphere Application Serverprocess and Deployment Manager process are handled.


Administrator response: Make sure you are connectedto either a WebSphere Application Server process orDeployment Manager process.

FBTFIR011E A user name and password must bespecified to login.

Explanation: A user name and password must bespecified to login.


Administrator response: Enter your credentials in theappropriate fields.

FBTFIR012E A problem occurred. Check the log fordetails.

Explanation: A problem occurred. Check the log fordetails.


Administrator response: Check the Federation FirstSteps tool log file for details.

FBTFIR014E You must enter the appropriate value foreach field.

Explanation: Fill out the fields with the appropriatevalue.


Administrator response: Make sure that all the fieldshave been filled out with appropriate values.

FBTFIR015E There is an error in loading the TivoliFederated Identity Manager commandline interface. If you have just installedTivoli Federated Identity Manager,ensure that you stop the WebSphereApplication Server, and then restart itbefore attempting to run the FederationFirst Steps tool.

Explanation: The FIM command line interface mightnot be loaded properly.


Administrator response: Ensure that the TivoliFederated Identity Manager is installed, and thecommand line interface is properly initialized. See theCommand reference section in the AdministrationGuide for details (http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.tivoli.fim.doc_6.2.1/concept/commandoverview.html).

FBTFIR016E There is an error running a nativeprocess.

Explanation: Some processes might have someproblems running on certain native platforms.



FBTFIR017E You must enter a base URL for yourprotocol endpoints.

Explanation: A common base URL is required for allprotocol endpoints.



FBTFIR007E • FBTFIR017E


FBTFIR018E Unable to execute tfimcfg.jar.

Explanation: The Federation First Steps tool requiresthe tfimcfg.jar file to be in its original location.


Administrator response: Make sure that the tfimcfg.jarfile is in the original location as when the TivoliFederated Identity Manager was installed.

FBTFIR019E Unable to create a temporary workingdirectory.

Explanation: The Federation First Steps tool requires atemporary working directory to be created.


Administrator response: Make sure that thetemporary directory of the system is not full, and theFederation First Steps tool has read and writepermissions to it.

FBTFIR020E Unable to load thefim.appservers.properties file.

Explanation: The Federation First Steps tool requiresthe fim.appservers.properties file to be present andreadable on this system.


Administrator response: Make sure that TivoliFederated Identity Manager has been installed correctly,and the Federation First Steps tool has the correctpermissions read the installation directory.

FBTFIR021E Failed to retrieve the TCP/IP ports thisserver uses for connections.

Explanation: The Federation First Steps tool failed toretrieve the TCP/IP ports this server uses forconnections.


Administrator response: Make sure serverindex.xml isnot corrupted and is readable. The file is in theWebSphere installation directory and the followingsubdirectory: /profiles/profile_name/config/cells/cell_name/nodes/node_name/serverindex.xml.

FBTFIR022E Unable to connect to the TivoliFederated Identity ManagerInfoServiceXML endpoint atEndpointURL.

Explanation: Unable to connect to the Tivoli FederatedIdentity Manager InfoServiceXML endpoint.


Administrator response: Make sure that theInfoServiceXML endpoint can be accessed.

FBTFIR023E The WebSEAL configuration file youspecified is not valid.

Explanation: The WebSEAL configuration file youspecified is not valid.


Administrator response: Specify a valid path toWebSEAL configuration file.

FBTFIR045E You have a cluster environment. Thistemplate does not support a clusterenvironment.

Explanation: This template currently does not supporta cluster environment.


Administrator response: Make sure you are notworking on a cluster environment.

FBTFIR050E Failed to configure WebSEAL as thePoint of Contact server. Please see thelog for details.

Explanation: Failed to configure WebSEAL as thePoint of Contact server. Please see the log for details.


Administrator response: Read the log for the cause offailure, and fix it accordingly.

FBTFIR057E The Assertion Consumer Service URLyou specified is not a valid URL.

Explanation: The Assertion Consumer Service URLyou specified is not a valid URL.


Administrator response: Make sure the AssertionConsumer Service URL provided by the partner is avalid URL.

FBTFIR058E The ImmutableID lookup methodspecified is not valid.

Explanation: You did not specify a valid ImmutableIDlookup method.


Administrator response: Specify the correctImmutableID lookup value: 0=TAM principal UUID,1=FIM alias service.

FBTFIR059E The domain name is not valid.

Explanation: You did not specify a valid domainname.




Administrator response: Specify the correct domainname that is associated with your account.

FBTFIR060E Specify a valid domain name.

Explanation: You did not specify a valid domainname.


Administrator response: Specify a valid domainname.

FBTFIR061E Select a value from the drop-down.

Explanation: You did not select a value from thedrop-down.


Administrator response: Select a value from thedrop-down.

FBTFIR062E Specify a valid federation name.

Explanation: You did not specify a valid federationname.


Administrator response: Specify a valid federationname.

FBTFIR063E Failed to get the keys from the keystore.

Explanation: The keys were not retrieved from thekeystore.


Administrator response: Failed to get the keys fromthe keystore.

FBTFIR064E Failed to import the key into thekeystore.

Explanation: The key was not imported into thekeystore because you might have provided a wrongkeystore password or wrong file path.


Administrator response: Failed to import the key intothe keystore.

FBTFIR065E One or more required fields aremissing.

Explanation: You did not enter all the required inputfields.


Administrator response: One or more required fieldsare missing.

FBTFIR066E Could not connect to the Tivoli AccessManager environment.

Explanation: You cannot connect to the Tivoli AccessManager because of wrong user name passwordcombination or the Tivoli Access Manager is notrunning on the specified port.


Administrator response: Could not connect to theTivoli Access Manager environment.

FBTFIR067E The mapping rule file is missing.

Explanation: You did not provide the mapping rule.


Administrator response: The mapping rule file ismissing.

FBTFIR073W It appears that Tivoli FederatedIdentity Manager has not beenconfigured with WebSEAL as the Pointof Contact. In order for risk basedaccess to function correctly, you mustconfigure Tivoli Federated IdentityManager with WebSEAL as Point ofContact.

Explanation: One or more pre-requisite set up may bemissing, check the message and resolve the issue.

System action: None.


FBTFIR074E ConfigStep failed due to ConfigStepError

Explanation: One or more internal failures may havecaused configuration wizard to fail. Check the logs formore details.

System action: Check the logs for a more detailedexplanation and fix inputs or environmental issuesbefore trying again.

Administrator response: Check the logs for a moredetailed explanation and fix inputs or environmentalissues before trying again.

FBTFIR080E Tivoli Access Manager ConfigurationFailed, Please check whether it isalready running on this system, andpadmin command can be executed onthis system. Error details : ErrorDetails






FBTFIR081E Invalid junction name specified.




FBTFIR082E Invalid Tivoli Access Manager ResourceURI specified.




FBTFIR083E Invalid Point of Contact Server URLSpecified.




FBTFIR085E Risk-based Access Configuration couldNOT be completed successfully.




FBTFIR086E Invalid WebSEAL instance name.




FBTFIR089E Failed Execution of : command Exit code :exitCode Output : output Error : error




FBTFMS100E argument is a required argument.

Explanation: A required argument was missing.

System action: The request has been halted.

Administrator response: Examine the client code thatmade this call and ensure that it passes the rightarguments.

FBTFMS101E argument is not a legal argument.Input must be: DEBUG_MIN,DEBUG_MID, DEBUG_MAX,AUDIT_ID_AUTH, AUDIT_SECURITY,AUDIT_CREATE_MOD_DELETE,INFO, WARN, ERROR, or OFF

Explanation: The given event level string was not avalid value.

System action: The request returned the empty string.

Administrator response: Examine the client code thatmade this call and ensure that it passes a legal value.

FBTFMS102E argument is not a valid ID.

Explanation: The given unique ID does not exist.

System action: An exception has been thrown.

Administrator response: Pass in a valid ID.

FBTFIR081E • FBTFMS102E


FBTFMS103E Expected a list of size size1, butreceived a list of size size2

Explanation: This method expected a list of a certainsize and received a different size.

System action: An exception has been thrown.

Administrator response: Pass in a list with the rightsize.

FBTFMS104E Received an unexpected argumenttype: msg

Explanation: This method expected an argument of acertain type and received an argument with a differenttype.

System action: An error has been logged.

Administrator response: Pass in an argument with thecorrect type.

FBTFMS105E Received an unexpected value msg1.Expected one of the following: msg2

Explanation: This method expected a certain valuefrom a given list of values but received something else.


Administrator response: Pass in an expected value.

FBTFMS106E Encountered an error getting aninstance of ModuleLoaderFactory: msg1.

Explanation: The module factory loader threw anexception.


Administrator response: Check the trace log todetermine the cause of the problem.

FBTFMS107E A configuration file or directory wasnot found: msg1.

Explanation: A required configuration file was notfound.


Administrator response: Ensure that the required fileexists.

FBTFMS108E Could not delete the point of contactclient given by ID: id.

Explanation: The delete operation failed.


Administrator response: Ensure that the ID of thegiven entity exists in the configuration.

FBTFMS109E Could not delete the delegate protocolinstance given by ID: id.




FBTFMS110E Could not delete the protocoldetermination module given by ID: id.




FBTFMS111E Could not delete the global handlergiven by ID: id.




FBTFMS112E Could not delete the page selectorgiven by ID: id.




FBTFMS116E The management operation is missingrequired input values. The managementoperation has failed to complete.

Explanation: The management operation is missingrequired input values.

System action: The operation will return failure.

Administrator response: The management operationbeing called requires specific input values to completethe operation. Check the documentation for all therequired input values.

FBTFMS117E The provided password is incorrect orthe keystore keystore does not exist. Themanagement operation has failed tocomplete.

Explanation: The provided password was not correct,or the keystore does not exist.


Administrator response: Ensure that the keystoreexists and ensure the correct password was entered.

FBTFMS103E • FBTFMS117E


FBTFMS118E Error encountered when retrieving theencoded format of the certificate.

Explanation: An attempt was made to encode acertificate that returned errors.


Administrator response: Check the trace logs for amore specific exception error.

FBTFMS119E Error encountered while creating thekeystore for export. Export operationfailed.

Explanation: During the generation of the keystore toexport the server encountered a error.


Administrator response: Check the logs for anexception that will give a more specific reason for theerror.

FBTFMS120E Error encountered while importing thegiven keystore. Import operation failed.

Explanation: During the importing of the keystore theserver encountered a error.



FBTFMS121E The store storename does not exist.Operation failed to complete.

Explanation: The given store does not exist.


Administrator response: Ensure that the given storeexists.

FBTFMS122E The import into store storename failed.Operation failed to complete, checktrace logs for more specific error.

Explanation: An error was encountered when the keyand/or certificate were being imported.


Administrator response: Check the trace logs for amore specific error message.

FBTFMS123E The password for the given keystoreis incorrect. Operation failed tocomplete.

Explanation: An error was encountered validating thepassword for the given keystore.


Administrator response: Ensure that the correctpassword is entered for the keystore or for the keyentry.

FBTFMS124E An error occurred when attempting toupdate the store (storename) with thenew data. Operation failed to complete.

Explanation: An error occurred while updating thespecified store.



FBTFMS125E The key alias alias name returned nodata for the keystore provided. Confirmthat the key alias given exists.Operation failed to complete.

Explanation: There are no keys or certificates locatedat the key alias given.


Administrator response: Confirm that the given keyalias exists in the provided keystore.

FBTFMS126E The key alias alias name already existsin the store store name. Operation failedto complete.

Explanation: The import operation was asked to notoverwrite existing key aliases and the alias providedalready existed in the store.


Administrator response: Confirm that the given keyalias does not exists in the provided store.

FBTFMS127E The encountered file 'file name' couldnot be read.

Explanation: An error occurred while attempting toread the specified file.


Administrator response: Confirm that the file has thecorrect permissions and is a valid JKS file.

FBTFMS128E The configured directory 'directoryname' could not be read or does notexist.

Explanation: An error occurred while attempting toread the configured directory.


Administrator response: Confirm that the directoryexists and has the correct permissions.



FBTFMS129E The specified label 'label' could not bedeleted from the specified keystore 'keystore'.

Explanation: An error occurred while attempting tomodify the specified keystore.


Administrator response: Confirm that the inputvalues to the management operation are correct.

FBTFMS135E Obtaining a new context requires theITFIM_CONTEXT_DOMAIN parameter.

Explanation: The management service operationrequires the domain name to be set using theITFIM_CONTEXT_DOMAIN parameter.


Administrator response: Set theITFIM_CONTEXT_DOMAIN parameter as input to themanagement operation.

FBTFMS136E The specified keystore name 'keystorename' is already in use, and cannot bere-used again to create a new keystore.

Explanation: An error occurred while attempting tocreate a keystore.


Administrator response: Confirm that the inputs tothe management operation are correct.

FBTFMS137E An error occurred creating keystore'keystore name'.

Explanation: An error occurred while attempting tocreate a keystore.


Administrator response: Confirm that the inputs tothe management operation are correct and check tracelogs for details.

FBTFMS138E STS module instance cannot bedeleted because it is in use.

Explanation: An error occurred while attempting todelete an STS module instance.


Administrator response: Confirm the STS moduleinstance is not in use before attempting to delete it.

FBTFMS139E An error occurred while reading thelicense file path. The default license willbe used instead. The root cause of theerror was 'exception text'.

Explanation: Federated Identity Manager attempted toverify the license file, but the verification failed.

System action: The system will use the default license.

Administrator response: Verify that the license fileexists and has not been modified from the versionincluded with your product installation media. Ifnecessary, copy the original license file from theFederated Identity Manager installation media intoplace.

FBTFMS140E Could not delete the point of contactprofile given by ID: id. Ensure that theprofile exists, is not read-only, and isnot the currently active profile.



Administrator response: Ensure that the ID of thegiven entity exists in the configuration, is not read-only,and is not the current profile.

FBTFMS141E Could not modify the point of contactprofile given by ID: id. Make sure theprofile exists and is not read-only.

Explanation: The modify operation failed.


Administrator response: Ensure that the ID of thegiven entity exists in the configuration and it is notread-only.

FBTFMS142E The plug-in directory was null.

Explanation: The plug-in directory could not bedetermined by the Management Service.


Administrator response: Ensure that themoduledirs.properties file exists inside theITFIMManagementService.ear application.

FBTFMS143E Could not make the point of contactprofile given by ID: id the currentprofile. The profile must contain a SignIn callback and Local ID callback tomake it an active profile. The currentprofile configuration is incomplete.

Explanation: The make profile current operation hasfailed.




Administrator response: Ensure that the ID of thegiven entity has a valid configuration.

FBTFMS144E An error occurred whilecommunicating with the TDI Server.

Explanation: The list of configuration files for the TDIServer could not be retrieved.


Administrator response: Ensure that the TDI Serverdaemon is running.

FBTFMS145E Could not delete the audit clientprofile given by ID: id. Ensure that theprofile exists and is not the currentlyactive profile.



Administrator response: Ensure that the ID of thegiven entity exists in the configuration and is not thecurrent profile.

FBTFMS146E STS module chain argument cannot bedeleted because it is in use.

Explanation: An error occurred while attempting todelete an STS module chain.

System action: The operation returns failure.

Administrator response: Confirm that the STS modulechain is not in use before attempting to delete it.

FBTIDS001W The alias service configuration file(etc/idservice.xml) was not found.

Explanation: The alias service configuration file wasnot found.

System action: The alias service will start with defaultclients.

Administrator response: Ensure that the request hasall the required data.

FBTIDS002E The module reference id ['referenceId'], isinvalid. The module reference does notexist.

Explanation: The referenced identifier does not exist.

System action: The plug-in module will not beavailable at runtime.

Administrator response: Validate the Identity Serviceconfiguration.

FBTIDS003E The class 'className' with modulereference id 'referenceId' could not beinitialized. The init method did notsuccessfully complete.

Explanation: The module implementation did notsuccessfully initialize.


Administrator response: Validate the Identity Serviceconfiguration and installed Identity Service plugins.

FBTIDS004E The class 'className' does not implementthe interfaces of class 'referenceClass'.

Explanation: The module does not implement therequired interface.


Administrator response: Validate the Identity Serviceconfiguration and installed Identity Service plugins.

FBTISJ001E Unable to locate the local interface name.

Explanation: No EJB instance was found.


Administrator response: Validate the configuration ofthe EJB, then try the operation again.

FBTISJ002E The identity service was unable to readthe user's alias.

Explanation: The LDAP alias-read operation failed.

System action: The service will not return a value.

Administrator response: Validate the configuration ofthe ID service, and check logs for an EJB error message.

FBTISJ003E The identity service was unable to writethe user's alias.

Explanation: The LDAP alias-write operation failed.

System action: The service will not return a value.

Administrator response: Validate the configuration ofthe ID service, and check the logs for an EJB errormessage.

FBTISL001E The local interface name could not belocated.

Explanation: No EJB instance can be found.


Administrator response: Validate the configuration ofthe EJB.

FBTFMS144E • FBTISL001E


FBTISL002E The remote interface name could not belocated.




FBTISL003E The Naming name of the EJB was notprovided.




FBTISL004E A manager could not be created on thisnode. This result might not be an errorif the system is running in a clusteredenvironment. Confirm the configurationand startup on the appropriate node.




FBTISL006E Configuration was not provided for theenterprise bean.

Explanation: No EJB configuration can be found.



FBTISL007E The provided SSL configuration is notvalid.

Explanation: The SSL configuration contains missingparameters or parameters that are not valid.


Administrator response: Validate the configuration ofthe ID service.

FBTISL008E The configuration key key is not valid.

Explanation: The configuration contains a parameterkey that is not valid.

System action: The configuration key will be ignored.

Administrator response: Validate the configuration ofthe ID service.

FBTISL012E The bootstrap failed

Explanation: The configuration contains a parameterkey.

System action: The configuration key will be ignored.

Administrator response: Validate the configuration ofthe ID service

FBTISL014E The identity service was unable to readthe user's alias.

Explanation: The alias read LDAP operation failed.

System action: The service will return no value.

Administrator response: Validate the configuration ofthe ID service, and check logs for an LDAP errormessage.

FBTISL015E The identity service was unable to writethe user's alias.

Explanation: The alias write LDAP operation failed.



FBTISL016E The identity service was unable to readthe user's attributes.

Explanation: The attribute read LDAP operationfailed.



FBTISL017E The identity service was unable to writethe user's attributes.

Explanation: The attribute write LDAP operationfailed.



FBTISL018E The provided DN, dn, does not exist.

Explanation: The attribute read LDAP operationfailed.



FBTISL002E • FBTISL018E


FBTISL019E The attribute attribute with value valuecould not be written.

Explanation: The attribute write LDAP operationfailed.



FBTISL020E No trusted keystore was returned by thekey service.

Explanation: The call to the key service did not returna trusted keystore.

System action: The service SSL functionality will notoperate.

Administrator response: Validate that theconfiguration has the correct trusted key store name.

FBTISL021E No trusted keystore type was returnedby the key service.

Explanation: The call to the key service did not returna trusted keystore type.

System action: The default key store type will beused.

Administrator response: Validate that theconfiguration has the correct trusted key store name.

FBTISL022E The input provided to the managementoperation is not valid.

Explanation: This error is typically due to null inputvalues, missing input values, or input values of thewrong type.

System action: The management operation will behalted

Administrator response: Check the trace for the inputto the management operation.

FBTISL023E The input provided to the managementoperation is not valid, the parameterparameter is missing.


System action: The management operation will behalted


FBTISL024E The input provided to the managementoperation is not valid and the type typefor parameter parameter is not valid. Theexpected input is expectedType.


System action: The management operation will behalted.


FBTISL025E The input provided to the managementoperation are not valid. The server serveris undefined.




FBTISL026E The provided service configuration isnot valid. The required parameterparameter is not specified.

Explanation: The specified parameter is required forID service LDAP function.

System action: The current operation will be halted.

Administrator response: Check the productdocumentation for the correct parameters.

FBTISL027E The provided server configuration is notvalid. The required parameter parameteris not specified.

Explanation: The specified parameter is required forID service LDAP function.

System action: The current operation will be halted.

Administrator response: Check the productdocumentation for the correct parameters for serverconfiguration.

FBTISL028E The ID service LDAP management beancould not be registered.

Explanation: An error has occurred while registeringthe management bean for the ID service LDAPprovider.

System action: The server will start with nomanagement interface.

Administrator response: Enable trace and check for

FBTISL019E • FBTISL028E


errors leading up to this failure.

FBTISL029E The configuration update failed.

Explanation: An error has occurred while updatingthe server configuration.

System action: The server will continue running withthe existing configuration.

Administrator response: Enable trace and check forerrors leading up to this failure.

FBTIVT003E The distributed map to run the testcannot be located.

Explanation: The current test cannot be run becausethe distributed map could not be located.

System action: The test has failed.

Administrator response: Validate the setup of theWebSphere Application Server environment, cluster,and replication domain.

FBTIVT004E The key ''key'' cannot be located in thedistributed map.

Explanation: The current test has failed because thespecified key could not be found.

System action: The test has failed.

Administrator response: Validate the setup of theWebSphere Application Server environment, cluster,and replication domain.

FBTKES001E The global configuration properties fileis not in the classpath of the server.

Explanation: The global configuration properties filecould not be found in the server's classpath. The file istypically created at installation time for the installerand is required for the server to successfully start.

System action: The request is halted.

Administrator response: Ensure that the system wasinstalled correctly, locate the global configurationproperties file, and ensure that the file is located in theserver's classpath.

FBTKES002E No keystore or keystore password wasprovided.

Explanation: A keystore or keystore password or bothmust be provided for the server to start.


Administrator response: Ensure that the keystore hasthe correct file permissions for the server to read andwrite.

FBTKES003E The password could not beunobfuscated.

Explanation: The obfuscated password could notsuccessfully be unobfuscated.


Administrator response: Check that the Java thatsupports the A.E.S. 128-cipher algorithm is being used.

FBTKES005E A problem was encountered whilecreating the keystore at location:filename.

Explanation: Because the keystore at the givenlocation did not exist, the server attempted to create anew keystore but failed.

System action: The keystore was not created.

Administrator response: Ensure that the directorypath up to the given file exists and that the correct readand write file permissions are set. Check the causeexception to get more specific details about whatcaused the problem.

FBTKES006E The key type for the given alias alias isan unknown key.

Explanation: An attempt was made to use a key thathas an unknown type.


Administrator response: Ensure that the key for thegiven alias is a supported key type.

FBTKES007E A key was not found with the givenalias (alias).

Explanation: The server could not find a key with theprovided alias.


Administrator response: Ensure that you have thecorrect keystore configured.

FBTKES008E The required input was not given.

Explanation: The required input was not given toprocess the request.


Administrator response: Ensure that the correct inputis given.

FBTKES009E The document owner was not given.The signature template could not begenerated.

Explanation: For the signature template to generatecorrectly, the document owner must be provided.

FBTISL029E • FBTKES009E



Administrator response: Ensure that the callerprovides the correct document owner.

FBTKES010E A reference list of elements to be signedwas not given. The signature templatecannot be generated without a referencelist.

Explanation: For a signature template to be generated,a reference list must be provided.


Administrator response: Ensure that the callerprovides the correct reference list of elements to bereferenced in the generated signature template.

FBTKES011E A context was not provided by caller.

Explanation: The caller did not provide a context.


Administrator response: Ensure that a context isprovided.

FBTKES012E A key alias was not provided by thecaller.

Explanation: The caller did not provide a key alias.


Administrator response: Ensure that a key alias isprovided.

FBTKES013E No data was provided to be signed.

Explanation: The caller did not provide any data to besigned.


Administrator response: Ensure that there is dataprovided.

FBTKES014E A certificate was not found with thegiven alias (alias).

Explanation: The server could not find a certificatewith the provided alias.



FBTKES015E The signature validation failed.

Explanation: The server encountered an error whileattempting to validate a signature.


Administrator response: Check the cause exception tofind more details about why the validation failed.

FBTKES016E No document was given.

Explanation: An XML document is required toperform the operation.


Administrator response: Ensure that a document isprovided.

FBTKES017E The signature creation operation failed.

Explanation: The server encountered an error whileattempting to sign the given data.


Administrator response: Check the cause exception tofind more details about why the signing failed.

FBTKES020E The signature was not valid.

Explanation: The signature was determined to beinvalid while attempting to validate the byte array ofthe signature.



FBTKES021E No keystore directory was provided.

Explanation: A keystore directory must be providedfor the server to start.


Administrator response: Ensure that the keystoredirectory is provided.

FBTKES022E The keystore directory provided (alias)does not exist or is not a directory.

Explanation: The keystore directory provided in theconfiguration does not exist or is not a directory.


Administrator response: Ensure that the givendirectory exists.

FBTKES023E The required path element was notprovided.

Explanation: For the given request, a path that pointsto the specific XML element is required.


Administrator response: Ensure that the caller ispassing all required parameters.

FBTKES010E • FBTKES023E


FBTKES024E The given element path did not point toan XML element.




FBTKES025E The key encryption and signatureservice client factory could not locatethe key encryption and signature servicemodule.

Explanation: The modules or module directory couldnot be located in the current environmentconfiguration.


Administrator response: Ensure that the caller ispassing all required parameters and that theconfiguration is correct.

FBTKES026E An alias was not given.

Explanation: The caller did not pass an alias.


Administrator response: Ensure that the keyconfiguration has all the correct key alias namesconfigured.

FBTKES027E The given key profile does not have acipher assigned or an error occurredwhen getting an instance of the cipher.

Explanation: The key profile given did not return acipher.


Administrator response: Ensure that the key profileconfiguration has the cipher configured correctly.

FBTKES028E The raw key bytes for key id were notspecified.

Explanation: The key bytes were not specified in theconfiguration file for the given key ID.

System action: The key given was not generated,process continued to the next key in the configurationfile.

Administrator response: Ensure that the keyconfiguration has the required configuration item.

FBTKES029E The type for key id was not specified.

Explanation: The type was not specified in theconfiguration file for the given key ID.

System action: The key given was not generated,process continued to the next key in the configurationfile.

Administrator response: Ensure that the keyconfiguration has the required configuration item.

FBTKES030E An unknown error occurred, the cipherreturned no data but data was expected.

Explanation: Data was given to the cipher engine butit did not return any data.


Administrator response: Ensure that key profile, thecipher and the key are configured correctly.

FBTKES031E During the decryption an error wasencountered. It appears the given ciphertext is corrupt.

Explanation: The given cipher text could not bedecrypted and parsed into a valid XML document.

System action: The operation will return a failure.

Administrator response: Confirm that the message isnot being altered.

FBTKES032W The certificate with the subject'sdistinguished name of [dn] and serial of[number] has expired, therefore it wasnot used for runtime operations.

Explanation: The given certificate has expired and willnot be used for runtime operations.

System action: The system will not use the certificate.

Administrator response: Only use certificates that arestill valid.

FBTKES033E The block cipher algorithm URIprovided [URI] is not supported by theXML security API.

Explanation: The block cipher algorithm URI providedfrom configuration is not supported by the XMLsecurity API.

System action: The system will not complete therequest.

Administrator response: Change the configuration toa supported block cipher algorithm URI.



FBTKES034E The key transport algorithm URIprovided [URI] is not supported by theXML security API.

Explanation: The key transport algorithm URIprovided from configuration is not supported by theXML security API.


Administrator response: Change the configuration toa supported key transport algorithm URI.

FBTKES035E The provided message contained toomany EncryptedKey elements, theprocess is unable to determine thecorrect key to use.

Explanation: The provided message did not have aKeyInfo element as a child of the EncryptedDataelement. Because there was no KeyInfo element, theservice has to look for EncryptedKey elements underthe parent node of the EncryptedData. If there is morethan one EncryptedKey element under the parent, thiserror is returned.


Administrator response: Ensure the given messagecontains a KeyInfo element as a child of theEncryptedData element, which includes either theEncryptedKey or references the EncryptedKey if thereis more then one EncryptedKey in the message.

FBTKES036E No EncryptedKey element found, theprocess cannot decrypt the givenmessage.

Explanation: The given message did not contain aEncryptedKey element, the EncryptedKey elementcontains the key material to decrypt the EncryptedDataelement.


Administrator response: Ensure that messages containat least one EncryptedKey element for everyEncryptedData element.

FBTKES037E The key encryption and signatureservice client factory could not locate acertificate path validator module.

Explanation: The modules or module directory couldnot be located in the current environmentconfiguration.


Administrator response: Ensure that the required

certificate path validator module is properly configuredand installed.

FBTKES038W Certificate path validation is disabledbecause no keystores of type CACertificates are configured.

Explanation: There are no keystores of type CACertificates configured.


Administrator response: Ensure that at least onekeystore containing CA certificates is configured with atype of CA Certificates.

FBTKES039E The configuration file file could not beread.

Explanation: The configured file might not exist,might not be readable by this user, or might not be avalid file.

System action: The server cannot performinitialization of the hardware device.

Administrator response: Correct the configuration forthe hardware provider in etc/kessjks.xml and restartthe server.

FBTKES040E A <HardwareProviderType> elementcould not be found with reference IDidref in etc/kessjks.xml.

Explanation: The configuration file contains areference to an element that does not exit.

System action: The server cannot performinitialization of the hardware device.


FBTKES041E A <ModuleReference> element couldnot be found with reference ID idref inetc/kessjks.xml.

Explanation: The configuration file contains areference to an element that does not exit.

System action: The server will skip initialization ofthe module referenced by the ID.


FBTKES042E The hardware cryptographic devicecould not be initialized.

Explanation: The hardware cryptographic devicefailed to initialize. See previous messages.

System action: The server will not be able to perform



signing and cryptography services.

Administrator response: Verify that the hardwaredevice is installed correctly and is operating properly.

FBTKES043E There is no provider available toperform the requested operation.

Explanation: The signature and cryptographicprovider failed to initialize. See previous messages.

System action: The server cannot perform therequested operation.

Administrator response: Check the message log forrelated errors and take corrective action accordingly.

FBTKES044E The key encryption and signatureservice configuration is missing therequired parameter parameter.

Explanation: An error has occurred while validatingthe server configuration. This error is due to theabsence of a required parameter.

System action: The server will not function with amissing configuration.

Administrator response: Ensure that the missingconfiguration entry is specified.

FBTKES045E The hardware cryptography feature isnot supported by Tivoli FederatedIdentity Manager on this version ofWebSphere Application Server.

Explanation: The installed version of WebSphereApplication Server does not provide the proper supportfor the hardware cryptography feature.


Administrator response: Either upgrade to WebSphereApplication Server version 6.1 or greater, or disable thehardware cryptography feature.

FBTKES046E The key profile with alias alias requiresan initialization vector.

Explanation: The mode of the cipher in the key profilerequires an initialization vector to be configured.

System action: The key profile is discarded.

Administrator response: Correct the configuration andrestart the server.

FBTKES047E The key profile with alias alias has anincomplete initialization vector.

Explanation: The initialization vector must include asize or initialization data to be configured.

System action: The key profile is discarded.


FBTKES048E An exception occurred while processingthe keystore on the hardware device.The exception message text is: message.

Explanation: An exception was encountered whileprocessing the keystore provided by the hardwaredevice.

System action: The keys and certificates not alreadyprocessed will be unavailable.


FBTKES049E The message signature did not includethe required KeyInfo data to find avalidation certificate.

Explanation: The server is configured to use theKeyInfo data in the message signature to locate a keyfor signature validation but the signature does not havethe required data.

System action: The request is rejected.

Administrator response: Ensure that the senderincludes either a Public Key, X509 Certificate data, X509Subject Key Identifier or X509 Subject Name in theKeyInfo element of the signature.

FBTKES050E The message signature did not includeany KeyInfo data that matches theconfigured DN expression [alias].

Explanation: The server is configured to use theKeyInfo data in the message signature to locate a keyfor signature validation but the DN of the certificatedoes not match the allowable names in theconfiguration.


Administrator response: Ensure that the configuredDN expression is correct and retry the operation.

FBTKES051E There are no certificates available thatmatch the KeyInfo data in the messagesignature for the DN [alias].

Explanation: The server is configured to use theKeyInfo data in the message signature to locate a keyfor signature validation but a certificate could not befound in any keystore.


Administrator response: Ensure that the public keycertificate is imported into the Tivoli Federated IdentityManager keystore.



FBTKES052E The signature algorithm URI provided[URI] is not supported.

Explanation: The system does not support thesignature algorithm URI provided from theconfiguration.


Administrator response: Change the configuration tothe supported signature algorithm URI.

FBTKES053E The digest algorithm URI provided[URI] is not supported.

Explanation: The system does not support the digestalgorithm URI provided from the configuration.


Administrator response: Change the configuration tothe supported digest algorithm URI.

FBTKES054E The signing key type [KeyType] does notmatch the signature algorithm [URI].

Explanation: The signing key type does not match thesignature algorithm provided from the configuration.


Administrator response: Change the configuration tomatch the key type and signature algorithm.

FBTKES055E The key type [KeyType] does not supportencryption.

Explanation: The key type provided fromconfiguration does not support encryption.

System action: The system cannot complete therequest.

Administrator response: Change the configuration toa supported encryption key type.

FBTKJK001E A manager could not be created on thisnode. This result might not be an errorif the system is running in a clusteredenvironment. Confirm configuration andstartup on the appropriate node.

FBTKJK002E The global configuration properties fileis not in the classpath of the server.

Explanation: The global configuration properties filecould not be found in the server's classpath. The file istypically created at installation time for the installerand is required for the server to successfully start.

System action: The global configuration properties filecould not be found.

Administrator response: Ensure that the system wasinstalled correctly, locate the global configurationproperties file, and ensure that the file is located in theserver's classpath.

FBTKJK006E The Key Encryption and SignatureService Java Keystore management beancannot be registered.

Explanation: An error has occurred registering themanagement bean for the Key Encryption andSignature Service Java Keystore provider.

System action: The server will start with nomanagement interface.

Administrator response: Enable a trace and check forerrors leading up to this failure.

FBTKJK007E The configuration file for the KeyEncryption and Signature Service JavaKeystore, filename, cannot be read.

Explanation: An error has occurred reading theconfiguration for the Key Encryption and SignatureService Java Keystore provider.

System action: The server will not be able to startunless the configuration file is located on another node.


FBTKJK008E The bootstrap of the Key Encryptionand Signature Service Java Keystoreprovider has failed.

Explanation: The bootstrap process of the KeyEncryption and Signature Service Java Keystore did notcomplete successfully.

System action: Check earlier error and trace messagesfor problems leading up to this failure.

Administrator response: Validate the configuration ofthe Key Encryption and Signature Service Java Keystoreprovider.

FBTKJK009E The input provided to the managementoperation is not valid.




FBTKES052E • FBTKJK009E


FBTKJK010E The input provided to the managementoperation is not valid. The parameterparameter is missing.




FBTKJK011E The input provided to the managementoperation is not valid. The type type forparameter parameter is not valid. A valueof expectedType was expected.




FBTKJK012E The configuration update failed.

Explanation: An error has occurred while updatingthe server configuration.

System action: The server will continue running withthe existing configuration.


FBTKJK015E The key encryption and signatureservice configuration could not bediscovered because no configurationstore was found.

Explanation: An error has occurred discovering theserver configuration. This error occurred because thedistributed map instance could not be located.

System action: The server will not function withoutconfiguration information.

Administrator response: Ensure that the configurationstore is running on the application server and enablethe trace to check for errors leading up to this failure.

FBTKJK016E The key encryption and signatureservice configuration is missing therequired parameter parameter.

Explanation: An error has occurred while validatingthe server configuration. This error is due to theabsence of a required parameter.


Administrator response: Ensure that the missingconfiguration entry is specified.

FBTKJK017E The configured Java key storeconfiguration directory directory couldnot be read.

Explanation: The configured directory might not exist,might not be readable by this user, or might not be adirectory.


Administrator response: Ensure that the configuredentry is valid.

FBTKJK018E The configured Java key storeconfiguration directory contains a filefile that could not be read.

Explanation: The configured file might not exist,might not be readable by this user, or might not be avalid.

System action: The server will attempt to read theremaining files in the directory.

Administrator response: Ensure that the file is valid.

FBTKJK021E The required input was not given.

Explanation: The required input was not given toprocess the request.

System action: The request could not be processedbecause the required input is missing.

Administrator response: Ensure that the correct inputis given.

FBTKJK022E The document owner was not given andthe signature template could not begenerated.

Explanation: For the signature template to generatecorrectly, the document owner must be provided.

System action: The signature template was notgenerated.

Administrator response: Ensure that the callerprovides the correct document owner.

FBTKJK023E A reference list of elements to be signedwas not given. The signature templatecannot be generated without a referencelist.

Explanation: For a signature template to be generated,a reference list must be provided.

FBTKJK010E • FBTKJK023E


System action: Ensure that the caller provides thecorrect list of elements to be referenced in thegenerated signature template.

Administrator response: Ensure that the callerprovides the correct list of elements to be referenced inthe generated signature template.

FBTKJK024E A context was not provided by thecaller.

Explanation: The caller did not provide a context.


Administrator response: Ensure that a context isprovided.

FBTKJK025E A key alias was not provided by caller.




FBTKJK026E There was no data provided to besigned.

Explanation: The caller did not provide any data to besigned.


Administrator response: Ensure that data is provided.

FBTKJK027E A certificate with given alias (alias) wasnot found.

Explanation: The server could not find a certificatewith the provided alias.

System action: Ensure that you have the correctkeystore configured.


FBTKJK028E Signature validation failed.

Explanation: The server encountered an error whileattempting to validate a signature.

System action:

Administrator response: Check the cause exception todetermine why the validation failed.

FBTKJK029E No document was given.

Explanation: An XML document is required toperform the operation.


Administrator response: Ensure that a document isprovided.

FBTKJK030E The signature creation operation failed.

Explanation: The server encountered an error whileattempting to sign the given data.


Administrator response: Check the cause exception todetermine why the signing failed.

FBTKJK031E The signature is not valid.



Administrator response: Check the logs for exceptionsto determine why signature validation failed.

FBTKJK032E A key was not found with the givenalias (alias).

Explanation: The server could not find a key with theprovided alias.

System action: Ensure that you have the correctkeystore configured.


FBTKJK033E The required path element was notprovided.




FBTKJK034E The given element path did not point toan XML element.




FBTKJK035E The key type for a given alias alias is anunknown key.

Explanation: An attempt was made to use a key thathas an unknown type.

System action: An attempt was made to use a keythat has an unknown type.

Administrator response: Ensure that the key for given



alias is a supported key type.

FBTKJK036E The key encryption and signatureservice Java keystore was unable to finda worker to complete the task. Thiserror is likely due to an incorrectconfiguration.

Explanation: No configuration worker instance couldbe found.

System action: The operation returned failure.

Administrator response: Enable a trace and check thelogs for errors that might have lead up to this action.

FBTKJK037E The key encryption and signatureservice Java keystore EJB client couldnot create the remote interface, remote

Explanation: No remote EJB instance could be created.



FBTKJK038E The key encryption and signatureservice Java keystore EJB clientencountered an error with the EJBinvocation.

Explanation: An exception was thrown whilecommunicating with the remote EJB.



FBTKJK039E The SignedInfo signature value does notmatch the calculated value.

Explanation: The SignedInfo portion of the signaturedid not match the calculated value. This error isusually caused by the SignedInfo digest not matchingor the public key used to validate does not match theprivate key used to sign.


Administrator response: Ensure that the correctcertificate is used to validate the message.

FBTKJK040E The Reference with the identifieridentifier calculated a different digestvalue.

Explanation: The given Reference digest did notmatch the calculated digest. This error is usuallycaused by the message changing after being signed.


Administrator response: Ensure that the message does

not change after being signed.

FBTKJK041E While writing out the updated filefilename, an error was encountered. Theupdate to the file did not occur.

Explanation: An error was encountered when makingan update to the given file.


Administrator response: Ensure that the given fileexists and has the correct file permissions to allowupdates to occur. See the corresponding exception inthe trace file for more details.

FBTKJK042E The directory directory cannot be read.

Explanation: An error was encountered whenattempting to read the directory given.


Administrator response: Ensure that the givendirectory exists and that the correct file permissions areenabled.

FBTKJK043E The backup operation failed. Thebackup JAR file filename for directorydirectory cannot be created.

Explanation: An error was encountered whenattempting to create a backup.


Administrator response: Ensure that the givendirectory exists and that the correct file permissions areenabled.

FBTKJK045E The management operation is missingrequired input values. The managementoperation has failed to complete.

Explanation: The management operation is missingrequired input.


Administrator response: The management operationbeing called requires specific input to complete theoperation. Check the documentation for all the requiredinput.

FBTKJK046E The provided password is incorrect orthe keystore keystore does not exist. Themanagement operation has failed tocomplete.

Explanation: The provided password was not correct,or the keystore does not exist.


Administrator response: Ensure that the keystore



exists and ensure that the correct password wasentered.

FBTKJK047E An error was encountered whenretrieving the encoded format of thecertificate.

Explanation: An attempt was made to encode acertificate that returned errors.


Administrator response: Check the trace logs to findout a more specific exception error.

FBTKJK048E An error was encountered while creatingthe keystore for export. The exportoperation failed.

Explanation: During the generation of the keystore toexport, the server encountered a error.



FBTKJK049E An error was encountered whileimporting the given keystore. Theimport operation failed.

Explanation: During the importing of the keystore, theserver encountered a error.



FBTKJK050E The store storename does not exist. Theoperation failed to complete.

Explanation: The given store does not exist.


Administrator response: Ensure that the given storeexists.

FBTKJK051E The import into store storename failed.The operation failed to complete. Checkthe trace logs for more specific errors.

Explanation: An error was encountered when the keyor certificate or both were being imported.



FBTKJK052E The password for the given keystore isincorrect. The operation failed tocomplete.

Explanation: An error was encountered whilevalidating the password for the given keystore.


Administrator response: Ensure that the correctpassword is entered for the keystore or for the keyentry.

FBTKJK053E An error occurred when attempting toupdate the store (storename) with thenew data. The operation failed tocomplete.

Explanation: An error occurred when updating thestore listed.



FBTKJK054E The key alias alias name returned no datafor the keystore provided. Confirm thatthe key alias given exists. The operationfailed to complete.

Explanation: There are no keys or certificates locatedat the key alias given.


Administrator response: Confirm that the given keyalias exists in the provided keystore.

FBTKJK055E The key alias alias name already exists inthe store store name. The operation failedto complete.

Explanation: The import operation was asked to notoverwrite existing key aliases and the alias providedalready existed in the store.


Administrator response: Confirm that the given keyalias does not exist in the provided store.

FBTKJK056W The certificate with the subject'sdistinguished name of [dn] and serial of[number] has expired therefore it was notused for runtime operations.

Explanation: The given certificate has expired and willnot be used for runtime operations.

System action: The system will not use the certificate.

Administrator response: Only use certificates that arestill valid.

FBTKJK047E • FBTKJK056W


FBTKJK057E The block cipher algorithm URIprovided [URI] is not supported by theXML security API.

Explanation: The block cipher algorithm URI providedfrom configuration is not supported by the XMLsecurity API.


Administrator response: Change the configuration toa supported block cipher algorithm URI.

FBTKJK058E The key transport algorithm URIprovided [URI] is not supported by theXML security API.

Explanation: The key transport algorithm URIprovided from configuration is not supported by theXML security API.


Administrator response: Change the configuration toa supported key transport algorithm URI.

FBTKJK059E The provided message contained toomany EncryptedKey elements, we areunable to determine the correct key touse.

Explanation: The provided message did not have aKeyInfo element as a child of the EncryptedDataelement. Since there was no KeyInfo element theservice has to look for EncryptedKey elements underthe parent node of the EncryptedData. If there is morethen one EncryptedKey element under the parent, thiserror is returned.


Administrator response: Ensure the given messagecontains a KeyInfo element as a child of theEncryptedData element which includes either theEncryptedKey, or which references the EncryptedKey ifthere is more then one EncryptedKey in the message.

FBTKJK060E No EncryptedKey element found, we areunable to decrypt the given message.

Explanation: The given message did not contain aEncryptedKey element, the EncryptedKey elementcontains the key material to decrypt the EncryptedDataelement.


Administrator response: Ensure that messages containat least one EncryptedKey element for everyEncryptedData element.

FBTLIB001E A configuration error has occurred.

Explanation: A configuration error has occurred dueto invalid configuration.


Administrator response: Enable a trace for detailedmessages and validate the configuration.

FBTLIB002E Internal Error: The delegate protocolwas unable to retrieve the LibertyRequest Context.

Explanation: Internal Error: The delegate protocol wasunable to retrieve the Liberty Request Context.



FBTLIB003E The Liberty plug-in is not able to routethe incoming request correctly.

Explanation: The Liberty plug-in is not able todetermine the protocol that must be used for theincoming request.


Administrator response: Make sure that the endpointthat is configured is correct. Enable a trace for detailedmessages about the error.

FBTLIB004E Internal Error: The delegate protocolcannot retrieve the AuthnRequest fromincoming HTTP GET.

Explanation: The delegate protocol cannot retrieve theAuthnRequest from incoming HTTP GET.


Administrator response: Enable a trace for detailedmessages about the error.

FBTLIB005E Internal Error: The delegate protocolcannot retrieve the AuthnResponse fromincoming HTTP POST.

Explanation: The delegate protocol cannot retrieve theAuthnResponse from incoming HTTP POST.



FBTLIB006E Internal Error: The delegate protocolcannot decode the incomingAuthnResponse from BASE64.

Explanation: The delegate protocol cannot decode theincoming AuthnResponse from BASE64.

FBTKJK057E • FBTLIB006E



Administrator response: Make sure that theAuthnResponse was encoded correctly by the partner.Enable a trace for detailed messages about the error.

FBTLIB007E Internal Error: The delegate protocolcannot retrieve the value in the LARESfield in the incoming AuthnReponsePOST.

Explanation: The delegate protocol cannot retrieve thevalue in the LARES field in the incomingAuthnReponse POST.


Administrator response: Make sure that theAuthnResponse was sent by the partner adhering toLiberty specifications. Enable a trace for detailedmessages about the error.

FBTLIB008E Internal Error: An error was encounteredin the execution of protocol chain.

Explanation: An error was encountered in theexecution of protocol chain.

System action: Contact your IBM supportrepresentative.


FBTLIB009E Internal Error: The Delegate protocol isunable to process the response becauseit could not retrieve the AuthnRequestfrom LibertyContext.

Explanation: The Delegate protocol is unable toprocess the response because it could not retrieve theAuthnRequest from LibertyContext.



FBTLIB010E Internal Error: The Delegate protocol isunable to obtain the SingleSignOnUrlfrom the context.

Explanation: The Delegate protocol is unable to obtainthe SingleSignOnUrl from the context.


Administrator response: Make sure all the endpointsare configured correctly. Enable a trace for detailedmessages about the error.

FBTLIB011E Internal Error: The Delegate protocol isunable to process the response becauseit could not retrieve the AuthnResponsefrom LibertyContext.

Explanation: The Delegate protocol is unable toprocess the response because it could not retrieve theAuthnResponse from LibertyContext.



FBTLIB012E Internal Error: The Delegate protocol isunable to process the response becauseit could not convert the AuthnResponseto an XML string.

Explanation: The Delegate protocol is unable toprocess the response because it could not convert theAuthnResponse to an XML string.


Administrator response: The AuthnResponse messagemight not be formatted correctly. Enable a trace fordetailed messages about the error.

FBTLIB013E Internal Error: The Delegate protocol isunable to convert the response from anXML string to BASE64 encoded data.

Explanation: The Delegate protocol is unable toconvert the response from an XML string to BASE64encoded data.


Administrator response: The AuthnResponse messagemight not be formatted correctly. Enable a trace fordetailed messages about the error.

FBTLIB014E Internal Error: The Delegate protocol isunable to obtain theAssertionConsumerUrl from the context.

Explanation: The Delegate protocol is unable to obtainthe AssertionConsumerUrl from the context.


Administrator response: Make sure that all theendpoints are configured correctly. Enable a trace fordetailed messages about the error.

FBTLIB015E Internal Error: The Delegate protocol isunable to obtain the RelayState from theAuthnResponse.

Explanation: The Delegate protocol is unable to obtainthe RelayState from the AuthnResponse.


FBTLIB007E • FBTLIB015E


Administrator response: RelayState might not be setcorrectly in the AuthnResponse. Enable a trace fordetailed messages about the error.

FBTLIB016E Internal Error: The Delegate protocol isunable to find the template pagePageTemplate.

Explanation: The delegate protocol is unable to findthe specified page template.


Administrator response: Make sure that the productis installed and configured correctly. Enable a trace fordetailed messages about the error.

FBTLIB017E Internal Error: The delegate protocolcannot retrieve the LogoutRequest fromincoming HTTP GET.

Explanation: The delegate protocol cannot retrieve theLogoutRequest from incoming HTTP GET.



FBTLIB018E The delegate protocol cannot retrievethe EndPointType from the definedfederations.

Explanation: The specified endpoint is not configured.


Administrator response: Make sure that all theendpoints are configured correctly. Enable a trace fordetailed messages about the error.

FBTLIB019E The delegate protocol cannot convert thelogout response to a URL encodedstring.

Explanation: The delegate protocol cannot convert thelogout response to a URL encoded string.



FBTLIB020E Internal Error: The delegate protocolcould not find the session ID SessionIdin the global session.

Explanation: The specified session ID was not foundin the global session.


Administrator response: The session ID might nothave been stored or it might have expired. Enable atrace for detailed messages about the error.

FBTLIB021E The delegate protocol configurationdetermined that no federations aredefined.

Explanation: The delegate protocol configurationdetermined that no federations are defined.


Administrator response: Make sure that thefederations are defined. Enable a trace for detailedmessages about the error.

FBTLIB022E The required attribute VariableName wasnot found in the defined self-federationentity.

Explanation: The specified attribute is not defined inthe self-federation entity.


Administrator response: Make sure that the specifiedrequired attribute is defined in the self-federationentity. Enable a trace for detailed messages about theerror.

FBTLIB023E The Delegate protocol configurationcould not find the Provider ID in thedefined self-federation entity.

Explanation: The Delegate protocol configurationcould not find the Provider ID in the definedself-federation entity.


Administrator response: Make sure that the ProviderID is defined in the self-federation entity. Enable a tracefor detailed messages about the error.

FBTLIB024E The Delegate protocol configurationcould not find the Key identifier in thedefined self-federation entity.

Explanation: The Delegate protocol configurationcould not find the Key identifier in the definedself-federation entity.


Administrator response: Make sure the Key identifieris defined in the defined self-federation entity. Enable atrace for detailed messages about the error.



FBTLIB025E The SOAPEndpoint URL is malformed.SoapEndpoint = SoapEndpoint

Explanation: The specified SOAPEndpoint URL is notvalid.


Administrator response: Make sure that the correctSOAPEndpoint is configured. Enable a trace fordetailed messages about the error.

FBTLIB026E The Liberty plug-in cannot connect toSOAPEndpoint SoapEndpoint

Explanation: The Liberty plug-in cannot connect tothe specified SOAPEndpoint.


Administrator response: Make sure that theSOAPEndpoint accepts connections. Enable a trace fordetailed messages about the error.

FBTLIB027E The Liberty plug-in caught anunexpected exception when sending theSOAP message.

Explanation: The Liberty plug-in caught anunexpected exception when sending the SOAPmessage.



FBTLIB028E The Liberty plug-in received a SOAPrequest that is not valid.

Explanation: The Liberty plug-in received a SOAPrequest that is not valid.


Administrator response: Make sure that the receivedSOAP request is formatted correctly. Enable a trace fordetailed messages about the error.

FBTLIB029E The keystore is not initialized for SSLcommunication for the SOAP client.

Explanation: The keystore is not initialized for SSLcommunication for the SOAP client.



FBTLIB030E The Liberty plug-in caught an exceptionduring SSL initialization.

Explanation: The Liberty plug-in caught an exceptionduring SSL initialization.



FBTLIB031E The Liberty plug-in configuration failedto find the key Key in the SPSconfiguration.

Explanation: The Liberty plug-in configuration failedto find the specified key in the SPS configuration.



FBTLIB032E The Liberty SOAP client failed toinitialize due to an unexpectedexception.

Explanation: The Liberty SOAP client failed toinitialize due to an unexpected exception.


Administrator response: Make sure that the SOAPback channel configuration is correct. Enable a trace fordetailed messages about the error.

FBTLIB033E The Liberty plug-in is unable to get anartifact from the context.

Explanation: The Liberty plug-in is unable to get anartifact from the context.



FBTLIB034E The Liberty plug-in is unable to get anartifact from the incoming HTTP GETquery parameters.

Explanation: The Liberty plug-in is unable to get anartifact from the incoming HTTP GET queryparameters.





FBTLIB035E The Liberty plug-in is unable to get aSAML response from the context.

Explanation: The Liberty plug-in is unable to get aSAML response from the context.



FBTLIB036E Internal Error: The Delegate protocol isunable to get the logout response fromthe received HTTP GET.

Explanation: The Delegate protocol is unable to getthe logout response from the received HTTP GET.



FBTLIB037E Internal Error: The delegate protocolcannot retrieve the Logout responsefrom the context.

Explanation: The delegate protocol cannot retrieve theLogout response from the context.



FBTLIB038E The delegate protocol cannot convert alogout request to a URL-encoded string.

Explanation: The delegate protocol cannot convert alogout request to a URL-encoded string.



FBTLIB039E Internal Error: The Delegate protocol isunable to process the request because itcould not retrieve a LogoutRequest fromLibertyContext.

Explanation: The Delegate protocol is unable toprocess the request because it could not retrieve aLogoutRequest from LibertyContext.



FBTLIB040E An incorrect LECP header was receivedin the incoming request.

Explanation: An incorrect LECP header was receivedin the incoming request.



FBTLIB041E The Delegate protocol is unable to getthe AuthnRequest from the incomingSOAP message.

Explanation: The Delegate protocol is unable to getthe AuthnRequest from the incoming SOAP message.



FBTLIB042E The Delegate protocol is unable to getthe AuthnResponse from the receivedHTTP POST.

Explanation: The Delegate protocol is unable to getthe AuthnResponse from the received HTTP POST.


Administrator response: Make sure that the partner isconfigured to send the AuthnResponse. Enable a tracefor detailed messages about the error.

FBTLIB043E The Delegate protocol is unable to findan AuthnRequest in the received SOAPmessage.

Explanation: The Delegate protocol is unable to findan AuthnRequest in the received SOAP message.



FBTLIB044E Internal Error: The Delegate protocol isunable to get theAuthnRequestEnvelope from theContext.

Explanation: The Delegate protocol is unable to getthe AuthnRequestEnvelope from the Context.





FBTLIB045E Internal Error: The Delegate protocol isunable to get theAuthnResponseEnvelope from theContext.

Explanation: The Delegate protocol is unable to getthe AuthnResponseEnvelope from the Context.



FBTLIB046E A common domain name has not beenconfigured.

Explanation: An attempt was made to perform anIdentity Provider introduction but a common domainname was not configured.

System action: The operation was not performed.

Administrator response: Configure a common domainname and restart the server.

FBTLIB047E An MSISDN header was not found inthe incoming LECP request.

Explanation: The incoming LECP request does notcontain an MSISDN header.

System action: The request was rejected.

Administrator response: Configure the LECP providerID correctly and restart the server.

FBTLIB048E An error was encountered whileunobfuscating the passwordObfuscatedPassword for key Key from theconfiguration.

Explanation: Liberty plug-in tried to unobfuscate thespecified password set in the configuration, but failedto do so.

System action: The Liberty plug-in failed to initializeSSL for the SOAP backchannel.

Administrator response: Configure SSL for the SOAPbackchannel correctly and restart the server.

FBTLIB049E Partner provider ID cannot bedetermined for checking signatureconfiguration options.

Explanation: Liberty plug-in tried to find the partnerthis message was sent to or received from, but failed todo so.

System action: The Liberty plug-in failed to determinethe partner from the configuration.


FBTLIB050E Request to create an unsolicitedAuthnResponse was received but therequest does not contain all the requiredparameters.

Explanation: The required parameters are missing inthe request.

System action: The request was rejected.

Administrator response: The request must have theTargetURL and ProviderID parameters set.

FBTLIB100E The value value received forAttributeName in the ElementNameelement is not valid.

Explanation: The data received from the peer nodedoes not conform to Liberty protocol version 1.0.



FBTLIB101E A value for the attribute AttributeNamemust be provided for the <ElementName>element.

Explanation: The application is in error. Required datawas not set in the Liberty protocol object.



FBTLIB102E The VariableName message that wasreceived specifies an unsupportedversion [MajorMinor]. Only versionMajorMinor is supported.

Explanation: The data from the peer node specifies aversion that is not supported by this application.



FBTLIB103E The received message failed signatureverification: error_message.

Explanation: The received message was signed butsignature verification failed.





FBTLIB104E The received message was not signed.

Explanation: This application is configured to requirethat all received messages must be signed, but themessage received was not signed.



FBTLIB105E The attempt to sign a message wasunsuccessful.

Explanation: The protocol message could not besigned. This error could be caused by a keystoreconfiguration error or expired certificates.



FBTLIB106E An unexpected exception was caughtwhile initializing the keystore.

Explanation: An unexpected exception was caughtfrom the key service.

System action: The request will not be signed.


FBTLIB107E An unexpected exception was caughtdecoding a BASE64 encoded string.

Explanation: A string that should be BASE64 encodedcould not be decoded.

System action: The string is ignored.


FBTLIB108E The member elementMemberElementName must be providedfor the <ElementName> element.

Explanation: The application is in error. Required datawas not set in the Liberty protocol object.



FBTLIB109E The received <ElementName> elementdoes not contain the required memberelement MemberElementName.

Explanation: The sending application is in error.Required data was not included in the incomingrequest message.



FBTLIB110E The received element <ElementName>does not contain the required attributeMemberElementName.

Explanation: The sending application is in error.Required data was not included in the incomingrequest message.



FBTLIB111E The received element <ElementName>does not match the expected element<ExpectedElementName>.

Explanation: The sending application is in error. Therequest or response does not conform to the Libertymessage protocol.



FBTLIB112E The elements <ElementName> and<ElementName> are mutually exclusivemembers of the <ElementName> element.




FBTLIB113E The artifact string length is not valid.The length is <length> bytes instead of42 bytes.




FBTLIB114E The artifact type is unsupported.






FBTLIB115E The signature algorithm <length> ismissing or unsupported.




FBTLIB116E The received namespace URI[Namespace] does not match the expectednamespace URI [ExpectedNamespace] forelement <ExpectedNamespace>.




FBTLIB117E The received URL-encoded <Request> isnot valid: [Input string].

Explanation: The URL-encoded string that wasreceived is not valid. The most likely cause is that thedata was sent to the wrong URL endpoint by thesender.



FBTLIB118E A key alias was not provided by thecaller.




FBTLIB119E The attempt to encrypt or decrypt amessage was unsuccessful: Error message.

Explanation: The protocol message could not besigned. This error could be caused by a keystoreconfiguration error or expired certificates.



FBTLIB200E The protocol action caught anunexpected exception while building aLiberty assertion.

Explanation: The protocol action caught anunexpected exception from outside of Liberty whilebuilding a Liberty assertion.


FBTLIB201E The protocol action cannot retrieve theSAML status from the Liberty context.

Explanation: No SAML_STATUS attribute was foundin the Liberty context. This attribute is typically set bya previous protocol action.


FBTLIB202E The protocol action cannot find arequest ID in the request object.

Explanation: No RequestID attribute was found in therequest message being processed. This attribute isrequired.


FBTLIB203E The protocol action cannot determinethe current provider identifier.

Explanation: The configuration did not return anidentifier for the current provider.

Administrator response: Verify that configuration filesare present and have not been corrupted. If the filesappear good, enable a trace for detailed messages aboutthe error.

FBTLIB204E No federation exists for this principal.

Explanation: Single sign-on is not possible for thisprincipal because the account cannot be federated. Thefollowing conditions can prevent account federation:the user does not consent to federation when queried,the authentication request Federate element is set tofalse, the authentication request IsPassive element is setto true and the user cannot be queried for consent.

Administrator response: Verify that the authenticationrequest provides proper values for the Federate andIsPassive elements, and that the user answersaffirmatively if queried for consent to federate. Inaddition, enable a trace for detailed messages about theerror.



FBTLIB205E The protocol action caught anunexpected exception while determiningconsent to federate.

Explanation: The protocol action caught anunexpected exception outside of Liberty whiledetermining if the user consents to account federation.


FBTLIB206E The protocol action cannot determinethe identity of a locally authenticateduser.

Explanation: No local user information was availablein the Liberty context. This information is typically setby a previous protocol action by querying the localexecution environment for user identity and credentials.

User response: Verify that the user has logged onsuccessfully.


FBTLIB207E The protocol action cannot determinethe value of the name identifierprovided by the identity provider.

Explanation: No IDP_NAME_ID attribute was foundin the Liberty context. This value is typically set by aprevious protocol action.


FBTLIB208E The protocol action caught anunexpected exception while federatingthe principal.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileattempting to federate the principal.


FBTLIB209E The protocol action caught anunexpected exception while executingForceAuthn logic.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileexecuting ForceAuthn logic.


FBTLIB210E The protocol action cannot obtain a localtoken from the Liberty context.

Explanation: Local authentication is not possiblebecause the protocol action requires a LOCAL_TOKENattribute in the Liberty context. This attribute istypically set by a previous protocol action.


FBTLIB211E The protocol action caught anunexpected exception while attemptingto set the user's local credentials.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileattempting to set the user's local credentials.


FBTLIB212E SAML error in response: SamlStatus.

Explanation: The response message contains a SAMLerror indicating that the request was not successful.

Administrator response: Enable a trace on themessage provider for information about why the errorwas returned.

FBTLIB213E No Liberty assertion was returned in theauthentication response message.

Explanation: The identity provider did not return anyLiberty assertions in the authentication response. Singlesign-on failed.

Administrator response: Enable a trace on the identityprovider for information about why no Libertyassertions were included in the authentication response.

FBTLIB214E No RelayState element was found in theauthentication response.

Explanation: The authentication response message didnot contain a RelayState element, which is required forsingle sign-on. The RelayState should have beenprovided in the original authentication request.

Administrator response: Enable a trace on both theservice provider and identity provider for moreinformation. On the service provider, verify that theoriginal authentication request contains the appropriateRelayState element.

FBTLIB215E No request with identifier InResponseTowas found. The response is ignored.

Explanation: The response message contained anInResponseTo attribute whose value did not correspondto any request identifiers in the current session.



Administrator response: Enable a trace on both theservice provider and identity provider for moreinformation. On the service provider, verify that theoriginal request contains a RequestID attribute. On theidentity provider, verify that the response referencesthat same value in the InResponseTo attribute.

FBTLIB216E The protocol action caught anunexpected exception while processingthe Liberty message.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileprocessing the Liberty message.


FBTLIB217E The Liberty assertion could not beexchanged for a local credential.

Explanation: The protocol action caught anunexpected exception from the token exchange servicewhile exchanging a Liberty assertion for a localcredential.


FBTLIB218E The protocol action caught anunexpected exception while queryingthe user who wants to federate hisidentity.

Explanation: The protocol action caught anunexpected exception outside of Liberty while queryingthe user who wants to federate his identity.


FBTLIB219E The protocol action caught anunexpected exception while queryingthe execution environment for the user'scurrent federation state.

Explanation: The protocol action caught anunexpected exception outside of Liberty while queryingthe execution environment for the user's currentfederation state.



FBTLIB220E The protocol action caught anunexpected exception while queryingthe execution environment for the user'scurrent login state.

Explanation: The protocol action caught an

unexpected, non-Liberty exception while querying theexecution environment for the user's current login state.


FBTLIB221E A Liberty version mismatch occurred:runtime =LibertyRuntimeMajorVersion.LibertyRuntimeMinorVersion; message =MessageMajorVersion.MessageMinorVersion.

Explanation: The Liberty version of the message is notsupported by the Liberty runtime.

Administrator response: Verify that the providers inthis provider's circle of trust operate at a compatiblelevel of the Liberty protocol.

FBTLIB222E The protocol action caught anunexpected exception while validating aLiberty message.

Explanation: The protocol action caught anunexpected exception outside of Liberty whilevalidating a Liberty message.


FBTLIB223E The identity provider (IdentityProvider)does not have a configured federationwith the requesting service provider(ServiceProvider).

Explanation: There are no configured federations thatinclude the service provider who issued the request.

Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,establish a partnership with the service provider inquestion.

FBTLIB224E The user has no local credentials.

Explanation: The protocol being executed by thisaction requires that the user is locally authenticated. Nolocal credentials could be found; therefore, the protocolcannot be completed.


FBTLIB225E The protocol action caught anunexpected exception while verifyingthat the user has local credentials.

Explanation: The protocol action caught anunexpected exception outside of Liberty while verifyingthat the user has local credentials.




FBTLIB226E The protocol action caught anunexpected exception while building aLiberty request or response message.

Explanation: The protocol action caught anunexpected exception outside of Liberty while buildinga Liberty request or response message.


FBTLIB227E No destination URL was found in theLiberty context.

Explanation: The protocol action cannot find theAPPLIES_TO_URL attribute in the Liberty context. Thisattribute is typically set by a previous action that sets itto the value of a service provider'sAssertionConsumerServiceURL.

Administrator response: Verify that configuration filesare present and have not been corrupted. Enable a tracefor detailed messages about the error.

FBTLIB228E The local credential could not beexchanged for a Liberty assertion.

Explanation: The protocol action caught anunexpected exception from the token exchange servicewhile exchanging a local credential for a Libertyassertion.


FBTLIB229E The identity provider is passive andcannot authenticate the user.

Explanation: The identity provider must interact withthe user for local authentication, but it cannot becausethe authentication request's IsPassive element is set to'true'.

Administrator response: Retry the authenticationrequest with the IsPassive element set to 'false'.

FBTLIB230E The ForceAuthn element is notsupported.

Explanation: Forced authentication is not supported inthis release, and the authentication request'sForceAuthn element is set to 'true'.

Administrator response: Retry the authenticationrequest with the ForceAuthn element set to 'false'.

FBTLIB231E The ReauthenticateOnOrAfter attributeis not supported.

Explanation: Reauthentication requirements specifiedin the Liberty assertion is not supported in this release.Therefore, the assertion cannot be used for singlesign-on.

Administrator response: Retry the authenticationrequest, sending it to an identity provider that does notspecify a reauthentication time.

FBTLIB232E The provider identifier cannot beretrieved from configuration.

Explanation: Configuration did not return a value forthe provider identifier.

Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,add the needed configuration data.

FBTLIB233E The protocol profile could not beretrieved from the Liberty context.

Explanation: The Liberty context did not contain aLIB_PROTOCOL_PROFILE attribute. This attribute istypically set by the delegate protocol.


FBTLIB234E The protocol action caught anunexpected exception while generatingclaims for the token exchange between alocal credential and a Liberty assertion.

Explanation: The protocol action caught anunexpected exception outside of Liberty whilegenerating a LibertyClaims object for the tokenexchange.

Administrator response: Enable trace for detailedmessages about the error.

FBTLIB235E No provider identifier was found in theLiberty message.

Explanation: The protocol action could not find aprovider identifier in the message being processed.

Administrator response: Enable a trace for detailedmessages about the error, including format of themessage in question.

FBTLIB236E No identity service was found.

Explanation: No identity service was found.

Administrator response: Check the identity serviceconfiguration. Enable a trace for detailed messagesabout the error.

FBTLIB237E No token request information wasfound.

Explanation: Token exchange requires Issuerinformation, AppliesTo information, or both. NeitherIssuer information nor AppliesTo information could befound.



Administrator response: If the error is seen on anidentity provider, check the configuration and makesure that the self-provider is configured properly; thisconfiguration is needed to determine the Issuerinformation. Enable a trace for detailed messages aboutthe error, including the contents of the message, whichshould contain the ProviderID. The ProviderID isneeded to determine the AppliesTo information. If theerror is seen on a service provider, enable a trace fordetailed messages about the error; Issuer information isdetermined from information in the Liberty assertion,and AppliesTo information is determined from theRelayState in the original authentication request.

FBTLIB238E No alias was found for user User andprovider PartnerProvider.

Explanation: There was no alias found for thecurrently authenticated user for the specified partnerprovider.


FBTLIB239E The timestamp (IssueInstant attribute)in a received Liberty request or responsewas out of range.

Explanation: Validation failed for a received Libertymessage because the timestamp in the message did notfall within a configured range from the current system'stime.

Administrator response: Synchronize the clocks of thesending and receiving machines, if possible. Also checkthat the configured time skew tolerance is acceptable.

FBTLIB240E The protocol action caught anunexpected exception while executing alocal logout.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileexecuting a local logout.


FBTLIB241E The local logout operation failed.

Explanation: The local logout operation failed.


FBTLIB242E The protocol action could not build alist of service providers that were sentLiberty assertions on this session.

Explanation: The protocol action could not build a listof service providers that were sent Liberty assertionson this session.


FBTLIB243E The response does not correlate to thecurrent request.

Explanation: Validation failed for a Liberty or SAMLresponse because the InResponseTo attribute in areceived Liberty response did not match the currentrequest identifier.

Administrator response: Enable a trace on both theresponding and requesting machines for detailedmessages about the error.

FBTLIB244E The service provider (ServiceProvider)does not have a configured federationwith the responding identity provider(IdentityProvider).

Explanation: No configured federations include theidentity provider that issued the response.

Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,establish a partnership with the identity provider inquestion.

FBTLIB245E The service provider (ServiceProvider)making the logout request was notissued an assertion by this session inthe identity provider.

Explanation: The identity provider sessioninformation does not indicate that this service providerhas been issued an assertion. Therefore, the serviceprovider cannot initiate a logout request.

Administrator response: This error might mean thatthe identity provider has received an inappropriatelogout message. Examine the configuration and enablea trace to investigate which service providers canrequest authentication and which actually haverequested authentication.

FBTLIB246E The provider (ServiceOrIdentityProvider)does not have a required endpoint URLconfigured (EndpointURL).

Explanation: A required endpoint URL was not foundin the configuration for the specified provider.

Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,define the required endpoint URL for the provider inquestion.

FBTLIB247E Bad SAML status.

Explanation: A previous protocol action set theSAML_STATUS Liberty attribute to a value other than



Success, indicating that subsequent actions should notexecute.

Administrator response: Enable a trace to determinewhich action set the SAML_STATUS value, and whythe value is not samlp:Success.

FBTLIB248E No LogoutRequest was found for theresponding service provider(ServiceProvider).

Explanation: A LogoutResponse was received from aservice provider and no corresponding LogoutRequestcould be found. The LogoutResponse is ignored.


FBTLIB249E No audience entry was found forself-service provider (ServiceProvider).

Explanation: The Liberty assertion did not contain anaudience entry for the current self-provider. Theassertion is ignored.

Administrator response: Enable trace for detailedmessages on the issuing identity provider to determinewhy the self-provider was not included in the assertionaudience.

FBTLIB250E The protocol action caught anunexpected exception while validating aLiberty assertion.

Explanation: The protocol action caught anunexpected exception outside of Liberty whilevalidating a Liberty assertion.


FBTLIB251E The Liberty assertion failed validation.

Explanation: The Liberty assertion did not passvalidation checks of the ReauthenticationOnOrAfterattribute, the InResponseTo attribute, or theAudienceRestrictionCondition element.


FBTLIB252E Required data could not be found fromconfiguration.

Explanation: A required data item was not found inthe provider's configuration, so the operation cannot beperformed.

Administrator response: Enable a trace for detailedmessages about the error, including which data itemcould not be found. Then verify that the provider'sconfiguration files are not incorrect or unreadable andthat they contain the proper data.

FBTLIB253E Required data could not be found in aLiberty request or response message.

Explanation: A required data item was not found in aLiberty request or response message, so the operationcannot be performed.

Administrator response: Enable a trace for detailedmessages about the error, including which data itemcould not be found. Note that trace might need to beenabled on the provider of the Liberty message as wellto determine why the message lacks the required data.

FBTLIB254E Required data could not be found in theLiberty context.

Explanation: A required data item was not found inthe Liberty context, so the operation cannot beperformed.

Administrator response: Enable a trace for detailedmessages about the error, including which data itemcould not be found.

FBTLIB255E The issuer of the Liberty assertion(AssertionIsuer) did not match the issuerof the Liberty artifact (ArtifactIssuer).

Explanation: The Liberty assertion's issuer did notmatch the Liberty artifact's issuer. The assertion isignored.

Administrator response: Enable a trace for detailedmessages about the error. Verify that the configurationmaps the succinct ID in the artifact to the correctprovider.

FBTLIB256E The Liberty Service implementationclass (ClassName) is not valid.

Explanation: The Liberty Service implementationparameter is not valid.

Administrator response: Update the configuration.Ensure that the implementation class is a fully qualifiedJava class.

FBTLIB257E The Liberty Service failed to validatethe configuration.

Explanation: The Liberty Service failed to validate theconfiguration information.


FBTLIB258E The Liberty Service Factory failed toinstantiate the service with theimplementation class (ClassName).

Explanation: The Liberty Service Factory failed toinstantiate the service implementation class.




FBTLIB259E No assertion or status information wasfound for artifact (LibertyArtifact).

Explanation: No information related to the specifiedartifact could be found.

Administrator response: Verify that the artifact isspecified properly and that it has been used within theallowed assertion store timeout.

FBTLIB260E The Liberty module failed to retrievethe service factory for the specifiedservice key (Service Key).

Explanation: The Liberty module failed to retrieve theservice factory.

Administrator response: Enable trace for detailedmessages about the error. Verify that the configurationhas the correct entry for the service factory and retrythe operation.

FBTLIB261E The Liberty module failed to retrieve aservice instance using the servicefactory. (ServiceFactory).

Explanation: The Liberty module failed to retrieve aservice instance.


FBTLIB262E The succinct ID in the artifact does notcorrespond to a configured provider.

Explanation: No provider was mapped to the succinctID in the artifact. The artifact is ignored.

Administrator response: Enable a trace for detailedmessages about the error, including which succinct IDis in the artifact. Verify that configuration has correctmappings for providers and their succinct IDs.

FBTLIB263E The provider referenced by the succinctID in the Liberty artifact(ArtifactSuucinctIDProvider) did not matchthe current provider (SelfProvider).

Explanation: The provider mapped to the succinct IDin the Liberty artifact did not match the current identityprovider. The assertion request is ignored.

Administrator response: Enable a trace for detailedmessages about the error. Verify that the configurationhas the correct mappings for providers and theirsuccinct IDs.

FBTLIB264E The protocol action caught anunexpected exception while validating aLiberty artifact.

Explanation: The protocol action caught anunexpected exception outside of Liberty whilevalidating a Liberty artifact.


FBTLIB265E The protocol action caught anunexpected exception while building aLiberty artifact.

Explanation: The protocol action caught anunexpected exception outside of Liberty while buildinga Liberty artifact.


FBTLIB266E The Liberty module caught anunexpected exception while serializingan object.

Explanation: The Liberty module caught anunexpected exception while serializing an object.


FBTLIB267E The Liberty module caught anunexpected exception whiledeserializing an object.

Explanation: The Liberty module caught anunexpected exception while deserializing an object.


FBTLIB268E The Liberty LogoutRequest could not befound.

Explanation: The Liberty LogoutRequest object, whichis required to complete the operation, could not befound. If the operation was being performed on aservice provider, the LogoutRequest should be in theLiberty context. If the operation was being performedon an identity provider, the LogoutRequest should bein the Liberty session.


FBTLIB269E The Protected Resource URL valuecould not be found in the LibertyContext object.

Explanation: The Protected Resource URL value,which is required to complete the operation, could notbe found in the Liberty Context object.



Administrator response: Verify that the point ofcontact at the service provider is configured properly.

FBTLIB270E The requested provider provider does notexist.

Explanation: The provider ID, which is required toinitiate federation termination, could not be found.

Administrator response: Verify that the provider ID iscorrect and that the configuration specifies thatprovider ID.

FBTLIB271E The profile specified for terminationprofile is not valid.

Explanation: The profile specified is not present orsupported.

Administrator response: Verify that the profile URI iscorrect and that the configuration specifies thatprovider URI.

FBTLIB272E The federation termination service URLspecified for termination url is not valid.

Explanation: The URL specified is not present orsupported.

Administrator response: Verify that the URL is correctand that the configuration specifies that provider URL.

FBTLIB273E The federation termination serviceSOAP endpoint specified fortermination endpoint is not valid.

Explanation: The URL specified is not present orsupported.

Administrator response: Verify that the URL is correctand that the configuration specifies that provider URL.

FBTLIB274E The federation termination service ismissing a notification message.

Explanation: The notification message specified is notpresent or supported.

Administrator response: Verify that the message iscorrect and that the configuration specifies the providerURL and correct notification profile.

FBTLIB275E The federation partner's service returnURL, endpoint is missing or not valid.

Explanation: The termination service return URLspecified is not present or supported.

Administrator response: Verify that the message iscorrect and that the configuration specifies the providerURL and service return URL.

FBTLIB276E A response to an unsolicited federationtermination was received.

Explanation: A request was received as a response toan unsolicited federation termination. This request willbe ignored but could be due to the requestor nothaving cookies enabled. The configuration can overridethis default behavior.

Administrator response: Verify that the message iscorrect and that the configuration specifies the providerURL and service return URL.

FBTLIB277E The ID service request to remove analias for userId and provider providerIdfailed.

Explanation: The ID service operation was notsuccessful.

Administrator response: Validate that the identity andprovider are valid and check the log for messagesreturned from the ID service.

FBTLIB279E The user's response to the consent tofederate was not found in the browserquery string.

Explanation: Internal Error: The Delegate protocol isunable to process the response because it could notretrieve the AuthnRequest from LibertyContext.



FBTLIB280E The register name identifier could notbe performed. The user user does nothave a required name identifierconfigured for provider provider.

Explanation: For a register name identifier request tobe created, it is a requirement that the user has a nameidentifier for the partner.

Administrator response: Validate that the given userhas a name identifier configured.

FBTLIB281E The register name identifier requestfailed. The provider provider did notprovide a name identifier in the registername identifier request.

Explanation: A name identifier is required in aregister name identifier request.

Administrator response: Validate that the givenprovider is correctly formatting its register nameidentifier requests.



FBTLIB282E The register name identifier could notbe performed. The provider provider didnot provide an old name identifier inthe register name identifier request.

Explanation: A old name identifier is required in aregister name identifier request.


FBTLIB283E Register name identifier request failed.The provider provider provided the oldname identifier old identifier but theexpected one was expected old identifier.

Explanation: The provided old name identifier did notmatch the current name identifier. The register nameidentifier request failed.


FBTLIB284E The register name identifier could notbe performed. The provider providerdoes not have the required registername identifier endpoint configured.

Explanation: The given provider does not have therequired register name identifier endpoint configured.

Administrator response: Validate that the givenprovider has a register name identifier endpointconfigured.

FBTLIB285E The register name identifier request foruserid could not complete because theidentity service was unavailable.

Explanation: The identity service was not available tocomplete the register name identifier request.

Administrator response: Validate that the identityservice is configured into the environment and isfunctioning correctly.

FBTLIB286E The register name identifier request foruserid could not complete because anerror was encountered during themodification of the alias in the registry.

Explanation: The identity service was not able tomake the alias modification in the registry.

Administrator response: Check a trace log for a morespecific error that will indicate what caused theproblem.

FBTLIB287E No register name identifier responsemessage was given.

Explanation: The partner did not respond with aregister name identifier message.

Administrator response: Ensure that the partnerresponds with correctly formatted messages.

FBTLIB288E No provider identifier was given in theregister name identifier response.

Explanation: The provider did not respond with aprovider identifier.

Administrator response: Ensure that the providerresponds with correctly formatted messages.

FBTLIB289E The provider provider did not include astatus in the register name identifierresponse.

Explanation: The provider given did not include astatus or a correctly formatted status in its response.

Administrator response: Ensure that the providerresponds with correctly formatted messages.

FBTLIB290E No register name identifier requestfound in the session.

Explanation: When the provider returns a response,the original request is needed to complete thetransaction.

Administrator response: Ensure that the browser hascookies enabled.

FBTLIB291E The protocol action caught anunexpected exception while executing alocal login.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileexecuting a local login.


FBTLIB292E The name identifier provided forfederation termination, identifier, is notvalid.

Explanation: The requestor sent a name identifier thatwas not valid for the principal.




FBTLIB293E A federation termination notificationthat was not valid was received.

Explanation: An attempt to decode the federationtermination notification failed either because of schemaviolation or a signature failure.

Administrator response: Check a trace log for themessage and ensure that it is correctly formatted, andvalidate the configured keys for the partner sending thenotification.

FBTLIB294E The federation termination notificationcould not be created because'schemaMessage'. The federationtermination has not been performed.

Explanation: An attempt to encode the federationtermination notification failed either because of schemaviolation or a signature failure.

Administrator response: Check a trace log for themessage and ensure that it is correctly formatted, andvalidate the configured private key aliases.

FBTLIB295E The register name identifier provided isnot valid or could not be understood,because [reason]. The register nameidentifier has not been performed.

Explanation: An attempt to encode the register nameidentifier failed either because of a schema violation ora signature failure.


FBTLIB296E There was no register name identifierrequest provided. The register nameidentifier has not been performed.

Explanation: There was no register name identifierrequest provided.

Administrator response: Ensure that the providermaking the register name identifier request provides arequest message.

FBTLIB297E The register name identifier messagecould not be created because[schemaMessage]. The federationtermination has not been performed.

Explanation: No register name identifier request wascreated because an error occurred.


FBTLIB300E The identity service could not set theself or partner alias for user user andpartner provider provider.

Explanation: The identity service encountered an errorwhile storing alias data for the current local user.

Administrator response: Validate that the identityservice is configured into the environment and isfunctioning correctly.

FBTLIB301E A Liberty message was not included inthe request to the SOAP endpoint.

Explanation: The message that was received by theSOAP endpoint did not include a Liberty message as achild of the SOAP body.

Administrator response: Validate that the partner thatis sending messages to the SOAP endpoint is sendingcorrectly formatted Liberty requests.

FBTLIB304E The Delegate protocol is unable toobtain the AuthenticationURL endpoint.

Explanation: A required endpoint URL was not foundin the configuration for the specified provider.

Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,define the required endpoint URL for the provider inquestion.

FBTLIB305E The name identifier to be used todetermine the local user cannot beobtained from Liberty context.

Explanation: The name identifier that comes in therequest is needed to determine the local identity ofuser. It might not have come in the request.

Administrator response: Turn on the provider tracingto check if the incoming request had name identifiersset.

FBTLIB306E The protocol action caught anunexpected exception while attemptingto get the user's local credentials.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileattempting to get the user's local credentials.


FBTLIB307E The protocol action caught anunexpected exception while executing.

Explanation: The protocol action caught anunexpected exception outside Liberty while executing.




FBTLIB308E The Liberty plug-in caught anunexpected exception when building theSOAP message.

Explanation: The Liberty plug-in caught anunexpected exception when building the SOAPmessage.



FBTLIB309E The received message failed signatureverification. The message was notsigned by a trusted signer or wasmodified after signing.

Explanation: The received message was signed butsignature verification failed.


Administrator response: Enable a trace for detailedmessages and validate configuration.

FBTLIB310E The configured Liberty version is validfor the federation federationId withdisplay name federationName.

Explanation: The Liberty version of the message is notsupported by the Liberty runtime.

Administrator response: Verify that the providers inthis provider's circle of trust operate at a compatiblelevel of the Liberty protocol.

FBTLIB311E The provider provider does not have anAssertionConsumerServiceURLendpoint configured with an ID of id.

Explanation: The configuration does not contain anAssertionConsumerServiceURL endpoint with the givenidentifier for the given provider.


Administrator response: Ensure that the configurationis correct.

FBTLIB312E The user user has authenticated with aone-time name identifier and cannotexecute a register name identifier action.

Explanation: The user was issued a one-time nameidentifier during authentication. Register nameidentifier actions can be executed only when a user hasbeen issued federated name identifiers.



FBTLIB313E The user user has authenticated with aone-time name identifier and cannotexecute a defederation action.

Explanation: The user was issued a one-time nameidentifier during authentication. Federation terminationactions can be executed only when a user has beenissued federated name identifiers.



FBTLIB314E The user was not authenticated becausea pre-existing logout request was found.

Explanation: The user was not authenticated becausea pre-existing logout request was detected. This canhappen if a user logs in but logs out of anotherfederated site, and the logout message arrives beforethe authentication credentials.


Administrator response: The user should log in again.

FBTLIB315E No authentication request was found inthe session.

Explanation: When a user authenticates, theauthentication request message is stored and used tovalidate the corresponding response message. Aresponse message was received, but there was not arequest message, and so the unsolicited response isrejected.


Administrator response: Enable a trace for detailedmessages.

FBTLIB316E The calculated proxy count value, count,is invalid.

Explanation: The calculated proxy count value mustbe at least one less than the original proxy count value.A pluggable proxy service has returned an invalidvalue. This limitation is specified by the LibertyArchitecture.


Administrator response: Install and configure a proxyservice that will return a valid proxy count value, suchas the default proxy service plug-in that is deliveredwith the product.



FBTLIB317E The user cannot be authenticateddirectly or by proxy.

Explanation: The incoming authentication requestforbids proxying of the request, and the identityprovider cannot authenticate the user directly.


Administrator response: The request should be retriedpermitting proxying, if possible. Otherwise, the requestshould be directed to another identity provider that isconfigured to authenticate users directly.

FBTLIB318E No identity provider was found inconfiguration.

Explanation: No identity provider was configured as apartner to this provider.


Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,define one or more identity provider partners for thisprovider.

FBTLIB319E The liberty version specified in thefederation group configuration 'groupId',self entity 'entity' is invalid. Specify thecorrect values in the'majorVersionProperty' and'minorVersionProperty' properties. Currentvalues MajorVersion: 'minorVersion'MinorVersion: 'minorVersion'

Explanation: An invalid liberty version is specified inthe configuration.

System action: The liberty module could not beinitialized.

Administrator response: Specify a valid libertyversion in the configuration.

FBTLIB320E The federation group type specified inthe configuration is not supported.Group id: 'id', Group display name: 'id',federation group type 'type'.

Explanation: The federation group defined is not asupported type.

System action: The Liberty Module could not beinitialized.

Administrator response: Verify that configuration filesare present and have not been corrupted. Specify asupported group type in the configuration.

FBTLIB321E The partnerEndpointType endpoint forpartner 'id' and display name'displayName' for federation group withID 'id' and display name 'displayName' isinvalid. Endpoint value 'displayName'.

Explanation: The specified partner endpoint is invalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid endpoint value in the configuration.

FBTLIB322E The partnerEndpointType endpoint for self'id' and display name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' is invalid.Endpoint value 'displayName'.

Explanation: The specified self endpoint is invalid.



FBTLIB323E The partnerEndpointType endpoint ismissing from the provider 'id' anddisplay name 'displayName' configurationfor federation group with ID 'id' anddisplay name 'displayName'.

Explanation: A required endpoint is missing from theprovider's configuration.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify therequired endpoint in the provider's configuration.

FBTLIB324E The propertyName property is missingfrom the provider 'id' and display name'displayName' configuration forfederation group with ID 'id' anddisplay name 'displayName'.

Explanation: A required property is missing from theprovider's configuration.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify therequired property in the provider's configuration.



FBTLIB325E The protocol profile value'protocolProfileValue' for protocol type'protocolProfile' specified for partner 'id'and display name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' is invalid.

Explanation: The specified protocol profile value isinvalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid protocol profile value in the configuration.

FBTLIB326E The property value 'propertyValue' forproperty 'propertyName' specified forprovider 'id' and display name'displayName' for federation group withID 'id' and display name 'displayName' isinvalid.

Explanation: The specified property value is invalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid property value in the configuration.

FBTLIB327E The boolean property value'propertyValue' for property 'propertyName'specified for provider 'id' and displayname 'displayName' for federation groupwith ID 'id' and display name'displayName' is invalid. For booleanproperties the permitted values are 'true'or 'false'.

Explanation: The specified boolean property value isinvalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid boolean property value in the configuration.

FBTLIB328E The numeric property value'propertyValue' for property 'propertyName'specified for provider 'id' and displayname 'displayName' for federation groupwith ID 'id' and display name'displayName' is invalid. The minimumvalue for this property is 'displayName'.

Explanation: The specified numeric property value isinvalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid numeric property value in the configuration.

FBTLIB329E The Identity provider succinct id value'propertyValue' specified under property'propertyName' for provider 'id' anddisplay name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' is invalid.The identity provider succinct ID is arequired property.

Explanation: The specified numeric property value isinvalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid identity provider succinct ID value in theconfiguration.

FBTLIB330E The common domain service host value'commonDomainServiceHost' specifiedusing property 'propertyName' for partner'id' and display name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' is invalid.The common domain service host muststart with http:// or https:// and end withthe common domain value 'displayName'.

Explanation: The specified common domain servicehost is invalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid common domain service host in theconfiguration.

FBTLIB331E The Identity provider succinct ID value'propertyValue' specified under property'propertyName' for provider 'id' anddisplay name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' does notmatch the message digest of theprovider ID.

Explanation: The specified identity provider succinctID value is invalid.


Administrator response: Verify that configuration files



are present and have not been corrupted. Specify avalid identity provider succinct ID value in theconfiguration.

FBTLIB332E The proxy list is invalid.

Explanation: The proxy list used in a proxyauthentication request must adhere to the Libertyspecifications. A pluggable proxy service has returnedan invalid proxy list.


Administrator response: Install and configure a proxyservice that will return a valid proxy list, such as thedefault proxy service plug-in that is delivered with theproduct.

FBTLIB333E The 'propertyValue' property is missingfrom the partner with provider ID'providerId' configuration.

Explanation: The specified property is missing fromthe partner configuration.

System action: The SOAP client could not beinitialized.

Administrator response: Verify that configuration filesare present and have not been corrupted. Include themissing property in the partner configuration.

FBTLIB334E The authentication request contained aRequestAuthnContext element which isnot supported by this identity provider.

Explanation: This version of the product does notsupport RequestAuthnContext elements inauthentication requests. Any request containing aRequestAuthnContext cannot be processed.


Administrator response: No action is necessary on theidentity provider. If possible, configure the serviceprovider to issue authentication requests that do notinclude a RequestAuthnContext element.

FBTLIB335E Internal Error: The delegate protocolcannot retrieve the AuthnRequest fromincoming HTTP POST.

Explanation: Internal Error: The delegate protocolcannot retrieve the AuthnRequest from incoming HTTPPOST.



FBTLIB336E Internal Error: The Delegate protocol isunable to process the request because itcould not convert the liberty request toan XML string.

Explanation: Internal Error: The Delegate protocol isunable to process the request because it could notconvert the liberty request to an XML string.



FBTLIB337E Internal Error: The Delegate protocol isunable to convert the request from anXML string to BASE64 encoded data.

Explanation: Internal Error: The Delegate protocol isunable to convert the request from an XML string toBASE64 encoded data.



FBTLIB338E Internal Error: The Delegate protocol isunable to convert the request fromBASE64 encoded data to an XML string.

Explanation: Internal Error: The Delegate protocol isunable to convert the request from BASE64 encodeddata to an XML string.



FBTLIB339E Internal Error: The Delegate protocol isunable to process the request because itcouldn't parse the liberty request XMLstring.

Explanation: Internal Error: The Delegate protocol isunable to process the request because it couldn't parsethe liberty request XML string.



FBTLIB340E The maximum amount of authenticationattempts authenticationAttempts has beenreached. Please verify that the AccessControl Lists are specified correctly. TheauthenticationURL URL needs to be aprotected endpoint.



Explanation: The user has exhausted the amount ofattempts to authenticate.

System action: Verify the point of contactconfiguration.

Administrator response: Verify that the AccessControl Lists are specified correctly.

FBTLOG001E The logging configuration file wasnot found.

Explanation: The system could not find the filecontaining the logging configuration data.

System action: The system will revert to defaultsettings.

Administrator response: Ensure that the configurationfile exists and is in the classpath of the application.

FBTLOG002W An integer was expected.

Explanation: The system expected an argument ofinteger type.

System action: The system will revert to a hardcodedvalue (5000).

Administrator response: Ensure that the argument isthe correct type.

FBTLOG003W An EventLevel was expected.

Explanation: The system expected one of thefollowing: DEBUG_MIN, DEBUG_MID, DEBUG_MAX.

System action: The system will revert toDEBUG_MIN.

Administrator response: Ensure that the argument isvalid.

FBTLOG004W An EventType was expected.

Explanation: The system expected one of thefollowing: INFO_TYPE, WARN_TYPE, ERROR_TYPE,ALL_MSG_TYPE, TRACE_TYPE, AUDIT_TYPE.

System action: The system will revert toALL_MSG_TYPE.

Administrator response: Ensure that the argument isvalid.

FBTLOG005E An error occurred while saving theconfiguration.

Explanation: The system could not write theconfiguration file.

System action: The configuration will not be saved.

Administrator response: Ensure that the configurationfile is in the correct location and is writable.

FBTLOG006E An error occurred during the loadingof the logging configuration.

Explanation: The system could not read from the filecontaining the logging configuration data.

System action: The system will revert to defaultsettings.

Administrator response: Ensure that the configurationfile exists and is in the classpath of the application.

FBTLOG007E The management context was notvalid. The changes could not becommitted during this session.

Explanation: The management context wasinvalidated probably because a commit occurredelsewhere.

System action: The system will revert back to theprevious settings.

Administrator response: Create a new session andattempt the operation again.

FBTLOG008E An exception was received during thecommit process. The changes could notbe committed during this session.

Explanation: The management component caught anexception thrown while trying to commit the changes.



FBTLOG009E An exception was received during agetMaxMsgFileSize operation.

Explanation: An exception was received during theretrieveMaxMsgFileSize operation.



FBTLOG010E An exception was received during aretrieveMaxTraceFileSize operation.

Explanation: An exception was received during theretrieveMaxMsgFileSize operation.



FBTLOG001E • FBTLOG010E


FBTLOG011E An exception was received during aretrieveMsgType operation.

Explanation: An exception was received during theretrieveMsgType operation.



FBTLOG012E An exception was received during aretrieveTraceLevel operation.

Explanation: An exception was received during theretrieveTraceLevel operation.



FBTLOG013E Required parameters were missing.

Explanation: A required parameter was missing fromthe argument map.



FBTLOG014E An exception was received during aretrieveTracing operation.

Explanation: An exception was received during aretrieveTracing operation.



FBTLOG015E An exception was received during aretrieveAuditLevel operation.

Explanation: An exception was received during aretrieveAuditLevel operation.



FBTLOG016E An exception was received during aretrieveMaxAuditFileSize operation.

Explanation: An exception was received during theretrieveMaxAuditFileSize operation.



FBTLOG017E An exception was received during aretrieveLogHomeDir operation.

Explanation: An exception was received during theretrieveLogHomeDir operation.



FBTLOG018E An exception was retrieved during aretrieveProductName operation.

Explanation: An exception was received during theretrieveProductName operation.



FBTLOG019E An exception was received during aretrieveTivoliCommonDir operation.

Explanation: An exception was received during theretrieveTivoliCommonDir operation.



FBTLOG020E An exception was received during amodifyMaxMsgFileSize operation.

Explanation: An exception was received during themodifyMaxMsgFileSize operation.



FBTLOG021E An exception was received during amodifyMaxTraceFileSize operation.

Explanation: An exception was received during themodifyMaxTraceFileSize operation.





FBTLOG022E An exception was received during amodifyMsgType operation.

Explanation: An exception was received during themodifyMsgType operation.



FBTLOG023E An exception was received during amodifyTraceLevel operation.

Explanation: An exception was received during themodifyTraceLevel operation.



FBTLOG024E An exception was received during amodifyTracing operation.

Explanation: An exception was received during themodifyTracing operation.



FBTLOG025E An exception was received during amodifyAuditLevel operation.

Explanation: An exception was received during themodifyAuditLevel operation.



FBTLOG026E An exception was received during amodifyMaxAuditFileSize operation.

Explanation: An exception was received during themodifyMaxAuditFileSize operation.



FBTLOG027E An exception was received during amodifyLogHomeDir operation.

Explanation: An exception was received during themodifyLogHomeDir operation.



FBTLOG028E An exception was received during amodifyProductName operation.

Explanation: An exception was received during themodifyProductName operation.



FBTLOG029E An exception was received during amodifyTivoliCommonDir operation.

Explanation: An exception was received during themodifyTivoliCommonDir operation.



FBTLOG030E An exception was received during aretrieveComponentList operation.

Explanation: An exception was received during theretrieveComponentList operation.



FBTLOG037E The component identifier is null.

Explanation: The component identifier specified in arequest to initialize logging is null.

System action: The logging initialization request isignored.

Administrator response: This is an internalprogramming error. Report this problem and theinvocation stack dump found in SystemErr.log to yourIBM service representative.



FBTLOG038E Invalid class name provided forconstructing a logger: parameter

Explanation: The class name provided for constructinga logger should be a full package-qualified class namebeginning with com.tivoli.am.fim.

System action: The logger has not been created.

Administrator response: This is an internalprogramming error. Report this problem and theinvocation stack dump found in SystemErr.log to yourIBM service representative.

FBTMET001E The desired metadata element of typedescriptor was not found in the metadatafile.

Explanation: The metadata import operation failedbecause a proper descriptor was not found.


Administrator response: Verify that the metadata filecontains valid metadata and retry the operation.

FBTMOD001E The received request is missing therequired parameter: parameter




FBTMOD002E The element localName is missing therequired attribute attributeName

Explanation: The current element is not valid becauseit does not contain required attributes.

System action: The parse operation will be halted.

Administrator response: Validate the module XMLfile.

FBTMOD003E Encountered unexpected elementwith URI uri and local nameelementName while parsing modulesmetadata file.

Explanation: The current element is not valid in thatlocation either because it is in the wrong place or is anunknown element.



FBTMOD004E The specified version string version isin a format that could not berecognized.

Explanation: The value for the version attribute is inan unrecognized format.



FBTMOD005E The plug-in and module initializerwas unable to locate a directory whereplug-ins are stored.

Explanation: The Federated Identity Managerapplication does not contain the directory containingmodules and plug-ins.

System action: No plug-ins or modules can be used.

Administrator response: Validate the FederatedIdentity Manager configuration.

FBTOAU0010E The signature base string cannot becreated from the request.

Explanation: The OAuth server is unable to create abase string from the HTTP request because the requestmessage syntax is not valid.


Administrator response: Verify that the syntax of therequest message is a valid OAuth request message.

FBTOAU0011E The received signature does notmatch the calculated signature:Calculated signature: 'signature'Signature received: 'signature' Signaturebase string: 'string'.

Explanation: The signature on the received messagedoes not match the signature calculated at the OAuthserver.


Administrator response: Compare the base stringbuild in the OAuth server with the one used forsigning in the request message. If the base strings arethe same, check the client shared-secret that was usedto sign the base string at the OAuth client and server.

FBTOAU0012E The client with identifier: 'clientidentifier' sends the token: 'token' to theOAuth server. However, the token isassigned to a different client withidentifier: 'client identifier'.

Explanation: The token in the request is not mappedto the client identifier in the request.

System action: The authentication fails.

FBTLOG038E • FBTOAU0012E


Administrator response: Validate the client identifierin the request message and compare it with the clientidentifier stored in the server. Ensure that the token ismapped to the correct OAuth client.

FBTOAU0013E OAuth token exchange between theSPS and STS failed in the 'type'delegate.

Explanation: The SPS delegate is unable to receive anOAuth token from STS. Either the request sent to STS isnot valid, or there is no STS chain to process therequest.

System action: The token exchange stops.

Administrator response: Ensure that the request sentto STS is valid, and there is an STS chain to process therequest.

FBTOAU0014E A duplicate OAuth parameter withthe name: 'param' has been found.

Explanation: There is a duplicate parameter in therequest.


Administrator response: Ensure that there are noduplicate parameters in the request message.

FBTOAU0015E The authenticated user name cannotbe found in the OAuth request.

Explanation: The authenticated user name cannot befound because there is no proper Authentication serviceto handle the request.

System action: The authentication is rejected.

Administrator response: Ensure that the access controlfor the resource owner authorization endpoint isconfigured correctly.

FBTOAU0016E An STSUU token build failed due toan IOException.

Explanation: Unable to build an STSUU token fromthe request message because the request syntax is not avalid OAuth request.

System action: The STSUU build stops.

Administrator response: Verify that the content of therequest sent from the browser is a valid OAuth request.

FBTOAU0017E The OAuth protocol parameter:'param' is found in the authorizationheader and in the HTTP entity-body orquery parameter.

Explanation: OAuth parameter is found in twolocations.


Administrator response: Verify that the request sentfrom browser has a parameter that only exists in onelocation.

FBTOAU0018E The callback provided 'callback' is notvalid.

Explanation: The value callback URI in the request isnot valid because it is not an absolute URI or 'oob'.


Administrator response: Ensure that the callback iseither specified to an absolute URI or 'oob'.

FBTOAU0019E The realm received in the request:'realm' does not match the realm that thetoken was created for: 'realm'.

Explanation: The realm in the request does not matchthe one stored with the token in the request.


Administrator response: Ensure that the realm ismapped to the token in the request message.

FBTOAU001E The OAuth client with identifier:'client identifier' cannot be found.

Explanation: The client identifier in the request doesnot match any registered client, or the client is disabledat the OAuth server.


Administrator response: Ensure that the client is validand is registered correctly.

FBTOAU0020E The authorize delegate received aconsent-to-authorize page with a consentform verifier that is not valid.

Explanation: The consent form verifier sent to theAuthorize delegate is not valid.

System action: The browser displays an error pageand the operation stops.

Administrator response: Ensure that the consent formverifier in the request message and the one sent to theauthorize delegate are valid.

FBTOAU0021E The parameter value for theparameter: 'param' is not valid. The valuefound was: 'value'.

Explanation: The value of the parameter is not valid.

System action: The operation stops.

Administrator response: Ensure that the parametervalues in the request message has the correct type andformat.

FBTOAU0013E • FBTOAU0021E


FBTOAU0022E The configuration value for theparameter: 'param' is not valid. The valuefound was: 'value'.

Explanation: The value of the configuration parameteris not valid.


Administrator response: Ensure the configurationparameter type is correct and the value is valid.

FBTOAU0023E An OAuth client with identifier:'client identifier' attempted to reuse thetoken: 'token'.

Explanation: The client sent a token that has beenused for a token exchange.


Administrator response: Validate that the token in therequest message has never been used before.

FBTOAU0024E An OAuth client with identifier:'client identifier' attempted to verify atoken with the incorrect verificationcode: 'verification code'.

Explanation: The verification code is not mapped tothe client identifier in the OAuth server.


Administrator response: Ensure that the verificationcode in the request message is valid and mapped to theclient identifier in the OAuth server.

FBTOAU0025W The runtime cannot load the OAuthtoken cache with module ID: 'moduleID'.The default module with ID:'defaultModuleID' loads instead.

Explanation: The runtime plug-in manager cannotload the module ID specified during configuration.

System action: A default token cache module loadsinstead.

Administrator response: Validate that the module IDconfigured for the OAuth token cache and plug-inwhich contains the specified module are deployed tothe runtime.

FBTOAU0026E The configuration parameter: 'param'for action: 'action' is missing or containsan invalid value: 'value'.

Explanation: The current request cannot be completedbecause the configuration is not valid.



FBTOAU0027E The runtime cannot load the OAuthtrusted clients manager module with ID:'moduleID'. The default module with ID:'defaultModuleID' loads instead.


System action: A default trusted clients managermodule loads instead.

Administrator response: Validate that the module IDconfigured for the OAuth trusted clients manager andplug-in which contains the specified module aredeployed to the runtime.

FBTOAU0029E The authorize delegate receivedconsent form data that contained OAuth1.0 parameters.

Explanation: The consent page form returned one ormore OAuth 1.0 parameters such as oauth_callback oroauth_token.


Administrator response: Ensure that the consent pageform does not contain OAuth 1.0 parameters such asoauth_callback or oauth_token.

FBTOAU002E The OAuth token with lookup: 'tokenstring' and type: 'type' cannot be found.

Explanation: The token for the given token type doesnot exist in the cache.


Administrator response: Ensure that the token is validand is mapped to the token type.

FBTOAU0030E The authorize delegate received arequest that did not contain anoauth_token or a consent_form_verifier.

Explanation: The request to the authorize delegate didnot contain an oauth_token parameter or aconsent_form_verifier parameter.


Administrator response: Ensure that requests to theauthorize delegate contain either an oauth_token or aconsent_form_verifier.

FBTOAU003E The OAuth token with lookup: 'token'cannot be found.

Explanation: The token does not exist in the cache.




Administrator response: Ensure that the token in theincoming message is valid.

FBTOAU004E Validation of the OAuth requiredparameters for token type: 'type' failed.The following parameter was missing:'param'.

Explanation: The token validation failed because thereis a missing parameter in the request message for thegiven token type.


Administrator response: Verify that the requestmessage has all the required parameters for the giventoken type.

FBTOAU005E Validation of the OAuth versionparameter failed. The required versionnumber is: 'version', the supplied versionnumber was: 'version'.

Explanation: The validation failed because the versionnumber in the request is not supported.


Administrator response: Verify that the OAuth serversupports the version number in the request message.

FBTOAU006E Timestamp validation failed becausethe timestamp is set in advance. Currenttimestamp: 'timestamp' Suppliedtimestamp: 'timestamp' Allowed clockskew: 'skew' Allowed request lifetime:'lifetime'

Explanation: The timestamp validation failed becausethe timestamp in the request is set in advance.


Administrator response: There are several reasonsthat an OAuth message timestamp might be set in theadvance: the clocks on the client and the OAuth serverare skewed beyond the acceptable tolerance or theacceptable tolerance for message timestamp is set toolow. The administrator must check these points andmake any necessary adjustments.

FBTOAU007E Timestamp validation failed due toan expired request. Current timestamp:'timestamp' Supplied timestamp:'timestamp' Allowed clock skew: 'skew'Allowed request lifetime: 'lifetime'

Explanation: The timestamp in the request has expiredand is not valid.


Administrator response: There are several reasonsthat a OAuth message timestamp might be expired: the

clocks on the client and OAuth server are skewedbeyond the acceptable tolerance, network delays arehampering message flow, or the acceptable tolerancefor message timestamp is set too low. The administratormust check these points and make any necessaryadjustments.

FBTOAU008E A nonce replay attack was detectedwith the nonce: 'nonce'.

Explanation: A nonce replay attack happens when thesame nonce exists in the cache.


Administrator response: Ensure that signed messagessent to the OAuth server are only presented once.

FBTOAU009E The OAuth signature method 'method'is not supported.

Explanation: The OAuth server does not support thesignature method in the request.


Administrator response: Ensure that the OAuth serversupports the signature method in the request message.

FBTOAU028E The preferred client provider class:'preferred_provider' could not be loaded,falling back on the default clientprovider class: 'default_provider'.

Explanation: The preferred client provider class couldnot be found.

System action: The default client provider class isused.

Administrator response: Check that the preferredclient provider class is present.

FBTOAU201E The response type: [response_type] isnot supported.

Explanation: The response_type parameter received inthe request has an unsupported value.


Administrator response: Ensure that theresponse_type parameter is one of the following: - code- token - a valid extension response type

FBTOAU202E The required parameter: [name] wasnot found in the request.

Explanation: A required parameter for this requesttype was not found in the received request


Administrator response: Ensure that the requestcontains all of the required parameters.



FBTOAU203E The client with identifier: [client_id]could not be found.

Explanation: The client identifier in the request doesnot match any registered client.



FBTOAU204E An invalid secret was provided forthe client with identifier: [client_id].

Explanation: The client secret in the request does notmatch the secret registered for this client.


Administrator response: Ensure that the client secretis valid for this client.

FBTOAU205E The preferred client provider class:[preferred_provider] could not be loaded,falling back on the default clientprovider class: [default_provider].

Explanation: The preferred client provider class couldnot be found.

System action: The default client provider class isused.

Administrator response: Check that the preferredclient provider class is present.

FBTOAU207E The browser request could not beconverted into an STSUU because:[message].

Explanation: The process of converting an HTTPrequest to an STSUU failed.


Administrator response: Ensure that the request hasbeen properly constructed.

FBTOAU209E The token request with applies to:[applies_to] and issuer: [issuer] failed.

Explanation: The token exchange failed.


Administrator response: Ensure that your OAuth 2.0trust chains have been correctly configured.

FBTOAU210E The redirection URI provided in therequest: [redirect_uri] is either invalid, ordoes not meet matching criteria againstthe registered redirection URI.

Explanation: An invalid redirection URI wasprovided.


Administrator response: Ensure that you haveprovided the correct redirection URI.

FBTOAU211E The [type] received of type [sub_type]does not exist.

Explanation: An invalid grant/token was provided.


Administrator response: Check that the grant/tokenbeing provided is valid.

FBTOAU214E The [type] received of type [sub_type]does not belong to the client attemptingto use it.

Explanation: An invalid grant/token was provided.


Administrator response: Check that the grant/tokenbeing provided is valid.

FBTOAU215E The grant type: [grant_type] is notsupported.

Explanation: The grant_type parameter received in therequest has an unsupported value.


Administrator response: Ensure that the grant_typeparameter is one of the following: - authorization_code- refresh_token - a valid extension grant type

FBTOAU216E The runtime could not load theOAuth 2.0 extension module with ID:[moduleID] for the extension point:[extension] . Instead the default modulewill be loaded with ID: [defaultID].

Explanation: The configuration specifies a module IDwhich could not be loaded by the runtime pluginmanager.

System action: A default module will be loadedinstead.

Administrator response: Validate that the plugincontaining the specified module is deployed to theruntime.

FBTOAU217E You are not authorized to access thisprotected resource.

Explanation: This resource can only be access by anauthorized user.


Administrator response: Ensure that the authorizationendpoint has been properly configured and secured.



FBTOAU218E The user denied consent to theprotected resource.

Explanation: The user denied authorization to theOAuth 2.0 client.

System action: Inform the client of the decision.


FBTOAU219E The scope requested in the accesstoken request exceeds the scope grantedby the resource owner.

Explanation: The client has requested an access tokenwith greater scope then that granted.


Administrator response: Ensure the client is notrequesting too great a scope in it's token request.

FBTOAU220E The authenticated client id: [username]does not match the client id in therequest body: [client_id].

Explanation: The client's authenticated username doesnot match the client id it provided in the request body.


Administrator response: Ensure that the authenticatedusername matches the client id.

FBTOAU222E The client's registered redirection URIis not a valid absolute URI.

Explanation: The client's configured redirection URI isinvalid.


Administrator response: Ensure that your client isconfigured correctly.

FBTOAU223E The received redirection URI:[redirect_uri] does not match theredirection URI that this grant wasissued to.

Explanation: The redirection URI in the request is nothe same as the redirection URI used in the request forthe authorization grant.


Administrator response: Ensure the same redirectionURI is used when requesting an authorization grantand using an authorization grant.

FBTOAU224E The runtime cannot load the OAuth2.0 trusted clients manager module withID: [moduleID]. The default module withID: [defaultModuleID] loads instead.


System action: A default trusted clients managermodule loads instead.

Administrator response: Validate that the module IDconfigured for the OAuth trusted clients manager andplug-in which contains the specified module aredeployed to the runtime.

FBTOAU225E The authorization delegate received aconsent page form verifier that was notvalid compared to the verifier in theuser's session.

Explanation: The consent page form verifier sent tothe authorization delegate was not valid compared tothe verifier contained in the user's session.


Administrator response: Ensure that the consent pageform verifier parameter submitted matches that set bythe intial authorization delegate request.

FBTOAU226E The authorization delegate receivedconsent form data that contained OAuth2.0 parameters.

Explanation: The consent page form returned one ormore OAuth 2.0 parameters such as client_id,redirect_uri, response_type or state.


Administrator response: Ensure that the consent pageform does not contain OAuth 2.0 parameters such asclient_id, redirect_uri, response_type or state.

FBTOAU227E Multiple values of the OAuth 2.0protocol parameter: [request_parameter]were found in the request.

Explanation: OAuth 2.0 protocol parameters may notoccur more then once in the request.


Administrator response: Make sure that OAuth 2.0request parameters do not occur more then once in therequest.



FBTOAU228E The request included multiple clientcredentials.

Explanation: OAuth 2.0 protocol requests may notinclude multiple client credentials, for example clientcredentials in both the BA header and the request body.


Administrator response: Make sure that OAuth 2.0request did not include client credentials in more thenone place, for example, in the BA header and therequest body.

FBTOAU229E Confidential clients accessing thetoken endpoint must authenticate usingtheir registered credentials.

Explanation: A confidential client attempted to accessthe token endpoint without authenticating.


Administrator response: Ensure any confidentialclients accessing the token endpoint present their clientcredentials.

FBTOAU230E The client credentials flow isrestricted to confidential clients.

Explanation: A public client attempted to use theclient credentials grant type, this grant type is restrictedto confidential clients.


Administrator response: Ensure public clients are notattempting to use the client credentials grant type.

FBTOAU231E The token endpoint is not configuredto allow public client access.

Explanation: A public client attempted to access atoken endpoint that has been configured to only allowconfidential clients.


Administrator response: If you wish to allow publicclients to access the token endpoint, it must beconfigured on the federation page in the TFIMmanagement console.

FBTOAU232E The client MUST use the HTTPPOST method when making accesstoken requests.

Explanation: A client attempted to make an accesstoken request without using the HTTP POST method.


Administrator response: Ensure that all requests tothe OAuth 2.0 token endpoint use the HTTP POSTmethod.

FBTOAU233E Maximum number of access tokenper user per client was reached

Explanation: There is limit on the number of accesstoken distributed per user per client. You can set thelimit in the API Protection definition.


Administrator response: Increase the access token peruser per client limit in the API Protection definition ofthe client.

FBTOAU234E Submitted PIN is wrong.

Explanation: PIN policy is enabled for the refreshtoken. PIN received in the request does not match.


Administrator response: Prompt the user to enter thecorrect password.

FBTOAU235E The provided PIN does not match thePIN length setting in API Protectiondefinition.

Explanation: The PIN length is different from the PINlength setting in API Protection definition.


Administrator response: Submit a PIN with thecorrect length.

FBTOAU236E A PIN must be provided to protectthe refresh token.

Explanation: PIN policy is enabled in the APIProtection definition, but a PIN was not provided.


Administrator response: Submit a PIN in the request.

FBTOAU237E The provided PIN contains invalidcharacters.

Explanation: A PIN should only contain numbers.


Administrator response: Submit a PIN containingonly numbers.

FBTOAU238E The API Protection definition is notattached to the requested resource.

Explanation: The API Protection definition should beattached to the resource.


Administrator response: Attach the API Protectiondefinition to the resource.



FBTOID0010E The openid.identity URL receivedfrom the identity provider: 'url1' did notmatch the openid.identity URL sent toit: 'url2'.

Explanation: The consumer sent a nonce to theidentity provider during login, and this was not sentback to the consumer. This could indicate a replayattack.


Administrator response: Please validate that theIdentity Provider is not replaying messages and that itis using the correct return_to URL.

FBTOID0011E The required set of fields were notsigned. The set of fields required to besigned is 'signatureRequired'. The set offields that were indicated as signed are'signed'.

Explanation: The consumer recieved a login responsewhich did not contain a signature over the minimumset of required fields.

System action: The request will be rejected.

Administrator response: Please validate that theIdentity Provider is sending a signature over at leastthe openid.identity and openid.return_to all the registryextension parameters.

FBTOID0012E The received message contained aninvalid signature.

Explanation: The signature on the received messagedid not match the expected signature value.


Administrator response: Please validate that thesender of the message is generating the signaturecorrectly.

FBTOID0013E The token exchange failed.

Explanation: The OpenID consumer was unable toexchange the login details for an authentication tokenat the trust service.

System action: The authentication will be rejected.

Administrator response: Please validate that the trustservice is available and running, and all requirementsof the trust chain have been met in the single-signonmessage from the identity provider.

FBTOID0014E The message was missing a requiredsigned parameter: 'param'

Explanation: The message has been rejected because aparameter which was required to be signed was notincluded in the response.


Administrator response: Please validate that themessage contains all the required signed parameters.

FBTOID0015E The message contained an associationhandle: 'association' which was notrecognized.

Explanation: The message has been rejected becausethe association handle parameter was not known to theIdentity Provider.

System action: The check_authentication will berejected.

Administrator response: Please validate that theconsumer is sending the correct association handle.

FBTOID0016E The message contained an associationhandle: 'association' which was exposedto a consumer.

Explanation: The message has been rejected becausethe association handle parameter was previouslyexposed to a consumer during an associate operation.

System action: The check_authentication will berejected.

Administrator response: Please validate that theconsumer is sending the correct association handle.

FBTOID0017E The message for mode 'mode' wassent with an invalid HTTP requestmethod: 'method'.

Explanation: The message has been rejected becausethe HTTP request method was not valid for themessage being sent.


Administrator response: Please validate that theconsumer is sending the message using the correctHTTP method.

FBTOID0018E The consumer requested an identityURL we could not validate: 'url'.

Explanation: The message has been rejected becausethe claimed identity URL could not be validated by theidentity provider.


Administrator response: Please validate that theconsumer is sending the correct format of identity URL.

FBTOID0019E The user attempted to login at theIdentity Provider however an OpenIDhas not yet been established.

Explanation: The authentication has been rejectedbecause the OpenID identity provider is configured in

FBTOID0010E • FBTOID0019E


alias mode, and no alias has yet been established forthe user.


Administrator response: Please ensure the end userhas established an OpenID alias before attemptinglogin.

FBTOID001E While processing action: 'action' theconfiguration parameter: 'param' wasdetermined to be missing or contain aninvalid value: 'value'.

Explanation: The current request could not becompleted because the configuration is not valid.



FBTOID0020W The OpenID server has canceled thesignon attempt.

Explanation: The authentication has been canceled bythe OpenID Server.


Administrator response: Please ensure the end userhas instructed the OpenID server to trust the consumersite.

FBTOID0021E The user session has beendetermined to be invalid while trying toretrieve the session variable: 'variable'.This may have occured due to anincorrect transaction sequence, a sessiontimeout, or a session replication or statemanagement problem in a load-balancedenvironment.

Explanation: The user has either attempted atransaction in the wrong sequence, or the session haseither timed out (e.g. user too slow to post a form) orin a clustered environment the user session may nothave been replicated to all nodes in the cluster andfailover (or incorrect stateful sessions) has occured.


Administrator response: Please ensure the end userhas posted their form data in a timely fashion, and thatin a clustered environment statefulness is maintainedwhere possible between a browser and the TFIM serverinstance.

FBTOID0022E The token exchange failed.

Explanation: The OpenID identity provider wasunable to exchange the current user credential forsign-in details at the trust service.


Administrator response: Please validate that the trustservice is available and running, and all requirementsof the trust chain have been met.

FBTOID0023E The OpenID server: 'server' returnedan error during the attempt to establishan association: 'errtext'.

Explanation: The OpenID identity provider returnederror text while attempting to establish an association.

System action: The authentication attempt will behalted.

Administrator response: Please validate that theOpenID server is available and able to process OpenIDassociate messages.

FBTOID0024E The OpenID server: 'server' returnedan error during the attempt to check thesignature on a message: 'errtext'.

Explanation: The OpenID identity provider wasunable to check whether or not the message containeda valid signature, and returned error text.


Administrator response: Please validate that theconsumer is sending correct parameters to the OpenIDserver, and that the OpenID server is functioning.

FBTOID0025E The OpenID consumer HTTP useragent was configured to deny access to aURL which the request attempted toaccess: 'url'.

Explanation: The OpenID consumer received a requestwhich caused it to attempt to contact an OpenID serveror Identity URL at an address which the consumer hasbeen configured to deny access to.


Administrator response: Please validate that theconsumer user agent is configured correct, and that theclient is not attempting malicious URL attacks at yourconsumer.

FBTOID0026E The provided network mask in thenetwork declaration: 'url' is invalid.

Explanation: The network mask it outside thepermitted range for this type of network declaration.


Administrator response: Please validate that theconfiguration of permitted and denied networkaddresses for the user agent is correct.



FBTOID0027E The OpenID server: 'url' cannot becontacted because the protocol it uses isnot permitted in this federation'sconfiguration.

Explanation: Use of this OpenID server has beendenied because the protocol it uses is not permitted bythe configuration of the federation.


Administrator response: Please validate that theconfiguration of the federation is correct, and that theOpenID server is using a matching protocol.

FBTOID0028W The runtime could not load theTrusted Sites Manager with module ID:'moduleID'. Instead the default modulewill be loaded with ID: 'defaultModuleID'.

Explanation: The configuration specifies a module IDwhich could not be loaded by the runtime pluginmanager.

System action: A default trusted sites managermodule will loaded instead.

Administrator response: Please validate that moduleID configured for the trusted sites manager and thatthe plugin containing the specified module is deployedto the runtime.

FBTOID0029E The relying party supplied areturn_to URL: 'return_to' that did notmatch the supplied realm URL: 'realm'.

Explanation: If the relying party supplies both anopenid.return_to and openid.realm, the return_to URLis requried to match the realm.


Administrator response: Please validate that therequest parameters from the relying party are correct.

FBTOID002E While processing action: 'action' theruntime parameter: 'param' wasdetermined to be missing or contain aninvalid value: 'value'.

Explanation: The current request could not becompleted because the call to the delegate is not valid.


Administrator response: Validate that the system hasbeen called with the correct parameter value.

FBTOID0030W An association could not beestablished with OpenID Server'moduleID'. The transaction will continuewith check_authentication signaturevalidation. The error details are: error

Explanation: An associate request failed with theOpenID server.

System action: The signon will contine andcheck_authentication will be used for signaturevalidation.

Administrator response: Please validate that OpenIDserver is functioning correctly as associations should beused for performance reasons.

FBTOID0031E While processing action: 'action' thetime skew with the server at endpoint:'endpoint' was not within the definedtime skew: 'timeSkewSeconds'.

Explanation: The current request could not becompleted because the times did not match.


Administrator response: Synchronize your serverclock or increase theSPResponseNonceSkewTimeSeconds parameter for thisfederation. You can also set the parameter to -1 todisable skew checking.

FBTOID0032E While processing action: 'action' therelying party detected a requestcontaining an openid.response_noncethat has already been used:'responseNonce'.

Explanation: The current request could not becompleted because of the replay.


Administrator response: No administrator action isrequired. This could be a replay attack (which has beendenied), however if no attack is suspected validate thatthe partner OP is not sending duplicate assertionresponses.

FBTOID0033W An unexpected checkAuthenticationwas received. This could be due to areplay of the check_authenticationrequest or the responseNonce'responseNonce' was not generated by thisOpenID provider.

Explanation: The current request will return falsebecause of the unexpected response_nonce in thecheck_authentication request.

System action: The check_authentication will returnfalse.

Administrator response: No administrator resposne isrequired. If desired, the log file can be consulted todetermine whether this was a replay or an invalidopenid.response_nonce.

FBTOID0027E • FBTOID0033W


FBTOID0034E The identity provider'identity_provider' is not authorized tomake claims about the identifier:'claimed_identifier'.

Explanation: The message has been rejected becauseduring an OP identifier login the identity provider wasnot authorized to make claims about the returnedclaimed identifier.


Administrator response: Please verify that the identityprovider is sending correct claimed identifiers or OPendpoints during OP identifier login.

FBTOID0035W The identity provider is skippingprocessing of unrecognized extension'extension_uri'.

Explanation: The message contains an OpenIDextension that has not been implemented by thisOpenID provider.

System action: The extension is skipped.

Administrator response: Please verify that OpenIDrelying-parties use extensions that this OP supports.Check that the XRDS advertised by this OP onlyincludes supported extensions.

FBTOID0036E The identity provider is unable toprocess extension 'extension_uri'.

Explanation: The message contains an OpenIDextension that cannot be processed.

System action: The extension is skipped.

Administrator response: Check the extensionparameters passed in the message.

FBTOID0037E An illegal extension alias has beendetected: 'extension_alias'.

Explanation: The message contains an OpenIDextension that is not permitted by the specification.

System action: The message is rejected.

Administrator response: Ensure that the partner issending valid extension parameters in the OpenIDmessage.

FBTOID0038E An exception has occurred whentrying to parse attribute informationfrom the login form forAttributeExchange attribute:'ax_attribute'.

Explanation: The login form is not correctlyformatted.

System action: The login attempt is terminated.

Administrator response: Ensure that the login formcontains a correctly formatted URI for the attribute. If acount is specified, ensure that the value is either apositive integer or the string 'unlimited'.

FBTOID0039E An invalid value was received for theAttribute Exchange parameter: 'ax_param'The received value was: 'received_value'.The expected value was: 'expected_value'.

Explanation: The received message contained aninvalid value for an attribute exchange parameter.


Administrator response: Ensure that the OpenIDpartner is sending a valid value for the indicatedattribute exchange parameter.

FBTOID003E Alias management is not supportedfor this federation.

Explanation: The OpenID federation has not beenconfigured in Alias mode, therefore the aliasmanagement endpoint is not supported.

System action: The request will be ignored.

Administrator response: Do not use the aliasmanagement endpoint for this federation.

FBTOID0040W An attribute exchange message wassent with an unsupported mode:'ax_mode'

Explanation: The received message contained anunsupported attribute exchange mode.

System action: The attribute-exchange extension isignored for this request.

Administrator response: Ensure that the OpenIDpartner sends supported attribute-exchange messages.

FBTOID0041E An attribute exchange alias was notin a valid format: 'ax_alias'

Explanation: The received message contained anattribute exchange alias that did not meet the formatrequirements defined in the specification.


Administrator response: Ensure that the OpenIDpartner is sending correctly formattedattribute-exchange messages.

FBTOID0042E The OpenID identity provider doesnot advertise support for one or moreauthentication policies.

Explanation: An authentication policy has beenspecified, but the identity provider does not supportthis policy.




Administrator response: Ensure that the OpenIDpartner supports the authentication policy.

FBTOID0043E The OpenID identity provider doesnot support one or more assurance levelpolicies.

Explanation: An assurance level namespace has beenspecified, but the identity provider does not advertisesupport for it.



FBTOID0044E The OpenID identity provider didnot authenticate the user as requested.

Explanation: An authentication policy has beenspecified, but the identity provider did not authenticatethe user.



FBTOID0045E The OpenID identity provider didnot authenticate the user within thetime limit that is required.

Explanation: The identity provider reported that theuser was authenticated outside the specified maximumtime limit.


Administrator response: Ensure that the OpenIDpartner authenticates the user in a timely manner.

FBTOID0046E The OpenID identity provider didnot specify the time at which the userwas authenticated.

Explanation: A maximum authentication time limitwas specified, but the identity provider did not reportan authentication time.


Administrator response: Ensure that the OpenIDpartner authenticates the user in a timely manner.

FBTOID0047E The OpenID identity provider doesnot support the PAPE extension.

Explanation: The selected identity provider does notsupport the PAPE OpenID extension.


Administrator response: Ensure that the OpenID

partner supports PAPE or has enabled the sendalwaysconfiguration for PAPE.

FBTOID0048E The trust chain configured by thisOpenID identity provider did notprovide the time that the user wasauthenticated.

Explanation: PAPE support requires userauthentication time. Ensure that the configuredmapping rule for this federation returns this value.


Administrator response: Update the mapping rule toreturn this value.

FBTOID0049E The assurance level alias 'pape_alias'does not have a mapped namespace.

Explanation: The OpenID message contained anassurance level alias that has not been declared with anamespace mapping.


Administrator response: Ensure that only knownnamespace mappings are returned.

FBTOID004E The current user making the request isnot authenticated.




FBTOID0050W Relying Party discovery of the trustroot 'trustroot' resulted in an exception:extext.

Explanation: Relying-party discovery cannot besuccessfully performed on the trust root received in theOpenID request.

System action: The request might be rejected,depending on your configuration.

Administrator response: Ensure that the relying-partyadvertises XRDS at the provided trust root URL thatcontains a service for http://specs.openid.net/auth/2.0/return_to with a matching URI.

FBTOID0051E Relying Party discovery of the trustroot 'trustroot' failed to find a match forreturn_to URL 'returnto'.

Explanation: Relying-party discovery cannot besuccessfully performed on the trust root received in theOpenID request to validate the return_to URL.




Administrator response: Ensure that the relying-partyadvertises XRDS at the provided trust root URL thatcontains a service for http://specs.openid.net/auth/2.0/return_to with a matching URI.

FBTOID0052W The runtime could not load theIDGenerator with module ID:'moduleID'. Instead the default module isloaded with ID: 'defaultModuleID'.

Explanation: The configuration specifies a module IDthat the runtime plug-in manager cannot load.

System action: A default IDGenerator module isloaded instead.

Administrator response: Ensure that the module ID isconfigured for the IDGenerator and that the plug-incontaining the specified module is deployed to theruntime.

FBTOID0053E The maximum authentication agerequested by the Relying Party 'authAge'cannot be parsed.

Explanation: The Relying Party attempted to pass aparameter indicating the time in which a user musthave been authenticated. However, this parametercannot be parsed as an integer.


Administrator response: Ensure that the Relying Partyis sending valid data.

FBTOID0054E The PAPE assurance level alias 'alias'has been used multiple times in theresponse from the OpenID OP.

Explanation: The Relying Party returned an assurancelevel alias that is used multiple times. Each alias mustbe mapped to exactly one namespace.



FBTOID0055E The PAPE assurance level namespace'ns' has been used multiple times in theresponse from the OpenID OP.

Explanation: The Relying Party returned an assurancelevel namespace that is used multiple times. Eachnamespace must be mapped to exactly one alias.



FBTOID0056E The reported PAPE authenticationtime string 'time' is not a valid value.

Explanation: The authentication time is not valid.


Administrator response: Ensure that the sender issending valid data. The sender can be the RelyingParty, a mapping rule, or both.

FBTOID0057E The reported PAPE authenticationtime string 'time' is in the future.

Explanation: The authentication time is in the future.This situation usually occurs when the clock skewexceeds the configured skew amount.


Administrator response: Ensure that the sender issending valid data. The sender can be the RelyingParty or a mapping rule, or both.

FBTOID005E The alias: alias has already been usedby another user.

Explanation: The alias has been used by another userfor this federation.

System action: The alias will not be stored for thisuser - they will have to select another alias.

Administrator response: The user will need to chooseanother alias.

FBTOID006E The alias: 'alias' contains invalidcharacters. Only non-whitespace lettersand digits should be used.

Explanation: The alias should contain only letters ordigits.

System action: The alias will not be stored for thisuser - they will have to select another alias.

Administrator response: The user will need to chooseanother alias.

FBTOID007E An unexpected internal error hasoccurred: 'errtext'.

Explanation: An unexpected internal error hasoccured.


Administrator response: Please contact support.

FBTOID008E The supplied identity URL: 'idurl'could not be resolved to an OpenIDprovider.

Explanation: The URL endpoint could not be fetched,or the fetched page did not contain OpenID server

FBTOID0052W • FBTOID008E


and/or delegate information.


Administrator response: Please validate that theOpenID Identity URL is correct, and that it returns apage containing OpenID identity headers.

FBTOID009E The received openid.return_to URLfrom the identity provider: 'url1' did notmatch the openid.return_to URL sent toit: 'url2'.

Explanation: The consumer sent an openid.return_toURL to the identity provider during login, and this wasnot sent back to the consumer. This could indicate areplay attack.


Administrator response: Please validate that theIdentity Provider is not replaying messages and that itis using the correct return_to URL.

FBTOTP000E Internal Error. Contact the SystemAdministrator.


System action: The one-time password managerencountered an error, process has been halted.

Administrator response: Check the log file for moreinformation about the cause of the problem.

FBTOTP100E The plugin pluginName is missing therequired parameter parameter

Explanation: A required plugin is missing from theplugin configuration.

System action: The one-time password plugininitialization encountered an error, process has beenhalted.

Administrator response: Provide the requiredparameter in the plugin configuration.

FBTOTP101E The value [value] of the pluginparameter parameter is not valid.

Explanation: Some of the values in the pluginconfiguration are not valid.

System action: The one-time password plugininitialization encountered an error, process has beenhalted.

Administrator response: Fix the parameter value inthe plugin configuration.

FBTOTP200E The one-time password provider fortype type is not found.

Explanation: The one-time password provider for thespecified type is not found.

System action: Process has been halted.


FBTOTP201E The one-time password delivery fordelivery type type is not found.

Explanation: The one-time password delivery for thespecified delivery type is not found.



FBTOTP202E One-time password manager notinitialized.


System action: The one-time password managerencountered an error, process has been halted.


FBTOTP300E The required input parameter param isnot found in the STSUU.

Explanation: A required input is missing from theinput parameter.


Administrator response: Provide the requiredparameter in the incoming STSUU.

FBTOTP301E Cannot obtain one-time passworddelivery option.

Explanation: There was an error in obtaining theone-time password delivery option.


Administrator response: Examine the log to determinethe cause of the failure.

FBTOTP302E The one-time password cannot begenerated.

Explanation: There was an error in generating theone-time password.



FBTOID009E • FBTOTP302E


FBTOTP303E The one-time password cannot bedelivered to deliveryAttribute.

Explanation: There was an error in delivering theone-time password.



FBTOTP304E The submitted one-time password isnot valid.

Explanation: The entered one-time password is notvalid.


Administrator response: Correct the one-timepassword and resubmit the form.

FBTOTP305E The required service handlehandleName was not provided to the STSmodule.

Explanation: The required service handle was notavailable.

System action: The STS request processing has beenhalted.

Administrator response: This error is a significantinternal error. Check the logs for error messagesindicating why the required service was not properlycreated.

FBTOTP306E An error occurred during theconstruction of the contents of amessage.

Explanation: The messaging component failed to builda message to send to the user.

System action: The one-time password operationcould not be completed.

Administrator response: The one-time passwordapplication could not send a message due to a problemconstructing the message contents. If details arerequired, enable trace logging and examine the nestedexception.

FBTOTP307E An internal error occurred. Contact theSystem Administrator.


System action: The one-time password applicationencountered an error, process has been halted.


FBTOTP308E The page contents might be missingthe required information such as[requiredInfo] that is used to process ane-mail message request.

Explanation: The one-time password email deliverymodule requires certain information to process therequest. The required information is missing.


Administrator response: Examine the logs todetermine the cause of the problem.

FBTOTP309E The page contents might be missingthe required information such as[requiredInfo] that is used to process anSMS message request.

Explanation: The one-time password SMS deliverymodule requires certain information to process therequest. The required information is missing.



FBTOTP310E The one-time password that yousubmitted is not valid. Please submit avalid one-time password.

Explanation: You must use a valid one-time password.

System action: The one-time password is rejected.


FBTOTP311E The one-time password is submittedafter the one-time password has expired.Please generate another one-timepassword, and submit it before itexpires.

Explanation: One-time passwords are only valid for acertain amount of time. Ensure that you submit theone-time password before it expires.

System action: The one-time password is rejected.


FBTOTP312E The one-time password cannot bedelivered to the email address: toEmail.Verify that the phone number is correct.

Explanation: There was an error in delivering theone-time password to the specified email address.



FBTOTP303E • FBTOTP312E


FBTOTP313E The one-time password authenticatecallback could not invoke the trustservice to perform token exchange foroperation id [operation id] .

Explanation: The one-time password authenticatecallback could not invoke the trust service to performthe one-time password operation.



FBTOTP314E The one-time password authenticatecallback could not retrieve the one-timepassword delivery options.

Explanation: The one-time password authenticatecallback could not to retrieve the one-time passworddelivery options.



FBTOTP315E The one-time password cannot begenerated or delivered.

Explanation: There was an error in generating anddelivering the one-time password.



FBTOTP316E The request received by the one-timepassword authentication callback wassent using a transport that is not valid.

Explanation: The request received by the one-timepassword authentication callback was sent using atransport that is not valid. The request was sent usingthe SOAP binding.

System action: The one-time password requestprocessing stopped.

Administrator response: Examine the logs todetermine the cause of the problem. Ensure that therequest is being sent using the appropriate binding.

FBTOTP317E The submitted one-time passwordcould not be validated.

Explanation: The one-time password module couldnot validate the submitted one-time password value.



FBTOTP318E Unable to send the message to[phoneNumber] with username [username]because the SMS gateway providerreturned a response HTTP status code[statusCode] which does not match thevalue that is configured in the responsefile for the parameterSuccessHTTPReturnCode: [successCode].

Explanation: The response HTTP status code returnedby the SMS gateway provider does not match the valuethat is configured in the response file for the parameterSuccessHTTPReturnCode.



FBTOTP319E Unable to send the message to[phoneNumber] with username [username]because the SMS gateway providerreturned an HTTP response body:[responseBody] which does not match theJava regular-expression pattern that isconfigured in the response file for theparameter SuccessHTTPResponseBodyRegexPattern: regexPattern

Explanation: The HTTP response body returned bythe SMS gateway provider does not match the Javaregular-expression pattern that is configured in theresponse file for the parameterSuccessHTTPResponseBodyRegexPattern.



FBTOTP320E The list of methods for generating,delivering, and verifying one-timepassword returned fromOTPGetDeliveryMethods mapping ruleis invalid.

Explanation: OTPGetDeliveryMethods mapping rulemust return at least one method for generating,delivering, and verifying one-time password.


Administrator response: Ensure thatOTPGetDeliveryMethods mapping rule returns a validlist of methods for generating, delivering, and verifyingone-time password.

FBTOTP321E The submitted ID of the method forgenerating, delivering, and verifyingone-time password is invalid.

Explanation: The submitted ID must refer to one ofthe methods for generating, delivering, and verifyingone-time password returned by



OTPGetDeliveryMethods mapping rule.



FBTOTP322E The one-time password basedauthentication failed. The user is notauthenticated or the authentication levelin the credential is not equal or higherto the supported authentication level[authentication level].

Explanation: The authentication process failed togenerate a credential that supports the configuredauthentication level.



FBTOTP323E The value [action] received on theone-time password action query stringparameter is not valid.

Explanation: The value submitted using the actionquery string parameter is not valid.



FBTOTP324E The value [action] received on theone-time password action query stringparameter is not allowed when theprevious step was [previousPhase].

Explanation: The authentication process failed becausean invalid action value was specified.



FBTOTP325E The method for generating, delivering,and verifying one-time password wasnot found in the session.

Explanation: The method for generating, delivering,and verifying one-time password needs to be availablein the session.



FBTOTP326E The submitted CSRF token is invalid.

Explanation: The submitted CSRF token must matchthe last generated CSRF token.



FBTOTP328E The configured parameter[parameterName] with value [value] isoutside of the range [lowRange -highRange]

Explanation: The parameter is outside of the expectedrange.

System action: The configuration is invalid. Theone-time passwords cannot be verified.

Administrator response: Update the configuration sothat the configuration parameter is in a valid range.

FBTOTP329E The configured parameter[parameterName] with value [value] isbelow the minimum value of [lowRange]

Explanation: The parameter is below the minimumaccepted value.

System action: The configuration is invalid. Theone-time passwords cannot be verified.

Administrator response: Update the configuration sothat the configuration parameter is at least theminimum value.

FBTOTP330E Unable to locate the HMAC secret key

Explanation: The user's secret key for one-timepassword generation cannot be located.

System action: Unable to verify

Administrator response: Ensure that the secret key isbeing provided to the user through the STSUU

FBTOTP331E The specified algorithm[parameterName] is not supported on thissystem

Explanation: The algorithm chosen to generate theOTPs is not supported on this system. It is possible thatthe algorithm was not named correctly, or a newerversion of Java is required.

System action: The algorithm specified is notsupported, so OTPs cannot be verified.

Administrator response: Check the configuration tomake sure the algorithm is specified correctly. It ispossible that the algorithm is supported in a laterversion of Java than the one currently installed.



FBTOTP332E The one time use enforcement store[parameterName] could not be loaded orwas not found.

Explanation: The one time use enforcement storeimplementing the OTPReplayStore interface was notfound.

System action: Due to the configuration error, OTPswill not be generated or verified.

Administrator response: Check that the one time useenforcement store is available to be loaded. Also checkthat it implements the OTPReplayStore interface.

FBTOTP333E The one time use enforcement store[parameterName] implemented OTPStore,but not OTPReplayStore.

Explanation: The one time use enforcement store mustimplement the OTPReplayStore interface.

System action: Due to the configuration error, OTPswill not be generated or verified.

Administrator response: Specify a store thatimplements the OTPReplayStore interface.

FBTOTP334E The one time password providerfailed to store the counter thatcorresponds to the user [username].

Explanation: The one time password provider failedto store the counter value that corresponds to the user.

System action: The request to authenticate the userusing the one time password will fail.

Administrator response: Validate the one timepassword provider configuration .

FBTOTP335E The submitted PIN did not satisfy allrequirements.

Explanation: The submitted PIN did not meet all ofthe requirements of the RSA Manager.

System action: The request to authenticate the userusing the one time password and attempt to change thePIN will fail.


FBTOTP336E The ID obtained from the obligationURI for the method for generating,delivering, and verifying one-timepassword is invalid.

Explanation: The ID obtained from the obligation URImust refer to one of the methods for generating,delivering, and verifying one-time password returnedby OTPGetDeliveryMethods mapping rule.



FBTPWD001E The class classname is not theexpected interface. The class will not beused for obfuscation.

Explanation: The class given to do obfuscation doesnot implement the correct interface.

System action: The class will not be used to performobfuscation.

Administrator response: Ensure that the given classimplements the documented interface to performpassword obfuscation.

FBTPWD002E The password obfuscator utility isunable to locate the passwordobfuscator plug-in.

Explanation: A problem was encountered whileattempting to load the plug-in.

System action: The plug-in was not loaded.

Administrator response: Check the logs for anexception that provides more details about the cause ofthe problem.

FBTPWD003E Could not determine the moduledirectory to load the passwordobfuscator plug-in.

Explanation: A problem was encountered whileattempting to locate the plug-in directory.


Administrator response: Check the logs for anexception that provides more details about the cause ofthe problem.

FBTPWD004W The password obfuscator plug-ingiven could not be loaded. Ensure youhave the module package in yourclasspath.

Explanation: For a plug-in to be loaded it requiressome prerequisite module libraries to load the plug-in;the prerequisite module libraries are missing.


Administrator response: Ensure that you have therequired module libraries in the classpath to load thecustom plugin.

FBTRPT001E Check that all required reportparameters are set correctly.

Explanation: This error occurs when a required reportparameter is missing or has been set incorrectly in areport design file.

FBTOTP332E • FBTRPT001E


System action: System cannot execute reportingfunctionality.

Administrator response: Check report parametersettings in report design file.

FBTRPT002E The Report engine cannot be started.

Explanation: This error occurs due to problems in thereports configuration.


Administrator response: Check that the reportsconfiguration has been defined properly.

FBTRPT003E Detected invalid or nonexistentdirectory for report designs.

Explanation: This error occurs when the reportdesigns directory for the reports configuration isinvalid or does not exist.


Administrator response: Check that the report designsdirectory has been specified correctly in the reportsconfiguration.

FBTRPT004E Detected invalid or nonexistentdirectory for report designs.

Explanation: This error occurs when the reportarchives directory for the reports configuration isinvalid or does not exist.


Administrator response: Check that the reportarchives directory has been specified correctly in thereports configuration.

FBTRPT005E Could not find report design.

Explanation: This error occurs when a report designcannot be found in the report designs directory.


Administrator response: Check that the appropriatereport design is located in the report designs directoryas defined in the reports configuration.

FBTRPT006E Could not find archived report.

Explanation: This error occurs when an archivedreport cannot be found in the report archives directory.


Administrator response: Check that the appropriate

archived report is located in the report archivesdirectory as defined in the reports configuration.

FBTRPT007E Could not create archive reportdirectory for render type.

Explanation: This error occurs when a invalid orunsupported render type has been specified.


Administrator response: Specify pdf or html as arender type.

FBTRPT008E An error has occurred while runningreport.

Explanation: This error occurs when an unexpectederror has occurred while running a report.


Administrator response: Check the system logs forerror details.

FBTRPT009E Detected invalid report file name.

Explanation: This error occurs when the requirednaming convention for report design files is notfollowed.


Administrator response: Check that report design fileis named properly.

FBTRPT010E Detected invalid parameter with noselection choices.

Explanation: There was a problem retrieving selectionchoices for a list box, check box, or radio buttonparameter.


Administrator response: Check that the list box, checkbox, or radio button parameter has been definedcorrectly in the report design.

FBTRPT011E Detected unsupported or invalidparameter. Parameter must be a scalartype.

Explanation: This error occurs when a parameter isnot a scalar parameter.


Administrator response: Check that the parameter hasbeen defined as a scalar type in the report design. Only

FBTRPT002E • FBTRPT011E


scalar parameters are supported in this release. Checkthe Review TFIM documentation for details on definingreport parameters.

FBTRTE001E The runtime configuration propertiesfile was not found.

Explanation: The runtime could not find itsconfiguration file in the classpath.

System action: The action will be halted.

Administrator response: Validate the runtimeconfiguration file is located in the runtimes classpath.

FBTRTE002E The runtime configuration domainproperty was not found.

Explanation: The runtime could not determine thedomain from its property configuration file.


Administrator response: Validate the runtimeconfiguration file is located in the runtimes classpathand the domain is set correctly.

FBTRTE003E The runtime configuration could not geta repository handle from the managedcontainer.

Explanation: The runtime requires a handle to therepository which it receives from the managedcontainer.


Administrator response: Validate the runtime is beingused by a managed application and the container isoperating correctly.

FBTRTE004E A required list of properties was notgiven.

Explanation: This action requires a properties list tobe given.


Administrator response: Validate that the requiredproperties are being passed.

FBTRTE005E The required property (property) was notgiven.

Explanation: This action requires the specifiedproperty to complete.


Administrator response: Validate that the requiredproperty is being given.

FBTRTE006E The given directory (directory) does notexist.

Explanation: The given directory must already exist tocomplete the action.


Administrator response: Validate that the givendirectory exists.

FBTRTE007E The given directory path (directory) couldnot be created.

Explanation: This action requires that the givendirectory path has the access to be created.


Administrator response: Validate that the givendirectory path can be created.

FBTRTE008E The given properties file (properties file)could not be found.

Explanation: This action requires that a properties filebe given.


Administrator response: Validate that the givenproperties file exists and has the correct access set.

FBTRTE012E The Access Manager server SSLconfiguration command returned witherrors. See the log file for more details.

Explanation: The Access Manager SvrSslCfg commandreturned with errors.



FBTRTE013E The Access Manager runtimeconfiguration command returned witherrors. See the log file for more details.

Explanation: The Access Manager PDJrteCfgcommand returned with errors.



FBTRTE014E The server type given is not a supportedtype.

Explanation: The listen mode is currently notsupported.


FBTRTE001E • FBTRTE014E


Administrator response: Ensure that a supportedlisten mode is entered.

FBTRTE015E An error occurred when updating theserver's state. Check server logs formore details.

Explanation: An error occurred when attempting tostore the new server's state. See the logs for moredetails.


Administrator response: Check the server logs formore details.

FBTRTE016E Unable to determine domain that thenode is a member of. The operation didnot complete.

Explanation: For any runtime operation to complete,the runtime must know what domain it is a member of.


Administrator response: Ensure that FederatedIdentity Manager was started correctly.

FBTRTE017E An error occurred when updating theconfiguration in the repository. Checkserver logs for more details.

Explanation: The configuration repository returned anerror.


Administrator response: Check the server logs formore details.

FBTRTE018E The provided JAR file is not in theexpected format. Import did notcomplete successfully.

Explanation: Only JAR files that are created by theexport function can be used to import. The JAR fileprovided was missing required data.


Administrator response: Ensure that only JAR filesthat are exported are used.

FBTRTE019E Did not find a software.properties file.Runtime deployment canceled.

Explanation: A software.properties file is required togive information about the runtime being deployed andit was not present.


Administrator response: Ensure that the runtime wasproperly installed.

FBTRTE020E Did not find a serialId in thesoftware.properties file. Runtimedeployment canceled.

Explanation: The software.properties file shouldcontain a serial identifier.



FBTRTE021E Could not find the EAR properties filegiven in the software.properties file.Runtime deployment canceled.

Explanation: The EAR properties file given in thesoftware.properties file could not be found. Thisproperties file is required to deploy the EAR.



FBTRTE022E An error occurred when attempting todeploy the runtime. Runtime was notdeployed.

Explanation: An error occurred during thedeployment of the runtime.


Administrator response: Ensure that the runtime wasproperly installed and check the logs for further details.

FBTRTE025E An error occurred when attempting toremove the runtime. Runtime was notremoved.

Explanation: An error occurred during the removal ofthe runtime.


Administrator response: Check the logs for furtherdetails.

FBTRTE026E The node could not be unconfigureddue to an error.

Explanation: An error occurred while attempting tounconfigure the runtime.



FBTRTE015E • FBTRTE026E


FBTRTE029E The node could not be configured dueto an error.

Explanation: An error occurred during the configuringof the runtime.



FBTRTE030E The domain domain name could not beremoved due to an error.

Explanation: An error occurred during the removal ofthe given domain.



FBTRTE034E The domain domain name could not becreated due to an error.

Explanation: An error occurred during the creation ofthe given domain.



FBTRTE037E Unable to modify the applicationparameter task or role name.

Explanation: An attempt to locate and modify aparticular set of application parameters failed.

System action: The parameters will not be modified.

Administrator response: No action is necessary unlessother problems occur.

FBTRTE038E software.properties is unavailable,cannot publish any directories todomain.

Explanation: A software.properties file is required togive information about the directories to publish.

System action: The publish action is halted.

Administrator response: Ensure the runtime wasproperly installed.

FBTRTE039E The software.properties key key ismissing or contains no directories topublish.

Explanation: A software.properties file is required togive information about the directories to publish.

System action: The publish action is halted.

Administrator response: Check the

software.properties file and ensure there is a key with avalue that is a directory or list of directories.

FBTSML001E The received request is missing therequired parameter: parameter




FBTSML002E The value value for attribute attr is notvalid.




FBTSML003E The requested target, target isunknown or disabled.



Administrator response: Validate the incomingmessage, and that the identity provider has configuredand enabled service provider partners for this target.

FBTSML004E The request received an artifact withsuccinct ID: succinctId, which did notmatch a known partner identityprovider.



Administrator response: Validate the incomingmessage and the configuration of the partner identityproviders.

FBTSML005E The current user making the requestis not authenticated.




FBTSML006E The token cannot be exchanged forthe service provider.



Administrator response: Validate the incoming

FBTRTE029E • FBTSML006E


message and the trust service configuration.

FBTSML007E No configured post page is availableto use to return the token to the serviceprovider.

Explanation: The current request could not becompleted because the token exchange succeeded butno configured post page was available.


Administrator response: This is a configuration error.Ensure that the post page exists in the templatedirectory.

FBTSML008E No token was available to return tothe service provider.



Administrator response: Validate the incomingmessage and the trust service configuration.

FBTSML009E The SAML response object received isnot valid.

Explanation: The current request could not becompleted because the SAML response object is notvalid.



FBTSML010E The sign-on message at the serviceprovider contained parameters that arenot valid.

Explanation: The current request could not becompleted because the sign-on request is not valid.


Administrator response: Validate the incomingmessage from the identity provider.

FBTSML011E The response from the identityprovider could not be understood or didnot contain an assertion: samlresponse.

Explanation: The current request could not becompleted because the identity provider response wasnot understandable or did not contain a SAMLassertion for sign on.


Administrator response: Ensure that the identityprovider is configured to send the correct XML element

response and that the request to the identity providerwas valid.

FBTSML012E The identity provider token cannot beexchanged for one that is valid for theresource.

Explanation: The current request could not becompleted because the identity provider response wasnot understandable.


Administrator response: Validate that the identityprovider is configured to send the correct XML elementresponse.

FBTSML013E The SAML artifact: artifact is notvalid.

Explanation: The current request could not becompleted as the provided SAML artifact is not valid.


Administrator response: Validate that the serviceprovider is configured correctly.

FBTSML014E The SAML assertion cannot beretrieved.

Explanation: The current request could not becompleted because a SAML assertion could not beretrieved.


Administrator response: Validate that the serviceprovider is configured correctly and that the identityprovider is configured to store the assertions for asufficient time.

FBTSML015E While processing action: action theinternal context was missing attribute:action.

Explanation: The current request could not becompleted because of an internal processing error.


Administrator response: Contact IBM softwaresupport with this log file.

FBTSML016E While processing action: action thefollowing configuration parameter wasdetermined to be missing or incorrect:action.

Explanation: The current request could not becompleted because the configuration is not valid.


FBTSML007E • FBTSML016E



FBTSML017E The assertion could not be retrievedfrom the identity provider at: ip usingartifact: artifact.

Explanation: The service provider could not retrievethe assertion from the identity provider.


Administrator response: Ensure that the identityprovider is available.

FBTSML018E The user cannot be authenticated.

Explanation: The current request could not becompleted because the trust service response could notauthenticate the user.


Administrator response: Validate that the trust serviceand Point of Contact are properly configured.

FBTSML019E The SAML request is not valid.

Explanation: The current request could not becompleted because the request received is not valid.


Administrator response: Validate that the request isvalid.

FBTSML020E The where-are-you-from processreceived a request for the identityprovider: ipURL, which did not match aknown partner identity provider.

Explanation: The current request received awhere-are-you-from cookie which did not match anenabled partner identity provider.


Administrator response: Validate that the incomingmessage contains a WAYF cookie that matches one ofthe provider IDs for an enabled partner identityprovider. One workaround is to delete all persistentcookies on the browser and have the user perform theWAYF process again.

FBTSML021E The sign-on request at the serviceprovider did not contain valid sign-onparameters. Either a SAML Response ora SAML Artifact should be included inthe initial sign-on request.

Explanation: The current request could not becompleted because the sign-on request is not valid.


Administrator response: Validate the incomingmessage from the browser to ensure that the identityprovider has sent either a valid browser-artifact sign-on(redirect containing a SAMLart parameter), or a validbrowser-post sign-on (POST containing aSAMLResponse parameter).

FBTSML200E Unexpected exception: exception

Explanation: The SAML 2.0 plug-in caught anunexpected exception.


Administrator response: Examine the trace logs formore information.

FBTSML201E Cannot determine the message issuer.

Explanation: The Issuer attribute is required for thismessage and cannot be determined.


Administrator response: Verify that configuration iscorrect. The message issuer is the self provider ID.

FBTSML202W The provider is passive and cannotdisplay the following page on thebrowser: page

Explanation: The provider is passive cannot takecontrol of the user interface, including displayingpages.

System action: The page will not be displayed on thebrowser.

Administrator response: This might or might not be aproblem. If it is a problem, determine why the provideris passive by examining trace logs and configuration. Aprovider can be directed to be passive by the IsPassiveattribute in an authentication request.

FBTSML203E The provider cannot find the page todisplay.

Explanation: The provider cannot find a page todisplay in the browser.

System action: The page will not be displayed on thebrowser.

Administrator response: Examine the trace logs todetermine which page was supposed to have beendisplayed. It might have been an error status page or asuccess status page. Check the system installation todetermine if the pages have been properly installed.



FBTSML205E The provider is passive and cannotforce a user authentication.

Explanation: The provider is passive and cannot takecontrol of the user interface, including authenticatingthe user.

System action: The operation will halt.

Administrator response: Reconfigure the requestingprovider to send authentication requests that do notrequire forced authentication, or that do not require theidentity provider to be passive, or both.

FBTSML206E The provider is passive and cannotquery the user for consent to federate.

Explanation: The provider is passive and cannot takecontrol of the user interface, including querying theuser for consent-to-federate accounts.

System action: The operation will halt.

Administrator response: Reconfigure the requestingprovider to send authentication requests that do notrequire the identity provider to be passive.

FBTSML207E Cannot determine the SAML status.

Explanation: The SAML status attribute is required forthis message and cannot be determined.


Administrator response: Examine the trace logs to seewhy the SAML status was not set.

FBTSML208E Cannot create account linkagebetween the providers.

Explanation: The accounts are not linked and theSAML request forbids creating account informationrequired for linkage.


Administrator response: Reconfigure the requestingprovider to send authentication requests that allow theidentity provider to create account linkage. This is doneby setting the AllowCreate attribute in theNameIDPolicy element to true.

FBTSML209E Cannot create account linkagebetween the providers because the userdenied consent to federate.

Explanation: The accounts are not linked (federated)and the user denied permission to link them.


Administrator response: Instruct end users to consentto account linkage (federation).

FBTSML210E The timestamp in the SAML messageis out of range. The message timestamp,msgTime, is not within tolerance secondsof compareTime.

Explanation: The SAML message has a timestamp thatis not valid.

System action: The message will be ignored.

Administrator response: There are several reasonsthat a SAML message timestamp might be out of range:The clocks on the service and identity providerssystems are skewed beyond the acceptable tolerance,network delays are hampering message flow, or theacceptable tolerance for message timestamp is set toolow. The administrator should check these points andmake any necessary adjustments.

FBTSML211E The destination URL in the SAMLmessage (msgDest) does not match thecurrent provider location (here).

Explanation: The SAML message has a destinationURL that is not valid.


Administrator response: The most likely problem isthat the SAML message is being created with anincorrect destination. Verify that configuration on thesending provider specifies the correct URL for thereceiving provider.

FBTSML212E No authentication assertions werefound.

Explanation: No assertions could be found at theidentity provider.

System action: No assertions will be included in theauthentication response message.

Administrator response: Examine the trace logs to seewhy no authentication assertion was set.

FBTSML213E Cannot determine the messagedestination.

Explanation: The Destination attribute is required forthis message and cannot be determined.


Administrator response: Verify that configuration iscorrect. The message destination is the URI to whichthe message is sent.

FBTSML214E Cannot determine the endpointendpoint for provider provider.

Explanation: The required target endpoint for theSAML message cannot be determined.




Administrator response: Verify that configuration iscorrect.

FBTSML215E The name identifier policy in theauthentication request could not be metby this identity provider.

Explanation: The identity provider could not create aname identifier that adhered to the policy in theauthentication request. Usually, this means that thepolicy specified an unsupported format or not didspecify that a persistent identifier could be created.


Administrator response: Verify that authenticationrequests specify supported name identifier policies, ordo not specify a policy at all.

FBTSML216E The user account could not befederated.

Explanation: The identity provider could not federatethe user account. Usually, this means that there issomething wrong with the identity service.


Administrator response: Verify that the identityservice is configured properly and that the registryserver is available.

FBTSML217E This provider cannot accept anunsolicited authentication response.

Explanation: The authentication response beingprocessed does not have a corresponding authenticationrequest. This provider is not configured to acceptunsolicited authentication responses.


Administrator response: Verify that the serviceprovider is configured properly regarding acceptance ofunsolicited authentication responses.

FBTSML218E The specifications for the endpointendpoint are not valid.

Explanation: The endpoint specified by the SAMLmessage cannot be validated.


Administrator response: Verify that configuration iscorrect and that endpoint specifications such as index,URL and binding in the message are correct.

FBTSML219E Cannot determine the name identifierfor the logout request.

Explanation: The NameID attribute is required for thismessage and cannot be determined.


Administrator response: Examine the trace logs to seewhy no name identifier information was set.

FBTSML220E Cannot determine the session indexfor the logout request.

Explanation: The SessionIndex attribute is required forthis message and cannot be determined.


Administrator response: Examine the trace logs to seewhy no session index was set.

FBTSML221E The logout requester is not a validpartner.

Explanation: The issuer of the logout request messagecannot be determined as a valid partner to thisprovider. On an identity provider, the request issuermust be a provider to which this provider has issuedan assertion. On a service provider, the request issuermust be a provider that has issued an assertion to thisprovider.


Administrator response: If the request is legitimate,examine the trace logs to see why the request issuerwas not found in the list of known logout partners.

FBTSML222E The response message does notcorrelate to the pending request.

Explanation: The response message contains anInResponseTo attribute that does not match the IDattribute of the pending request. It is possible that theresponse was received in error.


Administrator response: If the response is legitimate,examine the trace logs to see why the InResponseToattribute does not match the ID attribute of thecurrently pending request.

FBTSML223E Logout failed.

Explanation: The locally authenticated user was notlogged out successfully.


Administrator response: Examine the trace logs to seewhy logout failed.

FBTSML224E Cannot find partner configuration forprovider partner.

Explanation: The required configuration for thepartner provider cannot be found.


Administrator response: Ensure that the partner



provider's metadata has been imported into thisfederation and that the configuration file is notcorrupted.

FBTSML225E Token exchange failed.



Administrator response: Validate the incomingmessage and the trust service configuration. Inaddition, examine the trace logs to see why the tokenexchange failed.

FBTSML226E The message has an Issuer attributethat is not valid.

Explanation: The SAML message is required by thespecification to have an Issuer attribute. The Issuerformat, if specified, must beurn:oasis:names:tc:SAML:2.0:nameid-format:entity. Themessage is either missing the Issuer attribute or has thewrong format specified.


Administrator response: Examine the trace logs onthe provider that issued the message to see why themessage was constructed without the Issuer attribute orwith the incorrect Issuer format.

FBTSML227E The issuer of the ArtifactResolvemessage, issuer, does not match theintended recipient of the artifactmessage, recipient.

Explanation: An ArtifactResolve message was receivedfrom a provider which is not the intended recipient ofthe message associated with the artifact.

System action: The artifact in the ArtifactResolvemessage will not be exchanged for a SAML protocolmessage. An empty ArtifactResponse message will bereturned.

Administrator response: The system is behavingcorrectly by disregarding potential attacks.

FBTSML228E Cannot initialize the SOAP client forthe endpoint endpoint.

Explanation: Unable to initialize the SOAP client.


Administrator response: Validate the SOAP clientconfiguration. In addition, examine the trace logs foradditional information.

FBTSML229E The artifact exchange failed. Themessage could not be retrieved usingartifact: artifact.

Explanation: This provider attempted to exchange anartifact for a SAML protocol message but no messagewas returned.


Administrator response: Examine the artifact issuer tosee why the artifact was not exchanged. The artifactmay have expired and its associated message purgedfrom the system, for example.

FBTSML230E A SAML response message wasreceived that is not valid.

Explanation: A SAML response message was received,but a corresponding SAML request message could notbe found. The response is considered invalid.


Administrator response: If the SAML response isexpected, examine the trace logs to see why thecorresponding SAML request was not found.Otherwise, no action is needed.

FBTSML231E A SAML response message wasreceived that is not valid.

Explanation: A SAML response message was received,but it did not contain any AuthnStatements. Theresponse is considered invalid for purposes ofauthentication.


Administrator response: Examine the issuer of theSAML message to see why it issued a SAML assertionwith no AuthnStatement.

FBTSML232E No alias was found for user User andprovider PartnerProvider.

Explanation: There was no alias found for thecurrently authenticated user for the specified partnerprovider.

Administrator response: Enable trace for detailedmessages about the error.

FBTSML233E The identity service request to removean alias for userId and provider providerIdfailed.

Explanation: The identity service operation was notsuccessful.

Administrator response: Ensure that the identity andprovider are valid and check the log for messagesreturned from the identity service.



FBTSML234E No principal was found for aliasaliasId and partner provider providerId.


Administrator response: Validate that the alias andprovider are valid and check the log for messagesreturned from the identity service.

FBTSML235E The identity service request to updatean alias for userId and provider providerIdfailed.


Administrator response: Validate that the identity andprovider are valid and check the log for messagesreturned from the identity service.

FBTSML236E The assertion issued by partnerProvidercould not be validated or decrypted.

Explanation: The assertion could not be validated ordecrypted.

Administrator response: Make sure that the validationkeys, decryption keys and decryption parameters areconfigured properly for the provider that issued theassertion. The trace log will indicate which operationfailed, validation or decryption.

FBTSML237E The SAML message could not bedecrypted.

Explanation: The SAML message could not bedecrypted.

Administrator response: Make sure that thedecryption keys and decryption parameters areconfigured properly for the provider that sent themessage.

FBTSML238E The SAML message signature couldnot be validated.

Explanation: The SAML message signature could notbe validated.

Administrator response: Make sure that the validationkey is configured properly for the provider that sentthe message.

FBTSML239E The SAML message could not beparsed.

Explanation: The SAML message could not be parsed.

Administrator response: Make sure that incomingmessage is properly formatted.

FBTSML240E The SAML artifact could not beparsed.

Explanation: The SAML artifact could not be parsed.

Administrator response: Make sure that incomingartifact is properly formatted.

FBTSML241E The incoming HTTP message is notvalid.

Explanation: The incoming HTTP message is notvalid.

Administrator response: Make sure that incomingHTTP message is properly formatted.

FBTSML242E Authentication failed at the identityprovider.

Explanation: The SAML status included in theauthentication response message indicates thatauthentication failed at the identity provider.


Administrator response: Examine the trace logs onthe identity provider that issued the response messageto see why the authentication operation failed.

FBTSML243E The name identifier in the request isnot valid.

Explanation: The name identifier in the request doesnot match the information that was stored for thatprovider during login. If the service provider wasacting as a member of an affiliation group during login,the name identifier in the request must reflect that fact.


Administrator response: If the request is legitimate,examine the trace logs to see why information in therequest name identifier does not match the informationstored for that provider.

FBTSML244E Cannot perform the name IDmanagement operation on a nameidentifier with format Format.

Explanation: The name identifier established duringauthentication in the current session is not persistent.Name ID update and termination managementoperations can be performed only on persistent nameidentifiers.


Administrator response: The user should authenticateusing a means that establishes a persistent nameidentifier and then retry the operation.



FBTSML245E The request was missing the TARGETparameter.

Explanation: The initial request to the service providermust contain a TARGET parameter.


Administrator response: Modify the initial request tothe service provider to contain a TARGET parameter,which should point to the desired SSO target URL.

FBTSML246E The request failed due to an internalerror on the identity provider.

Explanation: The identity provider encountered aninternal error preparing the samlp:Response for theservice provider.


Administrator response: Check the identity providerlog to determine the root cause of this error. Theidentity provider configuration for this partner mightnot be correct.

FBTSML247E The SAML request for artifact Artifactcould not be created using signing keyKeyIdentifier.

Explanation: The service provider was unable togenerate a signed samlp:Rquest message.


Administrator response: Check that the serviceprovider signing key identifier is correctly configured.

FBTSML248E The SAML artifact Artifact has alreadybeen presented to the identity provider.

Explanation: The identity provider has detected thatthis artifact has already been presented for exchange.


Administrator response: This could be a replay attack,or the browser user may have simply reloaded thepage containing the redirect to the service providerwith the artifact.

FBTSML249E The federation group type specifiedin the configuration is not supported.Group ID: 'id', Group display name: 'id',federation group type 'type'.

Explanation: The federation group defined is not asupported type.

System action: The SAML module could not beinitialized.

Administrator response: Verify that configuration filesare present and have not been corrupted. Specify asupported group type in the configuration.

FBTSML250E The partnerEndpointType endpoint forpartner 'id' and display name'displayName' for federation group withID 'id' and display name 'displayName' isnot valid. Endpoint value is'displayName'.

Explanation: The specified partner endpoint is notvalid.

System action: The SAML Module could not beinitialized.


FBTSML251E The partnerEndpointType endpoint forself 'id' and display name 'displayName'for federation group with ID 'id' anddisplay name 'displayName' is not valid.Endpoint value is 'displayName'.

Explanation: The specified self endpoint is not valid.



FBTSML252E The partnerEndpointType endpoint ismissing from the provider 'id' anddisplay name 'displayName' configurationfor federation group with ID 'id' anddisplay name 'displayName'.

Explanation: A required endpoint is missing from theprovider's configuration.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify therequired endpoint in the provider's configuration.

FBTSML253E The propertyName property is missingfrom the provider 'id' and display name'displayName' configuration forfederation group with ID 'id' anddisplay name 'displayName'.

Explanation: A required property is missing from theprovider's configuration.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify therequired property in the provider's configuration.



FBTSML254E The property value 'propertyValue' forproperty 'propertyName' specified forprovider 'id' and display name'displayName' for federation group withID 'id' and display name 'displayName' isnot valid.

Explanation: The specified property value is not valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid property value in the configuration.

FBTSML255E The boolean property value'propertyValue' for property 'propertyName'specified for provider 'id' and displayname 'displayName' for federation groupwith ID 'id' and display name'displayName' is not valid. For Booleanproperties the permitted values are 'true'or 'false'.

Explanation: The specified Boolean property value isnot valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid Boolean property value in the configuration.

FBTSML256E The numeric property value'propertyValue' for property 'propertyName'specified for provider 'id' and displayname 'displayName' for federation groupwith ID 'id' and display name'displayName' is not valid. The minimumvalue for this property is 'displayName'.

Explanation: The specified numeric property value isnot valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid numeric property value in the configuration.

FBTSML257E The Identity provider succinct idvalue 'propertyValue' specified underproperty 'propertyName' for provider 'id'and display name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' is not valid.The identity provider succinct ID is arequired property.

Explanation: The specified numeric property value isnot valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid identity provider succinct ID value in theconfiguration.

FBTSML258E The common domain service hostvalue 'commonDomainServiceHost'specified using property 'propertyName'for partner 'id' and display name'displayName' for federation group withID 'id' and display name 'displayName' isnot valid. The common domain servicehost must start with http:// or https://and end with the common domain value'displayName'.

Explanation: The specified common domain servicehost is not valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid common domain service host in theconfiguration.

FBTSML259E The provider source id value'propertyValue' specified under property'propertyName' for provider 'id' anddisplay name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' does notmatch the message digest of theprovider ID.

Explanation: The specified provider source ID value isnot valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid provider source ID value in the configuration.

FBTSML260E The binding value value for attributeattr is not valid for profile profile.

Explanation: The specified binding is not valid for theprofile being executed.





FBTSML261E Unobfuscation of the basicauthentication password for SOAPclient authentication failed.

Explanation: Unobfuscation of the basic authenticationpassword for SOAP client authentication failed.


Administrator response: Check the logs for a runtimeexception.

FBTSML262E The ECP profile is not enabled for theprovider.

Explanation: The ECP profile is not enabled.



FBTSML263E The name identifier policy in therequest is not valid.

Explanation: The name identifier policy in the requestis not valid. The format is not a supported format orthe SPNameQualifier is not known to the provider.


Administrator response: If the request is legitimate,examine the trace logs to see why the name identifierpolicy is considered invalid.

FBTSML264E The SAML assertion contains asession index value that has beeninvalidated by a previously receivedlogout request.

Explanation: The current request could not becompleted because a SAML assertion is not consideredvalid.


Administrator response: If the response is legitimate,examine the trace logs to see why the session indexattribute was included on a logout request.

FBTSML265E The SAML assertion with thespecified assertion ID value was notfound.

Explanation: The current request could not becompleted because a SAML assertion was not stored orthe assertion ID is not valid.


Administrator response: Please submit the requestwith a valid assertion ID.

FBTSML266E The index 'value' for endpoint type'value' specified using query stringparameter 'value' does not exist.

Explanation: The current request could not becompleted because a the endpoint index is not valid.


Administrator response: Please submit the requestwith a valid endpoint index.

FBTSML267E The value 'value' specified using querystring parameter 'value' is not validinteger value.

Explanation: The current request could not becompleted because a query string parameter is notvalid.


Administrator response: Please submit the requestwith a valid integer value.

FBTSML268E Logout from one or more partnersfailed.

Explanation: A failed status was returned from one ormore partner logout attempts.

System action: The request did not completesuccessfully.

Administrator response: Check the logs for failurereason.

FBTSML269E The users account was notsuccessfully deferated from the partner.

Explanation: The users account was not successfullydeferated from the partner



FBTSML270E The user provided to theadministrative command does not havean active session.

Explanation: The users could not be logged outbecause they do not currently have a valid session.


FBTSML271E The SAML assertion cannot beretrieved using artifact: artifact

Explanation: The current request could not becompleted because a SAML assertion could not beretrieved.




Administrator response: Validate that the serviceprovider is configured correctly and that the identityprovider is configured to store the assertions for asufficient time.

FBTSML272E The SAML module was unable toquery the user attributes.

Explanation: The current request could not becompleted because the SAML module was unable tocreate a attribute query service claims object.



FBTSML273E The SAML module was unable toobtain the subject name id from theattribute query request.

Explanation: The current request could not becompleted because the subject name id is not valid.


Administrator response: Please submit a validattribute query request.

FBTSML274E The SAML module was unable toobtain the subject principal name usingthe name id included with the attributequery request.

Explanation: The current request could not becompleted because the subject principal name can notbe obtained.


Administrator response: Please submit a validattribute query request.

FBTSML275E The SAML message could not beretrieved using artifact: artifact.

Explanation: The provider could not retrieve theSAML message using the supplied artifact.


Administrator response: Ensure that the artifact isvalid and the provider is properly configured.

FBTSML276E The SAML artifact: artifact is expired.

Explanation: The artifact received is no longer valid.


Administrator response: Ensure that the artifact isvalid and the provider is properly configured.

FBTSOC001E The SOAP endpoint passed in theSOAP client is not valid. The passed-invalue was parameter.



Administrator response: Make sure that the correctSOAP endpoint URL is configured.

FBTSOC002E An error occurred in initializing SSLwith the SOAP endpoint.

Explanation: The server might not be enabled for SSL.The SSL parameters passed in might not be valid.


Administrator response: Validate the partner's SSLconfiguration for the SOAP back channel.

FBTSOC003E The TrustStore identifier passed inSOAPClientImpl is null. The SSLconnection with the endpoint parametercannot be initialized.




FBTSOC004E The KeyStore name parameter cannotbe obtained from KessService.

Explanation: The specified keystore cannot beobtained from KessService.



FBTSOC005E The TrustStore cannot be initializedfrom the passed in identifier parameter.

Explanation: The truststore parameter passed in is notvalid.



FBTSOC006E The SOAP client is unable to parsethe response SOAP message.

Explanation: The SOAP client was unable to parse theincoming response SOAP message.


Administrator response: Validate the Access ControlList configuration in the destination endpoint.

FBTSML272E • FBTSOC006E


FBTSOC007E The Client Keystore cannot beinitialized from the passed in identifierparameter.

Explanation: The client keystore parameter passed inis not valid.



FBTSOC008E The SOAP client is unable to send therequest SOAP message.

Explanation: The SOAP client was unable to send theoutgoing request SOAP message.



FBTSOC009E Unobfuscation of the basicauthentication password for SOAPclient authentication failed.




FBTSOC010E Unable to construct a SOAP faultbecause the compulsory parameterparameter was null.

Explanation: A constructor of a SOAP fault attemptedto build it without the required parameter.

System action: The SOAP fault will not be build.


FBTSOC011E The AccessApproval module: modulehas denied access to the endpoint: url

Explanation: A custom AccessApproval module hasdenied access to the endpoint.

System action: The connection is rejected.

Administrator response: If the URL is supposed to beaccessible, modify the custom access approval moduleto permit access to it.

FBTSOC012E Unable to load an AccessApprovalmodule with the extension ID: module

Explanation: The extension manager could not loadan AccessApproval module.

System action: The request is not processed.

Administrator response: Verify that an extension withthe specified ID is included in the published plug-ins.

FBTSPS002E The requester cannot be prompted foran identity provider. No definedfederations are valid for the request.

Explanation: The current request and delegateprotocol do not match any known defined federation.


Administrator response: Validate the configuration ofthe single sign-on protocol service.

FBTSPS003E The template identifier cannot be located.

Explanation: The current request action cannot beprocessed.



FBTSPS004E The template document used to requesta requester's identity provider is notvalid.

Explanation: The template document is missing therequired tokens or is not a valid XML document.



FBTSPS006E The request message could not beunderstood by the adapter.

Explanation: The request adapter was unable to adaptthe input message.


Administrator response: Validate the configuration ofthe single sign-on protocol service and the inputmessage.

FBTSPS007E The single sign-on protocol service is ina state such that the status cannot bedisplayed with a template page.

Explanation: This error can be caused by an inputrequest before the single sign-on protocol service isfully bootstrapped or it is caused by a configurationthat is not valid.



FBTSOC007E • FBTSPS007E


FBTSPS008E Requests cannot be accepted.

Explanation: This error can be caused by an inputrequest before the single sign-on protocol service isfully bootstrapped or it can be caused by aconfiguration that is not valid.



FBTSPS010E The request to address address cannot beaccepted.

Explanation: This error might be caused bymisconfiguration or by a request that is not valid.



FBTSPS011E The protocol for address address couldnot be determined.

Explanation: This error typically occurs because theconfiguration is not valid or because a configurationhas not been received.


Administrator response: Validate the configuration ofthe single sign-on protocol service and replicationlatency.

FBTSPS012E The single-sign on protocol service hasnot started.

Explanation: This error typically occurs because theconfiguration is not valid or because a configurationhas not been received.


Administrator response: Validate the configuration ofthe single sign-on protocol service and replicationlatency.

FBTSPS014E An instance of a distributed map cannotbe retrieved.

Explanation: Without the distributed map, the singlesign-on protocol service cannot be configured.


Administrator response: Validate the configuration ofthe single sign-on protocol service and environment.

FBTSPS015E An error occurred while moving to anew configuration.

Explanation: The newly set or retrieved configurationcould not be used.


Administrator response: Validate the configuration ofthe single sign-on protocol service and environment.

FBTSPS017E An error occurred while bootstrappingthe single sign-on protocol service.

Explanation: The configuration could not be found orcontains items that are not valid.

System action: The startup will be halted.

Administrator response: Validate the configuration ofthe single sign-on protocol service. A detailed messagecan be found in the trace.

FBTSPS018E The version of the configurationinputVersion is not valid for the singlesign-on protocol service.

Explanation: The configuration version is not valid.


Administrator response: Validate the configuration ofthe single sign-on protocol service and theconfiguration versions.

FBTSPS020E The configured component classNamecannot be loaded.

Explanation: The configuration component is notvalid.



FBTSPS021E The configured endpoint endpoint is notvalid.




FBTSPS025E Unable to register a management bean.



FBTSPS008E • FBTSPS025E


Administrator response: Check the log file for errors.

FBTSPS027E The configured delegate protocol delegateis not valid.



Administrator response: Validate the configuration ofthe single sign-on protocol service and validconfiguration versions

FBTSPS029E The configured delegate protocol delegatehas a configuration entry that is notvalid for the configuration file location.



Administrator response: Validate the configuration ofthe single sign-on protocol service and validconfiguration versions.

FBTSPS037E The single sign-on protocol serviceconfiguration file cannot be located.This result might be expected.




FBTSPS038E The configuration file at confLocationcannot be read. This file is specified inthe configuration and is required for thesingle sign-on protocol service to start.

Explanation: The configuration file is not valid. Thisresult might be due to access violations or an XMLvalidation error.



FBTSPS039E The component component cannot becreated.

Explanation: The configuration file is not valid, or aspecified class could not be loaded.


Administrator response: Validate the configuration of

the single sign-on protocol service and theconfiguration versions.

FBTSPS040E The component component cannot becreated. The provided configuration isnot valid.

Explanation: The configuration file is not valid.



FBTSPS041E No input was received with themanagement operation.

Explanation: The management operation is not valid.


Administrator response: Validate the managementoperation.

FBTSPS042E The property, property, is required forthis operation.




FBTSPS043E The page factory root, root, does notexist.




FBTSPS044E The page factory default language, root,does not exist.




FBTSPS045E The given reference ID, id, is not valid.






FBTSPS046E The given classname ,classname, couldnot be loaded.




FBTSPS047E The given entity, entity, does not exist.




FBTSPS048E The given value, value, is not valid forconfiguration item item.




FBTSPS051E The WebSEAL authentication serviceclient cannot be initialized.




FBTSPS052E The WebSEAL authentication serviceclient is not in a valid state because theconfiguration is not valid and cannot beused.

Explanation: The sign in or sign out operation cannotbe performed.


Administrator response: Validate the configuration ofthe authentication service and policy serverconfiguration files.

FBTSPS053E The credential included with therequest, cred, is not valid.

Explanation: The credential format is notunderstandable.


Administrator response: Validate the configuration ofthe authentication service and WebSEAL.

FBTSPS054E The entity ID, id, is not valid.




FBTSPS055E The configured class, classN, does notimplement or extend the required classor interface, intf.

Explanation: The configuration file is not valid.



FBTSPS056E The token included with the sign inrequest, cred, is not valid.

Explanation: The token type and format is notunderstandable.


Administrator response: Validate the configuration ofthe authentication service and caller.

FBTSPS057E The required WebSEAL header, cred, ismissing.

Explanation: The header is required for properoperation.


Administrator response: Validate the WebSEALconfiguration.

FBTSPS058E The sign out operation has failed.

Explanation: Sign out failed.


Administrator response: Check the trace log fordetailed output from the policy server.

FBTSPS059E The configured default page factoryselector, selector, is not valid.

Explanation: The specified default selector is notvalid.


Administrator response: Check the configured defaultagainst the available selectors.



FBTSPS060E Page factory operation requires at leastone page selector.

Explanation: The specified page factory configurationdoes not specify any selectors.


Administrator response: Check the configuration ofthe page factory.

FBTSPS061E An unexpected error has occurred with aprotocol module module.

Explanation: This error might be caused bymisconfiguration or by a request that is not valid.


Administrator response: Validate the configuration ofthe single sign-on protocol service, protocol module,and the input message.

FBTSPS062E The Point of Contact protocol module ismissing the required action, specifiedby parameter parameter.

Explanation: This error is typically caused by arequest that is not valid. The action parameter isnecessary to determine the behavior of the module.


Administrator response: Validate the request message.

FBTSPS063E The Point of Contact protocol module ismissing the required token for thechosen action.

Explanation: This error is typically caused by arequest that is not valid. The token is necessary toperform the specified action.


Administrator response: Validate the request message.

FBTSPS064E The configured module with ID id andversion version was not found whensearching for modules.

Explanation: The module with the specified ID andversion was not found while attempting to loadmodules. This can occur if the Federated IdentityManager modules have not been configured correctlyor the module does not exist.

System action: The request to load the module will behalted.


FBTSPS065E The configured module with ID id doesnot expose a class with ID id.

Explanation: The module with the given ID andexposed class ID was not found while attempting toload modules. This can occur if the Federated IdentityManager modules have not been configured correctlyor the module does not exist.



FBTSPS066E The configured module with ID idreferencing a module with ID moduleIdwith java class className cannot beinstantiated.

Explanation: When attempting to load a module withthe given ID and class name, an error occurred. Thiscan occur if the if the Federated Identity Managermodules have not been configured correctly or themodule does not exist.



FBTSPS067E The configured module reference,referenceId, could not be located in theconfiguration.

Explanation: In order to load a module, a validreference ID is required.



FBTSPS068E An attempt was made to retrieve acomponent with identifier 'id' whichdoes not exist.

Explanation: In order to load a component, a validreference ID is required.

System action: The request to load the componentwill be halted.


FBTSPS069E The delegate protocol instance delegateIdrequires a protocol actionactionClassName which could not becreated.

Explanation: The actions for the delegate protocol



need to be located and created in order to be invoked.

System action: The request to load the componentwill be halted.


FBTSPS073E The group membership group specifiedfor delegate id is not valid and will beignored.

Explanation: The specified group ID does not exist orcould not be found.

System action: The protocol module will not haveaccess to that group's properties.


FBTSPS074E The delegate protocol id will not beavailable at runtime because theproperties provided in the groups that itis a member of are not valid.

Explanation: The properties for the delegate groupmemberships are not correct. This typically indicatesthat federation configuration is not valid.

System action: The protocol module will not beavailable at runtime.

Administrator response: Validate the FederatedIdentity Manager configuration. Additional messages inthe error and trace logs by the protocol implementationwill display the exact error condition.

FBTSPS075E The delegate protocol id will not beavailable at runtime because theprotocol action className could not becreated.

Explanation: A protocol action used by this delegatecould not be created.

System action: The protocol module will not beavailable at runtime.

Administrator response: Validate the FederatedIdentity Manager configuration and check the trace andmessage logs for further details.

FBTSPS076E An error occurred reading pagetemplates. The SPS will continuestartup, but no pages will be availableat runtime.

Explanation: An error occurred reading the pagesdirectory. The directory may not exist or the servicemay not have the required permissions to read the files.

System action: Startup will continue, but pages willnot be available at runtime.


FBTSPS077E An error occurred creating the servicefactory id. This service factory will notbe available to protocols at runtime.

Explanation: An error occurred creating the servicefactory.

System action: Startup will continue, but the servicewill not be available at runtime.


FBTSPS078E An error occurred creating the point ofcontact client id. The service will not beavailable to protocols at runtime.

Explanation: An error occurred creating the point ofcontact client.



FBTSPS079E An error occurred creating the globalhandler id. The service will not beavailable at runtime.

Explanation: An error occurred creating the globalhandler.



FBTSPS080E An error occurred creating the protocoldetermination module id. The servicewill not be available at runtime.

Explanation: An error occurred creating the protocoldetermination module.





FBTSPS081E Unable to retrieve an instance of theIdServiceClientFactory.

Explanation: An error occurred retrieving an instanceof the alias service client factory.



FBTSPS082E Unable to retrieve an instance of theToken Command Factory with endpointendpoint.

Explanation: An error occurred retrieving an instanceof the token service client factory.



FBTSPS083E The single sign-on protocol service wasunable to locate a directory wheretemplate pages are stored.

Explanation: The Federated Identity Managerapplication does not contain the directory containingtemplate page directories.

System action: No template pages can be used.


FBTSPS084E An internal error has occurred withinthe SPS.

Explanation: The current request could not beprocessed because of an internal error.

System action: Processing of the current request willbe halted.


FBTSPS085E The current request cannot be acceptedbecause the component that is requiredto process it is missing.

Explanation: The current request could not beprocessed because of an internal error.

System action: Processing of the current request willbe halted.


FBTSPS087E Unable to retrieve an instance of theName Identifier Generator with key id.

Explanation: An error occurred retrieving an instanceof the specified NameId generator from the aliasservice.

System action: The request is stopped.


FBTSPS088W The time zone identifier given, [id], isnot valid.

Explanation: The given time zone identifier is not asupported time zone.

System action: The default UTC time zone will beused.

Administrator response: Ensure that the time zoneidentifier in the configuration is correct. Check thereturned exception for more details.

FBTSPS089W The time display pattern [id] is notsupported.

Explanation: The given time display pattern is notsupported.

System action: The default ISO8601 time format willbe used.

Administrator response: Ensure that the time formatin the configuration is correct. Check the returnedexception for more details.

FBTSPS090W The callback [id] could not beinitialized.

Explanation: An error was encountered during theinitialization of the given callback.

System action: The given callback will be removedfrom the list of running callbacks.

Administrator response: Check the logs for a relatedexception and correct the problem. The error is mostlikely caused by a configuration error.

FBTSPS092E Access denied.

Explanation: The user does not have permission toaccess the Web page.

System action: The user will be shown a Web pageindicating that access is not allowed.

Administrator response: If the user should bepermitted to access the Web page, the administratorshould grant the user permission. The administratormay need to add a user to the group being used forSOAP endpoint access control, for instance.



FBTSPS096E The point of contact implementationfailed to perform programmatic login.

Explanation: An error occurred performing JAASlogin.



FBTSPS097E The point of contact implementationfailed to authenticate the userperforming the request.

Explanation: An error occurred performing JAASlogin.



FBTSPS098E The point of contact implementationfailed to obtain the initial request URL.

Explanation: An error occurred obtaining the initialrequest URL from the user session.



FBTSPS106E ITFIM Form Login Error



Administrator response: Check the trace and messagelogs for further details.

FBTSPS107E Form Login Error




FBTSPS109E Form authentication failed.




FBTSPS110E Check the user ID and password, andtry again.




FBTSPS111E The point of contact endpoint requiresthe user to be authenticated. Pleasevalidate the point of contact settings.

Explanation: Unable to obtain user information fromthe request.


Administrator response: Validate that the securityroles are mapped properly to users and the point ofcontact settings.

FBTSPS112E Access to the URL 'url' by the user 'username' was denied because the user wasnot assigned the role 'role name'.

Explanation: A user attempted to access the specifiedURL, but was denied access.


Administrator response: Validate that the securityroles are mapped properly to users. If the request was aSOAP request, verify that the partner has a validpassword or certificate. Verify that the SOAP EndpointSecurity Settings have been configured properly. If youare using groups to control access to the SOAPendpoint, verify that the partner's user ID is in thecorrect group.

FBTSPS113E The query service factory wasconfigured with a class name thatcannot be loaded. The class name is:'class'

Explanation: This is an internal error in theconfiguration of the query service factory in the sps.xmlconfiguration file.

System action: The query service factory cannot beconfigured.

Administrator response: Report this error to IBMSoftware Support; this error should not happen.

FBTSPS114E The query service was unable tocomplete the request with the trustservice.

Explanation: An exception was thrown whencommunicating with the trust service.




Administrator response: Examine the exceptionreported in the log file.

FBTSPS115E The claims object passed to the queryservice for update was of type: 'class'and did not support the requiredinterface: 'interface'.

Explanation: An internal programming error has beendetected.


Administrator response: Report this error to IBMSoftware Support; this error should not happen.

FBTSPS116W Cannot locate the domain mappingfile. Will not try to initializeITFIMRuntime components.

Explanation: The Tivoli Federated Identity Managerdomain mapping properties file could not be located inthe WebSphere configuration repository. This could bethat the Tivoli Federated Identity Manager runtime hasnot yet been deployed.

System action: The Tivoli Federated Identity Managerruntime components will not be initialized.

Administrator response: Deploy the Tivoli FederatedIdentity Manager runtime.

FBTSPS120E The Tivoli Federated Identity Managerruntime components cannot beinitialized because the runtime cannotconnect to a remote configurationrepository.

Explanation: If the Tivoli Federated Identity Managerruntime components are deployed in a WebSpherecluster, then the runtime components need to acquire ahandler to a remote deployment manager'sconfiguration repository. This connection may fail if thedeployment manager was not started, or that themanaged nodes were started before launching thedeployment manager.

System action: The runtime components are left in anuninitialized state.

Administrator response: Restart the WebSpherecluster by first starting the deployment manager, thenstarting the node agents, and finally starting themanaged node servers.

FBTSPS121W The credential attribute 'attribute' withvalue 'attribute value' could not be addedto the SSO token because the attributessize limit has been reached.

Explanation: The Tivoli Federated Identity ManagerPoC implementation was not able to add the attributeto the SSO token.

System action: The SSO token will not include theattribute.

Administrator response: Increase the attributes sizelimit.

FBTSPS122E The Tivoli Federated Identity Managerruntime components are not initialized.

Explanation: The Tivoli Federated Identity Managerruntime components are not initialized. The runtimenode is probably not configured. The followingcomponents will not be operational: Security TokenService, Single Sign-on Protocol Service, Info Service,and Audit Service.


Administrator response: Configure the runtime nodes.

FBTSPS123E The point of contact client callbackmapping rule is invalid.

Explanation: The point of contact client callbackmapping rule is invalid.

System action: The point of contact client callbackmapping fails.

Administrator response: Verify that the point ofcontact client callback is configured correctly.

FBTSPS124E The point of contact client callbackcould not determine mapping rule type.

Explanation: The point of contact client callbackcannot determine the rule type based on theconfiguration.



FBTSPS125E The point of contact client callbackfailed to execute the mapping rule.

Explanation: The point of contact client callback couldnot execute the mapping rule.



FBTSPS127E The point of contact client callbackattribute {0} in the universal user isinvalid.

Explanation: The point of contact client callbackattribute value in the universal user is invalid.




Administrator response: Verify that the authenticationpolicy callback is configured correctly.

FBTSPS128E The point of contact client callbackfailed to create the authenticationpolicies.

Explanation: The point of contact client callback failedto create the authentication policies.

System action: he request is stopped.

Administrator response: Verify that the authenticationpolicy callback is configured correctly.

FBTSPS129E The point of contact implementationfailed to obtain the authentication targetURL or transaction id from the suppliedquery string parameters.

Explanation: An error occurred obtaining the targetURL or transaction id from the query string.



FBTSPS130E The point of contact multi phaseauthentication callback implementationfailed to obtain the authentication targetURL.

Explanation: An error occurred obtaining the targetURL.



FBTSPS131W The point of contact callback querystring parameters {0} value {1} is notvalid.

Explanation: An error occurred obtaining the querystring parameter value.

System action: The request will continue using adefault value.


FBTSPS132W The point of contact callback mappingrule context attribute {0} value {1} is notvalid.

Explanation: An error occurred obtaining the mappingrule context attribute value.

System action: The request will continue using adefault value.


FBTSPS133E The system cannot read the'dscclient.properties' file

Explanation: The client configuration containinginformation on available DSCs is missing.

System action: The in memory HttpSession will beused.

Administrator response: Ensure the file nameddscclient.properties exists with the correct valuespresent.

FBTSPS134E No DSC can be reached at this time.

Explanation: All configured DSCs in the dscclient.confare not responding.

System action: The in memory HttpSessions will beused.

Administrator response: Check that thedscclient.properties contains valid DSC information,and check that the DSCs are responsive.

FBTSTM006E The given TokenType or AppliesTo(TokenType/AppliesTo) in the request is notsupported by this server's configurationfor RequestType RequestType.

Explanation: The request requested a TokenType orAppliesTo that is not supported by the server'sconfiguration. This error can occur because the requestdata did not map to any processing chains or becausethe expected processing chain that the request maps todid not start correctly.


Administrator response: Ensure that the request hasall the required data.

FBTSTM007E STSModule module_name not found.

Explanation: The server attempted to load theSTSModule but could not because an error occurred.

System action: The module has not been loadedpossibly because the chains that the module is in havenot been loaded.

Administrator response: Check the server logs forerrors and exceptions to identify the problem.

FBTSPS128E • FBTSTM007E


FBTSTM008E The QName namespace prefix(QName) does not match any definednamespaces.

Explanation: The given namespace prefix does notmatch any defined namespaces.


Administrator response: Ensure that the request usessupported XML namespaces.

FBTSTM009E The server did not start correctly.

Explanation: The trust server did not start correctlybecause of internal errors.

System action: The server will not accept requests.

Administrator response: Inspect logs andconfiguration files and ensure that data in theconfiguration file is correct.

FBTSTM010E A TokenType or AppliesTo must bespecified in the request.

Explanation: According to the specification, at leastone of TokenType or AppliesTo must be specified in therequest.


Administrator response: Ensure that the requiredrequest data is given.

FBTSTM011E The date and time are not in theexpected UTC format.

Explanation: The date and time given in the requestwas not in the expected UTC time format.


Administrator response: Ensure that the correct timeformat is used for the request.

FBTSTM013E A RequestType must be specified inthe request.

Explanation: According to the specification, aRequestType must be specified in the request.



FBTSTM014E The given RequestType (RequestType)is not supported by this server'sconfiguration.

Explanation: The RequestType does not apply to anyof the STSChainMappingDefinitions located in theserver's configuration.



FBTSTM015E Either no configured XPath selected anode from the request, or the givenTokenType or AppliesTo(TokenType/AppliesTo) in the request is notsupported by this server's configurationfor RequestType RequestType and Issuer(Issuer).

Explanation: Either no XPath in the configurationselected a node from the request, or the requestrequested a TokenType or AppliesTo that is notsupported by the server's configuration.



FBTSTM016E The given Issuer (Issuer) is notsupported by this server's configuration.

Explanation: The Issuer does not apply to any of theSTSChainMappingDefinitions located in the server'sconfiguration.



FBTSTM017E The server could not find the expectedtoken included in the request.

Explanation: The given request did not include theexpected token based on the server's configuration.



FBTSTM018E An incorrect namespace wasencountered and received QName, butexpected QName.

Explanation: The client sent a request that used anamespace that was not expected. This error istypically caused by an old namespace being used.


Administrator response: Ensure that the supportedXML namespaces are used.

FBTSTM019E The expected namespace URI for theWS-Trust schema was not found in therequest.

Explanation: The client did not specify a validWS-Trust schema in the request.


FBTSTM008E • FBTSTM019E



FBTSTM020E An error was encountered whenattempting to open file filename.

Explanation: The server attempted to open thespecified file and encountered an error.

System action: The operation did not complete.

Administrator response: Ensure that the file existsand has the correct file permissions.

FBTSTM021E Either the properties file (filename)was not found in the classpath or thekey (key) returned no data.

Explanation: The given properties file could not befound in the classpath or the key to look up data in theproperties file did not return the expected data.


Administrator response: Ensure that the givenproperties file is located in the classpath, or that thekey given has data associated with it, or both.

FBTSTM022E The message passed to the servicefrom the webservices runtime was notcomplete or did not exist.

Explanation: A possible cause of this problem is thatthe Trust Service System Handler was not installedcorrectly or was removed from the system.

System action: The request was halted.

Administrator response: Ensure that the Trust ServiceSystem Handler is installed and located in theWebSphere Application Server classpath.

FBTSTM023E The trust service did not startsuccessfully because it could not locatethe local or distributed configurationdata.

Explanation: The trust service could not locate theconfiguration data.

System action: The service did not start.

Administrator response: If the service is the onlyservice for the domain, ensure that the configurationfile exists. If the service is in a cluster, ensure that thecluster is operating correctly.

FBTSTM030E The trust service did not fully stop.




FBTSTM031E The trust service did not fully start.




FBTSTM032E The trust service did not fully start,stop, or both.




FBTSTM033E The trust service failed to writeconfiguration to persistent storage.




FBTSTM034E The context was not found.




FBTSTM035E The management method requested isnot implemented.




FBTSTM036E An error occurred while retrieving theserver's configuration for themanagement operation.

Explanation: The server encountered an error when itattempted to retrieve its configuration.

System action: The operation was halted.

Administrator response: Check logging messages forerrors related to retrieving the server's configurationand ensure that the correct file permissions are set onthe server's configuration file.

FBTSTM038E A classname must be provided.

Explanation: The caller-requested operation requires aclassname but did not provide a classname.


Administrator response: Ensure that a classname isgiven.



FBTSTM039E The classname provided (classname)was not found in the server's classpath.

Explanation: A classname was provided that does notexist in the server's classpath.


Administrator response: Ensure that the given classexists in the server's classpath.

FBTSTM041E The classname provided (classname)does not implement the requiredinterface for modules.

Explanation: The classname provided exists but doesnot implement the required interface for modules.


Administrator response: Ensure that the classnameprovided implements the required interface formodules.

FBTSTM042E The classname provided (classname)does not implement the expected model.

Explanation: The classname provided does not have ano-argument public constructor.


Administrator response: Ensure that the classnameprovided includes a no-argument public constructor.

FBTSTM043E The given unique identifier (identifier)does not exist in the configuration.

Explanation: The given unique identifier does notexist.


Administrator response: Ensure that the providedidentifier exists in the current configuration.

FBTSTM044E The remove request could not becompleted. There must be no referencesto the object being removed in order forthe request to complete.

Explanation: There must be no references to theconfiguration data being removed.


Administrator response: Ensure that the configurationdata being removed does not have any references to it.

FBTSTM046E The unique identifier did not matchthe expected type.

Explanation: The given unique identifier did notmatch the expected type in the configuration. This error

might also mean that the unique identifier did not existin the configuration.


Administrator response: Ensure that the entire uniqueidentifier is for the correct data.

FBTSTM047E A unique identifier must be provided.

Explanation: A unique identifier was not provided.


Administrator response: Ensure that a uniqueidentifier is provided.

FBTSTM048E The request type is already in theconfiguration.

Explanation: The management request to add a newrequest type was denied because there cannot beduplicate request types in the configuration.


Administrator response: Ensure that the request typeis not already in the configuration.

FBTSTM049E To add a request type, a request typeURI must be provided.

Explanation: A request type URI was not providedand is required.


Administrator response: Ensure that a unique requesttype URI is provided.

FBTSTM050E The mapping type given is not asupported mapping type.

Explanation: Either the mapping type was not givenor it did not match one of the supported mappingtypes.


Administrator response: Ensure that the mappingtype is one of the supported mapping types.

FBTSTM051E The request-type mapping requestedto be modified does not exist.

Explanation: The request-type mapping requested tobe modified does not exist in the server's configuration.


Administrator response: Ensure that the request typemapping that is being modified exists in the server'sconfiguration.



FBTSTM058E The chain (chain identifier) could notbe initialized due to errors.

Explanation: The given chain could not be startedwithout errors being returned.


Administrator response: Check the trace logs for amore specific error for the given chain.

FBTSTM059E The request failed to processsuccessfully.

Explanation: The given request failed to processsuccessfully. See the server logs for a specific cause ofthe failure.

System action: The request was halted.

Administrator response: Check the trace logs for amore specific error for the given chain.

FBTSTM060E The module reference ID used in theconfiguration of module chain ID'chainId', (chainReference) is not valid. Themodule reference does not exist.

Explanation: The referenced identifier does not exist.

System action: The module chain will not be availableat runtime.

Administrator response: Validate the STSconfiguration.

FBTSTM061E The module reference used in theconfiguration of module chain ID'chainId', (referenceId) is not valid. Themodule does not exist.

Explanation: The referenced module does not exist.


Administrator response: Validate the STSconfiguration and installed STS plug-ins.

FBTSTM062E The class 'className' referenced inmodule chain ID 'chainId' could not beinitialized. The init method did notsuccessfully complete.

Explanation: The module implementation did notsuccessfully initialize.



FBTSTM063E The module chain with ID 'id' couldnot be created because of an earliererror.

Explanation: The module chain could not besuccessfully created.



FBTSTM064E The module chain with ID 'id' doesnot exist.

Explanation: The module chain could not be locatedin the configuration.



FBTSTM065E The input request did not contain anydata and cannot be processed.

Explanation: The input request was null or was notprovided.

System action: The request cannot be processed.

Administrator response: Validate the configuration ofthe caller and the input message.

FBTSTM067E The module chain mapping with ID'id' references a group that does notexist.

Explanation: The group membership was either notspecified or does not exist in the configuration.Modules with the module chain may need informationfrom this group to operate.

System action: The module chain mapping will not beavailable at runtime.


FBTSTM068W The server encountered an exceptionwhile processing a request in validatemode. If the environment has traceenabled, the exception will appear inthe trace log.

Explanation: The STS encountered an exception whileprocessing a request in the validate mode. According tospecifications, the server must return a status codesimilar to the following: http://schemas.xmlsoap.org/ws/2005/02/trust/status/invalid. The exception wascaught and logged, allowing the server to return thecorrect message.

FBTSTM058E • FBTSTM068W


System action: The request failed. The server returnedan http://schemas.xmlsoap.org/ws/2005/02/trust/status/invalid status message.

Administrator response: Validate the requestparameters and retry the operation.

FBTSTM069E The security token service could notcreate a logger in the given directory(directory name) because it is not adirectory.

Explanation: The Security Token Service was not ableto create a logger in the given directory because it isnot a directory.

System action: The logger will not log messages.

Administrator response: Ensure the given directory isa valid directory.

FBTSTM070E The security token service messagelogger encountered an error and couldnot log the message.

Explanation: The security token service messagelogger encountered an error that is preventing it fromlogging messages.


Administrator response: Confirm that the system isallocated enough resources and there are noinitialization errors.

FBTSTM071E The security token service messagelogger encountered an error whilecreating the log file. The error text is: filename.

Explanation: The Security Token Service was not ableto create a log file because an error occurred.


Administrator response: Correct the logger name.

FBTSTM072E The security token service messagefor chain mapping (Mapping) failedsignature validation.

Explanation: The Security Token Service was not ableto validate the signature on the trust message. Thismay be caused by an incorrect key alias configured forthis chain mapping or the SOAP request was modifiedalong the way or the message was not signed by atrusted signer.


Administrator response: Verify that the correct keyalias is configured and the SOAP message was notmodified en route.

FBTSTM073E The security token service isconfigured to validate signatures forchain mapping (Mapping) but therequest received was not signed.

Explanation: The Security Token Service was not ableto validate the signature on the trust message.Threceived request was not signed.


Administrator response: Ensure that the messagecame from a trusted source and that the message mustbe signed.

FBTSTS001E The given SAML assertion is not validyet.

Explanation: The given SAML assertion's NotBeforetime has not been reached.


Administrator response: Ensure that the server's clockis synchronized with the other server's clocks that itparticipates with in the secure domain.

FBTSTS002E The given SAML assertion has expired.

Explanation: The given SAML assertion has expired.



FBTSTS003E The given SAML assertion token'sdigital signature is not valid.

Explanation: The given SAML assertion token's digitalsignature is not valid.


Administrator response: Ensure that the assertiontoken has not been modified after the signing.

FBTSTS004E The given SAML assertion was notsigned, a valid signature was expectedwith the assertion.

Explanation: The given SAML assertion was notsigned, a valid signature was expected with theassertion.


Administrator response: If signature validation is notrequired, re-configure the SAML module so it does notverify signatures.

FBTSTM069E • FBTSTS004E


FBTSTS005E Issuing SAML assertion has failed, noneof the supported Subject types werepresent.

Explanation: Issuing SAML assertion has failed, noneof the supported Subject types were present.


Administrator response: Subject types should beemailAddress, X509SubjectName orWindowsDomainQualifiedName.

FBTSTS006E No audience has been found in thegiven assertion.

Explanation: An Audience element with valid URI ismissing from the AudienceRestrictionCondition elementin the assertion xml document.


Administrator response: An Audience URI shouldexist in the request.

FBTSTS007E Issuing SAML assertion has failed, noauthentication method was given.

Explanation: The AuthenticationMethod attributeshould exist as part of the given assertionAuthenticationStatement element.


Administrator response: Ensure that theAuthenticationMethod attribute exists as part of thegiven assertion AuthenticationStatement element, forexample, password, X509-PKI, PGP, etc.

FBTSTS008E Assertion issuer is not configured.

Explanation: An issuer was not configured butassertion signing was configured.


Administrator response: If assertion signing isrequired, an issuer must be configured. Reconfigurethis application and re-start the server.

FBTSTS009E Keystore alias is not configured.

Explanation: A keystore alias must be configured ifassertion signing or validation is configured.


Administrator response: If assertion signing orvalidation is required, a keystore alias must beconfigured. Reconfigure this application and restart theserver.

FBTSTS010E The Identity Provider [ IDP ] provided aname identifier [ alias ] that could not bemapped to a valid principal name bythe Identity Service.

Explanation: The Identity provider's name identifierwas not found in the Identity Service.


Administrator response: Ensure that the principal isfederated.

FBTSTS011E Invalid security token. Claims elementwas not found.

Explanation: Liberty requires that a valid Claimselement must be in the security token.


Administrator response: This is an internal error.

FBTSTS012E The Access Manager Java Runtimeconfiguration file is not specified.

Explanation: The path to the Access Manager JavaRuntime configuration file is not specified in the STSmodules configuration file.


Administrator response: If issuing of IVCreds isenabled, ensure that a configuration file location of AMJava Runtime is specified.

FBTSTS013E The digital signature of the givenIV-Cred token is invalid.

Explanation: The given IV-Cred token's digitalsignature is invalid.


Administrator response: Ensure that the IV-Credtoken has not been modified after the signing.

FBTSTS014E There was an invalid Principal Chaingiven in the Access Manager credential.

Explanation: The Access Manager credential has ainternal structure called Principal Chain which isrequired for the credential to be a valid credential.



FBTSTS015E The IV-Cred binary token is invalid ornot present.

Explanation: The IV-Cred module requires that a validBinarySecurityToken element must be in the securitytoken.


FBTSTS005E • FBTSTS015E



FBTSTS016E A principal name was not provided tocreate an Access Manager credential.

Explanation: Creating an IV-Cred credential requires aprincipal name.


Administrator response: Provide a principal entity inthe request.

FBTSTS017E An Access Manager credential could notbe created for the given principal.

Explanation: A principal name was provided that isnot valid.


Administrator response: Ensure that a valid principalname is provided.

FBTSTS018E Unexpected exception was caught.

Explanation: An unexpected exception was caught.



FBTSTS019E The audience in the assertion does notmatch the Service Provider's URI.

Explanation: The audience restriction value in anassertion must match the URI of the Service Provider.


Administrator response: Ensure that the application isproperly configured.

FBTSTS020E The InResponseTo attribute in theassertion does not match the request IDof an Authentication request.

Explanation: The InResponseTo attribute, if specified,must match an Authentication request.


Administrator response: This may be due to anattempt to replay an assertion.

FBTSTS021E The Keystore service is not available forsigning or validating assertions.

Explanation: The Keystore service was not started orhas encountered an error.


Administrator response: Validate the configurationand restart the server.

FBTSTS022E The given Username Token has expired.

Explanation: The given Username Token has expired.



FBTSTS023E The given Username token's digitalsignature is not valid.

Explanation: The given Username token's digitalsignature is not valid.


Administrator response: Ensure that the token has notbeen modified after the signing.

FBTSTS024E The given same Username token wasreplayed.

Explanation: The given Username token was verifiedbefore and now it is being reused. This server'sconfiguration does not allow Username tokens to bereused.


Administrator response: Each Username token has aunique Nonce to protect it from Replay Attack. Checkto see whether the token has been cached and re-issuedagain without refreshing the Nonce.

FBTSTS025E A principal name was not provided tocreate a Username token.

Explanation: Creating a Username Token requires aPrincipal name.


Administrator response: Provide a Principal entity inthe request.

FBTSTS026E The given Username token's digitalsignature is missing.

Explanation: The given Username token's digitalsignature is missing.



FBTSTS027E The expected security token type ismissing.

Explanation: The expected security token type ismissing.





FBTSTS028E The given SAML assertion was verifiedbefore and now it is being reused. Thisserver's configuration does not allowassertions to be reused.

Explanation: The use-once enforcement has beenenabled and the given SAML assertion has beenverified before.


Administrator response: Ensure assertions are usedonly once.

FBTSTS030E The Liberty AuthnContext containsunsupported Authentication ContextStatement references.

Explanation: Authentication Context Statementreferences are not supported.


Administrator response: Ensure that the sendingService Provider specifies only Authentication Contextclass references.

FBTSTS031E The Liberty AuthnContext contains aninvalid Authentication Context Classreference.

Explanation: The Liberty architecture specifies thevalid set of Authentication Context classes. Thereceived AuthnRequest contained a class reference thatis not valid.


Administrator response: Ensure that the sendingService Provider sends only supported AuthenticationContext class references.

FBTSTS032E The authentication request requires anauthentication method that is notsupported.

Explanation: The authentication request specifiesauthentication class references that must be used toauthenticate the principal, but none of these classes aresupported by this implementation.


Administrator response: Ensure that the sendingService Provider specifies at least one AuthenticationContext class reference that is supported by thisapplication.

FBTSTS033E The Access Manager Java Runtimeconfiguration file is not specified.

Explanation: The path to the Tivoli Access ManagerJava Runtime configuration file is not specified.


Administrator response: Ensure a configuration filelocation for the Tivoli Access Manager Java Runtime isspecified.

FBTSTS034E A principal name was not provided withwhich to create an Access Managerprincipal.

Explanation: Creating an Access Manager principalrequires a principal name.


Administrator response: Provide a principal name inthe request.

FBTSTS035E The Status Token Module has not beenenabled.

Explanation: The configuration key'status.module.enable' must be present and set to trueon every federation where the status token is used.


Administrator response: Enable the status module.

FBTSTS036E The IV-Cred token module does notoperate in the given mode, 'mode'.

Explanation: The mode that was configured for themodule is not valid.

System action: The module will not be available atruntime.

Administrator response: Change the operation modeto 'issue' or 'validate'.

FBTSTS037E The IV-Cred token moduleconfiguration is missing a requiredparameter, 'param'.

Explanation: The specified parameter is required foroperation.


Administrator response: Add the specified parameterto the configuration.



FBTSTS038E The token module does not operate inthe given mode, 'mode'.




FBTSTS039E The specified keystore alias (alias) wasnot found or is not valid.

Explanation: The key service could not find a keywith the provided alias or the alias has an invalid type.

System action: The token module will be disabled.

Administrator response: Ensure you have the correctkeystore configured.

FBTSTS040E An anonymous principal name is notconfigured for partner identity provider.

Explanation: An assertion was received from theidentity provider with a onetime name identifier, butan anonymous principal name is not specified in theconfiguration for the partner.

System action: The token exchange cannot beperformed.

Administrator response: Configure an anonymousprincipal name for the partner.

FBTSTS041E A username token was not present inthe current request.

Explanation: The current request did not contain auser name token for validation.


Administrator response: Ensure that clients aresending the username token.

FBTSTS042E The input token [namespace][local ] is nota username token and cannot be parsed.

Explanation: The current request did not contain auser name token for validation.


Administrator response: Ensure that clients aresending the username token.

FBTSTS043E The received message does not contain acreated time element.

Explanation: The current request did not contain acreated time element, although configuration specifiesthat it is required.


Administrator response: If clients do not send theusername token or created time, then they must disablelifetime checking.

FBTSTS046E The AppliesTo element is missing fromthe request or is badly formed.

Explanation: The AppliesTo element is missing fromthe request or is badly formed.


Administrator response: Ensure the configuration iscorrect.

FBTSTS047E None of the requested authenticationcontext requirements can be met.

Explanation: The authentication request contained oneor more authentication contexts whose requirementscannot be met by the identity provider.



FBTSTS048E The attribute profile specified in therequest is not supported.

Explanation: The request specified an attribute profilethat is not supported by the identity provider.



FBTSTS049E The Attribute in the request containedan unexpected content for the name orthe value.

Explanation: The request specified an attribute that isnot supported by the identity provider.





FBTSTS050E A Keystore alias is not configured forencryption.

Explanation: A keystore alias must be configured ifencryption is to be used.


Administrator response: An encryption keystore aliasis required for sending or receiving encrypted elements.Reconfigure this application and re-start the server.

FBTSTS051E The Assertion does not contain a validrecipient or the bearer subjectconfirmation is missing.

Explanation: The Subject in the assertion must containa bearer subject confirmation with a recipient value thatmatches the Assertion Consumer service endpoint ofthe Service Provider.


Administrator response: Ensure that the identityprovider conforms with the SAML 2.0 SSO profile.

FBTSTS052E A Keystore alias is not configured fordecryption and the assertion isencrypted or contains encryptedelements.

Explanation: A keystore alias must be configured inorder to process encrypted assertion elements.


Administrator response: An decryption keystore aliasis required for receiving encrypted elements.Reconfigure this application and re-start the server.

FBTSTS053W A Keystore alias is not configured forencryption. Attribute attrname will notbe encrypted.

Explanation: The mapping rule has indicated apreference for encrypting an attribute, but a keystorealias has not been configured for encryption.

System action: The request for encryption is ignored.

Administrator response: An encryption keystore aliasis required for sending or receiving encrypted elements.Reconfigure this application and re-start the server.

FBTSTS054E An unrecognized SAML Conditionelement has been found in theAssertion: [ Element ].

Explanation: The Assertion state is indeterminatebecause of an unrecognized Condition element.


Administrator response: Ensure that the federation isproperly configured.

FBTSTS055E Validation of the digital signature onthe given element failed.

Explanation: The validation of the digital signature onthe given element failed. Either the signature iscorrupted or the wrong validation key was used.

System action: The STS request fails and returns anerror.

Administrator response: Determine whether the causeof the failure is a corrupted signature or invalid key, fixthe problem, and regenerate the request.

FBTSTS056E A valid JAAS principal was not found.

Explanation: A valid JAAS principal was not found.

System action: The request fails; the system returns anerror.

Administrator response: Determine the reason whythe requestor is not authenticated to WebSphere, fix theproblem, then try again.

FBTSTS057E Generation of the binary security tokenfailed.

Explanation: The STS failed to issue a binary securitytoken.

System action: The request fails; the system returns anerror

Administrator response: Check the logs to determinethe cause of the failure, fix the problem, and try again.

FBTSTS058E An error occurred validating theattributes of the RequestSecurityToken.

Explanation: An error occurred validating theattributes of the RequestSecurityToken.

System action: The request fails; the system returns anerror

Administrator response: Check the logs for the causeof the error, fix the problem, and try again.

FBTSTS059E The required parameterDSIG.VerificationKeyIdentifier was notfound.

Explanation: The required parameterDSIG.VerificationKeyIdentifier was not found.

System action: The request fails; the system returns anerror.

Administrator response: Ensure that the parameter isset correctly and try again.



FBTSTS060E The protected object name for the webservice is not specified.

Explanation: The protected object name configurationparameter has not been specified.


Administrator response: Ensure a protected objectname configuration parameter is specified.

FBTSTS062E JAAS authentication for user insertfailed.

Explanation: The system failed to authenticate thegiven user through JAAS.


Administrator response: Ensure that the user'scredentials are valid and resubmit the request.

FBTSTS063E The X.509 security token is missing or isnot valid.

Explanation: The X.509 security token to be validatedis either missing or is not valid.


Administrator response: Ensure that the X.509security token is valid and resubmit the request.

FBTSTS064E The X.509 certificate path is not valid.

Explanation: The X.509 certificate path for thecertificate or certificates, contained within the securitytoken, is not valid.


Administrator response: Ensure that the X.509security token is valid and resubmit the request.

FBTSTS065E The Kerberos security token is missingor is not valid.

Explanation: The Kerberos security token to bevalidated is either missing or is not valid.


Administrator response: Ensure that the Kerberossecurity token is valid and resubmit the request.

FBTSTS066E STSUniversalUser has more than onePrincipal 'name' attribute: param1param2: param2

Explanation: The STSUniversalUser should have onlyone Principal attribute with the key 'name'. Otherwise,the STSUniversalUser is ambiguous.


Administrator response: Ensure that the

STSUniversalUser has only one 'name' Principalattribute and resubmit the request.

FBTSTS067E The Kerberos service name is notconfigured.

Explanation: The Kerberos service name is notconfigured.


Administrator response: Ensure that the Kerberosservice name is configured.

FBTSTS068E The signature generation process for thegiven element has failed.

Explanation: The server attempted to digitally signsomething and has failed to do so.


Administrator response: Determine the cause of thefailure and resubmit the request.

FBTSTS069E The received assertion failed signatureverification.

Explanation: The server's attempt to verify anassertion's digital signature has failed.



FBTSTS070E Required assertion signature not found.

Explanation: The assertion was not signed as required.



FBTSTS071W The delegation module was not givenany delegate modules at initialization.The module will do nothing whencalled.

Explanation: The delegation module was placed in amodule chain, but was not given any modules fordelegation. When this module is invoked, it will donothing.


Administrator response: Ensure that the module isproperly configured by providing it a list of delegatemodules.

FBTSTS060E • FBTSTS071W


FBTSTS072E Cannot find module instance with IDinsert.



Administrator response: Verify the module instanceID exists.

FBTSTS073E The token presented is not an LTPAtoken.

Explanation: The token presented was not a binarysecurity token and therefore not an LTPA token.

System action: Request fails.

Administrator response: Make sure that the Base inthe request contains an LTPA token as a binary securitytoken.

FBTSTS074E The LTPA token is empty.

Explanation: An empty token was presented to themodule.


Administrator response: Make sure that the requestcontains an LTPA Token.

FBTSTS075E Token creation failed.

Explanation: The token could not be created.


Administrator response: Make sure that the correctpassword was presented for the keys. Otherwise, readthe description of the exception that caused this andcheck the trace log for errors.

FBTSTS076E LTPA Token is invalid.

Explanation: The LTPA token presented for validationis not valid. Extended error information should beavailable in the exception stack trace.


Administrator response: Make sure that the requestcontains a valid LTPA token.

FBTSTS077E Validated token information is empty,incorrect keys are the probable reason.

Explanation: The information gathered from the tokenis empty.


Administrator response: Make sure that the correctkeys and password are used for token consumption.

FBTSTS078E The STS Universal User cannot beempty.

Explanation: The STS Universal User documentpassed into the module was empty.


Administrator response: Make sure that the STSUniversal User document presented to the module isnot empty.

FBTSTS079E The realm used for token creation is notspecified. You must specify a realm ineither the configuration or the STSUniversal User principal.

Explanation: The realm that was going to be used fortoken creation was empty. This must be specified inorder for the user ID to be created.


Administrator response: Either reconfigure themodule to insert a static realm, or specify a realm inthe STS Universal User principal.

FBTSTS080E The User ID is not specified. Each tokencreated must have a User ID.

Explanation: No name attribute was specified in theSTS Universal User.


Administrator response: Check the STS UniversalUser document and make sure that a name is specifiedin the principal.

FBTSTS081E The LTPA token module does notoperate in the given mode, 'mode'.



Administrator response: Change the operation modeto 'issue', 'exchange' or 'validate'.

FBTSTS082E The password for the keys is not valid.

Explanation: The password configured to decrypt thekeys is not valid.


Administrator response: Enter the correct passwordfor the LTPA keys.



FBTSTS083E The public key is not valid.

Explanation: The public key entered is not a validpublic key.


Administrator response: Enter a valid public keyvalue.

FBTSTS084E The private key is not valid.

Explanation: The private key entered is not a validprivate key.


Administrator response: Enter a valid private keyvalue.

FBTSTS085E The shared key is not valid.

Explanation: The shared key entered is not a validshared key.


Administrator response: Enter a valid shared keyvalue.

FBTSTS086E The JCE provider specified, 'provider',does not exist.

Explanation: The JCE provider entered is not a validprovider.


Administrator response: Enter a valid provider, or usethe default provider.

FBTSTS087E The algorithm specified, 'algorithm', doesnot exist.

Explanation: The algorithm entered is not a validalgorithm.


Administrator response: Enter a valid algorithm, oruse the default.

FBTSTS088E The padding specified in the ciphersuite, 'padding', does not exist.

Explanation: The padding entered is not valid.


Administrator response: Enter valid padding, or usethe default.

FBTSTS089E The decryption of the token failed. Thiscould be caused by an invalid token,invalid shared key or an invalidpassword for the key.

Explanation: The decryption of the token failed. Thiscould be caused by a token, shared key, or passwordthat is not valid.


Administrator response: Verify that the LTPA sharedkey and password are correct.

FBTSTS090E The encryption of the token failed. Thiscould be caused by an invalid token,invalid shared key or an invalidpassword for the key

Explanation: The encryption of the token failed. Thiscould be caused by a token, shared key, or passwordthat is not valid.


Administrator response: Verify that the LTPA sharedkey and password are correct.

FBTSTS091E The Version specified in theconfiguration for issuing a token:'version' is not valid. It must be either 1or 2.

Explanation: The LTPA token version number is notvalid.


Administrator response: Verify that the LTPA tokenbeing sent to the module is LTPAv1 or LTPAv2.

FBTSTS092E The expiration parameter in theSTSUniversalUser not a valid number:'expiration'.

Explanation: The LTPA expiration time is not valid. Itmust be a valid positive integer representing thenumber of milliseconds since the epoch that this tokenexpires.


Administrator response: Verify that the mapping rulesets the expiration Principal attribute correctly.

FBTSTS093E The LTPA token has expired. Expirationtime: 'expiration'. Current time: 'now'.

Explanation: The LTPA token has expired.




Administrator response: Verify that the expirationtime of the token is valid and that the clock on thesystem where the token is generated is in sync with theclock on the FIM Runtime.

FBTSTS100E The text block for variable 'variable' is'text', which is not a valid XML node.

Explanation: The variable is being used to add anXML node as a value to an STSUniversalUser; however,the text for that variable is not a valid XML nodestring.

System action: Conversion of TDI Variable to XMLNode fails.

Administrator response: Modify the Tivoli DirectoryIntegrator assembly line to produce valid a XML stringfor the node value, or use a string value.

FBTSTS101E The assembly line identified by 'al'could not be executed.

Explanation: The assembly line could not besuccessfully invoked.


Administrator response: Check the causing exceptionto determine if this was an assembly line error, or anRMI error invoking the assembly line.

FBTSTS102E The assembly line represented by [Hostname: hostname Port: portConfigurationFilename: configAssemblyLineName:alname] cannot beloaded.

Explanation: The assembly line cannot be loaded.Check that the connection details are correct and thatthe server is running.


Administrator response: Validate that the TivoliDirectory Integrator connection, configuration andassembly line details are correct, and that the TivoliDirectory Integrator server is running.

FBTSTS105W Invalidating connection to TDI Serverrmiurl.

Explanation: The connection to the Tivoli DirectoryIntegrator server has been invalidated due to anexception during a remote operation. This can occur,for example, if the Tivoli Directory Integrator server isrestarted.

System action: The server connection will be droppedand a reconnection will be attempted on the nexttransaction.

Administrator response: No immediate administrationintervention is necessary. If this message appears

regularly, validate that the Tivoli Directory Integratorserver is running correctly and is reachable.

FBTSTS106E The Tivoli Directory Integrator server athostname hostname and port port cannotbe reached.

Explanation: The connection to the Tivoli DirectoryIntegrator server cannot be established. This could bean invalid configuration, a networking problem, or aninactive server.

System action: The request will fail.

Administrator response: Check that the TivoliDirectory Integrator server is running and reachable,and that the configuration of the hostname and port forthe Tivoli Directory Integrator server is correct.

FBTSTS107W Another thread has detected that theconnection to Tivoli Directory Integratorserver at hostname hostname and portport is invalid. One retry for this requestwill be attempted.

Explanation: The connection to the Tivoli DirectoryIntegrator server failed, and was detected by anotherthread while waiting for an available connection.

System action: The request will be retried once.

Administrator response: Check that the TivoliDirectory Integrator server is running and reachable.

FBTSTS108E Too many threads (numthreads) werewaiting for access to the assembly line: [Hostname: hostname Port: portConfigurationFilename: configAssemblyLineName:alname]

Explanation: The threshold for the maximum numberof waiting threads on the assembly line has beenexceeded.

System action: The request will fail, and should beretried later when traffic eases.

Administrator response: Check that the TivoliDirectory Integrator server is functioning normally. Itmay be necessary to increase the pool size for theassembly line, or increase the maximum number ofthreads that can wait.

FBTSTS109E A timeout (timeoutval msec) occurredwhile waiting for a connection to theTivoli Directory Integrator server forassembly line: [ Hostname: hostnamePort: port ConfigurationFilename: configAssemblyLineName:alname]

Explanation: The thread was waiting for a connectionto the Tivoli Directory Integrator server, and thetimeout was reached.



System action: The request will fail, and may beretried later.

Administrator response: Check that the TivoliDirectory Integrator server is functioning normally. Itmay be necessary to increase the pool size for theassembly line, or increase the maximum timeout.

FBTSTS110E A thread was unexpectedly interruptedwhile waiting for an assembly linehandler for: [ Hostname: hostname Port:port ConfigurationFilename: configAssemblyLineName:alname]

Explanation: A thread was waiting for an assemblyline handler, and was unexpectedly interrupted. Thiserror should not occur.

System action: The request will fail.

Administrator response: Contact IBM SoftwareSupport.

FBTSTS120E The TAM GSO module does not operatein the given mode, 'mode'



Administrator response: Change the operation modeto 'map'.

FBTSTS121E The token representing the current userwas empty.

Explanation: This indicates an error in the request tothe trust service, or a processing error in a previousmodule in the trust chain.


Administrator response: Validate your trust chainconfiguration and the request to the trust service.

FBTSTS122E Could not retrieve GSO credentials fromTivoli Access Manager for the GSOresource 'rsrc' for user 'user'.

Explanation: Tivoli Access Manager could not becontacted, or the returned credentials were empty.


Administrator response: Validate that the TivoliAccess Manager policy server is running and that theTivoli Access Manager user has a matching GSOresource.

FBTSTS123E The Tivoli Access Manager credentialsdo not contain a username for the GSOresource 'rsrc' for user 'user'.

Explanation: The Tivoli Access Manager configurationis not valid.


Administrator response: Validate that the TivoliAccess Manager GSO credentials for this user arecorrectly populated.

FBTSTS124E The token representing the current userdid not contain a username.

Explanation: This indicates an error in the request tothe trust service, or a processing error in a previousmodule in the trust chain.


Administrator response: Validate your trust chainconfiguration and the request to the trust service.

FBTSTS125E The configuration for the Tivoli AccessManager GSO resource name is missing.

Explanation: This message indicates a configurationerror.


Administrator response: Validate your trust chainconfiguration.

FBTSTS126E The Access Manager Java Runtimeconfiguration file is not specified ordoes not exist.

Explanation: The path to the Tivoli Access ManagerJava Runtime configuration file is not specified or thefile does not exist.


Administrator response: Ensure that Tivoli AccessManager Java Runtime is configured for this domain.

FBTSTS130E Invalid security token. Claims elementis missing the required attribute 'name'.

Explanation: The Claims element must contain thespecified attribute or element.



FBTSTS131E Invalid security token. The Assertiondoes not contain an AuthnStatementelement.

Explanation: The SAML 20 SSO protocol requires the



presence of at least one authentication statement(AuthnStatement) element.


Administrator response: Ensure that the IdentityProvider is compliant with the SAML 2.0 SSO protocol.

FBTSTS132E The SAML STS module was unable tolocate the issued assertion.

Explanation: The selection criteria specified to querythe issued assertion does not match any of theassertions cached or the assertion has expired.


Administrator response: Provide a valid selectioncriteria.

FBTSTS140E The STSUniversalUser STS moduledoes not operate in the given mode,'mode'.




FBTSTS141E The token passed to the STS module forvalidation was not an STSUniversalUsertoken.

Explanation: This indicates the token module has beencalled in validate mode with a token that is not anSTSUniversalUser.


Administrator response: Validate that the client of thetrust service is passing the correct token type.

FBTSTS142E The incoming security token did notcontain the required browser requestclaims.

Explanation: An STS module requiresBrowserRequestClaims in the incoming security token.


Administrator response: Ensure that the STS modulerequiring the claims is invoked by a protocol thatprovides the claims.

FBTSTS150E The Access Manager Java Runtimeconfiguration file does not exist.

Explanation: The Tivoli Access Manager Java Runtimeconfiguration file does not exist.



FBTSTS151E A Tivoli Access Manager principal namewas not provided.

Explanation: An authentication check requires aprincipal name.


Administrator response: Provide a principal name inthe STS universal user.

FBTSTS160E The Access Manager Java Runtimeconfiguration file does not exist.

Explanation: The Tivoli Access Manager Java Runtimeconfiguration file does not exist.



FBTSTS161E A Tivoli Access Manager principal namewas not provided.

Explanation: An authorization check requires aprincipal name.


Administrator response: Provide a principal name inthe STS universal user.

FBTSTS162E A Tivoli Access Manager protectedobject name was not provided.

Explanation: An authorization check requires aprotected object name.


Administrator response: Provide a protected objectname in the STS universal user.

FBTSTS163E A Tivoli Access Manager action was notprovided.

Explanation: An authorization check requires anaction.


Administrator response: Provide an action in the STSuniversal user.

FBTSTS165E The LTPA token configuration ismissing the required secret shared key.

Explanation: The LTPA token requires a secret sharedkey to be able to encrypt or decrypt LTPA tokens.




Administrator response: Verify that the secret sharedkey was given for the LTPA token module. Also, verifythat there wasn't an error during startup wheninitializing the LTPA token module's configuration.

FBTSTS166E The LTPA token configuration ismissing the required public key.

Explanation: The LTPA token requires a public key tobe able to validate LTPA tokens.


Administrator response: Verify that the public keywas given for the LTPA token module. Also, verify thatthere wasn't an error during startup when initializingthe LTPA token module's configuration.

FBTSTS167E The LTPA token configuration ismissing the required private key.

Explanation: The LTPA token requires a private key tobe able to issue LTPA tokens.


Administrator response: Verify that the private` keywas given for the LTPA token module. Also, verify thatthere wasn't an error during startup when initializingthe LTPA token module's configuration.

FBTSTS168E The LTPA token configurationvalidation failed.

Explanation: The LTPA token configuration validationfailed.


Administrator response: Verify that the configurationfor the LTPA module is correct. Also, examine thesystem log for any reported exceptions.

FBTSTS180E The mapping extension utility functionfnc failed.

Explanation: The mapping extension utility functionfailed, and the error message should contain acaused-by exception which explains the root cause.


Administrator response: Examine the system log forthe reported root-cause exception.

FBTSTS181E WebSphere Registry authentication foruser insert failed.

Explanation: The system failed to authenticate thegiven user through the WebSphere Registry.


Administrator response: Ensure that the user'scredentials are valid and resubmit the request.

FBTSTS190E The Kerberos realm name is missing orinvalid.

Explanation: The Kerberos realm name is missing orinvalid.


Administrator response: Ensure that the Kerberosrealm name is present in the STS universal user bydefining the appropriate mapping rule.

FBTSTS191E The Kerberos client name is missing orinvalid.

Explanation: The Kerberos client name is missing orinvalid.


Administrator response: Ensure that the Kerberosclient name is present in the STS universal user bydefining the appropriate mapping rule.

FBTSTS192E The Kerberos client password is missingor invalid.

Explanation: The Kerberos client password is missingor invalid.


Administrator response: Ensure that the Kerberosclient password is present in the STS universal user bydefining the appropriate mapping rule.

FBTSTS193E The Kerberos service name is missing orinvalid.

Explanation: The Kerberos service name is missing orinvalid.


Administrator response: Ensure that a mapping rulethe Kerberos service name is present in the STSuniversal user by defining the appropriate mappingrule.

FBTSTS200E The KESS STS module does not operatein the given mode, 'mode'

Explanation: The configured mode is invalid.

System action: The module is not available atruntime.




FBTSTS201E The KESS STS token configuration isnot valid for a required parameter:'param'. Value: 'value'

Explanation: The KESS STS token module has beenconfigured with an invalid option.


Administrator response: Verify that the configurationfor the token module contains the required parametersfor the operation.

FBTSTS202E The STSUniversalToken is missing therequired 'ElementID' Context Attribute.

Explanation: When performing signing operations, theSTSUniversalUser must contain a Context Attributecalled 'ElementID'. This attribute must have a valuethat matches the value of a reference attribute in theelement to sign.


Administrator response: Verify that theSTSUniversalUser processed by this module contains aContext Attribute called 'ElementID'. Verify that valueof the attribute matches the value of a referenceattribute that can be signed.

FBTSTS203E The KESS STS Module cannotdetermine a node to sign from theattribute: 'attrname'.

Explanation: The STSUniversalUser attribute did notcontain a node value that the KESS STS module cansign.


Administrator response: Verify that theSTSUniversalUser processed by this module contains anode value in the configured attribute that can besigned.

FBTSTS204E The KESS STS Module failed tovalidate a signature for XML: 'xml'.

Explanation: The KESS STS Module cannot completethe signing operation because the signature is invalid.


Administrator response: Verify that the client issending XML with a valid signature and that KESScontains a matching signature validation key.

FBTSTS205E The KESS STS Module cannotdetermine a node to validate from theattribute: 'attrname'.

Explanation: The KESS STS module cannot validatethe signature because the STSUniversalUser attributecontaines an invalid node value.


Administrator response: Verify that theSTSUniversalUser processed by this module contains anode value in the configured attribute that can bevalidated.

FBTSTS206E The KESS STS Module cannotdetermine a node to encrypt from theattribute: 'attrname'.

Explanation: The KESS STS module cannot completethe encryption operation because the STSUniversalUserattribute contains a node value that cannot beencrypted.


Administrator response: Verify that theSTSUniversalUser processed by this module contains anode value in the configured attribute that can beencrypted.

FBTSTS207E The KESS STS Module cannotdetermine a node to decrypt from theattribute: 'attrname'.

Explanation: The KESS STS module cannot completethe decryption operation because the STSUniversalUserattribute contains a node value that cannot bedecrypted.


Administrator response: Verify that theSTSUniversalUser processed by this module contains anode value in the configured attribute that can bedecrypted.

FBTSTS208E The Default Map Module could notdetermine mapping rule type.

Explanation: The Default Map Module cannotdetermine the rule type based on the configuration.

System action: Identity mapping fails.

Administrator response: Verify that the defaultmapping module is configured correctly.

FBTSTS220E The SAML Attribute Query STS moduledoes not operate in the given mode,'mode'.






FBTSTS221E The SAML Attribute Query STS modulecould not find an assertion on theattribute query saml response.

Explanation: The attribute authority did not returnedan assertion on the saml response.


Administrator response: Verify that the configurationis correct. Also, examine the system log for anyreported exceptions.

FBTSTS222E The SAML Attribute Query STS modulecould parse the assertion from theattribute query saml response.

Explanation: The SAML attribute query sts modulewas not able to parse the assertion on the samlresponse.



FBTSTS223E The SAML Attribute Query STS modulecould not validate the xml digitalsignature.

Explanation: The SAML attribute query sts modulewas not able to validate the xml digital signature.



FBTSTS224E The SAML Attribute Query STS modulesignature validation key is not properlyconfigured.

Explanation: The SAML attribute query sts modulesignature validation key is not properly configured.


Administrator response: Verify that the validation keyis configured on the partner configuration.

FBTSTS225E The SAML Attribute Query STS modulecould not get the saml response fromthe soap envelope.

Explanation: The SAML attribute query sts modulecould not get the saml response from the soapenvelope.



FBTSTS226E The assertion included on the SAMLAttribute Query SAML Response is notsigned. This module is configure toreject unsigned assertions.

Explanation: The SAML attribute query sts moduleexpects the assertion to be signed.


Administrator response: Verify the configuration andmodify the settings to make assertion signatureoptional.

FBTSTS227E The SAML Attribute Query STS modulecould not parse the saml response.

Explanation: The SAML attribute query sts modulecould not parse the saml response.



FBTSTS228E The SAML Attribute Query STS modulecould not decrypt the xml message.

Explanation: The SAML attribute query sts modulewas not able to decrypt the xml message.



FBTSTS229E The SAML Attribute Query STS moduledecryption key is not properlyconfigured.

Explanation: The SAML attribute query sts moduledecryption key is not properly configured.


Administrator response: Verify that the validation keyis configured on the partner configuration.

FBTSTS230E The SAML Attribute Query SAMLResponse is not signed. This module isconfigure to reject unsigned samlresponse.

Explanation: The SAML attribute query sts moduleexpects the saml response to be signed.


Administrator response: Verify the configuration andmodify the settings to make saml response signatureoptional.



FBTSTS231E The SAML Attribute Query STS modulecould not sign the attribute query xmlmessage.

Explanation: The SAML attribute query sts modulewas not able to sign the attribute query xml message.



FBTSTS232E The SAML Attribute Query STS modulecould not create the attribute query xmlmessage.

Explanation: The SAML attribute query sts modulecould not create the attribute query xml message.



FBTSTS233E The SAML Attribute Query STS modulewas not able to send the attribute queryxml message.

Explanation: The SAML attribute query sts modulecould not send the attribute query xml message to theattribute authority.



FBTSTS234E The SAML Attribute Query STS modulewas not able to obtain the user principalname.

Explanation: The SAML attribute query sts modulecould not obtain the user principal name.


Administrator response: Verify that the configurationis correct. Verify that the mapping module is setting theuniversal user values properly.

FBTSTS235E The SAML Attribute Query STS modulewas not able to obtain the partner aliasfrom the alias service.

Explanation: The SAML attribute query sts modulecould not obtain the partner alias from the alias service.



FBTSTS236E The SAML Attribute Query STS modulereceived an invalid saml response.

Explanation: The saml response received by theSAML attribute query sts module is not valid.



FBTSTS237E The response message InResponseToattribute does not correlate to thepending request ID attribute.

Explanation: The response message contains anInResponseTo attribute that does not match the IDattribute of the pending request. It is possible that theresponse was received in error.


Administrator response: If the response is legitimate,examine the trace logs to see why the InResponseToattribute does not match the ID attribute of thecurrently pending request.

FBTSTS238E The timestamp in the SAML message isout of range. The message timestamp,msgTime, is not within tolerance secondsof compareTime.

Explanation: The SAML message has a timestamp thatis not valid.


Administrator response: There are several reasonsthat a SAML message timestamp might be out of range:The clocks on the communicating providers systems areskewed beyond the acceptable tolerance, networkdelays are hampering message flow, or the acceptabletolerance for message timestamp is set too low. Theadministrator should check these points and make anynecessary adjustments.

FBTSTS239E Cannot determine the SAML status.

Explanation: The SAML status attribute is required forthis message and cannot be determined.


Administrator response: Examine the trace logs to seewhy the SAML status was not set.

FBTSTS240E The attribute query request failed at theattribute authority.

Explanation: The SAML status included in the samlresponse message indicates that the request failed atthe attribute authority.




Administrator response: Examine the trace logs at theattribute authority or the saml response to see why therequest operation failed.

FBTSTS241E The SAML Attribute Query STS tokenconfiguration is not valid for a requiredparameter: 'param'. Value: 'value'

Explanation: The SAML Attribute Query STS tokenmodule has been configured with an invalid option.



FBTSTS242E The SAML Attribute Query STS tokenconfiguration is not valid for a requiredparameter: 'param'. Value: 'value' is out ofrange. Minimum value: 'value' MaximumValue: 'value'

Explanation: The SAML Attribute Query STS tokenmodule has been configured with an invalid option.



FBTSTS260E The OAuth validation request for tokentype: 'type' failed.

Explanation: The OAuth validation request failedbecause the syntax of the request message or theparameters is not valid.


Administrator response: Ensure that the requestmessage and the parameters have the correct syntax.

FBTSTS261E The OAuth token type: 'type' cannot becreated.

Explanation: The OAuth server cannot issue anOAuth token for the requested token type.

System action: The OAuth token request is rejected.

Administrator response: Check the trace logs todetermine the cause of the error.

FBTSTS262E The OAuth server failed to authorizethe OAuth token: 'token' and user name:'username'.

Explanation: The OAuth server cannot generate averification code.

System action: The authorization of the client isrejected.


FBTSTS263E The validation for the OAuth token:'token' failed.

Explanation: The OAuth server cannot validate thetoken.

System action: The token validation fails.


FBTSTS265E The token type:'type' that was received isnot valid.

Explanation: The token type value is not recognized.


Administrator response: Ensure that the token typesent to the OAuth server is valid.

FBTSTS266E The STSUU token passed to the STSdoes not have the requiredparameter:'param'.

Explanation: The STSUU token sent to the server doesnot have all the required parameters.


Administrator response: Check the trace log to seewhich parameter is not present and to determine thecause of the error.

FBTSTS268E The configuration value for theparameter: 'param' is not valid. The valuefound was: 'value'. The default value'default value' is used instead.

Explanation: The value of the configuration parameteris not valid.


Administrator response: Ensure that the configurationparameter type is correct and that the value is valid.

FBTSTS269E An OAuth parameter with the name:'param' already exists.

Explanation: There is a duplicate parameter in therequest.


Administrator response: Ensure that there are noduplicate parameters in the request message.



FBTSTS270E The OAuth token with lookup: 'tokenstring' and type: 'type' cannot be found.

Explanation: The token for the given token type doesnot exist in the cache.


Administrator response: Ensure that the token is validand is mapped to the token type.

FBTSTS271E Invalid STS mode: 'mode'.

Explanation: The STS mode is not mapped to the STSmodule.


Administrator response: Ensure that the STS moduleis configured with the correct mode.

FBTSTS272E A two-legged OAuth request fromclient: 'client identifier' failed.

Explanation: The OAuth server is not configured toaccept two-legged OAuth requests.


Administrator response: Ensure that two-leggedOAuth is enabled at the OAuth server.

FBTSTS273E The OAuth client with identifier: 'clientidentifier' cannot be found.

Explanation: The client identifier in the request doesnot match any registered client or the client is disabledat the OAuth server.



FBTSTS290E Invalid STS mode: 'mode'.

Explanation: The STS mode is not mapped to the STSmodule.

System action: The request is halted

Administrator response: Ensure that the STS moduleis configured with the correct mode.

FBTSTS292E The OAuth 2.0 request type:'request_type' is not valid.

Explanation: The value of the request_type parameteris not valid.


Administrator response: Ensure your OAuth 2.0enforcement point is providing the correct value forthis parameter, or no value at all.

FBTSTS293E The OAuth 2.0 token module requestfailed due to the following exception:'name'.

Explanation: An internal exception caused the requestto stop.


Administrator response: Check the exception thatcaused this error.

FBTSTZ001E The Keystore service is not available forgenerating, signing, or validating RACFPassTicket Tokens.

Explanation: Internal Error:The Keystore service couldnot be accessed.



FBTSTZ002E RACF PassTicket Processing Failed! SAFrc=VALUE_0, RACF rc=VALUE_1, RACFreason code=VALUE_2.

Explanation: RACF returned an error while processinga PassTicket.


Administrator response: Refer to the z/OS SecurityServer RACF Messages and Codes for moreinformation on the SAF/RACF return and reasoncodes.

FBTSTZ003E The value provided is not a validPassTicket.

Explanation: The given Username token's passwordwas not a valid PassTicket.


Administrator response: Ensure the defined Usernametoken's password was generated by a standardPassTicket generator with the correct secret key for thespecified user ID and configured application name.

FBTSTZ004E The PassTicket cannot be validated forthe user ID <VALUE_0>, applicationname <VALUE_1>, and key profile<VALUE_2>.

Explanation: The given PassTicket does not validatefor the given user ID, application name, and secret key.


Administrator response: Ensure the defined Usernametoken's password was generated by a standardPassTicket generator with the correct secret key for thespecified user ID and configured application name.

FBTSTS270E • FBTSTZ004E


FBTSTZ005E The specified user ID <VALUE_0>,application name <VALUE_1>, and/orkey profile <VALUE_2>, do not meet theminimal PassTicket requirements.

Explanation: The configuration and/or the Usernametoken's username do not meet the PassTicketrequirements.


Administrator response: Validate the configurationand ensure the user ID and application name satisfyPassTicket requirements.

FBTSTZ006E An encryption error occurred duringPassTicket processing.

Explanation: Internal Error: An error was encounteredduring the encryption phase of PassTicket processing.



FBTSTZ007E An unknown error occurred duringPassTicket processing.

Explanation: Internal Error: An unknown internalerror was encountered.



FBTSTZ008E The value specified for encryption anddecryption of PassTickets was invalid.The value specified must be exactlysixteen characters long and shouldcontain only hexadecimal digits 0-9 anda-f. Please reconfigure your PassTicketmodule specifying a valid key.

Explanation: The PassTicket module requires that anadministrator specify a DES key as sixteen hexadecimaldigits. The administrator failed to do so.


Administrator response: Use the console toreconfigure the PassTicket module, specifying anappropriate encryption key.

FBTTAC003E An error occurred when reading orwriting the file file name:\nerror text\n

Explanation: An error occurred when either readingor writing a file. The error text contains additionalinformation about the error.

System action: If the file is a non-critical file, the toolwill attempt to proceed. If the file is critical to theoperation being performed, the tool will exit.

Administrator response: Attempt to resolve theproblem described by the error text. Verify that the fileexists. If the error occurs because the tool does nothave permission to modify the file, verify the file iswritable.

FBTTAC004E Unable to understand file file name, lineline number.\n The text invalid line fromstanza file is not valid.\n

Explanation: An error occurred when interpreting astanza file. The file format does not appear to becorrect.

System action: The file will not be read. The tool willexit.

Administrator response: The most likely cause of thiserror is that the file specified is not a Security AccessManager stanza file. Verify that the file specified is thecorrect file to use. If necessary, refer to thedocumentation for examples of how to use theautoconfiguration tool.

FBTTAC005E Unable to connect to host host name orIP address, port TCP port number:\nerrortext\n

Explanation: The tfimcfg tool tried to create a TCPconnection to the server and port specified. Theconnection failed.

System action: The action taken depends on whatconnection failed. In some cases, the connection will beretried or the configuration will continue even thoughthe connection failed. In other cases, the configurationwill stop. Subsequent messages will explain whataction is being taken.

Administrator response: The administrative responsedepends on which TCP connection failed and for whatreasons. As a general rule, the administrator shouldverify connectivity to the machine to which theconnection failed. Administrators should also verifythat they entered the correct hostname and portinformation if they were prompted to do so.

FBTTAC006W Please verify the WebSEAL server isrunning.\n

Explanation: The WebSEAL server does not appear tobe running, so the autoconfiguration cannot proceed.

System action: The autoconfiguration tool will exitwithout modifying any configuration.

Administrator response: Start the WebSEAL server. Ifthe WebSEAL server is already running, verify that theconfiguration file specified is correct.

FBTSTZ005E • FBTTAC006W


FBTTAC007E The file file name indicates that\nPDJrte has not been fully configured foryour Java runtime. Please configure\nthe PDJrte in 'full' mode before runningthe Security Access Managerautoconfiguration tool.\n

Explanation: The Security Access Managerautoconfiguration tool requires that the PDJrte packagebe fully configured before the tool is run.


Administrator response: Use the pdconfig program toconfigure the PDJrte in 'full' mode, and then rerun theSecurity Access Manager autoconfiguration tool.

FBTTAC008W The stanza entry [stanza name]entryname was not found.\n

Explanation: The Security Access Managerautoconfiguration tool checked for but did not find theconfiguration file entry described in the message.

System action: If it is possible to proceed without thatconfiguration entry, the autoconfiguration tool will doso. Otherwise the tool will exit.

Administrator response: Verify that the configurationfile specified to the autoconfiguration tool belongs to aconfigured WebSEAL server.

FBTTAC011W The value property name was notspecified in the response file.\n

Explanation: The Security Access Managerautoconfiguration tool checked for but did not find theresponse file entry described in the message.

System action: If it is possible to proceed without theresponse file entry, the autoconfiguration tool will doso. Otherwise the tool will exit.

Administrator response: If the configuration proceeds,no action is necessary. If the configuration fails, attemptan interactive configuration by omitting the '-rspfile'option.

FBTTAC015E An unexpected erroroccurred:\nexception text:\nexception stacktrace\n

Explanation: Most error conditions are handledautomatically by the autoconfiguration tool. Thismessages means an unexpected error occurred, andcould not be handled automatically.

System action: The autoconfiguration tool will givethe administrator an opportunity to make differentselections for the configuration.

Administrator response: Attempt to diagnose thecause of the error based on the exception text. If

possible, choose different configuration options.

FBTTAC019E None of the endpoints for thisfederation are handled by thisWebSEAL server. Configuration cannotcontinue. Federation endpoint URLs:

Explanation: The tool examined the URLs hosted bythis WebSEAL server and the URLs used by thefederation specified. None of the URLs for thefederation are intended for this WebSEAL server. Themessage is followed by a list of endpoints for thefederation.

System action: The autoconfiguration tool will givethe administrator an opportunity to choose a differentfederation to configure.

Administrator response: Make sure that you haveconfigured your WebSEAL server to specify on theappropriate hostnames and port number for thefederation you are configuring.

FBTTAC022E No capabilities are configured on thisWebSEAL server.\n

Explanation: The tool checked for federations orcapabilities that had been configured on this WebSEALserver, and there were none.

System action: The autoconfiguration tool will donothing.

Administrator response: No administrative responseis necessary unless the administrator wishes toconfigure federation information that was not detectedby the autoconfiguration tool. In that case, theunconfiguration should be performed manually.

FBTTAC034E The group group name exists in theregistry but has not been imported intoSecurity Access Manager.\n

Explanation: The group specified exists in the userregistry, but has not been imported into Security AccessManager.

System action: The autoconfiguration tool will promptthe administrator to select a different group.

Administrator response: The administrator shouldeither use a different group, or else use pdadmin orWPM to import the user into Security Access Manager.

FBTTAC035E Unable to determine junction point forendpoint URL URL\n You may need tomanually create a junction for thatendpoint.\n

Explanation: The federation uses an endpoint thatwould require a junction / on the WebSEAL server. Theautoconfiguration tool cannot create that junction.

FBTTAC007E • FBTTAC035E


System action: The autoconfiguration tool will skipcreating that junction.

Administrator response: The administrator shouldeither reconfigure their federation to use a differentendpoint, or else manually create the / junction.

FBTTAC045E Error creating ACL acl name andattaching it\n to object name: exceptionmessage\n

Explanation: An error occurred in the process ofcreating and attaching an ACL.

System action: The autoconfiguration tool willcontinue with the configuration.

Administrator response: The administrator mayattempt to diagnose the error condition and fix theproblem, or they may create the ACL manually.

FBTTAC046E Junction creation failed with error codeerror code.\n

Explanation: An error occurred in the process ofcreating a junction. Other messages may have moreinformation on the root cause of the problem.


Administrator response: The administrator mayattempt to diagnose the error condition and fix theproblem, or they may create the junction manually.

FBTTAC047E Junction creation failed.\n

Explanation: An error occurred in the process ofcreating a junction. Other messages may have moreinformation on the root cause of the problem.


Administrator response: The administrator mayattempt to diagnose the error condition and fix theproblem, or they may create the junction manually.

FBTTAC048W Unable to locate the library namelibrary.\n Using default library libraryname.\n

Explanation: The autoconfiguration tool could notfind a library.

System action: The autoconfiguration tool willcontinue with the configuration, inserting a standardlibrary path for the library location. The WebSEALserver may fail to start properly after the configurationis done.

Administrator response: If WebSEAL does not startafter the configuration is complete, the administratorshould check the WebSEAL log file to verify theproblem is the library name, and then specify the

correct name in the WebSEAL configuration file.

FBTTAC049W Error interpreting federation endpoint'endpoint type', URL url:\n exception text\n

Explanation: The autoconfiguration tool could notinterpret a URL associated with the federation.

System action: The autoconfiguration tool willcontinue with the configuration, ignoring themalformed URL.

Administrator response: The administrator may needto perform manual configuration for the endpoint.

FBTTAC054E Error connecting to url:\nexceptiontext\n

Explanation: The autoconfiguration tool could notconnect to a URL.

System action: The autoconfiguration tool will promptthe administrator to correct the URL.

Administrator response: The administrator shouldcorrect the URL.

FBTTAC055E The URL url does not appear toconnect to a Web server.\n

Explanation: The autoconfiguration tool could notconnect to a URL.


Administrator response: The administrator shouldcorrect the URL.

FBTTAC056E The request to the Web server failed.Response: http error code http statusmessage:\n Response text:\n \n text fromweb server:\n \n \n

Explanation: The Web server returned an error for anHTTP request.


Administrator response: The administrator may needto update the Web server configuration to fix theproblem.

FBTTAC057W Warning: the URL url appears toconnect directly to WebSphere. Forbetter performance and stability,connecting to a Web server running theWebSphere Web server plug-in isrecommended.

Explanation: The administrator specified a URL thatconnects directly to WebSphere, which is not arecommended configuration.

FBTTAC045E • FBTTAC057W



Administrator response: The administrator may needto update the Web server configuration to fix theproblem.

FBTTAC059E No federations were returned from theSecurity Access Manager InfoService.\nResponse body:\n\n response text \n

Explanation: The Federated Identity ManagerInfoService did not return any federations.

System action: The autoconfiguration tool will promptthe administrator to correct the URL for the InfoService.

Administrator response: The administrator shouldmake sure that federations have been configured on theFederated Identity Manager server. It may be necessaryto restart the WebSphere server if the configuration hasbeen changed recently.

FBTTAC081E Unable to create Security AccessManager administration context.\n

Explanation: An error occurred creating the SecurityAccess Manager administration context. Other errormessages with more detail may be displayed.

System action: The autoconfiguration tool will givethe administrator an opportunity to specify a differentSecurity Access Manager user-id ans password.

Administrator response: Attempt to diagnose thecause of the error based on the other error messages.Verify the administrator user-id and password arecorrect.

FBTTAC087E ACL deletion failed:\nerror messages\n.

Explanation: An error occurred in the process ofdeleting an ACL. Other messages may have moreinformation on the root cause of the problem.

System action: The autoconfiguration tool willcontinue with the unconfiguration.

Administrator response: The administrator shoulddelete the junction manually.

FBTTAC088E Attribute deletion failed:\nerrormessages\n.

Explanation: An error occurred in the process ofdeleting extended attributes from an object. Othermessages may have more information on the root causeof the problem.

System action: The autoconfiguration tool willcontinue with the unconfiguration.

Administrator response: The administrator shoulddelete the attributes manually.

FBTTAC098E An error occurred when restarting theWebSEAL server. Please check\n the logfile log file to diagnose and fix theproblem.\n

Explanation: The configuration tool tried to restartWebSEAL, but the server did not start.

System action: The autoconfiguration tool will notproceed until the WebSEAL server is operational.

Administrator response: The administrator shouldcheck the WebSEAL log file and correct the problem.

FBTTAC101W An error occurred when executing thecommand command:\n exception text\n

Explanation: Executing a command failed.

System action: The action taken depends on whichcommand failed, and for what reasons.

Administrator response: No response is necessaryunless other problems occur.

FBTTAC102E The Security Access Manager policyserver was unable to modify an\n entryin the user registry because ofinsufficient access rights. You may\nneed to update the ACLs applied toyour user registry to grant the policy\nserver access. The error message fromthe policy server was:\n Security AccessManager error messages\n

Explanation: An attempt to create a user or groupfailed, and the error message from the Security AccessManager policy server indicates that the problem is dueto insufficient LDAP access rights.

System action: The user or group will not be created.If the user or group is not critical, the remainder of theconfiguration will proceed.

Administrator response: Refer to the Security AccessManager documentation on applying Security AccessManager ACLs to new LDAP suffixes for additionalinformation on how to correct the LDAP ACLs.

FBTTAC111W The Web server did not provide a CAcertificate for the SSL handshake. Youwill need to contact the Web serveradministrator to obtain the CAcertificate. Once you have obtained theCA certificate, add it to the WebSEALkey database manually.

Explanation: The fimtamcfg tool attempts todownload the CA certificate from the Web server, sincemany Web servers include the CA certificate as part ofthe SSL handshake. The CA certificate was not includedin the SSL handshake, so the administrator will need toobtain the certificate through other means.

FBTTAC059E • FBTTAC111W


System action: The configuration will continuewithout the CA certificate, but the junction fromWebSEAL to the application server will not functioncorrectly until WebSEAL has the CA certificate.

Administrator response: Refer to the message forinstructions on how to resolve this problem. Forassistance with adding the CA certificate to theWebSEAL key database, refer to the WebSEALadministration guide chapters discussing SSL andGSKit.

FBTTAC113E Unable to convert key database filename from .kdb format to .jks format.The gsk7cmd program returned errorcode numeric error code.log data

Explanation: The fimtamcfg tool attempts to convertthe WebSEAL key database from .kdb format to .jks(Java Key Store) format. This conversion failed with thespecified error code and error text.

System action: The administrator will be prompted toeither correct the problem or else cancel theconfiguration.

Administrator response: Read the messages printed tothe screen to diagnose the root cause of the problem.Correct the problem, and then repeat the configuration.

FBTTAC114E Unable to add the certificate cert file tothe key database file name. The gsk7cmdprogram returned error code numericerror code.log data

Explanation: The fimtamcfg tool attempts to add aWeb server's CA certificate to the WebSEAL keydatabase. This process failed with the specified errorcode and error text.



FBTTAC117E The values provided in the responsefile for the SSL certificate did not matchthe values presented by the SSL server.Invalid value: Certificate DN or fingerprintConfiguration cannot continue.

Explanation: The fimtamcfg tool checks the certificatepresented by an SSL partner against the expectedvalues recorded in a response file from previousconfigurations. The certificates did not match.

System action: The fimtamcfg tool will not continueconfiguration until the partner's certificate can bevalidated.

Administrator response: The administrator should

make sure that the values they have provided for theSecurity Access Manager hostname and port arecorrect. If those values are correct, the administratorshould verify the SSL certificate presented by the Webserver is the correct certificate. If the hostname, port,and certificate are all correct, the administrator shouldrun the configuration in interactive mode, without the-rspfile flag, to complete the task.

FBTTAC122E The option command line option must bespecified.

Explanation: The tfimcfg tool was passed invalidcommand line options.

System action: The tfimcfg tool will exit.

Administrator response: Review the tfimcfg usagemessage and documentation and correct the commandline options.

FBTTAC123E The argument to the option commandline option must be specified.




FBTTAC124E The configuration option command lineoption is not valid.




FBTTAC125E The file file name does not appear tobelong to a WebSEAL server.

Explanation: The tfimcfg tool examined theconfiguration file specified and determined it did notbelong to a WebSEAL server.

System action: The tool will exit without changingany configuration.

Administrator response: The most likely cause of thiserror is that the file specified is not a Security AccessManager for Web stanza file that belongs to aWebSEAL server. Verify that the file specified is thecorrect file to use. If necessary, refer to thedocumentation for examples of how to use theautoconfiguration tool.



FBTTAC140W LDAP server type 'ldap server type'unknown. You should manually updatethe ACLs for the LDAP suffixes.

Explanation: The tfimcfg tool tries to set appropriateACLs on LDAP suffixes, but does not support allLDAP server types. The ACLs could not be updatedbecause the LDAP server was not recognized.

System action: The configuration will continuewithout updating the ACLs.

Administrator response: The administrator shouldmanually update the ACLs on the LDAP suffixes.

FBTTAC145W Object already exists. Reusing existingobject.

Explanation: The tfimcfg tool tries to create LDAPobjects as needed. An object already exists.

System action: The configuration will reuse the object.

Administrator response: No response necessary.

FBTTAC146W Missing required property propertyname.

Explanation: A required property was not specified inthe response file.

System action: The configuration will stop.

Administrator response: Correct the response file.

FBTTAC147W Suffix already exists. Reusing existingsuffix.

Explanation: The tfimcfg tool tries to create LDAPsuffixes as needed. A suffix already exists.

System action: The configuration will reuse the suffix.

Administrator response: No response necessary.

FBTTAC148W LDAP server type 'ldap server type'unknown. You should manually addLDAP suffixes.

Explanation: The tfimcfg tool tries to automaticallycreate suffixes, but does not support all LDAP servertypes. The suffixes could not be created because theLDAP server was not recognized.

System action: The configuration will continuewithout creating the suffixes.

Administrator response: The administrator shouldmanually create the LDAP suffixes.

FBTTAC150E Unable to connect to LDAPserver:exception.

Explanation: The tfimcfg tool was unable to make aconnection to the LDAP server.

System action: The configuration will halt.

Administrator response: Verify that the hostname andport number specified for the connection are correctand that the LDAP server can be contacted.

FBTTAC151E Unable to authenticate to LDAPserver:exception. Verify that the user-idand password are correct.

Explanation: The tfimcfg tool was unable to make aconnection to the LDAP server.


Administrator response: Verify that the user-id andpassword specified for the connection are correct.

FBTTAC152E Permission denied by LDAPserver:exception. Verify that you arebinding to LDAP as an administrativeuser with sufficient permissions tocomplete the configuration tasks.

Explanation: The tfimcfg tool was unable to access theLDAP server because of insufficient access rights.


Administrator response: Verify that the user you areusing to bind to LDAP has sufficient access rights toperform the failing configuration task.

FBTTAC153E Object not found:exception. You mayhave specified an incorrect object DN,or you may need to create an LDAPsuffix manually.

Explanation: The tfimcfg tool was unable to create anobject in the LDAP server because the parent objectwas not found.


Administrator response: Verify that you havespecified the object DN correctly. You may need tocreate the suffix for the object manually.

FBTTAC154W Configuration of authenticated SOAPendpoints with the IVT application isnot recommended. Authentication forthe IVT application can conflict withauthentication for the SOAP endpoints.

Explanation: The IVT application requires formsauthentication, while SOAP endpoints requirecertificate or BA authentication. Attempting to use boththose authentication types simultaneously can cause

FBTTAC140W • FBTTAC154W


one or both to stop functioning.

System action: The configuration will continue.

Administrator response: The administrator should usea separate WebSEAL server for SOAP endpoints.

FBTTAC166E Unable to convert key database filename from .kdb format to .jks format.The program name program returnederror code numeric error code.log data

Explanation: The tfimcfg tool attempts to convert theWebSEAL key database from .kdb format to .jks (JavaKey Store) format. This conversion failed with thespecified error code and error text.



FBTTAC167E Unable to add the certificate cert file tothe key database file name. The programname program returned error codenumeric error code.log data

Explanation: The tfimcfg tool attempts to add a Webserver's CA certificate to the WebSEAL key database.This process failed with the specified error code anderror text.



FBTTAC172W Unable to find running reverse proxyinstances when connecting to host hostURL. error text

Explanation: The tfimcfg tool tried to query thenumber of running reverse proxy instances on a WebGateway Appliance. No running instances were found.

System action: The tfimcfg utility will not proceeduntil a running reverse proxy instance is found on aWeb Gateway Appliance.

Administrator response: The administrative responseshould be to check that the URL of the Web ApplianceGateway that needs to be configured is valid andcorrect. The administrator should also ensure that thereare running reverse proxy instances on the target WebGateway Appliance.

FBTTAC173E Error interpreting configuration URLurl:\n exception text\n

Explanation: The tfimcfg tool could not interpret theWeb Gateway Appliance configuration URL.

System action: The tfimcfg utility will not proceeduntil a valid Web Gateway Appliance configurationURL is specified.

Administrator response: The administrator may needto specify a valid Web Gateway Applianceconfiguration URL.

FBTTAC174E An error occurred when restarting thereverse proxy instance 'instance name' onthe Web Gateway Appliance. Pleasecheck\n the log file of the reverse proxyinstance on the Web Gateway Applianceto diagnose and fix the problem.\n

Explanation: The configuration tool tried to restart areverse proxy instance on a Web Gateway Appliance,but the server did not start.

System action: The autoconfiguration tool will notproceed until the reverse proxy instance is operational.

Administrator response: The administrator shouldcheck the Web Gateway Appliance's reverse proxyinstance log file and correct the problem.

FBTTAC176E An error occurred during an attemptto connect to the Web GatewayAppliance. The response code wasresponse code:\nerror text\n

Explanation: An error occurred during an attempt toconnect to the Web Gateway Appliance. The responsecode and error text contains additional informationabout the error.

System action: If the change being made isnon-critical file, the tool will attempt to proceed. If thechange is critical to the operation being performed, thetool will exit.

Administrator response: Attempt to resolve theproblem described by the error text. Ensure that thetool has access to the network where the Web GatewayAppliance is running.

FBTTAC187E POP creation failed:\nerror messages\n.

Explanation: An error occurred in the process ofcreating a POP. Other messages may have moreinformation on the root cause of the problem.


Administrator response: Attempt to diagnose theerror condition and fix the problem, or create the POPmanually.



FBTTAC188E An invalid URL value was entered.

Explanation: The value entered was not a valid URL.

System action: The autoconfiguration tool will showthe URL entry prompt again.

Administrator response: Enter a valid URL.

FBTTAC189E No OAuth federations were returnedfrom the Security Access ManagerInfoService.\n

Explanation: The Federated Identity ManagerInfoService did not return any OAuth federations.


Administrator response: The administrator shouldmake sure that OAuth federations were configured onthe Federated Identity Manager server. It may benecessary to restart the WebSphere server if theconfiguration was recently changed.

FBTTAC190E The file file name does not exist in thefile system.\n

Explanation: The file does not exist on the file system.


Administrator response: Verify that the file exists.

FBTTAC228E The Security Access Managerautoconfiguration tool requires tool nameon the system PATH.

Explanation: A tool required by the Security AccessManager autoconfiguration tool was not available onthe system PATH.


Administrator response: Add the appropriate tool(gsk7ikm or ikeycmd) to the system PATH and thenrerun the Security Access Manager autoconfigurationtool.

FBTTRC002W The service stub cannot be retrievedusing a JNDI Lookup. Falling back onService Locator. The handlerconfiguration is likely to fail.


System action: Processing continued.

Administrator response: Check the log files for moreinformation.

FBTTRC003E The Trust Service Client handler ismissing or improperly configured.

Explanation: The handler is missing from the clientside handler chain. If this handler is missing or notpresent, or the client is not running as a managedapplication, the Trust Client cannot retrieve nor set themessages sent to the trust server.



FBTTRC004W The returnedRequestSecurityTokenResponse did nothave a wsu:Id

Explanation: Without an element ID, the client cannotreceive the original message.



FBTTRC006E No DOM message implementationwas passed.

Explanation: The Trust Client implementation isexpecting the passed-in message to contain a DOM treethat represents the SOAP envelope.



FBTUSC000E Internal Error. Contact the SystemAdministrator.




FBTUSC001E The required attribute attributeNamewas not found in the incoming STSRequest.

Explanation: The required attribute was not found inthe incoming STS Request. The required attribute isexpected to be added to the request by another STSmodule earlier in the trust chain.


Administrator response: Enable tracing to helpdetermine why the attribute was not added.

FBTTAC188E • FBTUSC001E


FBTUSC002E The required configuration parameterconfigParameterName was not provided tothe STS module.

Explanation: The required configuration parameterwas not provided.


Administrator response: Ensure that the configurationfor the module has been correctly performed.

FBTUSC003E The required service handlehandleName was not provided to the STSmodule.

Explanation: The required service handle was notavailable.


Administrator response: This error is a significantinternal error. Check the logs for error messagesindicating why the required service was not properlycreated.

FBTUSC004E E-mail could not be sent to thefollowing address: address.

Explanation: An e-mail could not be sent to therequested address. This error is not an internal error.

System action: The User Self Care operation could notbe completed.

Administrator response: The User Self Careapplication could not send e-mail to the indicatedaddress. If details are required, please enable tracelogging and examine the nested exception.

FBTUSC005E An e-mail could not be sent due to aproblem with the messaging component.

Explanation: An e-mail could not be sent due to aproblem with the messaging component.

System action: The User Self care operation could notbe completed.

Administrator response: The User Self Careapplication could not a message due to a problem withthe messaging component. If details are required,please enable trace logging and examine the nestedexception.

FBTUSC006E An error occurred during theconstruction of the contents of amessage.

Explanation: The messaging component failed to builda message to send to the user.

System action: The User Self care operation could notbe completed.

Administrator response: The User Self Careapplication could not send a message due to a problemconstructing the message contents. If details arerequired, please enable trace logging and examine thenested exception.

FBTUSC007E The page contents might be missingthe required information such as[requiredInfo] that is used to process ane-mail message request.

Explanation: The E-mail Message STS module requirescertain information in order to process the request. Therequired information is missing.



FBTUSC010E Password change failed.

Explanation: The password change operation failed.

System action: The password for the user has notbeen changed.

Administrator response: Ensure that the registryserver is available. Check the log file for moreinformation about the cause of the problem.

FBTUSC011E Profile lookup failed.

Explanation: The profile lookup operation failed.



FBTUSC012E Profile update failed.

Explanation: The profile update operation failed.

System action: The request was halted withoutmodifying the user profile.


FBTUSC013E User account creation failed.

Explanation: The user account creation operationfailed.

System action: The request was halted withoutcreating the user account.

Administrator response: Ensure that the registryserver is available. Check the log file for more

FBTUSC002E • FBTUSC013E


information about the cause of the problem.

FBTUSC014E User account deletion failed.

Explanation: The user account deletion operationfailed.

System action: The request was halted withoutdeleting the user account.


FBTUSC015E Group membership update failed.

Explanation: The group membership update operationfailed.



FBTUSC016E User lookup failed.

Explanation: The user lookup operation failed.



FBTUSC017E Context attributes required to performthe operation are missing: data

Explanation: This operation requires one or morecontext attributes that are not present. This errorusually indicates a problem with a custom mappingrule.


Administrator response: Ensure that any custommapping rules in the chain pass on all incomingcontext attributes.

FBTUSC020E You must specify a user name.

Explanation: The user has not specified a user name.This message is displayed to the user.

System action: No action is necessary. The enrollmentrequest has not been processed.


FBTUSC021E The specified passwords do notmatch.

Explanation: The specified passwords do not match.This message is presented to the user.

System action: No action is necessary. The user

enrollment request has not been processed.

Administrator response: No response is necessary.

FBTUSC022E The enrollment validation data mustbe supplied.

Explanation: The user has submitted the enrollmentcompletion form without the enrollment validationdata. This message is presented to the user.

System action: No action is necessary. The userenrollment request has not been processed.


FBTUSC023E The enrollment validation data is notcorrect, or the enrollment process hasalready been completed.

Explanation: The user has submitted enrollmentvalidation data that does not match a currentenrollment request or has resubmitted the enrollmentcompletion form.



FBTUSC024E The requested user name, username isalready in use.

Explanation: The requested user name is already inuse. This message is displayed to the user.

System action: No action is necessary. The enrollmentrequest has not been processed.


FBTUSC025E Account creation failed.

Explanation: The user account could not be created.This message is displayed to the user.

System action: The enrollment process has not beencompleted.

Administrator response: Examine the applicationserver logs to determine the cause of the problem.

FBTUSC026E Unable to generate a confirmation ID:error.

Explanation: Unable to generate a confirmation ID.

System action: The enrollment request has not beenprocessed.

Administrator response: Examine the applicationserver logs to determine the cause of the problem.



FBTUSC027E You must enter values in both thepassword and password confirmationfields.

Explanation: The user has not supplied either thepassword or the password confirmation.



FBTUSC028E The specified e-mail addresses do notmatch.

Explanation: The specified e-mail addresses do notmatch. This message is presented to the user.



FBTUSC029E You must enter both the e-mailaddress and e-mail address confirmationfields.

Explanation: The user has not supplied either thee-mail address or the e-mail address confirmation.



FBTUSC030E The USCChangePassword STSmodule does not operate in the givenmode, 'mode'.


System action: The module is not available atruntime.


FBTUSC031E Additional data is required to performthe operation: data

Explanation: The operation requires additional data.


Administrator response: Ensure that the specifieddata items are present before requesting the operation.

FBTUSC032E The new password and confirmationpassword do not match.

Explanation: The new password and the confirmationpassword must match.


Administrator response: Ensure that the newpassword and confirmation password are the same.

FBTUSC033E The current password is incorrect.

Explanation: The current password is incorrect.


Administrator response: Ensure that the currentpassword is correct.

FBTUSC034E The password change operation failed.

Explanation: The password change operation failed.



FBTUSC035E The new password does not meet thepassword policy requirements.

Explanation: The new password does not meet thepassword policy requirements.


Administrator response: Select a new password thatcomplies with the password policy requirements.

FBTUSC040E Unable to find your accountvalidation questions.

Explanation: The secret question module did notprovide any account validation questions to present tothe user and did not provide a failure reason.



FBTUSC041E This account has been locked due totoo many failed account validationattempts.

Explanation: The user made too many failed attemptsto validate the account, so the account has been locked.



FBTUSC042E There is already a password changerequest in progress for this account.

Explanation: The user already started the passwordchange process. The user can make only one passwordchange request at a time.





FBTUSC043E The password change request hasalready been processed.

Explanation: The password change request identifiersupplied by the user does not identify a currentpassword change request.



FBTUSC044E The information required to locateyour user name is missing.

Explanation: The information required to locate theuser name was not supplied.



FBTUSC045E Account validation failed.

Explanation: You provided an incorrect answer to theaccount validation question.



FBTUSC046E Unable to retrieve your accountvalidation details.

Explanation: The secret question mapping module didnot provide the name of the profile attribute used tostore the answer to the account validation question.


Administrator response: The account recovery modulechain contains a mapping module. Check that themapping rule correctly maps the secret questionidentifiers to the profile attributes.

FBTUSC047E Unable to retrieve your accountvalidation details.

Explanation: Unable to find a value for the profileattribute that holds the answer to the selected accountvalidation question.


Administrator response: Check that the mapping ruleused in the account recovery module chain maps secretquestion identifiers to the correct profile attributes.

FBTUSC048E You must specify a user name.

Explanation: The user has not specified a user name.This message is displayed to the user.

System action: No action is necessary. The accountrecovery request has not been processed.


FBTUSC049E You must specify the answer to theaccount validation question.

Explanation: The user has not supplied the answer tothe account validation question.

System action: The account recovery request has notbeen processed.


FBTUSC050E No authenticated user identity isavailable.

Explanation: The requested operation can only beperformed using an authenticated user identity, butnone is available.


Administrator response: Check the securityconfiguration to ensure that authentication is requiredto access this operation.

FBTUSC051E The account could not be deleted.

Explanation: The account could not be deleted.



FBTUSC060E The required Context Attributes werenot found in the incoming STSUU.

Explanation: A User Self Care STS module requiresContext Attributes in the STSUU.


Administrator response: Investigate the previousmodules in the trust chain to ensure that none of themremove the context attributes from the STSUU, andcorrect if necessary. If removal is not the problem, theprotocol service invoking the chain might have failed toprovide the context attributes. In this case, the error isan internal error.

FBTUSC061E The module received the contextattribute: handleName containing a valuethat is not valid: value.

Explanation: The module received a required contextattribute, but the value is not valid.


Administrator response: Determine whether any STSmodules preceding this module in the chain haveincorrectly set the value of the required attribute andcorrect.



FBTUSC062E The User Self Care module cannotcreate a local token.

Explanation: The User Self Care module cannot createa local token.

System action: The User Self Care request processingstopped.


FBTUSC063E The User Self Care module cannotlocate the context attributes.

Explanation: The User Self Care cannot locate thecontext attributes.



FBTUSC064E The User Self Care module cannotinvoke the STS.

Explanation: The User Self Care module cannotcontact the STS to fulfill the user request.



FBTUSC065E The User Self Care module failed tosend a response to the user request.

Explanation: The User Self Care module cannot senda response to the user request.



FBTUSC066E The User Self Care module cannotlocate a redirect URL on the contextattributes.

Explanation: The User Self Care cannot locate theredirect URL on the context attributes.



FBTUSC067E The User Self Care module failed tosend a browser redirect response to theuser request. Redirect URL: pageID.

Explanation: The User Self Care module failed to senda browser redirect response to the user request.



FBTUSC068E The User Self Care module cannotfind the page template for pageidentifier: pageID.

Explanation: The User Self Care module cannot findthe page template with the specified page identifier.



FBTUSC069E The User Self Care module failed toreturn a browser form to the user. PageID: formID.

Explanation: The User Self Care was unable return abrowser form to the user.



FBTUSC070E The User Self Care module cannotfind the form page identifier from thecontext attributes.

Explanation: The User Self Care module cannot findthe form page identifier from the context attributes.



FBTUSC071E The User Self Care module cannotprocess the error generated.

Explanation: The User Self Care module cannotprocess the error generated.





FBTUSC072E The User Self Care module cannotprocess the request.

Explanation: The User Self Care module cannotprocess the request.



FBTUSC073E The User Self Care module requestwas sent using a transport that is notvalid.

Explanation: The User Self Care module was sentusing a transport that is not valid. The request was sentusing the SOAP binding.


Administrator response: Examine the logs todetermine the cause of the problem. Ensure that therequest is being sent using the appropriate binding.

FBTUSC080E Unable to locate your profile details.

Explanation: A profile retrieval or update operationreturned an error that the user was not in the registry.This error might occur when users have been recentlydeleted.

System action: The STS request processing stopped.

Administrator response: Check that the user registryis correctly configured and is currently available. Checkthat the configuration of the entity management STSmodule specifies the correct user registry suffix.

FBTUSC081E One or more of the specified profileattributes might not be updated.

Explanation: A profile update request included one ormore profile attributes that users cannot edit. This errormight indicate malicious user activity.

System action: The STS request processing stopped.

Administrator response: Enable tracing in the profilemanagement STS module to identify the attributenames. Check that the profile update form includesonly profile attributes from the list of permittedattributes in the profile management STS moduleconfiguration. Verify that the set of permitted attributesis correct.

FBTUSC082E The specified e-mail addresses do notmatch.

Explanation: The specified e-mail addresses do notmatch. This message is presented to the user.

System action: No action is necessary. The profile

update request has not been processed.


FBTUSC084E The account recovery STS moduleconfiguration is incorrect.

Explanation: The account recovery STS moduleconfiguration includes the account recovery lookupattribute and the account recovery validation attributes.

System action: The account recovery STS module hasnot been initialized. Account recovery operations failuntil this error is corrected.

Administrator response: Correct the configuration ofthe account recovery STS module. Ensure that theaccount recovery lookup attribute and the accountrecovery validation attributes are specified.

FBTUSC085E The e-mail message STS moduleconfiguration is incorrect.

Explanation: The e-mail message STS moduleconfiguration includes the SMTP server name, SMTPuser name, SMTP user name password, and enrollmente-mail address.

System action: E-mail message operations fail untilthe e-mail message STS module is initialized.

Administrator response: Correct the configuration ofthe e-mail message STS module. Ensure that the SMTPserver name, SMTP user name, SMTP user namepassword and enrollment e-mail address are specified.

FBTUSC086E The group membership STS moduleconfiguration is incorrect.

Explanation: The group membership STS moduleconfiguration lists the groups into which a new user isto be added.

System action: The group membership STS modulehas not been initialized. Group membership operationsfail until this error is corrected.

Administrator response: Correct the configuration ofthe group membership STS module.

FBTUSC087E The password does not meet thepassword policy requirements.

Explanation: The password does not meet thepassword policy requirements.


Administrator response: Select a password thatcomplies with the password policy requirements.



FBTUSC088E The password is incorrect.

Explanation: The user has not specified the currentpassword correctly.


Administrator response: Correct the password andresubmit the form.

FBTUSC089E The secret question STS module is notconfigured correctly.

Explanation: The secret question STS moduleconfiguration includes the minimum number of secretquestions, maximum number of secret questions, andthe number of required secret questions to be answeredcorrectly for users to be validated.

System action: The secret question STS module hasnot been initialized. Secret question operations cannotfunction correctly until his error is corrected.

Administrator response: Correct the configurationsettings of the secret question STS module. Ensure thatthe following fields are configured correctly: minimumnumber of secret questions, maximum number of secretquestions, and the number of required secret questionsto be validated.

FBTUSC090E You have not answered enough secretquestions.

Explanation: The user answered less than theminimum number of secret question required forvalidation.



FBTUSC091E You have answered more secretquestions than what is allowed.

Explanation: The number of secret question answeredis more than maximum number of secret questionpermitted.



FBTUSC092E You did not provide an answer to therequired secret question fields.

Explanation: No input from the secret question fieldswas retrieved.



FBTUSC093E You are not allowed to answer thesame question more than once.

Explanation: There are duplicate question input insecret questions.



FBTUSC098E Migration cannot be done because thehashing algorithm SHA-256 is notsupported.

Explanation: The hashing algorithm SHA-256 is notsupported.

System action: Operation canceled.

Administrator response: Check JVM support forhashing algorithm.

FBTUSC099E The required host parameter ismissing. Please specify the hostname ofthe directory machine using the -hoption.

Explanation: A host parameter is required to do themigration.


Administrator response: Specify a directory hostparameter to proceed with the migration.

FBTUSC100E The required bind distinguished nameparameter is missing. Please specify thebind distinguished name of thedirectory using the -D option.

Explanation: A bind distinguished name parameter isrequired to do the migration.


Administrator response: Specify a value for the binddistinguished name parameter to proceed with themigration.

FBTUSC101E The required bind credentialparameter is missing. Please specify thebind credential of the directory usingthe -w option.

Explanation: A bind credential parameter is requiredto do the migration.


Administrator response: Specify a value for the bindcredential parameter to proceed with the migration.



FBTUSC102E The required base distinguished nameparameter is missing. Please specify thebase distinguished name of thedirectory using the -baseDn option.

Explanation: A base distinguished name parameter isrequired to do the migration.


Administrator response: Specify a value for the basedistinguished name parameter to proceed with themigration.

FBTUSC103E The required secret question attributeparameter is missing. Please specify thesecret question attribute using the-attribute option.

Explanation: A secret question attribute parameter isrequired to do the migration.


Administrator response: Specify a value for the secretquestion attribute parameter to proceed with themigration.

FBTUSC104E The parameter parameter was notrecognized.

Explanation: The migration cannot be done becauseone or more of the specified parameters were notrecognized.


Administrator response: Use only the supportedparameters.

FBTUSC105E The user parameter does not have avalid secret question format. The tool isnot going to migrate the secret questionvalue for this user.

Explanation: The secret question value for this usercannot be migrated because the secret question formatis not valid.

System action: Migration of secret question value foruser not done.

Administrator response: The user record is not validfor migration.

FBTUSR000E Internal Error. Contact the SystemAdministrator.


System action: User info encountered an error, processhas been halted.


FBTUSR100E The user info provider pluginpluginName failed to initialize.

Explanation: A user info provider plugin encounteredan error during initialization.

System action: The user info provider plugininitialization encountered an error, the process has beenhalted.


FBTWSF001E The received request is missing therequired parameter: parameter




FBTWSF002E The received request at 'age' seconds,is expired.




FBTWSF003E The logout failed.

Explanation: The logout failed for the current session.

System action: The logout request will continue.

Administrator response: Ensure that the point ofcontact is configured to send the correct session HTTPheader.

FBTWSF004E The requesting realm, realm, isunknown.




FBTWSF005E The value value for attribute attr is notvalid.




FBTUSC102E • FBTWSF005E


FBTWSF006E The current user making the requestis not authenticated.




FBTWSF007E The token for the service providercannot be exchanged.




FBTWSF008E No token was available to return tothe service provider.




FBTWSF009E No configured post page wasavailable to use to return the token tothe identity provider.

Explanation: The current request could not becompleted. The token exchange succeeded but noconfigured post page was available.


Administrator response: This error is a configurationerror. Ensure that the post page exists in the templatedirectory.

FBTWSF010E The response from the identityprovider, wresult, could not beunderstood.




FBTWSF011E The identity provider token could notbe determined as the one that is validfor the resource.




FBTWSF012E The user cannot be authenticated.

Explanation: The current request could not becompleted because the trust service response could notauthenticate the user.


Administrator response: Validate that the trust serviceand point of contact are properly configured.

FBTWSF013E The timestamp provided, time, doesnot match any known time format.

Explanation: The current request could not becompleted because the lifetime could not be validated.


Administrator response: Validate that the partner isconfigured to send the correct time values.

FBTWSF014E The Tivoli Access Managerconfiguration for the service is notconfigured correctly or the Tivoli AccessManager context is no longer valid.

Explanation: When the Tivoli Access Manageroperation was attempted an error was returned.


Administrator response: Ensure that the configurationof Tivoli Access Manager for the service is pointing to avalid Tivoli Access Manager Runtime for the Javaconfiguration file.

FBTWSF016E The template template filename forsign-out is not valid.

Explanation: When the server attempted to build theWS-Federation sign-out to all the service providers, thetemplate was not valid.

System action: The sign-out request will be halted.

Administrator response: Ensure that the providedtemplate is correct.

FBTWSF006E • FBTWSF016E


FBTWSF017E An identity provider cannot bedetermined for the current requester.

Explanation: When attempting to determine thecurrent requester's identity provider, a failure occurred.

System action: The sign-in request will be halted.

Administrator response: Ensure that configuration iscorrect.

FBTWSF018E Invalid configuration; missingconfiguration for self IP/STS endpointin federation with ID 'id' and displayname 'displayName'.

Explanation: The IP/STS endpoint has not beenspecified in the configuration. This value is used atruntime to redirect requestors back to this endpoint.

System action: The initialization of this module willbe halted.


FBTWSF019E Invalid configuration; missingconfiguration for partner 'id' IP/STSendpoint in federation with ID 'id' anddisplay name 'displayName'.

Explanation: The IP/STS endpoint has not beenspecified in configuration. This value is used at runtimeto redirect requestors back to this endpoint.



FBTWSF020E Invalid configuration; invalid lifetimefor partner 'id' in federation with ID 'id'and display name 'displayName'.

Explanation: The configured message lifetime is in aninvalid format, expecting integer values. This parameteris used at runtime for message validation.


Administrator response: Ensure that the configurationis correct.

FBTWSP001E The provisioning configuration fileinsert is missing or is not valid.

Explanation: The configuration cannot be read or itsformat is incorrect.

Administrator response: Enable a trace for detailedmessages and ensure that the configuration is presentand valid.

FBTWSP002E The provisioning configuration fileinsert could not be written.

Explanation: The configuration cannot be written tofile.

Administrator response: Enable a trace for detailedmessages and ensure that the file path is correct andthat writing to the file is permitted.

FBTWSP003E The target provisioning service URLis not configured.

Explanation: The configuration is incorrect as itdoesn't include the mandatory target provisioningservice URL.


FBTWSS001E The command line arguments are notvalid.

Explanation: The syntax of the command linearguments is incorrect.

Administrator response: Correct the syntax and tryagain.

FBTWSS004E An error occurred while accessing theTivoli Access Manager server using theconfiguration URL insert.

Explanation: The Tivoli Access Manager configurationor the configuration URL is incorrect.

Administrator response: Ensure that the Tivoli AccessManager configuration and the configuration URL arecorrect.

FBTWSS011E The security token is not valid or ismissing.

Explanation: The security token syntax is not valid orthe security token is missing.

Administrator response: Check the log and ensure theconfiguration is correct.

FBTWSS021E The configuration is in error.

Explanation: The configuration is incorrect.


FBTWSS031E An error occurred accessing the TrustService.

Explanation: An error occurred accessing the TrustService or the Trust Service returned an error response.


FBTWSF017E • FBTWSS031E


FBTWSS032E An XML processing error occurred.

Explanation: A parsing or some other error related toXML processing occurred.


FBTXRD001E A value for the attribute AttributeNamemust be provided for the <ElementName>element.

Explanation: The application is in error. Required datawas not set in the XRDS document.


Administrator response: Enable a trace for detailedmessages and check with the XRDS document provider.

FBTXRD002E The member elementMemberElementName must be providedfor the <ElementName> element.

Explanation: The application is in error. Required datawas not set in the XRDS document.


Administrator response: Enable a trace for detailedmessages and check with the XRDS document provider.

FBTXRD003W An XRDS document parse error hasoccurred. This was non-fatal due toHTML discovery fall back.

Explanation: The XRDS document could not beparsed correctly. Discovery will fall back to HTMLbased discovery.

System action: The system will fall back to HTMLdiscovery and ignore the XRDS document.

Administrator response: Retrieve the XRDS documentfrom the log to check the validity of the document.

FBTXRD004E The canonicalID from the first XRIresolution request ClaimedIdentifier didnot resolve to the same XRI as thesecond XRI resolution requestCanonicalID.

Explanation: An incorrect CanonicalID was found inthe first XRDS document request. This may have beenan attempt by the user to impersonate another personusing their XRI.


Administrator response: Inspect the logs and, ifappropriate, report the abuse to the CanonicalIDsauthorative XRI provider.

FBTXRD005E Unable to perform XRDS resolutionon the XRI XRI supplied.

Explanation: An appropriate service was not found inthe XRDS document.


Administrator response: Retrieve the XRDS documentfrom the log to check the validity of the document andif the required service is included.

FBTXRD006E Unable to perform XRDS resolutionbecause XRIs are not supported.

Explanation: XRI support has been disabled in thisconfiguration.


Administrator response: To enable XRI resolution,modify the XRIProxies and SupportXRI configurationitems in the federation properties.

FBTWSS032E • FBTXRD006E


Chapter 4. Authorization Service Messages

These messages are provided by the authorization service component.

CTGVM0220W The audit service cannot locate aWork Manager. Asynchronous loggingwill be disabled.

Explanation: The audit service cannot locate a workmanager, asynchronous processing of audit recordscannot be performed. This may result in a performancedegradation.


Administrator response: Refer to the administrationguide for how to setup a WebSphere Work Manager.

CTGVS0001E An error occurred while working withprotocol protocol_name .

Explanation: An error occurred during an attempt toretrieve a policy update using the specified protocol.

System action: The policy distribution request did notcomplete.

Administrator response: Ensure that the policymanagement server is available and retry the policydistribution.

CTGVS0002E While processing the commonauthorization configuration propertyvalues, required property property wasfound not be set.

Explanation: The required property identified abovewas not set.


Administrator response: Investigate the specifiedconfiguration file and related settings. Make changes asneeded and retry the request.

CTGVS0003E The common authorizationconfiguration data derived from theproperty file cannot have a null context.

Explanation: The context must contain a valid value.


Administrator response: Ensure the context is set andretry the operation.

CTGVS0004E Cannot get the security environmentfor extension ID extension_ID .

Explanation: Cannot get the security runtime

environment for the specified extension.


Administrator response: Ensure the extensionspecified exists. Review the operating environment andensure components are available. Retry the operationafter making the necessary changes.

CTGVS0005E Cannot get the runtime environmentfor extension ID extension_ID .

Explanation: Cannot get the runtime environment forthe specified extension.


Administrator response: Ensure the extensionspecified exists. Review the operating environment andensure components are available. Retry the operationafter making the necessary changes.

CTGVS0006E Component or service component_namewas requested but it does not exist.

Explanation: The component or service specified doesnot exist, it is not defined.


Administrator response: Investigate the specifiedconfiguration file and related settings. Enable the finestlevel of logging and retry. Review the log files. Makechanges as needed and retry the request.

CTGVS0007E A request was made for commandcommand_name which does not exist.

Explanation: The command specified does not exist, itis not defined.



CTGVS0008E Unable to location configuration filepath config_file_path .

Explanation: The config_file_path specified cannot belocated.


Administrator response: Investigate the


config_file_path configuration file specified and relatedsettings. Make changes as needed and retry the request.Enable the finest level of logging and retry. Review thelog files.

CTGVS0009E A request was made for anunregistered security service service_name.

Explanation: A request was made for security serviceservice_name which is an unknown service.



CTGVS0010W The service manager is alreadyinitialized.

Explanation: The service manager is alreadyinitialized.


Administrator response: No further action is required.

CTGVS0011E An error occurred creating serviceservice_name .

Explanation: An error occurred creating the specifiedservice.



CTGVS0012E Unable to parse configuration fileconfig_file .

Explanation: The config_file specified cannot beparsed.


Administrator response: Investigate the specifiedconfiguration file and related settings. Make changes asneeded and retry the request. Enable the finest level oflogging and retry. Review the log files.

CTGVS0013E The service manager is not initialized.

Explanation: The service manager is not initialized.



CTGVS0014E The eclipse property propertyNamecontains an invalid value value. Thevalue defaultValue will be used instead.

Explanation: An invalid OSGi eclipse property isconfigured, and will be ignored.

System action: Default values will be used instead ofthe configured values.

Administrator response: Edit the OSGi eclipseproperty and replace with a valid value.

CTGVS0015E localhost:consolePort is already in useand cannot be used as the Eclipseconsole port.

Explanation: The console port configured is in use byanother application.

System action: The console will not be available.

Administrator response: Select a different port for theOSGi Eclipse console.

CTGVS0016E The specified Eclipse console portconsolePort is not available.

Explanation: The console port configured is notavailable.

System action: The Eclipse OSGi console will not beavailable.

Administrator response: Select a different port for theOSGi Eclipse console.

CTGVS0017E Error while starting Eclipse:targetException.

Explanation: The Eclipse OSGi framework failed tostart.

System action: The application will not be run.

Administrator response: Examine the error messagefor possible cause.

CTGVS0018E Failed to delete fileName

Explanation: The program failed to delete a file whilecleaning a temporary copy of the Eclipse OSGienvironment

System action: The failure will be ignored

Administrator response: Manually remove thetemporary file the next time the application is stopped.Examine the permissions on the file and the containingdirectory to ensure the problem does not re-occur.

CTGVS0009E • CTGVS0018E


CTGVS0019E No services manager has beenregistered by the OSGi framework.

Explanation: An internal runtime component couldnot be loaded.

System action: The application did not startsuccessfully. This could be due to an improper orcorrupted installation.

Administrator response: Ensure that the applicationhas been properly installed and configured.

CTGVS0020E Exception while loading extensions.

Explanation: An internal service component could notbe loaded. This could be due to an improper orcorrupted installation.

System action: The application did not startsuccessfully.


CTGVS0021E An error was encountered whilechecking security permissions formethod methodName.

Explanation: A Java 2 security check failed for theoperation.

System action: Access to the operation is denied. Themethod invocation fails.

Administrator response: Ensure that the applicationhas been granted the appropriate security permission.

CTGVS0022E An error was encountered whilecalculating the startup sequence of theservice framework. A dependency cycleon service serviceName has been detected.

Explanation: A security service was modified orplugged and introduced a cycle dependency on theframework.

System action: Stop initialization.

Administrator response: Ensure that the applicationhas been properly installed and configured. Removeany service plug-ins that were not part of the originalinstallation and verify its dependencies.

CTGVS0023W A dependency for service serviceNameon service serviceDep cannot be satisfiedsince the latter service is not available.

Explanation: A security service has an unsatisfieddependency due to missing services in the installation.

System action: Stop initialization.


CTGVS0024E The application runtime could not beloaded. Ensure that the applicationruntime plug-ins have been installed tothis server.

Explanation: The application runtime has not beendeployed to the server. The application can not start.

System action: The applcation initialization does notcomplete.

Administrator response: Ensure that all applicationcomponents, including the application runtimeextension, have been installed.

CTGVS0027E The platform manager has not beenstarted.

Explanation: The application runtime could not beinitialized for the application platform. The applicationcan not start.

System action: The application initialization does notcomplete.

Administrator response: Ensure that all applicationcomponents, including the application runtime, havebeen installed.

CTGVS0028E An end point reference could not begenerated for the target addressurladdress.

Explanation: The communication channel to the targetend point could not be secured for transport. Thecommunication attempt is aborted.

System action: Communication events such as policyretrieval are aborted.

Administrator response: Ensure that all applicationcomponents are installed and properly configured.

CTGVS0029E The platform manager could not beloaded.

Explanation: The application runtime could not loadthe appropriate platform manager for this platform.

System action: The application initialization does notcomplete normally.

Administrator response: Ensure that all applicationcomponents are installed and properly configured forthis application server platform.

CTGVS0030E The cell name could not bedetermined.

Explanation: The initialization process could notcomplete because the local cell name could not bedetermined.

System action: Runtime initialization does notcomplete.


Chapter 4. Authorization Service Messages 297

Administrator response: Enable the finest level oflogging and restart the server. Review the log files.Make changes as needed and retry.

CTGVS0031E The configuration deployementmanager could not be loaded.

Explanation: The application runtime could not loadthe appropriate deployment manager for this platform.

System action: The application initialization does notcomplete normally.

Administrator response: Ensure that all applicationcomponents are installed and properly configured forthis application server platform.

CTGVS0501E A fault occurred. Review the log filesfor further trace information.

Explanation: An unexpected fault condition occurred.This condition cannot be handled internally.


Administrator response: Investigate the failure byenabling the finest level of logging and retrying theoperation. Review the log files. Make changes asneeded and retry the request.

CTGVS0502W Expected message with anunexpected format format1 but foundformat format2 instead.

Explanation: An unexpected message was received.


Administrator response: Suspect applications creatingthese message are not compatible. Ensure the releaselevels of the applications support each other's formats.

CTGVS0503W Expected format1 metadata sections inthe registration response but foundformat2 instead.

Explanation: A registration response with anunexpected number of metadata sections was received.


Administrator response: Investigate whether theapplications creating these message are compatible.Ensure the release levels of the applications supporteach other's response formats.

CTGVS0504E A service named service_name was notfound.

Explanation: The specified service name was notfound.


Administrator response: Request a service that exists.

CTGVS0505E The command or service specifieddoes not exist: command_service_name .

Explanation: The command handler was not found.


Administrator response: Retry using a differentcommand request.

CTGVS0506E A not valid element passed tofunction, expected expected name butfound found name.

Explanation: When parsing XML, an different elementto the one expected was found.

System action: Parsing halted.

Administrator response: Examine the system log, andensure the XML being parsed is correct.

CTGVS0507E An error occurred while parsing aelement name XML element.

Explanation: An error occurred while an element ofthe given local name was being parsed.



CTGVS0508E An error occurred while serializingdata to XML.

Explanation: An error occurred while data was beingserialized to XML.

System action: Serialization halted.

Administrator response: Examine the system log todetermine the cause of this error.

CTGVS0509W A certificate with name cert_name andexpiration date exp_date was not found.

Explanation: The certificate was expected to be in thekeystore but was not found


Administrator response: Ensure the certificate hasbeen received as a signer certificate.

CTGVS0510W A certificate with name cert_name andexpiration date exp_date has expired.

Explanation: The certificate has expired and cannot beused for signature verification.


Administrator response: Refresh the certificate on thepolicy source machine and import it's public certificateas a signer certificate.

CTGVS0031E • CTGVS0510W


CTGVS0511W The element with attribute of id_namehad a signature that is not valid .

Explanation: The signature of this element could notbe verified using the public key certificate.


Administrator response: Refresh the certificate on thepolicy source machine and import its public certificateas a signer certificate.

CTGVS0512E An error occurred while extractingdata from the configuration file. Therequested element could not be found.

Explanation: An administrative command requestedinformation from the configuration file that could notbe located.

System action: Returning a failure status code to thecaller.

Administrator response: Examine the request andensure the desired section is present in theconfiguration file.

CTGVS0513E A context element was not found inthe message headers. The context of therequest can not be determined.

Explanation: A service request did not have a requiredContextId element in the message header. Theoperation could not be fullfilled.

System action: The service request fails.

Administrator response: The source of the request isnot providing the required information. Correct thesender of the request and re-try the operation.

CTGVS0514E An invalid element was supplied forparsing, expected Metadata but insteadfound localName.

Explanation: An incorrect response was received fromthe policy management server while retrieving a policyupdate.

System action: The policy update request does notcomplete. No new polices are retrieved.

Administrator response: Ensure that the policymanagement server is functioning properly and retrythe operation.

CTGVS0515E An invalid element was supplied forparsing, expected MetadataSection butinstead found localName.


System action: The policy update request does not

complete. No new polices are retrieved.


CTGVS0516E The required attribute Dialect was notfound on the MetadataSection element.




CTGVS0517E Invalid element supplied for parsing,expected GetMetadata but instead foundlocalName.




CTGVS0518E Processing the notification messagefailed with the following error: errorMsg

Explanation: The notification message was not sentbecause an error occurred processing the message.

System action: Processing halted.

Administrator response: Examine the system log formore detailed information.

CTGVS0519E The required Security AssertionMarkup Language (SAML) elementnodeName has a wrong name space.Expected: uri found: badUri

Explanation: Failed to parse an element in an XMLdocument. The document does not have the expectedname space.



CTGVS0511W • CTGVS0519E


CTGVS0520E The required Security AssertionMarkup Language (SAML) elementnodeName was unexpected. Expected:name

Explanation: Failed to parse element in an XMLdocument. The document does not have the expectedelement.



CTGVS0521E The required Security AssertionMarkup Language (SAML) XML stringfailed to parse. Input XML string:xmlString

Explanation: Failed to parse the SAML assertion XMLstring into a document.



CTGVS0522E The received element <ElementName>does not contain the required attributeMemberElementName.

Explanation: Failed to parse the SAML assertionbecause it is missing a required attribute.



CTGVS1001E Cannot load the configuration file orconfiguration input string.

Explanation: Unable to load the configuration file orconfiguration input string due to invalid format. Theexpected document root maybe missing because theparsed configuration file does not contain the correctconfiguration document.


Administrator response: Ensure that configuration fileis valid. Enable the finest level of logging and retry therequest. Review the log files. Make changes as neededand retry the request.

CTGVS1002W Configuration file can not be located.A default configuration file is created.

Explanation: Unable to find the configuration file.Configuration file does not exist.

System action: A default configuration will be created.

Administrator response: New configuration file will

be created. If there is a need to add additionalconfiguration data, modify the configuration file andrestart the application.

CTGVS1003E The configuration file content can notbe parsed.

Explanation: The configuration file's format may beincorrect. The expected document root maybe missingbecause the parsed configuration file does not containthe correct configuration document.


Administrator response: Ensure that thatconfiguration file is valid. Enable the finest level oflogging and retry the request. Review the log files.Make changes as needed and retry the request.

CTGVS1004E Can not save the configuration databack to the configuration file.

Explanation: An exception occurred while savingconfiguration data to file. The configuration data'sformat may be incorrect or file may not exist.


Administrator response: Ensure that thatconfiguration file is valid. Enable the finest level oflogging and retry the request. Review the log files.Make changes as needed and retry the request.

CTGVS1005E The configuration information can notbe loaded for use in the obfuscation.

Explanation: An exception occurred while loadingconfiguration data to be used for the obfuscation. Theconfiguration information for the obfuscation might bemissing.


Administrator response: Ensure that thatconfiguration file is valid and contain the configurationinformation about the obfuscation. Enable the finestlevel of logging and retry the request. Review the logfiles. Make changes as needed and retry the request.

CTGVS1006E The application failed to performpassword obfuscation.

Explanation: An exception occurred while doingpassword obfuscation. There might be a problem withthe keystore, keystore password, or the keystore aliaspassword.


Administrator response: Verify to make sure thekeystore in the installation directory and that theconfiguration file contains the correct information for



the obfuscation. Enable the finest level of logging andretry the request. Review the log files. Make changes asneeded and retry the request.

CTGVS1007E The application failed to convert anobfuscated password to the originalpassword.

Explanation: An exception occurred while convertingan obfuscated password back to the original password.There might be a problem with the keystore, keystorepassword or the keystore alias password.


Administrator response: Verify to make sure thekeystore in the installation directory and that theconfiguration file contains the correct information forthe obfuscation. Enable the finest level of logging andretry the request. Review the log files. Make changes asneeded and retry the request.

CTGVS1008E Configuration component orsub-component compName either notvalid or doesn't exist in theconfiguration file.

Explanation: The specified component orsub-component doesn't exist in the configuration file.


Administrator response: Ensure that the configurationfile contains the correct information. Enable the finestlevel of logging and retry the request. Review the logfiles. Make changes as needed and retry the request.

CTGVS1009E The required property property for thePolicy Information Point (PIP)configuration entry finder is eitherinvalid or does not exist in theconfiguration file. The PIP entry willnot be registered for use.

Explanation: Required properties might be missing orinvalid for the specified PIP configuration entry.

System action: The specified PIP entry will not beregistered for information lookup.

Administrator response: Ensure that the configurationfile contains the correct information. Make sure all therequired properties are set correctly for the PIP. Enablethe finest level of logging and retry the request. Reviewthe log files. Make changes as needed and retry therequest.

CTGVS1010E Unable to obtain the applicationserver ConfigRepository handle.

Explanation: Failed to obtain a ConfigRepositoryhandle to modify configuration data. The Server maynot be up or reachable.

System action: Unable to read or write to and fromthe ConfigRepository.

Administrator response: Ensure the application serverenvironment is set up correctly and that the server isup and running. Enable the finest level of logging andretry the request. Review the log files. Make changes asneeded and retry the request.

CTGVS1011E Configuration file file doesn't exist.

Explanation: Unable to find the configuration file.Configuration file does not exist.


Administrator response: Ensure the configuration fileexists. Enable the finest level of logging and retry therequest. Review the log files. Make changes as neededand retry the request.

CTGVS1012E Unable to backup configuration filefilePath .

Explanation: Failed to backup the configuration file.The file path might be invalid or the application serverconfiguration repository might not be available.


Administrator response: Ensure the configuration fileexists. Enable the finest level of logging and retry therequest. Review the log files. Make changes as neededand retry the request.

CTGVS1013E Required system propertyuser.install.root not present.

Explanation: The value for the System propertyuser.install.root could not be obtained. Its value isrequired in order to determine the location to placeconfiguration files and temporary files.

System action: The application may fail to start.

Administrator response: It is very unusual for thisSystem property not to be present in a normalapplication server configuration. Ensure that it isdefined.

CTGVS1014E The wrong type of configurationlocator was provided.

Explanation: Each different type of environment thisapplication is run in may require a different method ofstoring and access configuration information. There hasbeen an application design limitation that has causedthis mismatch.

System action: The application may fail to start.

Administrator response: The application is notrunning as designed. Perhaps it is running in anenvironment it has not been verified for.



CTGVS1015E An error occurred while establishing aconnection to the DataSource namedataSourceName. . The data source willnot be used for the storage ofconfiguration data.

Explanation: Failed to find the configuration datasource. The data source will not be used for storage ofconfiguration.

System action: The configuration will not be stored inthe database.

Administrator response: Ensure that the configurationdatasource property is configured correctly in thesecurity-services.xmi file. Ensure that the dataSource isdefined correctly in the application serverconfiguration.

CTGVS1017E The configuration data storage is notenabled.

Explanation: The configuration data storage is notenabled.

System action: The configuration will not be stored inthe database.

Administrator response: Ensure that the configurationdatasource property is configured correctly in thesecurity-services.xmi file. Ensure that the dataSource isdefined correctly in the application serverconfiguration.

CTGVS1018E An error was encountered whenreading the file path from the DB.

Explanation: Failed to read data from the DB.

System action: Failed to read data from the DB.

Administrator response: Ensure that the configurationdatabase is setup properly and is operational. Ensurethat the dataSource is defined correctly in theapplication server configuration.

CTGVS1019E An error was encountered whenwritng the file path into the DB.

Explanation: Failed to write in the DB.

System action: Failed to write data in the DB.


CTGVS1020E An error was encountered whendeleting the file path from the DB.

Explanation: Failed to delete data from the DB.

System action: Failed to delete data from the DB.


CTGVS1501E The service named role_name was notfound.

Explanation: The specified service name was notfound.


Administrator response: Specify a service that exists.

CTGVS1502E The operation request failed.

Explanation: Either a connection could not beestablished to the Security Policy Manager or an errorcondition occurred while the policy manager wasprocessing the request.


Administrator response: If a remote exception wasdetected, make sure that the policy manager is started.Check for port, administrator, or administratorpassword errors.

CTGVS1505W The registration operation forapplication failed.

Explanation: The tspm.configured entry missing fromthe security-services.xmi file. Registration operationwas not done.


Administrator response: The security-services.xmi fileis missing the tspm.configured value. Check thesecurity-services.xmi file to ensure that the registrationstanza is defined.

CTGVS1506W Check for using HTTPS failed or nosession parameters defined.

Explanation: The HTTPS.enabled value SSL sessionparameters were not found. An HTTP transport will beused instead.


Administrator response: The security-services.xmi fileis missing the HTTPS.enabled value or other HTTPSvalues necessary to define a session, such as keystoreand keystore.password. Check the security-services.xmifile to ensure that the registration stanza is defined andhas the HTTPS values defined.



CTGVS1507E An error occurred while trying toobtain a policy update.

Explanation: While trying to get a policy update, anerror occurred.


Administrator response: Investigate the policy updaterequest. Enable the finest level of logging and retry.Review the log files. Make changes as needed and retrythe request.

CTGVS1508E An error occurred while trying createa URL address for the policymanagement service.

Explanation: While trying to create a URL address forthe policy management service, an error occurred.


Administrator response: Investigate the policymanagement service URL create request. Enable thefinest level of logging and retry. Review the log files.Make changes as needed and retry the request.

CTGVS1509W The admin command must be astring data type, it was found to be oftype: admin_cmd_data_type .

Explanation: While trying to process the admincommand, the command data was found to be of typeadmin_cmd_data_type and not of type string. Theadmin command cannot be processed.


Administrator response: Investigate the admincommand request. Enable the finest level of loggingand retry. Review the log files. Make changes as neededand retry the request.

CTGVS1510W The admin command XML stringadmin_XML_string cannot be parsed intoan element.

Explanation: Could not parse the admin commandadmin_XML_string into an element. The admincommand cannot be processed.


Administrator response: Investigate the admincommand request. Enable the finest level of loggingand retry. Review the log files. Make changes as neededand retry the request.

CTGVS1511E An error occurred while trying toinitialize the handler for the protocolname protocol.

Explanation: While trying to initialize the handler to

retrieve policy updates for a given protocol, an erroroccurred.

System action: The specified protocol will not beavailable.

Administrator response: Enable the finest level oflogging and retry. Review the log files.

CTGVS1512E No handler was found for any of thefollowing list of protocols: protocol list.

Explanation: None of the protocols specified in thenotification could be used to retrieve the update.



CTGVS1513E The signatures in the policydistribution could not be validated. Thepolicy distribution request has beenignored.

Explanation: Could not validate the signature(s) in thepolicy distribution. This indicates a problem with theintegrity of the signed distribution request.


Administrator response: Investigate whether thepublic certificate of the policy distribution source hasexpired. Otherwise there is a problem with thetransport integrity.

CTGVS1514E A problem with accessing theconfiguration file or keystore has beendetected.

Explanation: A problem occurred during the openingof the keystore for signature verification.


Administrator response: Investigate the service andrelated settings. Enable the finest level of logging andretry. Review the log files. Make changes as needed andretry the request. Ensure that the keystore has beendefined in the security-services.xmi file of theWebsphere Application Server's profile.

CTGVS1515W An update notification messagecould not be verified. The messagenotification was not handled.

Explanation: An update notification was received butthe signature was either missing or could not beverified.


Administrator response: Investigate the service and



related settings. Enable the finest level of logging andretry. Review the log files. Make changes as needed andretry the request. Ensure that the keystore has beendefined in the security-services.xmi file of theapplication server's profile.

CTGVS1517E The required argumentmissing_argument is missing from thecommand line.

Explanation: A required argument that was neededfor this operation is missing.


Administrator response: Supply the requiredargument and retry the command.

CTGVS1518W A property missing_property was notsupplied, using the default propertyvalue of default_property for the value.

Explanation: A property was not supplied using thedefault property value instead.


CTGVS1519E The argument supplied for theoperation, -o flag, is not valid. chooseeither register,refresh, or unregister.

Explanation: Bad argument used with the -o flag.


Administrator response: Supply the a valid argumentwith the -o flag and retry the command.

CTGVS1520W The certificate-interval was not foundin the properties file, the defaultinterval of 365 days will be used.

Explanation: No certificate-interval property wasfound in the properties file. Using default of 365 days.


Administrator response: Supply the desired numberof days that the certificate should be valid with thecertificate-interval property and retry the command.

CTGVS1527E Could not determine the local hostname. Please enter host name using thepdt-host-name property.

Explanation: Could not determine the local host'sname.


Administrator response: Add the pdt-host-nameproperty and its value to the properties file and retrythe command.

CTGVS1530E Exception occurred while trying tocontact the policy manager.

Explanation: A communications error occurred whiletrying to contact the policy manager.


Administrator response: Check the policy manager'sname and port number. Ensure that the registrationservice is running on the policy manager's applicationserver instance.

CTGVS1531E Failed to read the register propertiesfile.

Explanation: Failed to read the properties file.


Administrator response: Check that the applicationserver instance is running using the same id that wasused while registering the policy distribution target. Ifthere is a mismatch, use system commands to make theid the same as what the application server instance isusing and restart the application server.

CTGVS1532E Failed to delete the register propertiesfile.

Explanation: Failed to delete the properties file.


Administrator response: Check that the ID used torun the application server instance has write authorityon the register properties file in the configurationdirectory. If not use system commands to grant thatauthority and restart the application server.

CTGVS1533W Security policy manager notconfigured. Please register the policydistribution target and copy the registerproperties file to the configurationdirectory and restart the applicationserver.

Explanation: Policy distribution target not yetconfigured. The location of the security policy manageris missing.

System action: None

Administrator response: Create a register propertiesfile by using the registration client and copy theproperties file to the configuration directory. Restart theapplication server.

CTGVS1534W A registration property: missing_propwas missing from the registration file:reg.props, Registration aborted.

Explanation: A required registration property wasmissing from the registration file.




Administrator response: Run the registration clientagain and fill in all parameters that are not optional.Copy the reg.props file to the configuration directoryand restart the Websphere server.

CTGVS1538E Can not use both and

Explanation: The two options are incompatible. Useeither one or the other.


Administrator response: Determine which option is tobe used and eliminate the other. Retry the operationwith only one of the options.

CTGVS1539E The required argumentmissing_property is missing from theregistration input properties file.

Explanation: A required property that is needed forthis operation is missing.


Administrator response: Add the missing property tothe input properties file and retry the command.

CTGVS1540E The registration program versionreg_ver does not match the versionrecorded in the properties file: reg_ver.

Explanation: A version mismatch between theproperties file and the registration program wasdetected.


Administrator response: Ensure that the correctproperties template file was used to create theproperties file and that the version in the file matchesthat reported by the registration program. Oncecorrected, retry the command.

CTGVS1541E The Policy Distribution Target (PDT)type defined in the properties file wasnot numeric.

Explanation: The PDT type when parsed was notnumeric.


Administrator response: Correct the PDT type andmake it one of the valid integers as defined in theproperties file comments. Retry the command.

CTGVS1542E The property value of property_value isnot applicable for the property property.

Explanation: A required property does not have avalid value.


Administrator response: See the properties templatefor comments on that property and the valid propertyvalues. Change the property's value and retry thecommand.

CTGVS1543W The Policy Distribution Target (PDT)was already unregistered.

Explanation: The policy manager's certificate wasalready deleted from the truststore.


Administrator response: Correct the PDT type andmake it one of the valid integers as defined in theproperties file comments. Retry the command.

CTGVS1544W The user: tspm_usere could not becreated in the registry. Not added to theadmin_group group.

Explanation: The Bind distinguished name of theregistry might not have write authority to theunderlying registry or the user has already beencreated. This Policy Distribution Target (PDT) will notwork correctly unless this user is created and added tothe pdt-admin-group.


Administrator response: Either configure theapplication server registry with a Bind distinguishedname that has write access and retry the registrationcommand or add the name manually to the registryand make it a member of the pdt-admin-group.

CTGVS1545W The user:tspm_usere could not beadded to the pdt-admin-group:admin_group.

Explanation: The pdt-admin-group is defined duringPDT install. The name of the group is a requireproperty of a type 1 or 2 Policy Distribution Target(PDT) for registration. Another factor that would causethis error would be if the bind distinguished name ofthe registry does not have write authority to theunderlying registry. This PDT will not work correctlyunless the user is added to the pdt-admin-group.


Administrator response: Check that the name definedin the PDT registration properties file is fully definedand matches the one that was created in the registry.The fully defined name may be viewed using theapplication server's console panel and selecting groups.The unique name would be the one that must matchthe property in the registration properties file. If thebind distinguishing name defined in the applicationserver registry definition does not have write access,the name would have to be added using appropriateregistry tools.



CTGVS1546W Members of group: group_name notfound.

Explanation: Could not find the members of thisgroup. The group may have been deleted.


Administrator response: Reinstall the Tivoli runtimesecurity service or create the group in the applicationserver's registry exactly how it was defined duringTivoli runtime security service install.

CTGVS1547E An error was detected while trying torun a remote command on the webserver.

Explanation: Suspect problems with the programsetup or web server instance.


Administrator response: Ensure that the bat or scriptthat runs this program has not been changed. Checkthat all required jars mentioned in the bat or scriptexist in the locations that are defined in the file. Makesure that the application server which the program istrying to contact is running.

CTGVS1548W User group_name not in groupgroup_name

Explanation: Suspect problems with the programsetup or web server instance.


Administrator response: Ensure that the bat or scriptthat runs this program has not been changed. Checkthat all required jars mentioned in the bat or scriptexist in the locations that are defined in the file. Makesure that the application server which the program istrying to contact is running.

CTGVS1549W Could not setup command handler tothe application server.

Explanation: The command handler is used to executeadministration commands during registration.


Administrator response: Ensure that the web server issetup and running correctly and retry the operation.

CTGVS1550W Could not delete Policy DistributionTarget (PDT) certificate alias: alias fromthe keystore: keystore during theunregister operation.

Explanation: The deletion operation returned an error.


Administrator response: Certificate might have been

deleted already. Check the keystore to verify that thefile has already been deleted.

CTGVS1551W Exception occurred during SSL portcreation or deletion for pdt.

Explanation: Error occurred while trying to create ordelete a SSLProf, transportchain, and alias for a PolicyDistribution Target (PDT) SSL port.


Administrator response: Create or delete the portmanually using the keystore. Make sure the transportcertificate uses the SSL port template. Enable certificateauthentication in the QoS option of the SSLConfdefinition.

CTGVS1552W Error occurred while writing theregistration properties file.

Explanation: A write error occurred while trying towrite out the registration properties.


Administrator response: This error might be due to auser's write authority. Check the system settings for thisuser, alter the settings if necessary, and retry thecommand.

CTGVS1553E No data was returned from server forthe policy update.

Explanation: The policy update did not contain theWS-MetadataExchange Metadata element.



CTGVS1554E Could not determine local cell bylooking for Node in the directory treeunder dir_name.

Explanation: Could not determine the local Cell name.


Administrator response: Check thewebsphere-install-path and websphere-profile in theregister tool's input file. These values are used to derivethe local cell name. Using incorrect values could resultin the local cell not being found.

CTGVS1555E The properties file passed to theregister tool prop_file was not found.

Explanation: The properties file could not be located.




Administrator response: Correct the file path andname and retry the operation.

CTGVS1556E An error has occurred that was notexpected.

Explanation: An unanticipated error has occurred.


Administrator response: Please run trace and/ordebug. Examine the logs for advice on why this erroroccurred and suggestions for fixing it.

CTGVS1559W The user could not be created. If theFederated Repository is not used on theapplication server instance, then the idwill have to be created manually in theuser account repository.

Explanation: User IDs can only be created when theapplication is using the Federated repositories as itsuser account repository.

System action: None

Administrator response: Either switch the useraccount repository to the Federated repositories andretry the operation, or create the user ID tspmmanually in the current user account repository.

CTGVS1562E An error occurred parsing the XMLstring for notifications. The XML inputreceived is: xmlString .

Explanation: The string is not valid XML.



CTGVS1563E An error occurred validating theAdminCommand for policy updates.The command is missing the requiredcommand parameterPolicyDistributionEvents.

Explanation: The NOTIFYUPDATE AdminCommandexpects a parameter called PolicyDistributionEvents.


Administrator response: Pass in the XML string forthe PolicyDistributionEvents to the AdminCommandweb-service.

CTGVS1564E Incorrect Policy Distribution Targettype specified.

Explanation: The Policy Distribution Target type isinvalid or unknown.

System action: Execution halted

Administrator response: Provide a valid PolicyDistribution Target type.

CTGVS1565E The supplied keystore: keystorefile doesnot existor could not be read, verify thepassword, integrity of the file andkeystore type.

Explanation: The command was unable to find thesuplied keystore file or it could not be read due towrong passwords or file corruption.


Administrator response: Provide a valid keystore andpassword.

CTGVS1566E A connection to the WebSphere servercould not be established. Check thesupplied properties.

Explanation: The command was unable to connect toWebSphere due to bad connection properties.


Administrator response: Correct the connectionproperties that were supplied.

CTGVS1569E A reload configuration commandcannot be completed due toinitialization failures in the cluster.

Explanation: A reload configuration command wasreceived but initialization failures prevented itscompletion.


Administrator response: Verify the clusterconfiguration and the state of the nodes. Examine anylogs or incident streams for information that mightexplain the initialization failure and correct them.

CTGVS1571W The user user could not be removedfrom the target server registry.

Explanation: A user for the policy distribution targetcould not be removed in the registry of the targetWebSphere Application Server. The user should bemanually removed.

System action: The operation was not performed.Processing continues.

Administrator response: Ensure that the administratorname and password are correct in the input propertiesIf necessary, manually remove the registry user.



CTGVS1572W The user user could not be created inthe target server registry.

Explanation: A user for the policy distribution targetcould not be created in the registry of the targetWebSphere Application Server. This may occur if theuser already exists.


Administrator response: Ensure that the administratorname and password are correct in the input propertiesand that the user does not already exist in the registry.If necessary, manually create the registry user.

CTGVS1573E The name for the policy managerserver user could not be determined orwas not provided.

Explanation: An attempt is made to create a user inthe local registry for the policy manager server, but theuser name is unknown. The user name is determinedfrom the policy manager server public certificate.

System action: The operation was not performed.Processing does not continue

Administrator response: The certificate may becorrupt or the registration process may haveencountered other errors. Check the application andsystem logs for the policy manager server foradditional information.

CTGVS1576E The policy distribution targetcertificate with alias alias was not foundin the store. The certificate could not beexported.

Explanation: An attempt to export the publiccertificate for the policy distribution target failedbecause the certificate could not be found in the keystore.

System action: The save is not performed. Processingcontinues.

Administrator response: Manually export thecertificate from the policy distribution target key store.If the auto generate option is enabled, the certificatecan be found in they keystore with the alias namematching the name of the policy distribution targetappended with _public.

CTGVS1577W Unable to download certificate fromthe remote authorization server. Thecertificate from endpoint URL URLcould not be retrieved.

Explanation: An attempt to download a publiccertificate from the remote authorization servers SSLport failed.


Administrator response: Either verify the HTTPS URLfor the remote authorization service in the inputproperties and retry the operation, or manually importthe certificate into the policy distribution target keystore.

CTGVS1578W An HTTPS protocol is not specifiedfor the remote authorization server.Certificate downloading is skipped. AnHTTPS port must be used.

Explanation: In a remote mode configuration if theURL for the remote authorization service uses an HTTPprotocol, an attempt is made to automatically add thecertificate to the policy distribution target key store.


Administrator response: Change the protocol for theauthorization service to HTTPS URL in the inputproperties or the current configuration, and retry theoperation.

CTGVS1579W The certificate for the remoteauthorization service could not beretrieved. The certificate could not beretrieved from url .

Explanation: In a remote mode configuration anattempt to download the public certificate of the remoteauthorization service into the certificate to the policydistribution target key store failed.


Administrator response: Ensure the that the remoteserver is running and that the HTTPS port is available,or manually import the certificate into the policydistribution target key store.

CTGVS1580E An unknown RTSS component namewas specified in the input properties.The property propertyname must beeither rtsscomp or rtssclientcomp .

Explanation: An incorrect value was set in theregistration input properties.

System action: The operation was not performed.Processing does not continue.

Administrator response: Correct the input propertiesand retry the operation.



CTGVS1581E The runtime security servicesconfiguration file filename could not beloaded.

Explanation: The runtime security servicesconfiguration file could not be read.

System action: The operation was not performed.Processing does not continue.

Administrator response: Check the file permissionsand path name of the input properties file and retry theoperation.

CTGVS1583E The remote authorization servicecould not be contacted. Ensure the targetserver is running and available. filename.

Explanation: The appliation is attempting to verifythat the remote runtime security server is running. Theremote server could not be contacted.

System action: Processing does not continue.

Administrator response: Ensure the target server isrunning and available.

CTGVS2001E An error occurred while loading thepolicy with identifier policy_id .

Explanation: The policy specified by policy_id couldnot be loaded.

System action: The request fails with an error.

Administrator response: Investigate the policyidentifier specified. Enable the finest level of loggingand retry. Review the log files. Make changes as neededand retry the request.

CTGVS2002E The policy identified by identifierpolicy_id was not found.

Explanation: The policy might not exist.



CTGVS2003E An error occurred while loading thepolicy identified by policy identifierpolicy_id .

Explanation: The policy specified by policy_id couldnot be loaded.


Administrator response: Investigate the policyidentifier specified. Enable the finest level of logging

and retry. Review the log files. Make changes as neededand retry the request.

CTGVS2004E The policy set identified by identifierpolicy_id was not found.

Explanation: The policy set specified by policy_id wasnot found.


Administrator response: Investigate the policy setidentifier specified. Enable the finest level of loggingand retry. Review the log files. Make changes as neededand retry the request.

CTGVS2005E The policy set identified by identifierpolicy_id was not found.

Explanation: The policy set specified by policy_id wasnot found.


Administrator response: Investigate the policy setidentifier specified. Enable the finest level of loggingand retry. Review the log files. Make changes as neededand retry the request.

CTGVS2006E The policy version specified foridentifier policy_id was not found.

Explanation: The policy version specified for policy_idwas not found.



CTGVS2007E The version for identifier identifier_idwas not found.

Explanation: The identifier version for the identifierspecified by identifier_id was not found.


Administrator response: Investigate the identifierspecified. Enable the finest level of logging and retry.Review the log files. Make changes as needed and retrythe request.

CTGVS2008E An error occurred while trying toserialize a request object to XML.

Explanation: While trying to serializing an eXtensibleAccess Control Markup Language (XACML) requestobject to XML an error occurred.


Administrator response: Investigate the failure by



enabling the finest level of logging and retrying theoperation. Review the log files. Make changes asneeded and retry the request.

CTGVS2009E An error occurred while creating aresponse object from the received XML.

Explanation: While trying to create an eXtensibleAccess Control Markup Language (XACML) requestobject from received XML data, an error occurred.



CTGVS2010E The expected eXtensible AccessControl Markup Language (XACML)response data was not found in thereturned message.

Explanation: While evaluating the returned message,eXtensible Access Control Markup Language (XACML)response data was expected to exist but was not found.



CTGVS2011W HTTP authentication was specifiedbut could not complete because therequired username and/or passwordwere not specified.

Explanation: HTTP authentication was specifiedwhich requires a username and a password to bespecified. However, the username and / or thepassword were not specified.


Administrator response: When using HTTPauthentication specify a username and a password.Alternatively, consider not using HTTP authentication.Retry the operation with the necessary changes.

CTGVS2012E The Security Assertion MarkupLanguage (SAML) is not at the requiredversion version_info .

Explanation: The Security Assertion MarkupLanguage (SAML) version was found to not therequired version. The SAML data exchange cannotcomplete.


Administrator response: Review the operatingenvironment and ensure components are at the

required levels. Retry the operation after making thenecessary changes.

CTGVS2013E The Required Security AssertionMarkup Language (SAML) elementSAML_ELEMENT was not found, insteadfound WRONG_SAML_ELEMENT SAMLelement.

Explanation: The Security Assertion MarkupLanguage (SAML) element was not the requiredelement. The data exchange could not complete.


Administrator response: Investigate the failure byenabling the finest level of logging and retrying theoperation. Review the log files. Make changes asneeded. Review the operating environment and ensurecomponents are at the required levels. Retry theoperation after making the necessary changes.

CTGVS2014E The incoming eXtensible AccessControl Markup Language (XACML)request has no context specified and nodefault context was configured.

Explanation: The incoming XACML request does nothave a context specified and there is no default contextconfigured for the environment. The request can not beprocessed.


Administrator response: Specify a default contextproperty or reconfigure the incoming request to containa default context. Review the operating environment.Retry the operation after making the necessary changes.

CTGVS2015E An error occurred while evaluatingthe eXtensible Access Control MarkupLanguage (XACML) request.

Explanation: While evaluating the incomingeXtensible Access Control Markup Language (XACML)request an error occurred. The request can not beprocessed.



CTGVS2016E The Security Assertions MarkupLanguage (SAML) request cannotcomplete due to an unfound tokenhandler for namespaceNAMESPACE_URI .



Explanation: The token handler for namespaceNAMESPACE_URI could not be found. The SAMLrequest cannot complete.



CTGVS2017E An error occurred while evaluatingthe eXtensible Access Control MarkupLanguage (XACML) request.

Explanation: While evaluating the incomingeXtensible Access Control Markup Language (XACML)request an error occurred. The request can not beprocessed.



CTGVS2018E No eXtensible Access Control MarkupLanguage (XACML) request found inSecurity Assertion Markup Language(SAML) request.

Explanation: Could not find XACML request in theincoming SAML query. The request can not beprocessed.



CTGVS2019E Response object's 'InResponseTo' IDin_responseTo_id does not match theexpected ID send_id .

Explanation: The received ID must match the sent ID.


Administrator response: Ensure that the request is avalid request. Enable the finest level of logging andretrying the operation. Review the log files. Makechanges as needed. Review the operating environmentand ensure components are at the required levels. Retrythe operation after making the necessary changes.

CTGVS2020W Response object's 'InResponseTo' Idwas not found in the response.

Explanation: The Response object's 'InReponseTo' IDis missing.


Administrator response: Enable the finest level oflogging and retrying the operation. Review the logfiles. Make changes as needed. Review the operatingenvironment and ensure components are at therequired levels. Retry the operation after making thenecessary changes.

CTGVS2021W The found Security AssertionMarkup Language (SAML) statement isnot of the type statement_type .

Explanation: The SAML statement does not contain anXACML response.


Administrator response: Enable the finest level oflogging and retrying the operation. Review the logfiles. Make changes as needed. Review the operatingenvironment and ensure components are at therequired levels. Retry the operation after making thenecessary changes if desired.

CTGVS2022W The Security Assertion MarkupLanguage (SAML) statement is notfound in the SAML assertion

Explanation: The Security Assertion MarkupLanguage (SAML) statement is missing from the SAMLassertion.



CTGVS2023W The Security Assertion MarkupLanguage (SAML) statement is notfound in the SAML assertion

Explanation: The Security Assertion MarkupLanguage (SAML) statement is missing from the SAMLassertion.





CTGVS2024W The Security Assertion MarkupLanguage (SAML) statement is notfound in the SAML response.

Explanation: The Security Assertion MarkupLanguage (SAML) statement is missing from the SAMLresponse.



CTGVS2025W An error occurred while initializingthe External Rule system.

Explanation: An exception was thrown whileinitializing the External Rule system. All External Rulefunctions will be disabled.

System action: External rules are disabled.


CTGVS2026E The External Rule with the identifieridentifier could not be found.

Explanation: No External Rules with the givenidentifier has been defined in the RTSS configuration.

System action: An exception is thrown, the result forthe authorization decision is indeterminate.


CTGVS2027W The External Rule with name namecould not be loaded.

Explanation: An error occurred during while loadingthe External Rule with the given name. This ExternalRule has been disabled.

System action: The External Rule is registered.References to this External Rule at runtime will causean error.

Administrator response: Enable the finest level oflogging and retrying the operation. Review the logfiles. Make changes as needed. Review the operatingenvironment and ensure components are at the

required levels. Retry the operation after making thenecessary changes if desired.

CTGVS2028E Could not get an instance of the OSGiExtension Registry.

Explanation: A reference to the OSGi ExtensionRegistry could not be obtained. External Rule pluginscannot be loaded.

System action: No External Rules could be loaded.References to External Rules in the policy are notresolved.


CTGVS2029E The External Rule extension pointname could not be found.

Explanation: A reference to the OSGi Extension Pointfor External Rules could not be obtained. External ruleplug-ins cannot be loaded.

System action: External Rule plug-ins could not beloaded. References to External Rules in the policy arenot resolved.


CTGVS2030E The External Rule implementationwith plugin identifier id could not befound.

Explanation: An External Rule implementation withthe given plug-in identifier could not be found. ThisExternal Rule configuration cannot be loaded.

System action: This External Rule implementation isnot loaded.


CTGVS2031E An error occurred while instantiatingthe External Rule implementation class.

Explanation: The External Rule implementation couldnot be created as an exception was thrown.



System action: The External Rule implementation isnot loaded.


CTGVS2032W Could not create the External Rulewith id id as one or more requiredconfiguration parameters are missing.

Explanation: The RTSS configuration does not containone or more configuration parameters that the plug-inidentified has declared as required.

System action: This External Rule will not be loaded.


CTGVS2033E The required property paramName wasnot found in the configuration.

Explanation: The configuration does not contain thespecified configuration parameter that the ExternalRule plug-in has declared as required.

System action: This External Rule will not be loaded.


CTGVS2034E An invalid configuration wasprovided for an IdAS attribute finder.The mandatory property valuesourceProp. was missing or not valid.

Explanation: Ensure the property value wasconfigured. The error log contains details.

System action: Startup has been halted.

User response: Add the missing mandatory propertyvalue to the attribute finder's configuration.

CTGVS2035E The IdAS attribute finder propertyvalue for propertyName not correctlyformated to RFC 2732 specifications.

Explanation: RFC 2732 places restrictions on theformat of URI values. The provided value does notconform to these restrictions.

System action: Startup had been halted.

User response: Update the IdAS attribute finderproperty value to conform to RFC 2732.

CTGVS2036E The IdAS registry has not beenconfigured to run. Thus the IdASattribute finder is unable to use theIdAS Context Provider contextProviderand is unable to initialize.

Explanation: The IdAS registry must be configured inorder for the IdAS attribute finders to operate.

System action: The Authorization Runtime Servicestartup had been aborted.

User response: Configure the IdAS registry beforeusing IdAS attribute finders.

CTGVS2037E The IdAS registry does not recognizethe context provider propertyName=contextProvider. The IdAS AttributeFinder is unable to initialize.

Explanation: The IdAS registry must have availablethe context provider ID in order for the IdAS AttributeFinders to operate.

System action: Startup as been halted.

User response: Update the IdAS Attribute Finderidas.context.provider property value to match a validentry in the IdAS registry.

CTGVS2038W An unexpected error was generatedwhile searching the IdAS context for theentity containing the attribute for thepolicy evaluation. The key used for thesearch was keyValueString.

Explanation: The IdAS registry generated an error thatwas assumed could not occur when it searched for theentity containing the policy attribute.

System action: The attribute for the policy evaluationwill be assumed to be missing.

User response: Ensure the IdAS registry is functioningcorrectly.

CTGVS2039W Multiple entities matched the keyvalue keyValueString. in a search of theIdAS context. All of the entities will beignored.

Explanation: The IdAS registry search for the entitycontaining the key value resulted in multiple matchingentries. Only one is permitted.


User response: Ensure the entity key values areunique to each entity.

CTGVS2032W • CTGVS2039W


CTGVS2040W The IdAS context reported a errorwhile attempting to authenticate.

Explanation: IdAS Authentication provided caused anerror while searching for an attribute for policyevaluation.


User response: Ensure the configured authentication iscorrect in both the IdAS Attribute Finder configurationand the IdAS Registry configuration.

CTGVS2041W No entity was located using the keyvalue keyValueString. during a search ofthe IdAS context.

Explanation: The IdAS registry search for the entitycontaining the key value did not produce a result.


User response: Ensure the entity key value maps to anentity in the IdAS Context.

CTGVS2042W An unexpected error was generatedwhile searching the IdAS context for theentity containing the attribute for thepolicy evaluation. The key value usedfor the search was keyValueString.

Explanation: The IdAS registry generated anunexpected error when searched for the entitycontaining the policy attribute.


User response: Ensure the IdAS registry is functioningcorrectly. Examine the log for details of theIdASException to assist in determining the cause.

CTGVS2043W An unexpected error was generatedwhile extracting the policy attributefrom the IdAS entity. The key valueused for the search was keyValueString.

Explanation: The IdAS registry generated anunexpected error when extracting the attribute forpolicy evaluation from the IdAS entity.



CTGVS2044W The IdAS Context, contextId, eitherdid not get created or did not open.Ensure that the hostname, port andlogin information is correct for thetarget server.

Explanation: The server or registry could not beopened or contacted, meaning the policy attributecould not be located.


User response: Ensure the IdAS registry is functioningcorrectly. Examine the log for details of the exception toassist in determining the cause. Check to make sure thehost name and port for the registry is correct. If usingauthentication, ensure the user name and password arecorrect.

CTGVS2045W An unexpected error was generatedwhile processing the policy attributefrom the IdAS entity. The IdAS attributename is returnAttributeName.

Explanation: An unexpected error occurred whenextracting the attribute for policy evaluation from theIdAS entity.



CTGVS2046W An unexpected error was generatedwhile closing the context contextId.

Explanation: The IdAS context generated anunexpected error when closing.

System action: Ignored.


CTGVS2047W The XACML return attribute typedataType configured for optionpropertyName is not supported.

Explanation: The IdAS attribute finder only supportsa limited set of XACML Attribute types. The oneconfigured is not one of them.


User response: Use one of the supported XACMLAttribute types.

CTGVS2040W • CTGVS2047W


CTGVS2048W Unable to convert the attribute value,value , returned from the IdAS contextinto the XACML data type, dataType.

Explanation: The IdAS attribute finder was unable toparse the value into an XACML attribute.


User response: Ensure the configured XACML datatype is correct for the IdAS attribute being returned.

CTGVS2049E Unable to configure the IdAS Registryfrom the file directory/file.

Explanation: The IdAS registry failed to configurefrom the supplied file.


User response: Check the file exists as specified.Check the file contains valid IdAS Registry XMLconfiguration. Examine the logged IdAS Exception foradditional details on the failure.

CTGVS2050E Unable to configure the IdAS Registryfrom the string supplied, string.

Explanation: The IdAS registry failed to configurefrom the supplied string.


User response: Check the string contains valid IdASRegistry XML configuration. Examine the logged IdASException for additional information on the cause.

CTGVS2051E Unable to convert the IdAS registryconfiguration stored in the storageservice into a XML String. The locationof the configuration in the storageservice was serviceName, dialect, identifier.

Explanation: The IdAS configuration extracted fromthe storage service must be converted into a form theIdAS registry can consume. This does not modify thedata, rather transforms the form in which it is passedwithin the programs memory.


User response: Check the storage service entrycontains valid IdAS registry XML configuration. Ensurethe correct location is configured. Examine the loggedexception for additional information on the cause.

CTGVS2052E An error was returned from theExternal Rule with name name.

Explanation: The XACML policy specified that anExternal Rule should be invoked, but the External Rulereturned an error. Please consult the relevant logs forthe external service to determine the cause of the error.

System action: Threw an XACMLProcessingException.

User response: Examine the logs of the externalsystem and take action as appropriate.

CTGVS2053E Invalid arguments for the functionfunction were found. At least oneargument, of type type must bespecified.

Explanation: The XACML policy specified that anExternal Rule should be invoked, but the requiredarguments were not found in the policy.

System action: This function has been marked as notvalid.

User response: Ensure the required arguments for thisfunction are specified in the policy.

CTGVS2054E The directory directory which wasspecified in the property property doesnot exist and could not be created.

Explanation: The configuration specified a directorythat was not found and could not be created.

System action: The initialization operation fails.

User response: Ensure the directory specified existsand is writable by the current user.

CTGVS2055E An error occurred while deploying theXMT file that specifies the customXACML functions for the External Rulefunctionality.

Explanation: A file is required in order to use customfunctions for the External Rules. This file could not beautomatically deployed to the file system.



CTGVS2056E An error occurred while loading theXMT file that specifies the customXACML functions for the External Rulefunctionality.

Explanation: A file is required in order to use customfunctions for the External Rules. This file could not beread.





CTGVS2057E An error occurred while registeringPolicy Information Point (PIP) entrypipName.

Explanation: The configuration information for the(PIP) entry might be not valid or does not exist.


User response: Ensure that the configuration filecontains the correct information. Make sure all therequired properties are set correctly for the PIP. Enablethe finest level of logging and retry the request. Reviewthe log files. Make changes as needed and retry therequest.

CTGVS2058E A URL for the remote authorizationservice was not provided.

Explanation: The configuration value for theauthz.http.url property has not been set.

System action: The initialization operation fails.Remote authorization requests will not functionproperly.

User response: Set the authz.http.url property to avalid authorization service URL.

CTGVS2059W HTTP authentication has beenenabled, but a user name was notprovided.

Explanation: The configuration value for theauthz.http.user property has not been set.

System action: Basic authentication for remoteauthorization requests is disabled. Remoteauthorization requests will not function properly ifapplication security has been enabled.

User response: Set the authz.http.user property to avalid user ID.

CTGVS2060W HTTP authentication has beenenabled, but a password was notprovided.

Explanation: The configuration value for theauthz.http.password property has not been set.

System action: Basic authentication for remoteauthorization requests is disabled. Remoteauthorization requests will not function properly ifapplication security has been enabled.

User response: Set the authz.http.password propertyto a valid user password.

CTGVS2061E An XACML Response is expected butnot found in the response message.

Explanation: A remote authorization request returnedan unexpected response. The authorization requestfails.

System action: The authorization request fails with aSOAP exception.

User response: Set the authz.http.url property to avalid IBM Runtime Security Service authorizationservice URL.

CTGVS2062E Both ldapsearch.prefix andldapsearch.baseDn must be specified,but only one of the attributes was foundfor attribute finder pipName.

Explanation: Both ldapsearch.prefix andldapsearch.baseDn must be specified, but only one ofthe attributes was found in the configuration.

System action: The attribute finder did not load.

User response: Configure either bot ldapsearch.prefixand ldapsearch.baseDnh or neither.

CTGVS2063E Unable to dynamically create an IdASJNDI Context for attribute finderpipName. The error reported wascauseText.

Explanation: A problem occurred while dynamicallyadding an IdAS JNDI context provider configurationinto the IdAS Registry.

System action: The attribute finder failed to load.

User response: Examine the cause error for possiblecauses. Also check the configuration for the attributefinder is correct.

CTGVS2064E Substring match (*) is not supportedin search filters for Attribute FinderpipName.

Explanation: Limitations in the LDAP implementationdo not allow for substring matching.

System action: No attributes will be returned from thesearch.

User response: Reformulate the LDAP search filter toremove any substring (*) usage.

CTGVS2065E Approximate match (~=) is notsupported in search filters for attributefinder pipName.

Explanation: Limitations in the LDAP implementationdo not allow for approximate matching.




User response: Reformulate the LDAP search filter toremove any approximate match (~=) usage.

CTGVS2066E Extensible matches are not supportedin search filters for attribute finderpipName.

Explanation: Limitations in the LDAP implementationdo not allow for extensible matching.


User response: Reformulate the LDAP search filter toremove any extensible match usage.

CTGVS2067E An unknown element typefilterComponentType was encountered inthe search filter for attribute finderpipName.

Explanation: An unsupported LDAP operator wasspecified in the LDAP search filter.


User response: Reformulate the LDAP search filter toavoid the problem.

CTGVS2068E getEvaluationTarget() method notsupported by RTSSProviderImpl class.

Explanation: An unsupported method was invoked.This is an internal coding error.


User response: Investigate the logs to determine ifanother error caused this error.

CTGVS2069E A thread already has a lock on thisrepository.

Explanation: The policy repository cannot satisfy apolicy retrieval request.


User response: If the problem persists, restart theapplication.

CTGVS2070E The thread does not have a lock onthis repository to release.

Explanation: The policy repository cannot complete apolicy retrieval request.


User response: If the problem persists, restart theapplication.

CTGVS2071E A configuration that is not valid wassupplied to the STS attribute finder. Arequest type URI, and either an issueror a appliesTo or both must be specifiedto be able to construct a valid STSrequest.

Explanation: Add the request type, issuer and/orappliesTo to the STS attribute configuration.


User response: Add the missing required propertyvalue to the configuration for the attribute finder.

CTGVS2072E A configuration that is not valid wassupplied to the STS attribute finder.The required attribute attribute ismissing.

Explanation: Add the required attribute to theconfiguration for the attribute finder.


User response: Add the missing required propertyvalue to the configuration for the attribute finder.

CTGVS2073E Unable to parse the security tokenfrom the XACML request. No attributeswill be returned from the search.

Explanation: An error occurred while parsing thesecurity token from the XACML request. The securitytoken is used as part of the STS request that is sent tothe STS for attribute retrieval.


User response: Investigate the logs to determine ifanother error caused this error.

CTGVS2074E An error occurred when calling theSTS from the attribute finder.

Explanation: Check the STSConfigurations to makesure the STS configuration is setup correctly. Either theSTS could not be contacted due to a configurationproblem or the chain was not found on the STS server.


User response: Check the logs to determine theconfiguration problem.

CTGVS2075E The STS response status indicates thatit is not valid. The response returned isresponse.

Explanation: Check the STS response to determinewhy the status is not valid.




User response: Check the logs for more information.

CTGVS2076E A protocol violation occurred parsingthe SAML token.

Explanation: The SAML token is not in the expectedformat as described by the Assertions and Protocol forthe OASIS Security Assertion Markup Language(SAML) V1.1.


User response: Check the logs for more informationon why the token did not parse as expected.

CTGVS2077W Unable to convert the attribute value,value into the XACML data type,dataType , as specified in the policy.

Explanation: The STS attribute finder was unable toparse the value into an XACML attribute.


User response: Ensure the configured XACML datatype is correct in the policy for the STS attribute.


Explanation: A reference to the OSGi ExtensionRegistry could not be obtained. Custom AttributeFinder plug-ins cannot be loaded.

System action: No Custom Attribute Finders could beloaded. References to Custom Attribute Finders in thepolicy will not be resolved.

Administrator response: Enable the finest level oflogging and retry the operation. Review the log files.Make changes as needed. Review the operatingenvironment and ensure components are at therequired levels. Retry the operation after making thenecessary changes if desired.

CTGVS2079E The Custom Attribute Finderextension point name could not befound.

Explanation: A reference to the OSGi Extension Pointfor Custom Attribute Finders could not be obtained.Custom Attribute Finder plug-ins cannot be loaded.

System action: No Custom Attribute Finders could beloaded. References to Custom Attribute Finders in thepolicy will not be resolved.

Administrator response: Enable the finest level oflogging and retry the operation. Review the log files.Make changes as needed. Review the operating

environment and ensure components are at therequired levels. Retry the operation after making thenecessary changes if desired.

CTGVS2080E The Custom Attribute Finderimplementation with plug-in identifierid could not be found.

Explanation: A Custom Attribute Finderimplementation with the given plug-in identifier couldnot be found. This Custom Attribute Finderconfiguration cannot be loaded.

System action: This Custom Attribute Finderimplementation is not loaded.


CTGVS2081E An error occurred while instantiatingthe Custom Attribute Finderimplementation class.

Explanation: The Custom Attribute Finderimplementation could not be created as an exceptionwas thrown.

System action: The Custom Attribute Finderimplementation is not loaded.


CTGVS2082W Could not create the CustomAttribute Finder with ID id because oneor more required configurationparameters are missing.

Explanation: The runtime security servicesconfiguration does not contain one or moreconfiguration parameters that the identified plug-in hasdeclared as required.

System action: This Custom Attribute Finder will notbe loaded.





Explanation: The runtime security servicesconfiguration does not contain the specifiedconfiguration parameter that the Custom AttributeFinder plug-in has declared as required.

System action: This Custom Attribute Finder will notbe loaded.


CTGVS2084E The data type supplied for attributeinstantiation was null.

Explanation: When creating an attribute, a data typeparameter must be sent from the plug-in to theAttributeFactory. If this parameter is null, the attributecannot be created.

System action: The attribute cannot be created.

Administrator response: Identify the plug-in that hasfailed to create an attribute. Examine itsimplementation and ensure the parameters it uses toinstantiate attributes are valid.

CTGVS2085E The supplied data type paramName isnot a supported attribute type.

Explanation: The data type supplied for creating anattribute is not a supported attribute type.

System action: The attribute will not be created.

Administrator response: Identify the plug-in that hasfailed to create an Attribute. Examine itsimplementation and ensure the parameters it uses toinstantiate Attributes are valid.

CTGVS2086E Both search prefix and base DN mustbe specified, but only one of the pairwas found.

Explanation: Ensure the search prefix and the baseDN are configued in the properties. The error logcontains details.

System action: The query for the external attribute isnot performed. The operation is aborted with a deniedaccess decision.

User response: Verify that the configuration for theexternal attribute query is correct.

CTGVS2087E An error occurred while connecting tothe LDAP server at host hostName.Ensure the address and authenticationcredentials are correct.

Explanation: Ensure the address and authenticationcredentials are correct. The error log contains details.



CTGVS2088E An invalid configuration wasprovided for an LDAP attribute finder.The mandatory attribute sourceProp. wasmissing or invalid.

Explanation: Ensure the property value wasconfigured. The error log contains details.



CTGVS2089E The search string filter was not foundon server hostName with base contextbaseDN for the finder with Issuer issuer.

Explanation: No value was returned by the query. Theerror log contains details.



CTGVS2090E An error occurred while retrievingAttributeId attributeID with Issuerissuer.

Explanation: No value was returned by the query. Theerror log contains details.



CTGVS2091E Cannot get an instance of the OSGiExtension Registry.

Explanation: A reference to the OSGi ExtensionRegistry cannot be obtained.

System action: No action was taken.



Administrator response: Enable the most granularlevel of logging and retry the operation. Review the logfiles. Make changes as needed. Review the operatingenvironment and ensure components are at therequired levels. Make necessary changes and retry theoperation.

CTGVS2092E Cannot find the Obligation Handlerextension point name.

Explanation: Cannot obtain a reference to the OSGiExtension Point for the Obligation Handler.



CTGVS2093E Cannot find the Obligation Handlerimplementation with plugin identifierid.

Explanation: Cannot find an Obligation Handlerimplementation with the specified plug-in identifier.The Obligation Handler configuration cannot beloaded.

System action: The Obligation Handler configurationis not loaded.

Administrator response: Ensure that the ObligationHandler configuration is correctly defined in thesecurity-services.xmi configuration file. Enable the mostgranular level of logging and retry the operation.Review the log files. Make necessary changes and retrythe operation.

CTGVS2094E An error occurred while instantiatingthe Obligation Handler implementationclass.

Explanation: Cannot create the Obligation Handlerimplementation because an error occurred.

System action: The Obligation Handlerimplementation is not loaded.


CTGVS2095W Cannot create the Obligation Handlerwith ID id because one or more requiredconfiguration parameters are missing.

Explanation: The RTSS configuration does not contain

one or more configuration parameters that the specifiedplug-in requires.

System action: This Obligation Handler will not beloaded.


CTGVS2096W Cannot load the Obligation Handlerwith name name.

Explanation: An error occurred while loading theObligation Handler with the specified name. ThisObligation Handler has been disabled.

System action: The Obligation Handler is notregistered. References to this Obligation Handler atruntime will cause an error.



Explanation: The configuration specified by theplug-in does not contain the configuration parameterthat the plug-in requires.

System action: The obligation handler plug-in is notloaded.

Administrator response: Ensure that the plug-inconfiguration parameters declared in the plugin.xml fileare correctly defined in the security-services.xmiconfiguration file. Enable the most granular level oflogging and try the operation again. Review the logfiles. Make necessary changes and try the operationagain.

CTGVS2098W Obligation Handler with IDobligationId returned the following error -errorFromHandler

Explanation: The configured Obligation Handler withthe specified ID returned an error.

System action: For an authorization decision anINDETERMINATE response will be sent to the PEP. Foran entitlement request, the particular entitlement thattriggered the Obligation Handler will be removed fromthe response.

Administrator response: The configured ObligationHandler returned an error. Enable the most granular



level of logging and retry the operation. Review the logfiles. Review the operating environment and ensurecomponents are at the required levels. Make necessarychanges and retry the operation.

CTGVS2099W The Obligation Handler classclassname returned a value of FALSE forthe passed in obligation ID obligationId.The obligation will be returned to thePolicy Enforcement Point.

Explanation: The configured Obligation Handler classreturned a value of FALSE for the specified obligationstring.


Administrator response: No administrative action isrequired.

CTGVS2100W The following attribute cannot beconverted to a proper formatattributeName.

Explanation: This attribute will not be sent to thePolicy Enforcement Point because there was an errorconverting it to a proper format.



CTGVS2101W Obligation ID obligationId is alreadymapped to the Obligation Handler IDid. Failed to create a new ObligationHandler because the Obligation Handlerwith name name is configured with anObligation ID that is already mapped toan existing Handler.

Explanation: An Obligation ID can only be mapped toone Obligation Handler. If the Obligation ID isspecified in multiple handlers, then only the firstObligation Handler is registered.


Administrator response: Make necessary changes tothe specified Obligation Handler in thesecurity-services.xmi file. Retry the operation.

CTGVS2200E Failed to load the configuration fromthe directory directory path because thedirectory does not exist.

Explanation: The configuration was not loadedbecause the specified directory path is incorrect.


Administrator response: Specify the correct directorypath and try the operation again.

CTGVS2201E Failed to load the configuration fromthe properties file file path.

Explanation: The configuration was not loadedbecause the specified file does not exist or is notcorrectly set up.


Administrator response: Ensure that the specified fileexists and is set up correctly. Make necessary changesand try the operation again.

CTGVS2202E Failed to load the configurationbecause the system propertycom.ibm.tscc.rtss.dir was not specified.

Explanation: The configuration was not loadedbecause the required system property was notspecified.


Administrator response: Ensure that the systemproperty specifies the location of the directory wherethe configuration file exists and is set up correctly.Make necessary changes and try the operation again.

CTGVS2203E Failed to load the configurationbecause the basic authenticationusername (authz.http.user property) orthe password (authz.http.passwordproperty) is not specified in theproperties file.

Explanation: The configuration was not loadedbecause the required system properties were notspecified. For the basic authentication method, specifythe value for both username and password in the clientproperties file.


Administrator response: If basic authentication isused to authenticate the client, ensure that both theusername (authz.http.user property) and the password(authz.http.password property) are specified in theconfiguration file. Make necessary changes and try theoperation again.

CTGVS2205E Failed to validate the specifiedrtssEndpoint URL url.

Explanation: The program exited because no validrtssEndpoint URL was specified.


Administrator response: Ensure that a valid URL isspecified for the rtssEndpoint argument. Makenecessary changes and try the operation again.



CTGVS2206E Failed to validate the specifiedtruststore path trustStorePath.

Explanation: The program exited because no validtruststore was specified.


Administrator response: Ensure that a valid file pathis specified as the truststore argument. Make necessarychanges and try the operation again.

CTGVS2207W A new truststore file will be createdbecause the specified truststoretrustStorePath does not exist.

Explanation: A new truststore file will be createdbecause the specified truststore does not exist.



CTGVS2208E Failed to load the specified truststoretrustStorePath.

Explanation: The specified truststore could not becreated or loaded.

System action: No action was taken

Administrator response: Ensure that a valid file pathis specified as the value of truststore argument. Makenecessary changes and try the operation again.

CTGVS2211E Failed to obtain a server certificatechain from host host and port port .

Explanation: An attempt to retrieve a certificate froma remote SSL port failed.

System action: The operation was not performed.Program will exit.

Administrator response: Ensure that a valid URL isspecified for the rtssEndpoint argument. Makenecessary changes and try the operation again. Ifnecessary, manually import the certificate into thetruststore.

CTGVS2213E The program failed to import thecertificate.

Explanation: Failed to import the server certificatedue to some errors.

System action: The operation was not performed.Program will exit.

Administrator response: Review the errors. Makenecessary changes and try the operation again.

CTGVS2214W Failed to write the configurationproperties file file path.

Explanation: The program obfuscates the passwordsin the properties file and writes the file to the filesystem. The program failed to write the specifiedproperties file.


Administrator response: Ensure that the user that theprogram is running under has write permissions on thespecified file. Make necessary changes and retry theoperation.

CTGVS2215W The remote client locationinformation could not be added to therequest context.

Explanation: The IP address or host name of a remoteclient that is making an authorization request could notbe determined. Authorization decisions that rely on thisinformation might not yield expected results, and auditrecords might be incomplete.

System action: The information is not added to theauthorization request context. Processing continues.

Administrator response: Check the networkenvironment for possible domain name resolutionproblems and try the operation again.

CTGVS2216E Could not access the OSGi extensionregistry.

Explanation: A reference to the OSGi extensionregistry could not be obtained. External rule, custompolicy information point, or obligation handler plug-inscannot be loaded.

System action: A reference to the internal OSGiextension registry could not be obtained. References toexternal rule, policy information point, or obligationhandler plug-ins are not loaded.

Administrator response: Enable the most granularlevel of logging and try the operation again. Reviewthe log files. Make changes as needed. Review theoperating environment and ensure components are atthe required levels. Make the necessary and try theoperation again.

CTGVS2217E The extension point name could not befound.

Explanation: A reference to an OSGi extension pointcould not be obtained. The plug-in is not loaded.

System action: The code extension is not loaded. Theextension could be a reference to a custom externalrule, policy information point, or obligation handlerplug-in. References to unresolved external rules in thepolicy are not resolved and might yield unexpectedauthorization decision results.



Administrator response: Enable the most granularlevel of logging and try the operation again. Reviewthe log files. Make changes as needed. Review theoperating environment and ensure components are atthe required levels. Make the necessary and try theoperation again.

CTGVS2218W Failed to obfuscate the password inconfiguration properties file file path.

Explanation: The program obfuscates the passwordsin the properties file and writes the file to the filesystem. The program failed to obfuscate the passwordin the specified properties file.


Administrator response: Ensure that the user has thewrite permissions on the specified properties file. Makenecessary changes and retry the operation.

CTGVS2503E The audit service encountered anerror while creating audit event.

Explanation: The audit service encountered a failurewhile creating an audit event record. This failure doesnot constitute a failure in other aspects of the product.The audit record in question, and subsequent auditrecords, may be lost. In order to prevent further auditsystem errors, take action before continuing to use thesystem.


Administrator response: Check the audit serviceparameters and ensure that the device capturing auditrecords is available and healthy.

CTGVS2504E The audit service encountered anerror while writing an audit record.

Explanation: The audit service encountered a failurewhile logging an audit event record. This failure doesnot constitute a failure in other aspects of the product.The audit record in question, and subsequent auditrecords, may be lost. In order to prevent further auditsystem errors, take action before continuing to use thesystem.


Administrator response: Check the audit serviceparameters and ensure that the device capturing auditrecords is available and healthy.

CTGVS2505W The audit log configurationparameter identifier is missing.

Explanation: The audit service was unable to locatethe specified configuration parameter used to configurethe logging of audit event records to a file. File loggingwill be disabled until this problem is corrected. In orderto prevent loss of audit data, take action before

continuing to use the system. This failure does notconstitute a failure in other aspects of the product.


Administrator response: Check the audit serviceconfiguration and ensure that all configurationparameters are present and set to valid values.

CTGVS2506W The audit log configurationparameter identifier is set to an incorrectvalue.

Explanation: The setting of the specified configurationparameter used to configure the logging of audit eventrecords to a file is not valid. When correcting this,please check the Administration Guide for the validrange of values for this parameter.

System action: File logging will be disabled until thisproblem is corrected.

Administrator response: In order to prevent loss ofaudit data, take action before continuing to use thesystem. Check the audit service configuration andensure that all configuration parameters are presentand set to valid values.

CTGVS2508W Audit file logging directory could notbe created.

Explanation: The directory location configured tocontain audit log files could not be created. File loggingwill be disabled until this problem is corrected. In orderto prevent loss of audit data, take action beforecontinuing to use the system. This failure does notconstitute a failure in other aspects of the product.


Administrator response: If the specified locationalready exists, verify that it is a directory and iswriteable. If the specified directory does not exist,verify that file system permissions allow it to becreated.

CTGVS2509E The file handler used for writingaudit records to log files could not becreated.

Explanation: An exception was thrown while creatingthe file handler. File logging will be disabled until thisproblem is corrected. In order to prevent loss of auditdata, take action before continuing to use the system.This may indicate a system environment problem thatcould affect other aspects of the product.


Administrator response: Enable the finest level oflogging and retry the operation. Review the log files.Make changes as needed. Review the operatingenvironment and ensure components are at therequired levels. Retry the operation after making the



necessary changes if desired.

CTGVS2510E The file handler used for writingaudit records to log files threw anexception.

Explanation: An exception was thrown by the filehandler when writing to audit log files. In order toprevent loss of audit data, take action before continuingto use the system. This may indicate a systemenvironment problem that could affect other aspects ofthe product.



CTGVS2512W The audit log configuration could notbe located.

Explanation: The audit service was unable to locatethe specified configuration used to configure thelogging of audit event records to a file. File logging willbe disabled until this problem is corrected. In order toprevent loss of audit data, take action before continuingto use the system. This failure does not constitute afailure in other aspects of the product.


Administrator response: Check the audit serviceconfiguration and ensure that all configurationparameters are present and set to valid values.

CTGVS2513E The audit log configuration could notbe written to the configuration file.

Explanation: The audit service was unable to writethe specified audit configuration to the configurationfile. Audit logging will be disabled until this problem iscorrected. In order to prevent loss of audit data, takeaction before continuing to use the system. This mayindicate a system environment problem that couldaffect other aspects of the product.


Administrator response: Another exception ormessage was created with details of the error. Enablethe finest level of logging and retry the operation.Review the log files and make changes as needed.Review the operating environment and ensurecomponents are at the required levels. Review theconfiguration settings and ensure they are all presentand correct. Retry the operation after making thenecessary changes if desired.

CTGVS2656E The ISAM Syslog handler could notbe created.

Explanation: The syslog audit event handler could notbe created. Audit events will not be routed to a remotesyslog daemon.

System action: The audit service started, but thesyslog audit event handler could not be created. Thedefault file-based event handler will be used.


CTGVS2657E Could not get an instance of the OSGiextension registry.

Explanation: A reference to the OSGi extensionregistry could not be obtained. External audit eventhandler plugins cannot be loaded.

System action: A define audit event handler could notbe loaded. The default file-based event handler will beused.


CTGVS2658E Multiple extensions found for theaudit event handler. Only one will beused.

Explanation: The audit service supports only a singleevent handler for capturing audit events. Multipleevent handler extensions were detected on servicestart-up. The first event handler provided by the OSGiframework is used.

System action: The audit service will use the firstavailable audit handler service provided by the OSGiregistry. Other handler plug-ins are ignored. Thehandler selected by the OSGi registry is arbitrary andmay may change between restarts.




CTGVS2659E The audit event handler extensioncould not be created.

Explanation: The audit handler extension class couldnot be instantiated. The default file-based handler willbe used to capture audit events.

System action: The audit handler extension classcould not be instantiated. The default file-basedhandler is used to capture audit events.

Administrator response: Consult the provider of theaudit handler plug-in. Enable the finest level of loggingand retrying the operation. Review the log files. Makechanges as needed. Review the operating environmentand ensure components are at the required levels. Retrythe operation after making the necessary changes ifdesired.

CTGVS2660E The auditing service could not bestarted. Auditing is disabled.

Explanation: An error occured while trying to startthe auditing service.

System action: The audit service could not be started.Auditing is disabled. Access and administrative eventsare not recorded.


CTGVS2661E The event handler extension pointname could not be found.

Explanation: A reference to an OSGi extension pointcould not be obtained. Audit event handler plug-inscannot be loaded.

System action: Audit event handler plug-ins are notloaded. The default file-based handler will be used tocapture audit events.


CTGVS3501E The base storage directory directorywas not created.

Explanation: An attempt to create a directory in thefile system for the policy repository failed.


Administrator response: Ensure that the file systempermissions are adequate for the services runtime

directory in the configuration repository and restart theapplication.

CTGVS3502W The default policy for theadministrative services might not havebeen added.

Explanation: At application startup a check made toensure that default policy for the runtime servicesagent application is populated. A system error occurredeither during the check or while the default policy wasbeing deployed.


Administrator response: If web services enforcementpoint is preventing policy distribution updates fromcompleting, Ensure that the file system permissions areadequate for the services runtime directory in theconfiguration repository and restart the application.

CTGVS3503E The policy for file file could not beadded to the policy repository.

Explanation: An attempt to add policy to therepository failed.


Administrator response: Ensure that the file systempermissions are adequate for the services runtimedirectory in the configuration repository and restart theapplication.

CTGVS3504E The policy for file file could not beparsed.

Explanation: An attempt to load policy from an XMLsource failed.


Administrator response: Ensure that the source is avalid policy file and retry the operation.

CTGVS3505E The policy for identifier identifier ofdialect dialect in service service was notadded.

Explanation: An attempt to save policy with thenamed identifiers from an XML source failed.


Administrator response: Ensure that the source file isa valid policy file that the file system permissions areadequate and retry the operation.

CTGVS3506E The directory directory does not existand could not be created.

Explanation: An attempt to create a directory on thelocal file system failed.




Administrator response: Ensure that the file systempermissions are adequate create the directory tree andretry the operation.

CTGVS3507E The file file could not be created.

Explanation: An attempt to a file on the local filesystem failed.


Administrator response: Ensure that the file systempermissions are adequate create the file retry theoperation.

CTGVS3508E The index file in directory directorycould not be read.

Explanation: An attempt to a locate a file in the policyrepository failed. The index file containing the locationof the target file either does not exist or could not beread. The policy repository might be corrupted.


Administrator response: Ensure that the directory andindex file exists and have proper permissions forreading. If the target policy file does not existredistribute the policy and retry the operation.

CTGVS3509E The index file in directory directorycould not be saved.

Explanation: An attempt to a save a file to the policyrepository failed. The index file containing the locationof the target file could not be created.


Administrator response: Ensure that the directory andindex file exists and have proper permissions forwriting. If the target policy file does not existredistribute the policy and retry the operation.

CTGVS3510E The database-backed policy storageservice has been enabled but noDataSource property has beenconfigured under the componentsStorage, subComponents Database,items Connection.

Explanation: The database-backed policy storageservice has not been completely configured and ismissing the DataSource property.

System action: The policy storage service will not bestarted.

Administrator response: Add the DataSource propertyto the security-services.xmi file.

CTGVS3511E An error occurred while establishing aconnection to the DataSource with JNDIname dataSourceName.

Explanation: Unable to lookup the specifiedDataSource.

System action: The policy storage service will not bestarted.

Administrator response: Ensure the correct value forthe DataSource property is in security-services.xmi.

CTGVS3512E An error occurred while verifying theexistence of the database table_databaseTable.

Explanation: The startup will determine if the tableexists in the database using the SQL query SELECTNAME FROM SYSIBM.SYSTABLES WHERE NAME=?.The table was not found. Note that the table does notneed to exist as the program will attempt to create it ifit is not present.

System action: The error will be ignored.

Administrator response: If a table property wasexplicitly supplied in security-services.xmi, ensure thatis a valid value. If this property is not explicitlyspecified it will default to the value RTSS_POLICY.

CTGVS3513E An error occured while creatingdatabase table _databaseTable.

Explanation: The startup will determine if the tableexists in the database using the SQL query SELECTNAME FROM SYSIBM.SYSTABLES WHERE NAME=?.The table was not found. Note that the table need notexist as the program will attempt to create it if it is notpresent.

System action: The error will be ignored.

Administrator response: If a table property wasexplicitly supplied in security-services.xmi, ensure thatis a valid value. If this property is not explicitlyspecified it will default to the value RTSS_POLICY.

CTGVS3514E An error occurred while adding policywith identifier identifier for serviceserviceName of dialect dialect to thedatabase.

Explanation: An error occurred while adding policy tothe database.

System action: The error will be ignored and thepolicy will not be added.

Administrator response: Examine the error todetermine the cause and correct this. You may thenneed to reinvoke the operation that caused the policy tobe added as the last attempt failed.



CTGVS3515E An error occurred while removingpolicy version version with identifieridentifier for service serviceName of dialectdialect from the database.

Explanation: An error occurred while attempting todelete the policy from the database.

System action: The error will be ignored and thepolicy, if it existed, will not be removed.

Administrator response: Examine the error todetermine the cause and correct this. You may thenneed to reinvoke the operation that caused the policy tobe removed as the last attempt failed.

CTGVS3516E An error occurred while removingpolicy with identifier identifier forservice serviceName of dialect dialect fromthe database.

Explanation: An error occurred while attempting todelete the policy from the database.



CTGVS3517E An error occurred while removingpolicy for service serviceName of dialectdialect from the database.

Explanation: >An error occurred while attempting todelete the policy from the database.



CTGVS3518E An error occurred while retrieving thelatest version of policy with identifieridentifier for service serviceName of dialectdialect from the database.

Explanation: The specified policy may not exist in thedatabase.

System action: The error will be ignored and thepolicy will be assumed not to exist.

Administrator response: Examine the error todetermine the cause and correct this.

CTGVS3519E An error occurred while performingthe SQL query query.

Explanation: An attempt to query information fromthe database used to store the policy failed.

System action: The error will be ignored and thequery will be assumed to have returned no matchingentries.

Administrator response: Examine the error todetermine the cause and correct this error.

CTGVS3520E An error occurred while readingpolicy from storage file storageFile.

Explanation: Unable to read or parse the policy in thestorage file

System action: The error will be ignored and thepolicy will be assumed to not exist.


CTGVS3521E An error occurred while readingpolicy from storage file storageFile.

Explanation: Unable to read or parse the policy in thestorage file

System action: The error will be ignored and thepolicy will be assumed to not exist.


CTGVS3522E Unable to commit policy updatechanges to the configuration repository.The causal error message islocalizedMessage.

Explanation: The changes required to make a policyupdate (remove, add) are collected and sent as onetransaction to the configuration repository. The singlerepository update request failed and will not be retried.

System action: A runtime exception will be thrownand the operation will not be completed.

Administrator response: This error might be causedby simultaneous updates with other policy updates.Reduce the number of simultaneous updates and tryagain.

CTGVS3523E Unable to get a connection to theconfiguration repository.

Explanation: The application requested a connectionto the WebSphere Configuration Repository in which itstores policy. The connection was not available.




Administrator response: During server startupconnections to the deployment manager configurationrepository are not usually available. Restart theapplication once the server has completed the startupsequence to allow the operation to succeed.

CTGVS3524E Unable to list files in theconfiguration repository directorypathname.

Explanation: The application requested a listing offiles in the application server's configuration repositorywhere it stores policy. This request failed.


Administrator response: Examine the error logs for acause and correct this.

CTGVS3525E Unable to extract the contents of thefile pathname from the configurationrepository.

Explanation: The application requested a listing offiles in the application server's configuration repositorywhere it stores policy. This request failed.


Administrator response: Examine the error logs for acause and correct it.

CTGVS3526E The received notification contains anunknown update class className.

Explanation: This is an implementation problem, anunexpected code path was executed.


Administrator response: Examine the error logs for acause and correct this.

CTGVS4001E The parameter list for commandcommand is not valid.

Explanation: The required parameter is missing forthe specified command or the specified parametercontains a value that is not valid.

System action: The request failed.

Administrator response: Investigate the specified andrelated settings. Make changes as needed and retry therequest. Enable the finest level of logging and retry.Review the log files.

CTGVS4003E The list configuration command forcompType failed.

Explanation: The configuration file might not be validor does not exist.


Administrator response: Ensure that the configurationfile exists and contains valid data. Make changes asneeded and retry the request. Enable the finest level oflogging and retry. Review the log files.

CTGVS4005E The component compItem could not beretrieved from the configuration file.

Explanation: The configuration file or the requestedcomponent might not be valid or does not exist.



CTGVS4006E The configuration component compcould not be deleted from theconfiguration file.

Explanation: The configuration file or the requestedcomponents might not be valid or do not exist.



CTGVS4007E Unable to retrieve the productinformation.

Explanation: The product information is not available.


Administrator response: Enable the finest level oflogging and retry. Review the log files.

CTGVS5501E An error occurred when accessing theTrust Service. Verify that the TrustService configuration is correct.

Explanation: An error occurred accessing the TrustService or the Trust Service returned an error response.

Administrator response: Check the logs and ensurethe configuration is correct.



CTGVS5502E The STS runtime provider pluginwith id pluginId could not be loaded.

Explanation: An error occurred loading the STSplugin.

Administrator response: Check the STS configurationfor the plugin in the security-services.xmi file to ensurethe plugin id is correct.


Explanation: A reference to the OSGi ExtensionRegistry could not be obtained. STS runtime providerplugins cannot be loaded.

System action: STS runtime provider plugins could beloaded.

Administrator response: Enable the finest level oflogging and retry the operation. Review the log files.Make changes as needed. Review the operatingenvironment and ensure components are at therequired levels. Retry the operation after making thenecessary changes.

CTGVS5504E The STS runtime provider extensionpoint name could not be found.

Explanation: A reference to the OSGi Extension Pointfor the STS runtime provider could not be obtained.STS runtime provider plug-ins cannot be loaded.

System action: STS runtime provider could not beloaded.


CTGVS5505E The STS runtime providerimplementation with plugin identifier idcould not be found.

Explanation: An STS runtime providerimplementation with the given plug-in identifier couldnot be found. This STS configuration cannot be loaded.

System action: This STS runtime providerimplementation is not loaded.


CTGVS5506E An error occurred while instantiatingthe Security Token Service (STS)runtime provider implementation class .

Explanation: The STS runtime providerimplementation could not be created and an exceptionwas thrown.

System action: The STS runtime providerimplementation is not loaded.


CTGVS5507E An error occurred while parsing theWS-TRUST Security Token Service(STS) response.

Explanation: The Security Token Service (STS)response could not be parsed and an exception wasthrown.

System action: The call to the STS failed andprocessing halted.


CTGVS5508E An STS runtime provider could notbe located with the configuration ID ofconfigId

Explanation: An attempt was made to retrieve an STSplugin with a given configuration ID. The plugin wasnot found. This means that either the configurationidentifier passed in is not valid or the plugin failed toload during startup.

System action: An STS runtime provider is notavailable.

User response: Enable the finest level of logging andretry the operation. Review the log files. Make changesas needed. Review the operating environment andensure components are at the required levels. Retry theoperation after making the necessary changes.

CTGVS5509E The SOAP endpoint passed in theSOAP client is not valid. The passed-invalue was parameter .



Administrator response: Make sure that the correct



SOAP endpoint URL is configured.

CTGVS5510E An error occurred in initializing SSLwith the SOAP endpoint.

Explanation: The server might not be enabled for SSL.The SSL parameters passed in might not be valid.


Administrator response: Validate the SSLconfiguration of the partner for the SOAP back channel.

CTGVS5511E The TrustStore identifier passed inSOAPClientImpl is null. The SSLconnection with the endpoint parametercannot be initialized.




CTGVS5512E The trust store cannot be initializedfrom the passed in identifier parameter .

Explanation: The trust store parameter passed in isnot valid.



CTGVS5513E The SOAP client is unable to parsethe response SOAP message.

Explanation: The SOAP client was unable to parse theincoming response SOAP message.



CTGVS5514E The Client keystore cannot beinitialized from the passed in identifierparameter .

Explanation: The client keystore parameter passed inis not valid.



CTGVS5515E The SOAP client is unable to send therequest SOAP message.

Explanation: The SOAP client was unable to send theoutgoing request SOAP message.



CTGVS5516E Unobfuscation of the basicauthentication password for SOAPclient authentication failed.




CTGVS5517E Unable to construct a SOAP faultbecause the required parameter parameterwas null.

Explanation: A constructor of a SOAP fault attemptedto build it without the required parameter.

System action: The SOAP fault will not be built.


CTGVS5518E An error was returned from the TrustService: parameter

Explanation: The Trust Service returned a SOAP faultin the response.

System action: An exception is returned from theTrust Service client and processing is halted.


CTGVT1584E The key store name could not beloaded.

Explanation: The specified key store for the policydistribution target could not be created or loaded.

System action: Processing halts.

Administrator response: Check the input properties.Ensure all path names are correct and retry theoperation.

CTGVT1585E A key store with with path namecould not be opened.

Explanation: An attempt was made to open a keystore with a specified path and password.

System action: Processing halts. The operation wasnot performed.


CTGVS5510E • CTGVT1585E


CTGVT1586E Unable to remove alias alias from keystore keystore .

Explanation: A certificate with a specified alias couldnot be removed from a key store.



CTGVT1587E An incorrect value for theauthorization client mode was specified( property = value ). If specified the valuemust be one of localremote orconfiguration .

Explanation: An unrecognized value for the theauthorization service mode was specified in the inputproperties.


Administrator response: Check the input properties.Ensure the value is one of 'local', 'remote', or'configuration'.

CTGVT1588E A mandatory parameter was notspecified.

Explanation: A malformed administrative commandwas submitted.


Administrator response: If the administrativecommand was submitted by the policy managementserver, ensure that all components are at the sameversion. Check logs for any errors or warnings prior tothis error.

CTGVT1589E Authorization failed for name . Usernot in specified role: role

Explanation: The named user is not mapping to theproperty security role.


Administrator response: Change the user and groupto role mapping for the application to allow access.

CTGVT1590E Authorization failed for Insufficientconfiguration specified. Requiredparameter parameter was either null ornot provided.

Explanation: A required parameter for the methodwas either empty or null.


Administrator response: Correct the input data andretry the operation.

CTGVT1591E Insufficient policy identification datawas specified. A required parameter waseither null or not provided.

Explanation: A required parameter for the methodwas either empty or null.


Administrator response: Correct the input data andretry the operation.

CTGVT1586E • CTGVT1591E


Chapter 5. Risk-based Access Messages

These messages are provided by the Risk-based Access component.

FBTRBA001E A database error occurred.




FBTRBA008E Creation of database connection failed.Check the database configuration andnetwork connectivity to the databaseserver.

Explanation: The database connection could not becreated.


Administrator response: Ensure that the database isconfigured correctly. Also check that the networkconnectivity to the database server is available.

FBTRBA0100E The action: action failed because theresource [resource] was not found.

Explanation: The requested action on the specifiedresource could not be completed because the resourcewas not found.

System action: No action necessary.

Administrator response: Ensure that the resource andaction requested are valid.

FBTRBA0101E The import cannot be performedwhile another import is in progress.

Explanation: The system can only perform one importoperation at a time.

System action: The new import operation request wasignored.

Administrator response: Retry the new importoperation after the original import operation iscompleted.

FBTRBA0106E The action action failed because theresource ID [id] is not valid for aresource of type: [type].

Explanation: The requested action on the specifiedresource could not be completed because the resourceID is invalid.

System action: No action is necessary.


FBTRBA0107E The action action failed for resource[] because the request body containsimproperly structured JSON.

Explanation: The requested action on the specifiedresource could not be completed because the requestbody contains malformed or improperly structuredJSON.


Administrator response: Ensure that the request bodycontains the appropriately structured JSON for therequested action.

FBTRBA0108W The update failed because theresource was not found.

Explanation: The requested action on the specifiedresource could not be completed because the resourcewas not found.



FBTRBA0109W The resource already exists.

Explanation: The requested action on the specifiedresource could not be completed because the resourcealready exists.



FBTRBA0111E The user userID does not have anyregistered devices.

Explanation: The requested user does not have anydevices registered.



FBTRBA0113E No devices last used before timestampwere found.


Explanation: No devices last used before therequested timestamp were found.



FBTRBA0114E The file export failed.

Explanation: The file export failed. This can occur ifthe file does not exist, there are access permissionseither at the source or destination, or because there wasan I/O error.


Administrator response: Examine the logs for thecause of the exception. Ensure that the file exists, thataccess permissions are set properly, and that there issufficient space to export the file.

FBTRBA0115E The file import failed.

Explanation: The file import failed. This can occur ifthe file does not exist, there are access permissionseither at the source or destination, or because there wasan I/O error.


Administrator response: Examine the logs for thecause of the exception. Ensure that the file exists, thataccess permissions are set properly, and that there issufficient space to import the file.

FBTRBA0116E The filter string is empty.

Explanation: The filter query parameter has an emptyvalue.


Administrator response: If filtering is required addvalid content to the value of the filter field.

FBTRBA0117E The filter contains unknownjava.sql.Types [filterObj]. Supportedvalues are supportedValues.

Explanation: An unknown or unsupportedjava.sql.Types type was passed into the filter.


Administrator response: If filtering is required usesupported java.sql.Types.

FBTRBA0118E The filter format is not valid. Filtersshould be in the format ofsupportedValues.

Explanation: An invalid filter syntax was used.


Administrator response: If filtering is required usesupported format.

FBTRBA0119E No matching field name for[jsonFieldName] was found.

Explanation: An invalid filter syntax was used.



FBTRBA011E The risk-based access deploymentfailed.

Explanation: An error occurred during risk-basedaccess deployment.



FBTRBA0120E The filter function: function is notvalid. Supported functions are:supportedFunctions .

Explanation: An invalid filter type was used.



FBTRBA0121E The action failed because the policyis contained in one or more policy sets.The policy sets are [policySetNames].

Explanation: The action is not allowed when thepolicy is referenced by another resource.


Administrator response: Remove references to thepolicy and retry the action.

FBTRBA0122E The action failed because the policyset is attached to one or more resources.The resources are [policySetName].

Explanation: The action is not allowed when thepolicy set is referenced by another resource.


Administrator response: >Remove references to thepolicy set and retry the action.

FBTRBA0127E The table type unsupportedTable is notsupported. Supported types are:supportedTables.

Explanation: An unsupported table type wasspecified.

FBTRBA0114E • FBTRBA0127E



Administrator response: Specify a supported tabletype.

FBTRBA0128E The resource ID resourceId does notexist within the table supportedTables.

Explanation: A resource relationship was specifiedwith a resource that does not exist.


Administrator response: Specify an existing resource.

FBTRBA0129E The obligation with the URIobligationUri does not exist.

Explanation: The specified obligation URI does notexist.


Administrator response: Specify an existing obligationURI.

FBTRBA012E The risk-based access deploymentfailed because it could not determinethe directory in which IBM TivoliFederated Identity Manager is installed.




FBTRBA0130E The attribute with the combinationof URI: attrUri, datatype: dataType, andissuer: issuer does not exist.

Explanation: The specified combination of URI,datatype and issuer does not exist.


Administrator response: Specify an existing URI,datatype and issuer combination..

FBTRBA0131E The attribute with the combinationof URI: attrUri, and datatype: dataTypedoes not exist.

Explanation: The specified combination of URI anddatatype does not exist.


Administrator response: Specify an existing URI anddatatype combination..

FBTRBA0132E The action failed because theattribute is used in one or more policies.The policies are [policyNames].

Explanation: The action is not allowed when theattribute is referenced by another resource.


Administrator response: Remove references to theattribute and retry the action.

FBTRBA0134E The action failed because theobligation is used in one or morepolicies. The policies are [policyNames].

Explanation: The action is not allowed when theobligation is referenced by another resource.


Administrator response: Remove references to theobligation and retry the action.

FBTRBA0136E No obligation URI associated withthe ID: oblId.

Explanation: A delete operation of an obligation thatdoes not exist is not allowed.


Administrator response: Specify a valid obligation IDto delete.

FBTRBA0138E The action failed because theattribute is included in a risk profile orpolicy. The risk profiles are[profileNames]. The policies are[policyNames].




FBTRBA0139E The action failed because theattribute is included in one or more riskprofiles. The risk profiles are[profileNames].





Chapter 5. Risk-based Access Messages 335

FBTRBA0141E A predefined resource cannot bedeleted or modified. The resource is[resourceName].

Explanation: Predefined resources cannot be modifiedor deleted.


Administrator response: No action necessary.

FBTRBA0142E The action failed because the policyis contained in a policy set or attachedto a resource. The policy sets are[policySetNames]. The resources are[policyAttachmentNames].




FBTRBA0143E The action failed because the policyis attached to one or more resources.The resources are[policyAttachmentNames].




FBTRBA0144E The action failed because the policyset is attached to one or more resources.The resources are[policyAttachmentNames].

Explanation: The action is not allowed when thepolicy set is referenced by another resource.


Administrator response: Remove references to thepolicy set and retry the action.

FBTRBA0145W Unable to obtain authenticated username. Setting user name to: unauthnUser.

Explanation: Failed to get a value while attempting toget the authenticated user from the Subject or Principalobjects


Administrator response: Try authenticating with avalid user.

FBTRBA0146E The JavaScript mapping rule thatyou submitted is not valid. TheJavaScript validator reported a syntaxerror at line line and column column withthe message: message.

Explanation: The JavaScript mapping rule that yousubmitted is not valid. You can only submit a validJavaScript mapping rule.

System action: The JavaScript mapping rule isrejected.

Administrator response: Submit a valid JavaScriptmapping rule.

FBTRBA0147E The data type [ type ] in the XACMLpolicy is not supported. Supported typesare: dataTypes.

Explanation: The data type passed in is notsupported.

System action: The XACML string is rejected.

Administrator response: Submit a valid data typewithin the XACML string.

FBTRBA0148E A predefined resource cannot bedeleted. The resource is [resourceName].

Explanation: Predefined resources of this type cannotbe deleted.



FBTRBA0149E The configuration property cannot bemodified because it is a read-onlyproperty.

Explanation: Read-only configuration cannot bemodified.

System action: The modification operation is rejected.


FBTRBA0150E The data type of the configurationproperty is not valid. The data type is:dataType.

Explanation: The configuration property data type isnot supported.





FBTRBA0151E The configuration property value isnot valid. Valid values are: validValues.

Explanation: The configuration property value is notvalid.



FBTRBA0152E The field [inputFieldName] is not validfor sorting. Valid fields are: validFields

Explanation: An invalid field name was used forsorting.



FBTRBA0160E A delete cannot be performed whileanother delete is in progress.

Explanation: The system can perform only one deleteoperation at a time.

System action: The new delete operation request wasignored.

Administrator response: Retry the new deleteoperation after the original delete operation iscompleted.

FBTRBA049E The runtime property ac.request.serveris not configured.

Explanation: To make cross-domain AJAX requests,the runtime property ac.request.server must beconfigured.

System action: The CORS headers are not set in theHTTP response.

Administrator response: Configure the runtimeproperty ac.request.server.

FBTRBA058E The attribute name, name, is invalidand is not configured.

Explanation: The attribute validation failed becausethe attribute is not configured.


Administrator response: Configure the attribute.

FBTRBA069E The type for the attribute id is notspecified.

Explanation: An attribute and its type must bespecified must be specified before referencing theattribute. Valid types are integer, double, string, time,or date.


Administrator response: Specify the type for theattribute in the XACML rules file.

FBTRBA079E The attribute collection service GETmethod is not enabled.

Explanation: The property ac.get.attributes.enabledmust be set to true in order to use the attributecollection service's GET method.

System action: No attributes were retrieved from thedatabase.

Administrator response: Set the propertyac.get.attributes.enabled to true in order to use theattribute collection service's GET method.

FBTRBA080E This client is not allowed to access theattribute collection service's GETmethod.

Explanation: Only clients listed in theac.get.attributes.allowed.clients property may access theattribute collection service's GET method.

System action: No attributes were retrieved from thedatabase.

Administrator response: Add this client to the list ofallowed clients or reaccess from an allowed client.

FBTRBA085E Line number: line number Lines mustbe formatted ascountry,region,city,postal code,metrocode,start IP,end IP.

Explanation: An invalid format was found in thecustom location data file on the specified line number.Lines must be formatted as country,region,city,postalcode,metro code,start IP,end IP.

System action: Custom location data was not loaded.

Administrator response: Fix the custom location fileand redeploy.

FBTRBA086E Line number: line number Start IP andend IP must be valid IP addresses.

Explanation: An invalid value was found for start IPor end IP on the specified line number. The value mustbe a valid IPv4 or IPv6 address.

System action: Custom location data was not loaded.

Administrator response: Fix the custom location fileand redeploy.

FBTRBA086W The IP reputation thresholdconfiguration property is not valid. Thedefault value of default value will beused in place of the invalid value.

Explanation: An invalid value was found for the

FBTRBA0151E • FBTRBA086W


ip.reputation.threshold configuration property. Validvalues include any integer from 0 to 100.

System action: The default value was used.

Administrator response: Set theip.reputation.threshold property to any valid value andreload risk-based access.

FBTRBA087E The update of this resource requiresthe field name field to have an value typevalue present.

Explanation: There was a required value missing inone of the fields. Refer to the exception for which fieldsand types are missing.

System action: Add the required input to payload.

Administrator response: Add a value of the correcttype to the update to request payload.

FBTRBA088E The update of the resource [name]failed.

Explanation: During the update operation of theresource, a database exception was encountered.

System action: Ensure that the database is runningcorrectly.

Administrator response: See the exception in the logsfor the cause.

FBTRBA089E The delete of the resource failed.

Explanation: During the delete operation of theresource, a database exception was encountered.



FBTRBA090E The delete failed because the resourcecannot be found.

Explanation: During the delete operation, thespecified resource was not found.

System action: See the exception in the logs for thecause.

Administrator response: Verify that the resourceexists.

FBTRBA091E The retrieval failed because theresource cannot be found.

Explanation: During the get operation, the specifiedresource was not found.


Administrator response: Contact your systemadministrator regarding the database exception.

FBTRBA092E The retrieval of the [resourceType]resources failed.

Explanation: During the retrieval operation, thespecified resource was not found.



FBTRBA093E The creation of the [resourceType]resources failed.

Explanation: During the create operation, there waseither a key violation or an internal server error.



FBTRBA094E The generation of an ID from theKEYS table for resource type[resourceType] failed.

Explanation: During the creation of the resource ID,there was an internal server error.



FBTRBA095E The value 'constraintValue' for[constraintName] already exists.

Explanation: The creation or update of the resourcefailed because a value within your request, that isrequired to be unique, already exists.

System action: See the exception in the logs for moredetails.

Administrator response: Specify a different value forthe resource constraint.

FBTRBA096E The profile [nameValue] is active.Active profiles cannot be deleted.

Explanation: Attempted to delete an active profile. Anactive profile cannot be deleted.


Administrator response: Update the profile so that itis not active, and then delete it.



FBTRBA097E The JDBC connection failed. Checkthe logs for more information.

Explanation: The connection object was null. Theremight be a data source or database problem.

System action: Check the data source and databaseconfiguration. Also, check the help information for yourdatabase.

Administrator response: Check the data source anddatabase configuration.

FBTRBA098E The value 'value' for [propertyName] isnot valid. Valid values are: validValues

Explanation: The specified value is not valid.


Administrator response: Ensure that you are usingthe allowed values for this column.

FBTRBA099E The delete of the attribute failedbecause it is included in one or morerisk profiles. The risk profiles are:profileNames.

Explanation: The delete of the attribute failed becauseit is used by another risk profile.


Administrator response: To delete this attribute, firstremove this attribute from all risk profiles.

FBTRBA102E The geolocation file must be a .zipfile.

Explanation: The import only supports .zip files.

System action: The geolocation data in the databasewas not changed.

Administrator response: Import the geolocation datain a .zip file.

FBTRBA103E The data within the geolocation .zipfile is not valid.

Explanation: The .zip file must contain two files. Thename of one of the files must contain the wordLocation. The name of the other file must contain theword Blocks.

System action: The geolocation data in the databasewas not changed.

Administrator response: Upload a .zip file thatcontains two properly named files.

FBTRBA153E The update of the resource[resourceRequestUri] failed.

Explanation: During the update operation of theresource, a database exception was encountered.



FBTRBA154E An attribute with the internal ID of[attrId] was not found.

Explanation: An attribute with the specified attributeID does not exist.



FBTRBA155E The resource request did not include avalid CSRF token or the request CSRFtoken did not match the server CSRFtoken.

Explanation: The CSRF token parsed from the requestwas either null or did not match with the storedversion on the server.



FBTRBA156E An exception was encountered whileparsing the CSRF token from theresource request.

Explanation: The resource request did not match theformat expected and caused a CSRF parsing error.



FBTRBA164E The device name was not removed.

Explanation: The device could not be deleted.

System action: No devices were deleted.


FBTRBA166E The device name could not beupdated.

Explanation: The device could not be updated.

System action: No devices were updated.




FBTRBA168E The HMAC OTP secret key could notbe reset.

Explanation: The secret key could not be reset.

System action: The secret key was not reset.


FBTRBA169E The value [uri] is not a valid URI.

Explanation: The requested value is not a valid URI.

System action: The requested action was notperformed.

Administrator response: Ensure the requested value isa valid URI.

FBTRBA179E Communication with the policy serverfailed with the following commanderror: cmdErr.

Explanation: Communication with the policy serverfailed.

System action: Ensure that all back end servers arerunning.

Administrator response: The database, policymanager and webseal server(s) could be down.

FBTRBA180E The http method used to submit therequest is not valid. The valid method is[ valid HTTP Method ].

Explanation: Submit the request using the supportedhttp method.



FBTRBA181E The consent to register device processfailed..

Explanation: The consent to register device processdid not complete.



FBTRBA182E The value 'value' is not valid.



Administrator response: Ensure the requested value isa valid.

FBTRBA183E The value 'value' for [propertyName] isnot valid.



Administrator response: Ensure the requested value isvalid.

FBTRBA184E The value for 'propertyName' ismissing.

Explanation: A required property value is missing.


Administrator response: Ensure that the propertyvalue is specified

FBTRBA185E A request method uri was denied dueto the cluster configuration. Writeoperations are available only on themaster node.

Explanation: The requested URL value is not a masternode.

System action: The requested URL value is not amaster node.

Administrator response: To perform managementoperations please make requests to the managementnodes URL.

FBTRBA186E A device named 'device name' alreadyexists.

Explanation: Device names must be unique.


Administrator response: Specify a unique name forthe device.

FBTRBA187E The value for [propertyName] is toolong.

Explanation: The length of the string for the propertyis too long.


Administrator response: Specify a shorter lengthstring

FBTRBA188E The value specified for device name istoo long.

Explanation: The length of the string for the devicename is too long.




Administrator response: Specify a shorter lengthstring

FBTRBA189E The value [value] specified for devicename is not valid.




FBTRBA190W The device registration process failedfor user [value];

Explanation: The device registration process did notcomplete.

System action: The device will not be registered.


FBTRBA191E The definition does not exist.

Explanation: The definition does not exist.


Administrator response: Ensure that the definitionexists.

FBTRBA192E The minimum length for the clientshared-secret is <number> characters.




FBTRBA193E The value for [propertyName] is notvalid.




FBTRBA194E The policy type [inputFieldName] is notvalid. Valid types are: validFields.

Explanation: The policy type is invalid.


Administrator response: Ensure the policy type isvalid.

FBTRBA195E The action failed because thedefinition is referenced by a client orattached to a resource. The clients are[clientNames]. The resources are[policyAttachmentNames].

Explanation: The action is not allowed when thedefinition is referenced by another resource.


Administrator response: Remove references to thedefinition and retry the action.

FBTRBA196E The action failed because thedefinition is referenced by one or moreclients. The clients are [clientNames].




FBTRBA197E The action failed because thedefinition is attached to one or moreresources. The resources are[policyAttachmentNames].




FBTRBA198E The authorization grant state_id couldnot be updated.

Explanation: The authorization grant could not beupdated.

System action: No authorization grants were updated.


FBTRBA200E The authorization grant state_id wasnot removed.

Explanation: The authorization grant could not bedeleted.

System action: No authorization grants were deleted.


FBTRBA202E The policy information point propertypipProperty cannot be modified becauseit is a read-only property.

Explanation: Read-only policy information pointproperty cannot be modified.





FBTRBA203E The action failed because the policyinformation point is associated with oneor more attributes. The attributes are[attributeNames].

Explanation: The action is not allowed when thepolicy information point is referenced by anotherresource.


Administrator response: Remove references to thepolicy information point and retry the action.

FBTRBA204E The REST service returned anunexpected error code: [error code]

Explanation: An error was received while calling theREST service.

System action: Processing of the attribute was halted.

Administrator response: Verify that the REST serviceis functioning properly.

FBTRBA205E The attribute finder for attribute[attribute name] returned no values.

Explanation: The REST service did not return a valuefor the requested attribute.

System action: The attribute value was set to theempty string.

Administrator response: Verify that the REST serviceis functioning properly.

FBTRBA206E The required property [configurationproperty] does not exist in theconfiguration.

Explanation: The configuration for a requiredproperty is missing.

System action: PIP initialization could not complete,so the PIP was disabled.

Administrator response: Configure the missingproperty.

FBTRBA207E The required property [configurationproperty] for instance [instance name]contains an HTTP header delimiter, butit is not in the correct format.

Explanation: The format for HTTP headers isincorrect.


Administrator response: Verify the HTTP headerconfiguration.

FBTRBA210E The property [configuration property] forinstance [instance name] contains anunsupported URI scheme.

Explanation: The specified URI scheme is invalid.


Administrator response: Verify the URI scheme in theREST service URL.

FBTRBA211E The property [configuration property] forinstance [instance name] is not a validURL.

Explanation: A properly formatted URL must bespecified for the REST service.


Administrator response: Verify the REST service URLconfiguration.

FBTRBA212E The property [configuration property] forinstance [instance name] has an invalidvalue.

Explanation: A property is configured with an invalidvalue.


Administrator response: Verify the PIP instanceconfiguration.

FBTRBA213E The property [configuration property] forinstance [instance name] has an invalidinteger value.

Explanation: The property must be configured to avalid integer value.


Administrator response: Verify the PIP instanceconfiguration.

FBTRBA214E The policy information point couldnot be created or updated because theattribute [attribute] was not found.

Explanation: The requested action on the policyinformation point could not be completed because anattribute was not found.




Administrator response: Ensure that the attribute isvalid and exists.

FBTRBA215E The action failed because the policyinformation point type is associatedwith one or more policy informationpoints. The policy information pointsare [pips].

Explanation: The action is not allowed when thepolicy information point type is referenced by anotherresource.


Administrator response: Remove references to thepolicy information point type and retry the action.

FBTRBA216E The policy information point couldnot be created or updated because thepolicy information point type [pipType]was not found.

Explanation: The requested action on the policyinformation point could not be completed because apolicy information point type was not found.


Administrator response: Ensure that the policyinformation point type is valid and exists.



Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features contained in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM might have patents or pending patent applications that cover subject matterdescribed in this document. The furnishing of this document does not grant youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBMIntellectual Property Department in your country or send inquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan Ltd.1623-14, Shimotsuruma, Yamato-shiKanagawa 242-8502 Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law:INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express orimplied warranties in certain transactions, therefore, this statement might not applyto you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Websites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.


IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it to enable: (i) theexchange of information between independently created programs and otherprograms (including this one) and (ii) the mutual use of the information which hasbeen exchanged, should contact:

IBM CorporationJ46A/G4555 Bailey AvenueSan Jose, CA 95141-1003U.S.A.

Such information might be available, subject to appropriate terms and conditions,including in some cases, payment of a fee.

The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreementbetween us.

Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environmentsmight vary significantly. Some measurements might have been made ondevelopment-level systems and there is no guarantee that these measurements willbe the same on generally available systems. Furthermore, some measurementsmight have been estimated through extrapolation. Actual results might vary. Usersof this document should verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements, or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility, or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

All statements regarding the future direction or intent of IBM are subject to changeor withdrawal without notice, and represent goals and objectives only.

This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment toIBM, for the purposes of developing, using, marketing, or distributing applicationprograms that conform to the application programming interface for the operatingplatform for which the sample programs are written. These examples have notbeen thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. The sample


programs are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.

Each copy or any portion of these sample programs or any derivative work, mustinclude a copyright notice as follows: © (your company name) (year). Portions ofthis code are derived from IBM Corp. Sample Programs. © Copyright IBM Corp.2004, 2012. All rights reserved.

If you are viewing this information softcopy, the photographs and colorillustrations might not appear.

Privacy Policy Considerations

IBM Software products, including software as a service solutions, (“SoftwareOfferings”) may use cookies or other technologies to collect product usageinformation, to help improve the end user experience, to tailor interactions withthe end user or for other purposes. In many cases no personally identifiableinformation is collected by the Software Offerings. Some of our Software Offeringscan help enable you to collect personally identifiable information. If this SoftwareOffering uses cookies to collect personally identifiable information, specificinformation about this offering’s use of cookies is set forth below.

This Software Offering does not use cookies or other technologies to collectpersonally identifiable information.

If the configurations deployed for this Software Offering provide you as customerthe ability to collect personally identifiable information from end users via cookiesand other technologies, you should seek your own legal advice about any lawsapplicable to such data collection, including any requirements for notice andconsent.

For more information about the use of various technologies, including cookies, forthese purposes, See IBM’s Privacy Policy at http://www.ibm.com/privacy andIBM’s Online Privacy Statement at http://www.ibm.com/privacy/details thesection entitled “Cookies, Web Beacons and Other Technologies” and the “IBMSoftware Products and Software-as-a-Service Privacy Statement” athttp://www.ibm.com/software/info/product-privacy.

Trademarks

The following terms are trademarks of the International Business MachinesCorporation in the United States, other countries, or both: http://www.ibm.com/legal/copytrade.shtml

Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.

Java and all Java-based trademarks and logos are trademarks of Sun Microsystems,Inc. in the United States, other countries, or both.

Adobe, the Adobe logo, PostScript, and the PostScript logo are either registeredtrademarks or trademarks of Adobe Systems Incorporated in the United States,and/or other countries.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Notices 347

http://www.ibm.com/privacy

http://www.ibm.com/privacy/details

http://www.ibm.com/software/info/product-privacy

http://www.ibm.com/legal/copytrade.shtml

http://www.ibm.com/legal/copytrade.shtml

The Oracle Outside In Technology included herein is subject to a restricted uselicense and can only be used in conjunction with this application.


��

Product Number: 5725-L52

Printed in USA

GC27-6210-01

ibm securityaccess manager for mobile version 8.0.0€¦ · usc user self care ws common auditing...

Documents