Problem | An unexpected error occurred during security initialization. |
User response | This is a general error. Look for previous messages that may be related to the failure or a configuration problem. Enabling security debug trace for components com.ibm.ws.security.* and com.ibm.ejs.security.* may yield additional information. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | An error occurred initializing the Secure Association Service which is part of the ORB security. |
User response | Verify the property file, usually sas.server.props, is present and has read permission. |
Problem | Informational. |
User response | A security configuration change has caused a SAS Property to be updated. |
Problem | The URL used to specify Secure Association Service properties is missing or malformed. |
User response | The URL is usually specified as a property name when starting WebSphere from the command line with the -D argument. For example: -Dcom.ibm.CORBA.ConfigURL=file:/C:/wastd/AppServer/properties/sas.server.props. Verify that the property and URL is specified and refers to a valid file and the file has the read permission. |
Problem | The path or file specified in the property may be invalid or there could be a file permission problem. |
User response | Verify the path and file specified by the property is valid and the file has read permission. |
Problem | An unexpected RemoteException, OpException or IOException occurred during server startup. There could be problems with loading or writing of security configuration URL property files. |
User response | Verify the file permissions associated with security configuration URL property file (typically sas.server.props) are read and writable. |
Problem | An unexpected RemoteException, OpException or IOException occurred during server shutdown. There could be problems with loading or writing of security configuration URL property files. |
User response | Verify the file permissions associated with security configuration URL property file (typically sas.server.props) are read and writable. |
Problem | A loadProperties() operation probably failed. |
User response | Verify the file permissions associated with security configuration URL property file (typically sas.server.props) are read and writable. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The user does not have the necessary permission to access the resource. This failure may be expected if the user should not be granted access. If this error is unexpected, then there are several possible causes. The user has not been mapped to one the roles protecting the resource if the user requires access to the protected resource. The user is not a member of one of the groups that may have been mapped to one of the roles. If WebSphere security is configured to use LDAP as the user registry, the WebSphere security LDAP user and group search filter configuration may not match what the LDAP directory expects. |
User response | If the authorization failure is unexpected, verify the user, or a group that the user is a member of, is mapped to the role protecting the resource. Verify the WebSphere security LDAP user and group filters configuration match what the LDAP directory expects. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The user could not be authenticated. The user id or password may have been entered incorrectly. The user may not exist in the user registry that WebSphere is configured to authenticate to. If WebSphere security is configured to use LDAP as the user registry, the WebSphere security LDAP user and group search filter configuration may not match what the LDAP directory expects. |
User response | Verify that the user id and password are entered correctly and exist in the user registry. If LDAP is configured as the security user registry, verify the WebSphere security LDAP user and group filters configuration match what the LDAP directory expects. Consult with the administrator of the user registry that WebSphere is configured to use if the problem persist. |
Problem | Authentication failed with the specified reason. |
User response | Verify that the user id and password are entered correctly. Consult with the administrator of the user registry if the problem persist. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This is an internal error probably due to LTPAServer initialization problems. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The wrong constructor was used when trying to create an instance of LTPAServerBean. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This is an internal error. The ejbRemove() operation failed on the LTPAConfigBean. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This is an internal error. Cannot get accessID from credential. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The credential mapping can fail for a number of reasons: The credential token is not an instance of a supported CredentialToken type for a mapping. The principal identified in the credential cannot be mapped to an entry or found in the user registry. A user registry exception occurs or if the user registry has been stopped. |
User response | Verify the user registry is operational. Verify the principal exist in the target user registry if appropriate. The exception reported with this error message may help diagnose the problem. |
Problem | This is an internal error. An UnsupportedEncodingException occurred when the LTPAServer tried to encode the token value. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The credential mapping can fail for a number of reasons: The credential token is not an instance of a supported CredentialToken type for a mapping. The principal identified in the credential cannot be mapped to an entry or found in the user registry. A user registry exception occurs or if the user registry has been stopped. |
User response | Verify the user registry is operational. Verify the principal exist in the target user registry if appropriate. The exception reported with this error message may help diagnose the problem. |
Problem | An unexpected exception occurred when configuring for LDAP. |
User response | Verify the WebSphere LDAP configuration settings such as the provider URL are correct in the Security Center GUI. If using SSL make sure the SSL configuration is correct. |
Problem | Cannot find a name for the specified SID in the Windows user registry.This can occur if a network time-out prevents the function from finding the name. It also occurs for SIDs that have no corresponding account name, such as a logon SID that identifies a logon session |
User response | WebSphere may still have a reference to the user in the authorization table but, that user may have been removed from the Windows user registry. If you know the user, remove it from any resource protection permissions in WebSphere. If the user is still valid, then it needs to be recreated in the Windows user registry and then reassigned to proper resource permissions in WebSphere. |
Problem | Unable to find a SID for the specified user in the Windows user registry. The user may not exist in the user registry. |
User response | If appropriate create the user in the user registry. |
Problem | |
User response | Verify the pattern is correct and not malformed. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | An unexpected exception occurred when trying to load or create the user registry. |
User response | Verify the CLASSPATH used to start WebSphere is correct and that the jar files have at least the read permission and exist. |
Problem | This is an internal error. A registry of the specified type could not be looked up. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This is an internal error. Unable to create the home for the registry. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Unable to lookup RegistryHome in name space or narrow failed. The class for the user registry was not registered in the name space correctly or the class file for the user registry cannot be found. |
User response | Verify the classpath is correct and that the required classes exist. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | An error internal occurred while initializing the security attributes of a Web Application. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The HttpServletResponse indicates an Internal Server Error has occurred. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The encoded password cannot be decoded because it is missing or malformed. |
User response | Verify the passwords in the security config URL are not corrupt or missing. Reset the affected password through the WebSphere Admin console if possible. If all else fails, reset the password to its plain text value in the security config URL (which is usually sas.server.props). |
Problem | The password cannot be encoded because it is missing or malformed. |
User response | Verify the passwords in the security config URL are not corrupt or missing. Reset the affected password through the WebSphere Admin console if possible. If all else fails, reset the password to its plain text value in the security config URL (which is usually sas.server.props). |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If this message is from a warning, then it is a temporary problem which is usually recovered from automatically. If it is not a warning, then check the file permissions for the file to ensure they are readable. If the file is missing, restore it. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | Verify that the user registry has been configured in WebSphere properly. |
Problem | The security config URL is being recovered from the future version. This may happen if the security config URL is missing or has been deleted. |
User response | None |
Problem | A loadProperties() operation probably failed. |
User response | Verify the file permissions associated with security config URL property file (typically sas.server.props) are read and writable. |
Problem | The run-as-bindings size is zero for this application. |
User response | Verify that the run-as bindings are specified for the application if necessary. |
Problem | No security constraints or roles have been defined for this application. |
User response | If no security is necessary for this application then ignore this message. Otherwise, review the security requirements of this application. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The credential may be malformed or corrupt. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The credential is possibly malformed or corrupt. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The credential is possibly malformed or corrupt. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The user could not be authenticated by the FormLogin Servlet. The user id or password may have been entered incorrectly. The user may not exist in the user registry that WebSphere is configured to authenticate to. |
User response | Verify that the user id and password are entered correctly. Consult with the administrator of the user registry if the problem persist. |
Problem | An unexpected error occurred during authentication. |
User response | This is an internal error. Look for previous messages that may be related to the failure. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Reports the number of Trust Association interceptors that have been added. |
User response | None, informational only. |
Problem | Self Explanatory. |
User response | None, informational only. |
Problem | Reports the signature of the Trust Association interceptor. |
User response | None, informational only. |
Problem | getClassLoader() operation returned null. |
User response | Verify the appropriate Trust Association classes are installed and the classpath is correct. |
Problem | The interceptor class file specified in trustedservers.properties cannot be found. |
User response | Verify the appropriate Trust Association classes are installed and the classpath is correct. Also verify the class specified in the trustedservers.properties file and that the file has at least the read permission. |
Problem | A ClassNotFoundException occurred when trying to load the subject class. |
User response | Verify the appropriate Trust Association classes are installed and the classpath is correct. |
Problem | When the appropriate interceptor is found for a given request, that interceptor then validates its trust with the reverse proxy server. This error message suggests that the validation has failed and therefore the reverse proxy cannot be trusted. For example, an incorrect password may have been provided. |
User response | In a production environment, the user may be alerted to check if there is an intruder in the system. In a development environment in which testing is underway, verify if the expected inputs from the reverse proxy server is in fact being passed to the interceptor correctly. The nature of these inputs really depends on how trust association is being established. For example, the simplest method would be to pass a username/password through the Basic Authentication header. |
Problem | When the WebAuthenticator invoked an interceptor to return the authenticate username, no such username was returned. |
User response | Verify that the reverse proxy server is putting in the right username in the HTTP request before sending the request to WebSphere |
Problem | This refers to all other exceptions that can be possibly thrown by an interceptor, when validating trust with the reverse proxy server and when getting the authenticated username, aside from WebTrustAssociationFailedException and WebTrustAssociationUserException. |
User response | Debug the problem from the stack trace that is printed together with this error message. You can also turn on the debug trace to get more information about the nature of the exception. |
Problem | The user does not have the necessary permission to access the resource. |
User response | Contact your WebSphere security administrator if this is unexpected. The user must be mapped to one the roles protecting the resource if the user requires access to the protected resource. |
Problem | When using WebSealTrustAssociationInterceptor, the "via" HTTP header in the HTTP Request object will be examined. This message appears when the value for this header is invalid or corrupted. |
User response | Make sure that WebSeal and/or the HTTP Server is properly working. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Java 2 Security Manager is installed. |
User response | None, informational only. |
Problem | An illegal Permission was attempted. Only the main thread can set the security manager. |
User response | Verify the code that is trying to set the security manager is not trying to subvert the WebSphere security manager. |
Problem | The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. |
User response | Verify the attempted operation is permitted. |
Problem | Only the main thread is allowed to exit the Java VM |
User response | Verify the code attempting the system exit is not trying to subvert the WebSphere security manager. |
Problem | Reports the Custom User Registry implementation that is being used. |
User response | None, informational only. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The Certificate mapping filter specified by the user in the global security settings is missing or malformed. |
User response | Review the certificate mapping filter configuration in the LDAP Advanced properties in the Security Center and verify it is present and correct. |
Problem | More than one user entry in LDAP matched the certificate mapping filter specified in the global security settings. It is not possible to map a subjectDN in a certificate to more than one user in an LDAP user registry. The mapping filter results in an ambiguous condition that cannot be supported. |
User response | Specify a certificate mapping filter in the LDAP Advanced properties in the Security Center. |
Problem | A naming exception occurred when searching LDAP. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | No entry in LDAP can be found with the subject DN in the certificate or found with the filter. |
User response | This may be the expected result depending on the subject DN in the certificate and filter. If the response is unexpected, review the certificate mapping filter defined in the LDAP advanced properties in the Security Center. |
Problem | The DN in the certificate was successfully mapped to an entry in LDAP but, an unexpected exception occurred when trying to create a credential for the mapped entry. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Using invalid user ID or the user ID is not a directory entry. The directory administration ID (root DN) is not a directory entry on most LDAP servers. |
User response | Verify the user ID is a valid directory entry. |
Problem | When LTPA is the authentication mechanism SSO must also be enabled if any web applications use FORM login. |
User response | Enable SSO in the global security settings and restart WebSphere |
Problem | A security role ref in the specified EJB's ejb-jar.xml file has not been mapped to a security role. This is a configuration error. |
User response | The security-role-ref in the EJB's ejb-jar.xml deployment descriptor should be mapped to a security role. |
Problem | The WebSphere security code couldn't find, load, or had problems loading the user registry class. |
User response | The exception mentioned in the message should provide additional clues including the class or file that could not be found or loaded. Verify the mentioned file exists in the correct directory and PATH. |
Problem | The Vendor specified Authorization Table is loaded successfully. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The Vendor specified Authorization Table could not be loaded successfully. Therefore, using WebSphere provided authorization table. |
User response | Check to make sure that the Vendor's implementation of Authorization Table is in the CLASSPATH and could be loaded. |
Problem | The Vendor specified Authorization Table class could not be found in the CLASSPATH. |
User response | Check to make sure that the Vendor's implementation of Authorization Table as specified in sas.server.props is in the CLASSPATH. |
Problem | The Vendor specified Authorization Table class could not be instantiated. |
User response | Check to make sure that the Vendor's implementation of Authorization Table as specified in sas.server.props could be loaded and instantiated. |
Problem | The Vendor specified Authorization Table failed during authorization check. |
User response | Please look at Vendor's specific exception for details. If vendor's specific exception is not present, Contact your service representative with exception stack trace information present in the error log. |
Problem | This indicates the Vendor's specific error. Example:- Server not started, Network failure, Server failed. |
User response | Depends on the error. |
Problem | Unknown error from Vendor's authorization table |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | An error was returned by the operating system API |
User response | Depending on the API being called, please check the operating system specific documentation |
Problem | While expanding the permission in application policy file, caught an expand exception |
User response | Check the permission entry syntax in application policy file.(app.policy or was.policy). To identify which policy file has problem, enable security trace for component com.ibm.ws.security.policy.*. trace.log will show was.policy name. |
Problem | While expanding the grant entry in application policy file, caught an expand exception |
User response | Check the grant entry syntax in your application policy file. (app.policy or was.policy). To identify which policy file has problem, enable security trace for component com.ibm.ws.security.policy.*. trace.log will show was.policy name. |
Problem | While expanding the permission entry in filter.policy file, caught an expand exception |
User response | Check the permission entry syntax in filter policy file. |
Problem | Keystore of the above type is not supported. |
User response | Please use the supported type of keystores. |
Problem | While expanding the permission, caught an expand exception |
User response | Check the permission entry syntax in your policy file. To identify which policy file has a problem, enable security trace for component com.ibm.ws.security.policy.*. trace.log will show the policy file name. |
Problem | While expanding the grant entry, caught an expand exception |
User response | Check the grant entry syntax in your policy file. To identify which policy file has a problem, enable security trace for component com.ibm.ws.security.policy.*. trace.log will show the policy file name. |
Problem | While expanding the signedby entry, caught an expand exception |
User response | Check the signedby entry syntax in your policy file. To identify which policy file has a problem, enable security trace for component com.ibm.ws.security.policy.*. trace.log will show the policy file name. |
Problem | While encoding the FilePath, there was an error. |
User response | Please check the specified syntax. To identify which policy file has a problem, enable security trace for component com.ibm.ws.security.policy.*. trace.log will show the policy file name. |
Problem | In the system extension policy files, the grant entries should not specify codebase and signedby values |
User response | Please remove the codebase and signedby values from the grant entry in the system extension policy file. (spi.policy or library.policy) |
Problem | In the system extension policy files, the permission entries with signatures are not supported in the current version. |
User response | Please remove the signature values from the permission entry in the system extension policy file. (spi.policy or library.policy) |
Problem | The data stored for the keyword "type" in the hashmap is incorrect |
User response | This is an internal error. However, it could be caused by an incorrect xml file. Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | Could not retrieve the policy template of the above type. |
User response | This is an internal error. However, it could be caused by an incorrect xml file. Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | Could not convert the above classpath to a URL |
User response | Please check the classpath. Usually, this path was picked up from xml file. Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | Could not retrieve the resource adaptor policy file from the hashmap passed to setupPolicy(). |
User response | Please check the data stored in the hashmap for the resource adaptor keyword. It could be caused by incorrect xml file. Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | Could not get the absolute filepath of the resource adaptor policy file. |
User response | Please check the filepath specified in resource.xml file. Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | Could not retrieve the deployed application policy file from the hashmap passed to setupPolicy(). |
User response | This is an internal error. However, it could be caused by incorrect data in xml file. Please check the type of the policy file and the hashmap being passed to setupPolicy(). Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | Could not get the resource adaptor module's absolute filepath. |
User response | It could be caused by incorrect data in resources.xml file. Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | Could not get the Canonical path for the specified file |
User response | Please check the specified file name passed to security. It could be caused by incorrect data in xml file. Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | Could not convert the specified filepath to URL. |
User response | Please check the specified filepath. It could be caused by incorrect data in xml file.Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | Could not get the absolute path for the resource adaptor in removePolicy(). |
User response | Please check the specified path. It could be caused by incorrect data in xml file. Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | Could not get the absolute path for the module in removePolicy(). |
User response | Please check the specified path. It could be caused by incorrect data in xml file.Please enable security trace with com.ibm.ws.security.policy.* to get more detailed information. |
Problem | IOException occurred when creating the system extension template in the hashmap of all the templates. |
User response | Please check the IOException to see the cause for not being able to create the system extension template in the hashmap. |
Problem | ParserException occurred when creating the system extension template in the hashmap of all the templates. |
User response | Please check the ParserException data. Check the specified policy file. |
Problem | IOException occurred when creating the application policy template in the hashmap of all the templates. |
User response | Please check the specified policy file. |
Problem | ParserException occurred when creating the application policy template in the hashmap of all the templates. |
User response | Please check the ParserException data. Check the specified policy file. |
Problem | IOException occurred when putting the was.policy template in the hashmap of all the templates. |
User response | Please check the specified was.policy file. |
Problem | ParserException occurred when putting the was.policy template in the hashmap of all the templates. |
User response | Please check the ParserException data. Check the specified was.policy file. |
Problem | IOException occurred when creating the resource adaptor template in the hashmap of all the templates. |
User response | Please check the specified ra.xml file's permission specification. |
Problem | ParserException occurred when putting the resource adaptor template in the hashmap of all the templates. |
User response | Please check the ParserException data. Check the ra.xml's permission specification. |
Problem | IOException occurred when adding permission to the set of filtered permissions. |
User response | Please check the filter.policy file. |
Problem | ParserException occurred when adding permission to the set of filtered permissions. |
User response | Please check the ParserException data. |
Problem | Custom permission is being used in an application policy file. |
User response | Please make sure that it is all right to use a custom permission in an application policy file. |
Problem | Invocation TargetException occurred while constructing the permission object. |
User response | Please check the exception. |
Problem | An Exception occurred while constructing the permission object. |
User response | Please check the exception. |
Problem | An IOException occurred while adding the grant entry to the policy template of the resource adaptor. |
User response | Please check the specified ra.xml file. |
Problem | A ParserException occurred while adding the grant entry to the policy template of the resource adaptor. |
User response | Please check the syntax of permission specification in the specified ra.xml |
Problem | The above error number was returned by the above API. |
User response | Depending on the API being called, please check the operating system documentation for the API. |
Problem | The Admin application initialized successfully |
User response | None. Informational only. |
Problem | The Naming application initialized successfully |
User response | None. Informational only. |
Problem | The Rolebased authorizer initialized successfully |
User response | None. Informational only. |
Problem | The Security Admin mBean registered successfully |
User response | None. Informational only. |
Problem | An unexpected exception occurred when trying to create or register an mBean. |
User response | There may be a problem with the configuration. The exception may include details. |
Problem | The specified resource could not be loaded due to an exception. |
User response | The failure may be related to a configuration problem related to the resource. |
Problem | The userId and password specified for the server's identity when configuring global security could not be used to authenticate the server. |
User response | Verify that the userId and password are valid and meet the requirements for the user registry or authentication mechanism. |
Problem | The WCCM JAAS login configuration information could not be pushed to the JAAS configuration object. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Reports current security enabled or disabled status. |
User response | None. Informational only |
Problem | An unexpected error occurred. It could be that the Cell Manager or Node Agent are not started. |
User response | If a remote security server was specified when enabling global security, verify that the Node Agent and Cell Manager are running. |
Problem | The WCCM JAAS login configuration information was pushed to the JAAS configuration object. |
User response | None. Informational only. |
Problem | WebSphere provides an implementation of javax.security.auth.login.Configuration and dynamically installs this class at server startup. Either some application code has installed a different login provider class or a problem occurred when WebSphere tried to dynamically install the class. |
User response | Check for other server startup warning or error messages. |
Problem | WebSphere provides an implementation of javax.security.auth.login.Configuration and dynamically installs this class at server startup. Either some application code has installed a different login provider class or a problem occurred when WebSphere tried to dynamically install the class. |
User response | Check for other server startup warning or error messages. |
Problem | WebSphere provides an implementation of the javax.security.auth.login.Configuration class. This class was successfully set at server startup. |
User response | None. Informational only. |
Problem | WebSphere provides an implementation of the javax.security.auth.login.Configuration class. This class could not be set at server startup. |
User response | Configuration.class may not be present. This is an internal error. |
Problem | A duplicate JAAS LoginModule alias name exist either in a JAAS login URL or in the security.xml file. The duplicate will be replaced with the last one processed. |
User response | Verify no duplicate JAAS LoginModule aliases exist in the login URLs or in the security.xml file. |
Problem | The Rolebased authorizer could not be retrieved due to an exception. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The application must be loaded for the role base authorizer can be used to enforce authorization. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The role based authorizer will load only once per module. |
User response | None, informational only. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | A JAAS LoginContext could not be created due to the unexpected exception. |
User response | The problem could be due to a configuration error. |
Problem | The HTTP cookie that contains the originally requested page was not found. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | PD Authentication disabled. |
User response | None, informational only. |
Problem | When the LocalOS server ID is equal to the LocalOS realm, the access ID returned by the operating system is the machine ID not the server ID. |
User response | Make sure that the server ID is different from the machine ID. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Object created by reflection is null. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Method returned by reflection is null. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Reflection method invocation failed. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Describes whether or not the Security component's FFDC Diagnostic module was successfully registered. |
User response | None. Informational only. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | LTPA is the configurated authentication mechanism but it has not yet been properly configured. Keys or other LTPA configuration attributes are missing. |
User response | Disable WebSphere security, restart the application server and properly configure LTPA authentication. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Security service initialization started. |
User response | None. Informational only |
Problem | Security service initialization started. |
User response | None. Informational only |
Problem | Security service initialization started. |
User response | None. Informational only |
Problem | Security service started. |
User response | None. Informational only |
Problem | Security service started. |
User response | None. Informational only |
Problem | Security service started. |
User response | None. Informational only |
Problem | An error occurred that prevented the SecurityServer from being created. |
User response | The log should contain additional errors that may indicate the cause of the problem. |
Problem | An unexpected exception occurred retrieving the ORB SSL settings. |
User response | Verify the property file, usually sas.server.props contents. Contact your service representative if the problem persists. |
Problem | ORB SSL Key File or Passwords settings were missing in server-cfg.xml |
User response | Verify the server-cfg.xml file. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | An unexpected exception occurred while clean up of specified repository. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | javax.naming.NamingException occurred when getting Initial Naming Context. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Unexpected exception occurred when removing the specified principal during cleanup. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The Vendor specified Authorization Table could not be loaded successfully. Therefore, using WebSphere provided authorization table. |
User response | Check to make sure that the Vendor's implementation of Authorization Table is in the CLASSPATH and could be loaded. |
Problem | java.lang.reflect.InvocationTargetException occurred when try to execute getActualCredential() method. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Unexpected exception occurred when try to execute getActualCredential() method. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Unexpected exception occurred while restoring original credentials. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | CredentialDestroyedException occurred while trying to get BasicAuthData. The credential was already destroyed. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | javax.security.auth.login.CredentialExpiredException occurred while trying to get BasicAuthData. |
User response | refresh the credential. |
Problem | CredentialDestroyedException occurred while trying to get credential token. The credential was already destroyed. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | javax.security.auth.login.CredentialExpiredException occurred while trying to get token. |
User response | refresh the credential. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | javax.naming.NamingException occurred while getting the initial naming context. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | javax.naming.NamingException occurred while rebinding the user registry. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | javax.naming.NamingException occurred while finding the user registry. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Unexpected exception occurred when initializing security server component. |
User response | None. This is warning. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Unexpected exception occurred when updating authorization table. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Unexpected exception occurred when trying to call removePolicy() for specified type. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | All subjects assigned to Special role DenyAllRole for the specified application are removed. |
User response | None. This is a warning. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Unexpected exception occurred when trying to retrieve the information of Resource Adapter to call setupPolicy(). |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | IOException occurred when setting properties to specified file. |
User response | Verify if the property file exist, or the permission. |
Problem | IOException occurred when getting properties to specified file. |
User response | Verify if the property file exist, or the permission. |
Problem | com.ibm.websphere.security.PasswordCheckFailedException occurred when checking the password for specified user. |
User response | Verify the password for the specified user. |
Problem | com.ibm.websphere.security.CustomRegitryException exception occurred when checking the password for specified user. |
User response | Verify the password for the specified user. |
Problem | Unknown exception occurred when checking the password for specified user. |
User response | Verify the password for the specified user. |
Problem | Failed to decode the specified file. The details is shown in the exception. |
User response | Verify the policy files, xml files(resource.xml) to confirm the classpath specified in them are correct. |
Problem | The specified file or directory does not exist. |
User response | Verify the policy files, xml files(resource.xml) to confirm the classpath specified in them are correct. |
Problem | MalformedURLException occurred when trying to convert the specified path to URL. |
User response | Verify the policy files, xml files(resource.xml) to confirm the classpath specified in them are correct. |
Problem | This configuration does not have any alias name. |
User response | This is warning. |
Problem | Exception occurred when getting registry's realm. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Unexpected exception occurred when getting user registry. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The caller does not have the necessary permission, this problem can occur because no credential is found on the thread, the caller is not authenticated, or the accessId might be null. |
User response | If the failure is unexpected, verify that the caller has been granted the required role. |
Problem | No invocation or received credentials were established on this thread. This may cause the role based authorization check to fail. |
User response | The stack trace is obtained by a local throw catch block that maybe useful for debugging the problem. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | JAVA2 security is enabled. |
User response | None, informational only. |
Problem | Java 2 Security Manager is NOT installed. |
User response | None, informational only. |
Problem | A ParserException occurred while adding the grant entry to the policy template. |
User response | Please check the ParserException data. Please check the specified policy file. |
Problem | Could not get the module's absolute filepath. |
User response | Please check the filepath given to load the module. |
Problem | Syntax error in the policy file. ${Application} phrase should not include ${was.module.path} keyword. This entry is ignored. |
User response | Please check the application policy file. |
Problem | This message provides the current value of the java.security.debug property which is used to enable various debug information related to Java 2 Security. |
User response | None, this is informational only. |
Problem | The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. A caller on the call stack does not have the required permission. This may not be a problem if the caller properly handles this exception. |
User response | Verify the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions may be required, a doPrivileged API may be needed in some code on the call stack, or the Security Manager properly prevented access to a resource the caller does not have permission to access. |
Problem | The permission class {0} specified in the application policy file(was.policy or app.policy) does not exist. |
User response | Please fix the specified application policy file. |
Problem | The permission class {0} specified in the filter policy file does not exist. |
User response | Please fix the filter policy file. |
Problem | The permission class {0} specified in the application policy is not be removed. However, it is a part of the permission specified in filter.policy. |
User response | If the permission should be filtered out, divide the permission specified in the application policy. |
Problem | The permission {0} specified in the application policy was removed because filer.policy has the same entry. |
User response | none. This is an informational message. |
Problem | java.securityAllPermission was found in the application. |
User response | none. This is an informational message. |
Problem | There is a syntax error in the policy file. |
User response | Please use ${java.home}/jre/bin/policytool to verify the syntax or edit the policy file and correct the syntax error. |
Problem | The caller does not have the necessary permission, there was no credential on the thread, the caller is not authenticated, or the accessId could be null. |
User response | If the failure is unexpected, verify the caller has been granted the required role. |
Problem | Required attribute CertificateFilter is missing. Certificate Filter is required when CertificateMapMode is CERTIFICATE_FILTER. |
User response | Set CertificateFilter in the advanced LDAP settings. |
Problem | Using invalid user/group ID or the user/group ID is not a directory entry. The directory administration ID (root DN) is not a directory entry on most LDAP servers. |
User response | Verify the user/group ID is a valid directory entry. |
Problem | An unexpected error occurred during Java 2 Security and Dynamic Policy initialization. |
User response | This is a general error. Look for previous messages that may be related to the failure or a configuration problem. Enabling security debug trace for security component com.ibm.ws.security.* may yield additional information. |
Problem | The permission class {0} specified in the policy file was not loaded. |
User response | Please confirm that the specified permission in then policy file is correct. If permission class is incorrect, this warning is issued. |
Problem | No invocation or received credentials were established on this thread. This may cause the role based authorization check to fail. |
User response | The stack trace is obtained by a local throw catch block that may be useful for debugging the problem. |
Problem | Unexpected exception occurred when loading registry properties file. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Cannot locate the registry implementation file. |
User response | If you are using a Custom Registry make sure that your provide the registry implementation file in the GUI or in the scripting (whichever is being used). If you are using WAS supplied registries contact your service representative if the problem persists. |
Problem | This can happen when using custom registries and if they are not instances of UserRegistry or CustomRegistry. |
User response | Make sure you implement the UserRegistry interface for your custom registry. |
Problem | This can happen when the specified custom registry cannot be loaded. |
User response | The custom registry implementation file should be in the classpath as mentioned in the custom user registry section in the InfoCenter. If this happens for WAS provided registries contact your service representative if the problem persists. |
Problem | The specified custom registry implementation cannot be initialized. |
User response | Make sure all the properties required for the custom registry initialization are passed through GUI or scripting (whichever is being used).If this happens for WAS provided registries contact your service representative if the problem persists. |
Problem | The checkPassword method failed to return a user. |
User response | If using WAS provided registries this problem should have preceeded with other authentication related exception(s). Look into them to fix the actual authentication problem. In addition if a custom registry is being used make sure you return a valid userId after a successful authentication. |
Problem | The mapCertificate method failed to return a user from the certificate chain. |
User response | Make sure the certificate should contain a valid user in the registry. This problem should have preceeded with other exception(s). Looking into them would help in narrowing down the problem. In addition if a custom registry is being used make sure you return a valid userId after successfully mapping the certificate. |
Problem | Internal Error. The user name provided to create the credential is null. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The registry failed to return a user after authentication. |
User response | This would happen if the authentication was not successful and the custom registry did not throw exceptions to indicate this. Make sure you are entering a current userID and password for authentication. This problem might have preceeded by other problems. Looking at those problems might narrow the problem down. |
Problem | Authentication failed with the specified reason. |
User response | Verify that the user id and password are entered correctly. Consult with the administrator of the user registry if the problem persist. |
Problem | Internal Error. |
User response | Information purposes only. |
Problem | Error getting display name of a group. |
User response | Make sure the group is valid and has a display name. |
Problem | Problem getting display name of a group. |
User response | Make sure the group is valid and has a display name. |
Problem | Problem getting uniqueId of a group. |
User response | Make sure the group is valid in the registry and if it is a custom registry make sure it also has an uniqueId. |
Problem | Problem getting uniqueId of a group. |
User response | Make sure the group is valid in the registry and if it is a custom registry make sure it also has an uniqueId. |
Problem | Internal Error. |
User response | Make sure the groups matching the pattern exist in the registry. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the user is valid. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the user is valid. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the group is valid. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the group is valid. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the group is valid. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the user is valid and has a display name. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the user is valid and has a display name. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the user is valid. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the user is valid. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the users matching the pattern exist in the registry. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the user is valid. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the user is valid. Contact your service representative if the problem persists. |
Problem | Internal Error. |
User response | Make sure the group is valid. Contact your service representative if the problem persists. |
Problem | Not able to get the hostname of the Windows machine or the domain controller. |
User response | Make sure that the user who is running WAS has administrative and "act as part of operating system" privilege in the Windows machine and also an administrator in the domain machine. Contact your service representative if the problem persists. |
Problem | Registry cannot be initialized. Internal Error. |
User response | Make sure that the user who is running WAS has administrative and "act as part of operating system" privilege in the Windows machine and also an administrator in the domain machine. Contact your service representative if the problem persists. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Problem getting uniqueId of a user/group. |
User response | Make sure that the user or group is valid in the registry and if it is a custom registry make sure an uniqueId exists for user or group. |
Problem | Authentication failed because multiple users found in the registry with the same name. |
User response | When using LDAP make sure that shortname used for the user is unique. For example, if "uid" is used as the shortname make sure the uid are unique in the registry. |
Problem | Authentication failed because of non existent user. |
User response | Make sure the user is valid in the registry. When using LDAP make sure that the user is searchable. The admin id in some LDAP servers may not be searchable. |
Problem | Cannot find user to create credential. |
User response | Make sure the user is valid in the registry. Contact your service representative if the problem persists. |
Problem | Cannot create credential. |
User response | Make sure the user is valid in the registry. If this is preceeded by other exceptions look into them to narrow down the problem. Contact your service representative if the problem persists. |
Problem | The LTPA server object cannot be initialized. |
User response | The primary reason this happens is because the ltpa keys cannot be decrypted using the ltpa password. This happens because the password that is used to encrypt the keys is not same one that is saved in the repository.The server may not come up when this problem occurs. If this happens disable security, start the server, enter a new password for LTPA, save it, generate the keys, do another save to save the keys, turn on security, stop and restart the server. Contact your service representative if the problem persists. |
Problem | Cannot create the security object from repository. Internal Error. |
User response | The security.xml might be corrupted or missing. Contact your service representative. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | SSO is required for FormBased logon to work in Web applications when LTPA is the authentication mechanism. |
User response | If this is the intended configuration then ignore this warning. If this is not the intended configuration, then the enabled attribute of Single Signon element in the security.xml must be set to the true value. |
Problem | This is an internal error. A NoSuchAlgorithmException occurred when the LTPAServer tried to sign the token. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Authentication has failed when using LTPA. |
User response | There could be multiple reasons why this might have occurred. Most of the time this should have preceeded with other exceptions that will indicate what the exact problem is. This might occur if the userName and/or password are incorrect, if the setup of the registry is not valid. If problems persist contact your service representative. |
Problem | Cannot validate the token since the token is null. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Cannot validate the token since the token has expired. |
User response | Once the token time out is reached, the token will not be validated and the user has to authenticate again. This is normal. Make sure that all the WebSphere nodes and cell(s) are synchronized with respect to time, date and time zone. One can change the token expiration time if required. |
Problem | It's likely the LTPA keys are not the correct ones to verify the signature of the token. |
User response | This would happen if the keys encrypting the token are not the same as the ones decrypting. If a new set of keys were generated this is an expected error as the tokens signed with old keys will not work anymore. Otherwise, contact your service representative if the problem persists. |
Problem | Internal Error. Cannot create a credential after the token is validated. |
User response | This is typically due to an expired token or a token created with different LTPA keys. If the token is expired, you might need to increase the LTPA timeout, if necessary. If the keys are not the same, ensure one set of LTPA keys are used in all cells that interopate, or ensure that a newly added node has synchronized. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The realm in the token does not match the current realm. |
User response | This error can occur when a token is passed between one cell to another cell and the realm do not match in these cells. If using LDAP make sure that both cells use the same host name and port number. |
Problem | Cannot import LTPA keys. |
User response | This occurs when the password used to import the keys does not match the password that encrypted the keys. Make sure that the password is the same. If problem persists, contact your service representative. |
Problem | Cannot export LTPA keys. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The keystore or truststore type specified is invalid. |
User response | Modify the SSL configuration so that the keystore or truststore type is a valid type. You can check the keystore and truststore types by loading them in WebSphere's IKeyMan tool. |
Problem | The com.ibm.websphere.java2secman.norethrow property, when it has a true value, instructs the Java 2 Security Manager to NOT rethrow AccessControl exceptions. This property is intented to aid developers when preparing their application for Java 2 Security. When this property value is true, the Security Manager only reports the AccessControl exception but does not rethrow or propagate the exception up the call stack. This may permit applications to access resources that would they would not otherwise have access to. This property should not be specified in a production environment, only in a debug or application development environment. |
User response | If this message is unexpected or the application is running in a production environment, remove the com.ibm.ws.java2secman.norethrow property setting unless you understand the consequences. |
Problem | Informational. |
User response | During the server and the cell security object merging, if a same alias name exists in both, the alias will not be copied to the cell configuration. This is as designed. In the normal circumstance this should not happen since the alias names are unique. However, if a removeNode has been performed prior to the addNode, one might see this message as the removeNode will not remove the exisintg aliases. Also, if the alias names in the security.xml file was manually changed this message will show up if the aliases match. |
Problem | Informational. |
User response | This message shows up when the Application Server contains its own security configuration that needs to be merged with cell level configuration. |
Problem | The initialization of this Trust Association implementation failed. |
User response | Verify that the appropriate Trust Association properties required for the initialization are set up correctly. If you are using your own implementation check your initilization method for any problems. If a single Trust Association implementation is used, this would indicate that the Trust Association will not be in effect. However, if multiple TrustAssociation implementations are used, Trust Association can be in effect if one of the implementations succeeds. |
Problem | Cannot find and load the FIPS approved IBM JSSE or JCE providers. It is a problem in the case when IBM FIPS approved JCE provider is missing because WAS depends on it when requiring to use FIPS approved provider. Missing FIPS approved IBM JSSE provider may not be a problem provided that you have configured ito use your own FIPS approved JSSE provider. |
User response | Make sure that the missing provider jar, if needed, is in the JDK ext directory. |
Problem | Authenticaton will be perfomed using Tivoli Access Manager. This requires that WebSphere is configured to use an external Tivoli Access Manager server. |
User response | None, informational only. |
Problem | Could not get the JACC provider PolicyConfiguration object. This object is required to propagate the security constraints information to the provider. |
User response | Make sure that the JACC provider property javax.security.jacc.PolicyConfigurationFactory.provider is set correctly to the PolicyConfigurationFactory implementation class. The preferred way to set this property is to use the JACC configuration properties panel or wsadmin tool. Also make sure that the provider classes are in the classpath of all the servers. |
Problem | The policy configuration object status could not be determined. Access will not be granted to this module. |
User response | The module in question might be in the process of being deleted. If problem persists, contact your service representative. |
Problem | The policy context key cannot be obtained to make the access decision. |
User response | Make sure that the Policy Context Key in question is registered by the container. |
Problem | Cannot determine the isCallerInRole because of the exception. Default is to return false. Make sure that the security role-ref information is correct. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The provider's policy implementation cannot be loaded because of the exception. |
User response | Make sure the JACC provider properties are set correctly and the provider classes are in the classpath. If problem persists, contact your service representative. |
Problem | Could not determine the dataconstraint requirements for this resource. The request will be denied. |
User response | Make sure the dataconstraint requirements are correctly configured in the deployment descriptor. |
Problem | Could not determine the isUserInRole requirements for this resource. The default value false will be returned |
User response | Make sure the RoleRef information is correctly configured in the deployment descriptor. |
Problem | The Trust Association Interceptor did not have the correct principal in the Subject. The principal must implement java.security.Principal. |
User response | Contact the provider of the Trust Association Interceptor to ensure this problem gets resolved. |
Problem | A SecurityServer could not be located for login. |
User response | In some cases it is necessary to specify a valid bootstrap host/port in the com.ibm.CSI.securityServerHost and com.ibm.CSI.securityServerPort properties in the ${WAS_INSTALL_ROOT}/profiles/profile_name/properties/sas.client.props file. See sas.client.props for details. |
Problem | Cannot provide the security policy information to the JACC provider because of the exception. Without this information the authorization decisions, cannot be made correctly when security is enabled. |
User response | Make sure the JACC provider is properly configured and can be accessed. After the problem is fixed, either re-install the application or run the propagatePolicyToJACCProvider tool to propagate the policy information to the JACC provider. For more information about this tool, search for propagatePolicyToJaccProvider in the WebSphere Application Server Information Center. |
Problem | Cannot delete the security policy information from the JACC provider because of the exception. This problem creates redundant information in the JACC provider. |
User response | Make sure the JACC provider is properly configured and can be accessed. The JACC provider might have tools to remove this information. |
Problem | Cannot provide the security policy information to the JACC provider because of the exception. Without this information, the authorization decisions cannot be made correctly when security is enabled. |
User response | Make sure the JACC provider is properly configured and can be accessed. After the problem is fixed, one can either re-install the application or run the propagatePolicyToJACCProvider tool to propagate the policy information to the JACC provider. For more information about this tool, search for propagatePolicyToJaccProvider in the WebSphere Application Server Information Center. If the modification involved removing any modules, you can delete the information in the JACC provider to avoid redundant data. |
Problem | The appContextIDForSecurity atribute is required when using JACC as the authorization. |
User response | If JACC will not be used for authorization then this should not impact anything. If JACC will be used for authorization, contact your IBM representative if this problem persists. |
Problem | Information only. |
User response | Information only. |
Problem | This is an internal error. Without the meta data, the moduleName and applicationName cannot be obtained for access decisions. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Could not get the JACC provider RoleConfiguration object. This object is required to propagate the authorizationTable information to the provider. |
User response | If the authorizationTable information is required by the provider, make sure the JACC provider properties related to the RoleConfigurationFactoryImplClass is set correctly. Also make sure that the implementation classes are in the classpath of all the servers. |
Problem | Could not get the JACC provider PolicyConfiguration object. This object is required to propagate the security constraints information to the provider. |
User response | Make sure that the JACC provider property javax.security.jacc.PolicyConfigurationFactory.provider is set correctly to the PolicyConfigurationFactory implementation class. The preferred way to set this property is to use the JACC configuration properties panel or wsadmin tool. Also make sure that the provider classes are in the classpath of all the servers. |
Problem | Could not get the object required for security policy propagation. |
User response | Make sure that the JACC provider properties are set correctly in the JACC configuration. Also make sure that all the provider classes are in the classpath of all the servers. |
Problem | Could not get the object required for security policy propagation. |
User response | Make sure that the JACC provider properties are set correctly in the JACC configuration. Also make sure that all the provider classes are in the classpath of all the servers. |
Problem | The earFile is required to get the security policy information for the application. The config repository might be corrupted. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The appname is required to propagate the security policy information to the provider. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Because of an exception, the security policy information may not have been removed completely from the provider during the application uninstall. |
User response | Make sure that the provider is up and running and the JACC configuration is correct. One can use the tools provided by the provider to remove the security policy information manully from the provider's repository. |
Problem | Because of an exception, the security policy information may not have been propapated to the provider during the application install. |
User response | Make sure that the provider is up and running and the JACC configuration is correct. Once the problem is fixed, one can also use the wsadmin tool to manually propagate the security policy information to the provider instead of reinstalling the application. See the infocenter documentation for more details on running this tool. If problem persists, please contact your service representative. |
Problem | Because of an exception, the security policy information may not have been updated to the provider during the application update. |
User response | Make sure that the provider is up and running and the JACC configuration is correct. Once the problem is fixed, one can also use the wsadmin tool to manually propagate the security policy information to the provider instead of reinstalling the application. See the infocenter documentation for more details on running this tool. If problem persists, please contact your service representative. |
Problem | Because of an exception, the security policy information may not have been updated to the provider. |
User response | Make sure that the provider is up and running and the JACC configuration is correct. Once the problem is fixed, one can also use the wsadmin tool to manually propagate the security policy information to the provider instead of reinstalling the application. See the infocenter documentation for more details on running this tool. If problem persists, please contact your service representative. |
Problem | The initialization implementation of the provider failed with an exception or a non-zero error code. |
User response | Verify that the JACC provider properties are correctly set and that the initialization classes are in the class path. Check the provider implementation for problems. An error code of zero (0) indicates success. |
Problem | This message is provided for information purposes only. |
User response | No user action is required. |
Problem | When the server is running in FIPS mode the IBMJCEFIPS provider should be in the java.security file. |
User response | The java.security file needs to be changed to include the IBMJCEFIPS provider in the provider list before the IBMJCE provider. |
Problem | This message is provided for information purposes only. |
User response | No user action is required. |
Problem | This message is provided for information purposes only. |
User response | No user action is required. |
Problem | The server is running in FIPS mode, using the IBMJCEFIPS provider. |
User response | No user action is required. |
Problem | The most likely cause of this error is an invalidly formed hostname or IP address in LDAP configuration settings. |
User response | Correct the configured LDAP host or IP address. |
Problem | It's likely the TrustStore named CellDefaultTrustStore or KeyStore named NodeDefaultKeyStore does not exist in the configuration. |
User response | The node's signer certificates need to be added to the cell's truststores. |
Problem | It's likely the TrustStore named NodeDefaultTrustStore or KeyStore named CellDefaultKeyStore does not exist in the configuration. |
User response | The cell's signer certificates need to be added to the node's truststores. |
Problem | The creation of keystore and truststore with self-signed certificate failed. |
User response | The node agent did not have certificates created when it was federated into the cell. The attempt to create them during addNode failed. |
Problem | JAAS Login exception occurred while refreshing the credential. |
User response | Please confirm user id, password and realm information are correct. If you still see the problem, contact your service representative with exception stack trace information present in the error log. |
Problem | Authentication can fail for many reasons. The user or password may not have been entered correctly, misspelled for instance. The user account may not exist, may have expired, or be disabled. The password may have expired or require a change at first logon. If WebSphere security is configured to use LDAP as the user registry, the WebSphere security LDAP user and group search filter configuration may not match what the LDAP directory expects. |
User response | Confirm if the user information(realm name, user name, password) is valid. Try authenticating the user directly to the configured user registry outside of WebSphere authentication to verify the user and password are valid in the user registry. The WebSphere InfoCenter documents additional user account requirements for certain user registries. |
Problem | Authentication failure occurred while invoking login() of realm/user since there is no CORBA credential. |
User response | Confirm if the user information(realm name, user name password) is valid. |
Problem | JAAS Login failure occurred while invoking login() with token for LocalOS. |
User response | LocalOS does not support login with token. Please make sure the application program is valid. |
Problem | JAAS Login failure occurred while invoking login() with token. |
User response | Please check the user authenticate data is correct. Enabling security debug trace will provide the details.(com.ibm.ws.security.auth.* ) |
Problem | JAAS Login returned null credential while invoking login() with token. There is no CORBA Credential. |
User response | login returned null Credential. Please check the user application how it authenticate. Enabling security debug trace will provide the details.(com.ibm.ws.security.auth.* ) |
Problem | Getting the JAAS subject from CORBA credential failed with exception. |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | WSLoginHelperImpl object instance should not be constructed. |
User response | Check the user application. WSLoginHelperImpl should not be directly constructed. |
Problem | Some of the authentication data is missing. |
User response | Check the next message. It identifies what is missing. |
Problem | User name, realm name or password is missing. |
User response | Confirm the necessary authentication data is passed. Enabling security debug trace for component com.ibm.ws.security.auth.* may yield additional information. |
Problem | Credential token is missing. |
User response | Confirm the necessary authentication data is passed. |
Problem | com.ibm.ejs.oa.EJSORB.getORBInstance() returns null |
User response | Please check if ORB is initialized correctly in user application. |
Problem | Getting security current caused an exception. |
User response | Please check if ORB is initialized correctly in user application. |
Problem | Exception occurred while processing callbacks |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | Unsupported Exception occurred while processing callbacks |
User response | Check the application. Contact your service representative with exception stack trace information present in the error log if the problem persists. |
Problem | Exception occurred while committing LoginModule |
User response | Check the application. Contact your service representative with exception stack trace information present in the error log if the problem persists. |
Problem | Exception occurred while removing the principal. |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | Exception occurred while removing the credential. |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | Exception occurred while removing CORBA credential. |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | Util object instance should not be constructed. |
User response | Check the user application. Util should not be directly constructed. |
Problem | CORBA credential has invalid attribute. |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | CORBA credential has duplicate attributes. |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | CredentialsHelper object instance should not be constructed. |
User response | Check the user application. CredentialsHelper should not be directly constructed. |
Problem | Failed to create a configuration instance |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | getAppConfigurationEntry() was called with null string. |
User response | Check the parameter if it is called from user application. If not, Contact your service representative. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | WSDefaultPrincipalMapping() should not be invoked. |
User response | This is warning. Check the user application. WSDefaultPrincipalMappingshould not be directly constructed. |
Problem | Specified file did not exist. Use the default file. |
User response | This is warning. Check the specified file name. |
Problem | Unexpected exception occurred while creating a new URL. |
User response | Check the specified URL. Contact your service representative with exception stack trace information present in the error log. |
Problem | Unexpected Exception occurred while opening an URL. |
User response | Check the specified URL. Contact your service representative with exception stack trace information present in the error log. |
Problem | Unrecognizable Callback is passed. |
User response | Contact your service representative with information present in the error log. |
Problem | Unexpected IOException was caught while processing callbacks. |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | Internal problem related to malformed or corrupt data storage. |
User response | Contact your service representative with exception stack trace information present in the error log. |
Problem | The LoginModule did not create a Subject. There is a problem with the LoginModule |
User response | This problem could be due to a configuration error in security.xml or an internal error. |
Problem | Token Authentication failure may be caused by an expired token, invalid token or a date or time synchronization problem between WebSphere nodes. Web browsers often cache WebSphere SSO cookies which contain the token to validate. These tokens do expire. |
User response | Token validation failures are not always unexpected given that tokens can expire. May consider increasing timeout value or verifying that the system date and time between WebSphere nodes is synchronized. |
Problem | Failed to get the specified property. |
User response | Please check if you defined the specified property correctly. |
Problem | Exception occurred trying to reflect on or invoke convertMapToString(). |
User response | Please investigate the exception. Check classpath. |
Problem | MalformedURLException occurred trying to connect the specified URL. |
User response | Please investigate the exception. Check the specified URL. |
Problem | IOException occurred trying to connect the specified URL. |
User response | Please investigate the exception. Check the specified URL. |
Problem | IOException occurred trying to connect the specified URL. |
User response | Please investigate the exception. Check the specified URL. |
Problem | null or empty string was passed to update() method. |
User response | This is a warning. |
Problem | Could not create or open the specified StringReader. |
User response | Please investigate the exception. |
Problem | IOException occurred trying to connect the specified stringreader. |
User response | Please investigate the exception. Check the specified string. |
Problem | Unexpected IOException occurred trying to close a stream. |
User response | This is a warning. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Exception occurred trying to reflect on or invoke convertMapToString(). |
User response | Please investigate the exception. Check classpath. |
Problem | Duplicate login config name was specified in the configuration data. |
User response | Please check the configuration data. |
Problem | IOException occurred during parsing jaas application configuration. |
User response | Please check the configuration file. Please investigate the exception. |
Problem | ParserException occurred during parsing jaas application configuration. |
User response | Please investigate the exception. It has the information of syntax error in the configuration file. |
Problem | Unexpected exception occurred while creating and initializing the user registry. |
User response | Check the application and the registry set up. Contact your service representative if the problem persist. |
Problem | Unexpected exception occurred while restoring the credential. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | PrivilegedActionException occurred while restoring the credential. This exception is a wrapper of the exception thrown in doPrivileged block. |
User response | Please investigate the real source of the exception. Contact your service representative if the problem persist. |
Problem | InvalidCredentialType exception occurred while restoring the credential. |
User response | Please investigate the SAS problem. Contact your service representative if the problem persist. |
Problem | InvalidCredentialType exception occurred while restoring the credential. |
User response | Please investigate the SAS problem. Contact your service representative if the problem persist. |
Problem | InvalidCredentialType exception occurred while restoring the credential. |
User response | Please investigate the SAS problem. Contact your service representative if the problem persist. |
Problem | InvalidCredentialType exception occurred while restoring the credential. |
User response | Please investigate the SAS problem. Contact your service representative if the problem persist. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | WSMappingCallbackHandlerFactory implementation class may be defined in security.xml to customize Mapping CallbackHandler. This is not an error condition. When the implementation class is not defined, a default WebSphere implementation will be used. |
User response | No action is required unless one wants to override the WebSphere default WSMappingCallbackHandlerFactory implementation. |
Problem | WSDefaultPrincipalMapping initialization failed. The JCA container managed principal/credential mapping most likely will not work properly. |
User response | Examine the cause of the exception and correct the problem. the most likely reason is the WSMappingCallbackHandlerFactory implementation class was not configured properly. |
Problem | WSDefaultPrincipalMapping initialization failed. The JCA container managed principal/credential mapping most likely will not work properly. |
User response | Examine the cause of the exception and correct the problem. the most likely reason is the WSMappingCallbackHandlerFactory implementation class was not configured properly. |
Problem | Either the custom properties HashMap or the authentication data alias was not defined. |
User response | This may or may not be a problem depending on the particilau mapping LoginModules. |
Problem | An exception was throan by the WebSphere default principal/credential mapping function. |
User response | This is most likely caused by incorrect authentcaiton data configuration. |
Problem | WebSphere default principal/credential mapping function could not find the specified credential information. |
User response | This is most likely caused by incorrect authentication data configuration. |
Problem | Unexpected problem occured when processing a WAS V5 mapping callback type. |
User response | Contact your service representative with information present in the error log. |
Problem | A Custom Login module must be provided and configured prior to this login module in the JAAS Login Configuration and should have provided trust information in shared state. |
User response | Please check a Custom Login Module is provided and configured prior to this login module in the JAAS Login Configuration and make sure the shared state information is set correctly based on the requirement. |
Problem | Both a principal and X509Certificate are provided in the trust information, the principal has priority and will be used for the login. |
User response | If login with the X509Certificate is desired then the principal should not be passed in the trust information. |
Problem | A Custom Login module must provide an identity to perform identity assertion. |
User response | Please check a Custom Login module to make sure an idenity is provided to the perform identity assertion. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The object mentioned above probably does not implement the java.io.Serializable interface. |
User response | Ensure the object implements the java.io.Serializable interface to ensure it gets propagated downstream. |
Problem | The object failed to de-serialize at the target server. The likely cause is the implementation class is not present on the target server or the Java class version between the sending server and target server is different. |
User response | Ensure the correct java class exists at the target server. |
Problem | Cannot overwrite an existing PropagationToken. The existing one is returned, so use it to set new attributes given the proper permission. |
User response | Check the addPropagationToken SPI for the value returned. A null value indicates this is the first time the token is added. A non-null value indicates you are setting the token again which is not allowed. Use the returned value to add new attributes. |
Problem | The com.ibm.wsspi.security.cred.uniqueId property has not been found during a properties login attempt. |
User response | Ensure that the java.util.Hashtable used for a properties login contains a valid property value for com.ibm.wsspi.security.cred.uniqueId. |
Problem | The com.ibm.wsspi.security.cred.securityName property has not been found during a properties login attempt. |
User response | Ensure that the java.util.Hashtable used for a properties login contains a valid property value for com.ibm.wsspi.security.cred.securityName. |
Problem | The com.ibm.wsspi.security.cred.longSecurityName property has not been found during a properties login attempt. |
User response | Ensure that the java.util.Hashtable used for a properties login contains a valid property value for com.ibm.wsspi.security.cred.longSecurityName. |
Problem | The realm specified does not match the current security realm of this server. This could cause problems when trying to go downstream to another server on the same current realm. |
User response | If a different realm is desired, set the supportedTargetRealms field to include the new realm you are specifying in order to go outbound to servers in the current realm. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The LTPA TokenFactory implementation is likely not present in the classpath. |
User response | Ensure the LTPA TokenFactory implementation is located in the WebSphere classpath. Typically these implementations are put in the ${WAS_INSTALL_ROOT}/classes directory. |
Problem | The LTPA TokenFactory implementation is likely not present in the classpath or it cannot be initialized. |
User response | Ensure the LTPA TokenFactory implementation is located in the WebSphere classpath. Typically these implementations are put in the ${WAS_INSTALL_ROOT}/classes directory. |
Problem | The LTPA TokenFactory implementation had a problem in the createToken method or the keys used to create a token were not present. |
User response | Ensure the LPTA keys are configured properly and check the createToken implementation on the TokenFactory interface. |
Problem | This audit message indicates that the WebSphere Application Server Security Auditing service is enabled. |
User response | No action is required is this is the desired setting. |
Problem | This audit message indicates that security auditing records are required. |
User response | No action is required if this is the desired setting. Note that the intention of this auditing policy is not to commit a business transaction unless the required security auditing records can be saved. |
Problem | Failed to load the specified class which wsas defined in the global security custom properties. |
User response | Verify that the class name, class path, and class file are configured properly. |
Problem | Indicate that the specified provider class was loaded. |
User response | No action is required. |
Problem | This audit message indicates that the WebSphere Application Server Security Auditing service is disabled. |
User response | No action is required if this is the desired setting. |
Problem | The provider configuration in global security custom properties was incorrect. |
User response | Check the specified properties and in particular the first missing parameter in the error message. |
Problem | At least one AuditEventFactory and an AuditServiceProvider must be defined when the security auditing policy is set to REQUIRED. |
User response | Verify that the two properties com.ibm.websphere.security.audit.auditEventFactory and com.ibm.wsspi.security.audit.auditServiceProvider are defined proerly in the global security custom properties. |
Problem | The specified properties was not defined properly in the global security customer properties. |
User response | Verified that the specified properties is defined properly in the global security custom properties. |
Problem | Runtime exception occured most likely due to incorrect class definition, incorrect class path, or missing class files. |
User response | Examine the exception for the cause of the problem. |
Problem | The getActive method in the spcified AuditEventFactory implementation failed. |
User response | Examine the exception for the cause of the problem. If the problem was not related to incorrect configuration, then you need to consult with the vendor of the AuditEventFactory implementation. |
Problem | Extra AuditServiceProvider was defined and is discarded. |
User response | The com.ibm.wsspi.security.audit.auditServiceProvider properties contains extra information than necessary. Any information following the valid AuditServiceProvider definition is discarded. |
Problem | The specified audit service provider was not defined in the global security custom properties. |
User response | Define the specified properties if security auditing service is required in your business environment. |
Problem | This audit message indicates that security auditing records are optional. |
User response | No action is required if this is the desired setting. Note that the intention of this auditing policy is not to suspend a business transaction when security auditing records cannot be saved. |
Problem | As a convention, an AuditEventFactory implementation that is configured under the J2EE name must implement the J2EEAuditEventFactory interface. |
User response | Examine the com.ibm.websphere.security.audit.AuditEventFactory properties in global security custom properties. |
Problem | This message is intended to be used by the defaultAuditEventFactoryImpl sendAccessAuditEvent method only. |
User response | No action required. |
Problem | This message is intended to be used by the defaultAuditServiceProviderImpl sendEvent method only. |
User response | No action required. |
Problem | This message is intended to be used by the defaultAuditEventFactoryImpl sendAuthnAuditEvent method only. |
User response | No action required. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | This message is intended to be used by the defaultAuditEventFactoryImpl sendAuthzAuditEvent method only. |
User response | No action required. |
Problem | This message is intended to be used by the defaultAuditEventFactoryImpl sendMappingAuditEvent method only. |
User response | No action required. |
Problem | This message is intended to be used by the defaultAuditServiceProviderImpl sendEvent method only. |
User response | No action required. |
Problem | This message is intended to be used by the defaultAuditEventFactoryImpl sendLogoutAuditEvent method only. |
User response | No action required. |
Problem | The configured AuditServiceProvider did not execute the method in a reasonable time period while security auditing function is required. |
User response | Examine the exception for the cause of the problem. Typically the business transactions should have been aborted because no security auditing record can be logged. |
Problem | A web request is rejected because it contains an invalid URI name. |
User response | Incorrect URI may be a simple user error or an indication of potential threat where malicious users explore the weakness of web applications. You may perform a correlation analysis of security auditing events. |
Problem | A web request is rejected because no web access security context is configured. |
User response | The cause may be a simple user error or an indication of potential threat where malicious users explore the weakness of web applications. You may perform a correlation analysis of security auditing events. |
Problem | Access to a web resource does not require access control because there is no servlet mapping. |
User response | The URI is not protected. No action is required is this is the desired configuration. Otherwise, proper security constraint should be added to the web application. |
Problem | Access to a web resource does not require access control because there is no security constraint. |
User response | The URI is not protected. No action is required is this is the desired configuration. Otherwise, proper security constraint should be added to the web application. |
Problem | Access to login page, error page, and form login page does not require access control. |
User response | The URI is not protected. No action is required. |
Problem | According to Servlet V2.4 Spec, access to a web resource should be precluded if there is an auth constraint in the security constraint but there is no security role defined in the auth constraint. |
User response | Modify the security constraint if the current behavior does not fit your needs. |
Problem | The requested resource has a Data Constraint and requires SSL connection to it. |
User response | No action is required. |
Problem | WebSphee Application Server does not support the configured login method. |
User response | Modify the deployment descriptor to choose a supported login method. You may explore the Trust Association Interface and the UserRegistry interface and plug in your custom implementation to support the DIGEST login method. |
Problem | According to Servlet V2.4 Spec, access to a web resource should be permitted if there is no auth constraint in the security constraint. |
User response | Modify the security constraint if the current behavior does not fit your needs. |
Problem | Access to a web resource is granted to any user without requiring authentication when the Everyone Special Subject was mapped to at least one of the required security role. |
User response | Modify the security constraint if the current behavior does not fit your needs. |
Problem | Authentication was successful. |
User response | No action is required. |
Problem | Authentication failed due to internal failure. |
User response | Please report this problem to IBM. |
Problem | Authentication failed because the SSO token has expired. |
User response | No action is required. |
Problem | Authentication failed because the SSO token was invalid. |
User response | No action is required. |
Problem | The authentication via the specified Trust Association Interceptor was successful. |
User response | No action is required. |
Problem | The authentication via the specified Trust Association Interceptor failed because the asserted user name cannot be mapped to a valid WebSphere Application Server user. |
User response | If this problem persists, the mapping problem is likely to be caused either by incorrect TAI configuration or by TAI implementation. |
Problem | Form based Authentication failed due to missing or incorrect user id and/or password. Typically a web user will be redirect to a login page to retry. |
User response | No action is required. |
Problem | The authentication based on the X509 client certificate failed because the certificate user name cannot be mapped to a valid WebSphere Application Server user. |
User response | No action is required. |
Problem | The authentication failed because the client certificate user name cannot be mapped to a valid WebSphere Application Server user. |
User response | The user may not be defined in the registry. Otherwise, verify the registry and mapping configuration. |
Problem | The authentication failed because there is no active user registry defined to map the client certificate user name to a valid WebSphere Application Server user. |
User response | Verify the registry and mapping configuration. |
Problem | The authentication failed due to an unexpected runtime exception. |
User response | Please report the problem to IBM. |
Problem | The authentication failed due to an unexpected runtime exception. The web application configuration allows authentication using user id and password. Will try to see if there is user id and password information in the HTTP header. |
User response | No action is required. |
Problem | The authentication failed because there is no authorization header in the HTTP header. WebSphere Application Server will send a 401 challenge to the web client. |
User response | No action is required. |
Problem | The authentication failed because there is no user id and password information in the HTTP header. WebSphere Application Server will send a 401 challenge to the web client. |
User response | No action is required. |
Problem | The authentication failed because there the user id and password information in the HTTP header was incorrect. WebSphere Application Server will send a 401 challenge to the web client. |
User response | No action is required. |
Problem | Authentication using the user id and password in the HTTP header was successful. |
User response | No action is required. |
Problem | Basic Authentication failed and a runtime exception was caught. |
User response | Please report this problem to IBM. |
Problem | Authentication failed and a runtime exception was caught. |
User response | Please report this problem to IBM. |
Problem | Access to the resource is allowed because WebSphere Application Server global security eas not enabled. |
User response | No action required if this is the configured behavior.. |
Problem | Access to the resource is allowed because the user and/or the groups the user is in have the required security role. |
User response | No action required if this is the desired behavior. |
Problem | Access to the resource is denied because the user and/or the groups the user is in does not have any of the required security role. |
User response | No action required if this is the desired behavior. |
Problem | Access to the resource is denied because the user and/or the groups the user is in does not have any of the required security role. |
User response | No action required if this is the desired behavior. |
Problem | Access to the resource is denied because the user and/or the groups the user is in does not have any of the required security role. |
User response | No action required. |
Problem | The client context id (= 0) in a MessageInContext message is invalid. |
User response | No action required. |
Problem | The client context id is inconsistent with session state. |
User response | This problem should be analyzed to determine whether it was due to program or operational error or due to spoofing attempt. |
Problem | The security token in the security context has expired. |
User response | Typically token has a finite expiration time and this condition may be normal. |
Problem | The message type ASSOC_ACCEPT should not be received at the target server. This might occur due to an exception that occurred on the client which caused a mixup. |
User response | Check the client configuration to ensure there's nothing out of the ordinary that might be causing an exception to occur. |
Problem | The client security context was re-established successfully using the client session context identifier. The message type ASSOC_ACCEPT should not be received at the target server. |
User response | No action is required. |
Problem | Parsing the client authorization token failed. |
User response | Need to determine if this is caused by programming error. |
Problem | GSS security context token contains invalid OID number or authentication mechanism. |
User response | No action required. |
Problem | Authentication failed due to internal error. |
User response | No action required. |
Problem | The Identity token is invalid. |
User response | No action is required. |
Problem | Could not validate Client Authentication Token and/or Client Certificates during Identity Assertion. |
User response | No action is required. |
Problem | Failed to convert the client certificate. |
User response | No action is required. |
Problem | Setting the credentials to unauthenticated because there is no valid identity token. |
User response | No action is required. |
Problem | Message type is not EstablishContext and stateful=false. |
User response | No action is required. |
Problem | Examine the exception for reason of failure. |
User response | No action is required. |
Problem | The authentication was successful. |
User response | No action is required. |
Problem | The J2EE Connection principal/credential mapping was successful. |
User response | No action is required. |
Problem | The user has been granted to one or more of the required roles. |
User response | No action is required. |
Problem | The user has not been granted any one of the required roles. |
User response | No action is required. |
Problem | The HTTP session is cleaned up after form logout. |
User response | No action is required. |
Problem | The web resource requires Form based authentication. Typically a web user will be redirected to a login page to enter user id and password. |
User response | No action is required. |
Problem | Form based authentication was successful. |
User response | No action is required. |
Problem | The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. A caller on the call stack does not have the required permission. This may not be a problem if the caller properly handles this exception. |
User response | Verify that the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions may be required, an AccessController.doPrivileged call may be needed in some code on the call stack, or the Security Manager has properly prevented access to a resource that a caller does not have permission to access. |
Problem | The Java Security Manager checkPermission() threw a SecurityException. A caller on the call stack does not have the required permission. |
User response | Verify that the attempted operation is permitted by examining all Java 2 security files and application code. Additional permissions may be required. |
Problem | Applications running in this server are considered "trusted". When applications are trusted, the security infrastructure will allow the creation of MVS credentials without a password, passticket, or certificate as an authenticator. Trusted applications must be enabled in order to use the LTPA authentication mechanism, identity assertion, or a Trust Association Interceptor with a "Local OS" user registry on z/OS. Trusted applications must also be enabled to use SAF authorization. |
User response | No user action is required. |
Problem | Applications running in this server are not considered "trusted". Since applications are not trusted, the security infrastructure has disallowed the creation of MVS credentials without a password, passticket, or certificate as an authenticator. Trusted applications must be enabled in order to use the LTPA authentication mechanism, identity assertion, or a Trust Association Interceptor with a "Local OS" user registry on z/OS. Trusted applications must also be enabled to use SAF authorization. |
User response | No user action is required. |
Problem | The server has been configured to perform J2EE and operating system thread identity synchronization for applications that request it. |
User response | No user action is required. |
Problem | The server has been configured to perform J2EE and operating system thread identity synchronization for applications that request it but the security product has not authorized the use of this support. |
User response | Contact your security product administrator to request authorization to use thread identity synchronization. |
Problem | The server has been configured to perform J2EE and operating system thread identity synchronization for connectors that are able to exploit it. |
User response | No user action is required. |
Problem | The server has been configured to perform J2EE and operating system thread identity synchronization for connectors that are able to exploit it but the security product has not authorized the use of this support. |
User response | Contact your security product administrator to request authorization to use thread identity synchronization. |
Problem | WebSphere will not perform SURROGAT class authorization checks prior to creating native security environments. |
User response | No user action is required. |
Problem | WebSphere for z/OS has been configured to use the z/OS security product for authorization. The authorization policies for WebSphere must be defined in the EJBROLE class of the z/OS security product. Authorization policies embedded in the applications will be ignored. |
User response | No user action is required. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The APPLDATA associated with the profile representing the J2EE role will be used to determine the id of a user that is in the role. An invocation Subject will be built with a credential for that user. |
User response | No user action is required. |
Problem | The security service was unable to create a delegation credential. This failure is usually due to incorrect or missing APPLDATA associated with the EJBROLE profile associated with the application role. |
User response | Verify that the EJBROLE profile exists and is defined correctly. If the profile is correct, use the information about the SAF service, and SAF service return codes to determine the cause of the failure. If the problem persists, please contact the IBM support center. |
Problem | An earlier error prevented WebSphere from creating a subject that was in the required role. The target method will be dispatched without a change the current security environment. This may result in authorization errors as the caller may not be in the required role. |
User response | Please examine the previous messages to determine the initial cause of th error. |
Problem | WebSphere was unable to authenticate the user with the password that was presented. It is likely that the user ID or password were not valid. |
User response | Verify that the user ID is valid. If the user is valid, use the provided SAF serivce information to get more information about the cause of the failure. |
Problem | An authorized service used to create a native z/OS credential has failed. The credential cannot be used by the caller. |
User response | Use the provided SAF service information to determine the cause of the failure. If the problem persists, please contact the IBM support center. |
Problem | The z/OS security product did not authorize the creation of a security environment for the specified user. The security environment associated with the current address space will be used. |
User response | Contact your security product administrator to authorize the creation of a security environment for the specified user if required by your application. |
Problem | An authorized service used to perform thread identity synchronization has failed. The thread security environment may not have been associated with the current thread of execution. |
User response | User the provided SAF service information to determine the cause of the failure. If the problem persists, please contact the IBM support center. |
Problem | A custom SAF role to profile mapper has been configured, loaded, and initialized. |
User response | No user action is required. |
Problem | WebSphere was unable to load and and instantiate the configured class. This is generally due to an incorrect class name. |
User response | Verify that the specified class name is correct and that it can be loaded by the WebSphere class loader. |
Problem | The BPX1TLS service does cannot be called from the initial pthread task (IPT). If this service is called on the IPT, future calls to perform connection management or application thread identity synchronization will fail. |
User response | No action is required. |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | None |
User response | None |
Problem | Admin user id could not be added to virtual member manager file-based registry |
User response | Validate virtual member manager has been configured |
Problem | Found other virtual member manager repository configurations but only file-based is supported in the wizard |
User response | None |
Problem | An error occuring accessing the Workspace |
User response | None |
Problem | Error occurred updating the admin-authz.xml file with the new admin user |
User response | None |
Problem | Exception raised when accessing the Security object in the workspace |
User response | None |
Problem | Valid user registry types are: LDAPUserRegistry, LocalOSUserRegistry, CustomUserRegistry, WIMUserRegistry |
User response | Ensure user registry type is a valid type |
Problem | LDAP registry type was not a valid type |
User response | Ensure user registry type is a valid type |
Problem | Exception raised while verifying at least one admin id in the admin-authz.xml exists in the user registry |
User response | None |
Problem | Could not auto-generate an LTPA password |
User response | None |
Problem | Could not auto-generate a Server Id |
User response | None |
Problem | Admin name does not exist in the specified user registry |
User response | Ensure the admin name exists in the user registry prior to executing command |
Problem | Caught exception while applying wizard security settings |
User response | None |
Problem | Caught exception while getting wizard security settings |
User response | None |
Problem | Caught exception while getting Application Security setting |
User response | None |
Problem | Caught exception while getting Global Security setting |
User response | None |
Problem | Caught exception while setting Global Security setting |
User response | None |
Problem | Caught exception while validating admin name |
User response | None |
Problem | Exception raised connecting to the LDAP server |
User response | Verify input parameters are correct |
Problem | Exception raised while setting useRegistryServerId in the user registry object |
User response | None |
Problem | Failed to validate user password in WIM registry |
User response | None |
Problem | Exception raised while adding adminId to user registry |
User response | None |
Problem | Failed to add the adminID to the user registry object |
User response | None |