Problem | The security policy file contains an unhandled object type. |
User response | Verify that the security policy file complies with the the WS-Security specification. |
Problem | The security policy file contains an element name that is not valid. |
User response | Verify that the security policy file contains the correct element names. |
Problem | The token list is empty. The list should contain one token. |
User response | Verify that the specified token list has only one token. |
Problem | The token list should contain only one token. |
User response | Verify that the specified token list has only one token. |
Problem | The system finds multiple SecureConversationToken tokens. There should be zero or one SecureConversationToken token. |
User response | Verify that the security policy file has zero or one SecureConversationToken token. |
Problem | The WS-Security specification does not allow the configuration to have multiple tokens under the SymmetricBinding and SupportingTokens elements. |
User response | Verify that only one token appears under the SymmetricBinding and SupportingTokens elements in the security policy file. |
Problem | The ID must begin with either the request: or response: prefix. |
User response | Verify that the value of the wsu:Id attribute begins with either the request: or response: prefix. |
Problem | The value for the specified element is not valid. |
User response | Refer to the the WS-Security specification and verify that the security policy file contains a valid value for the specified element. |
Problem | The system does not allow nested SecureConversationToken elements. |
User response | Verify that the security policy file does not have the SecureConversationToken element nested within the SymmetricBinding element. |
Problem | The system allows only one binding assertion. Specify either the AsymmeticBinding or SymmetricBinding assertion. |
User response | Verify that the properties contain only one binding assertion. If a binding assertion is defined in your policy file, specify the same binding assertion that appears in the policy file. |
Problem | The value of the property is not valid. |
User response | Refer to the the WS-Security specification and provide a valid value for the specified property. To remove an attribute, specify the property value as an empty string (<q/><q/>). |
Problem | The name of the property is not valid. |
User response | Refer to the WS-Security specification and use a valid name for the specified property. |
Problem | The ID must begin with the request: or response: prefix. |
User response | Verify that the value of the wsu:Id attribute begins with either the request: or response: prefix. |
Problem | The two properties that have been specified contain the same property name. |
User response | Do not use multiple properties with the same property name. |
Problem | The system allows one SecureConversationToken property. |
User response | Verify that one SecureConversationToken property is defined and that the existing security policy file does not contain the specified property. |
Problem | Only one binding assertion, either Asymmetic or Symmetric but not both, is allowed. |
User response | Make sure only one binding assertion is defined in the security policy file. |
Problem | The system allows one assertion for the {0} type under the {1} element. |
User response | Verify that one assertion for {0} is defined for the same parent type. |
Problem | The AsymmetiBinding and SymmetricBinding binding assertions cannot exist for the same configuration. |
User response | If the policy file contains a binding assertion, verify that a new binding assertion was not added to the file. |
Problem | An input parameter does not use the correct format. |
User response | Use the Header_n format for the Header property, where n is a numeric number. Use the XPath_n format for the XPath property, where n is a numeric number. |
Problem | The system did not find or run the set method on the parent object. |
User response | Verify that the property name was specified correctly. |
Problem | The child object was not created. |
User response | Verify that the property name was specified correctly. |
Problem | The list getter method was not found in the parent object. |
User response | Verify that the property name was specified correctly. Use the _n format only for list properties. |
Problem | A required element is missing from the specified parent element. |
User response | Specify the value for the required property. |
Problem | A required property is missing from the specified parent element. |
User response | Specify all required properties for the Key element. |
Problem | The same value cannot be specified for XPath properties within the same encryption protection or signature protection assertion. |
User response | Do not add multiple XPath properties with the same value to the same encryption protection or signature protection. |
Problem | The same value cannot be specified for the Header properties within the same encryption protection or signature protection assertion. |
User response | Do not add multiple Header properties with the same value to the same encryption protection or signature protection element. |
Problem | The unknown property cannot be set for the WS-Security binding configuration. |
User response | The binding configuration property was not recognized. Verify that the property name is specified correctly. |
Problem | The system created a JAXBException, FileNotFoundException or IllegalArgumentException exception and could not parse the security policy file. |
User response | Verify that the security policy file is not corrupted and complies with the WS-Security specification. |
Problem | The system created an exception and could not validate the security policy file. |
User response | Verify that the security policy file is not corrupted and complies with the WS-Security specification. |
Problem | The system can not return a Policy object because the security policy file is not formatted correctly. |
User response | Verify that the security policy file is not corrupted and complies with the the WS-Security specification. |
Problem | The system created a JAXBException or SoapSecurityException exception and could not parse the security binding configuration file. |
User response | If the file is manually modified, restore the original configuration or remove the binding configuration and then recreate it if the file cannot be restored. If the file is not manually modified, follow the usual steps of debugging errors with the product. |
Problem | The command name that has been requested is not valid. |
User response | Verify that the command name exists and it is spelled correctly. |
Problem | The command parameters that have been requested created an error. |
User response | Specify each required parameter with a valid value. |
Problem | The configuration files could not be processed. |
User response | Verify that the following configuration files have not been moved or become corrupt: stsplugins.xml, ststargets.xml, and stsconfig.xml. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | Token type local names must be unique. |
User response | Specify a unique token type local name. |
Problem | The token type URI value must be unique. |
User response | Specify a unique token type URI value. |
Problem | The token type does not exist in your configuration. |
User response | Verify that the token type local name or the URI is spelled correctly. The token type local name and URI values are case sensitive. |
Problem | The endpoint does not exist in your configuration. |
User response | Verify that the endpoint URI value is spelled correctly. The endpoint URI value is case sensitive. |
Problem | The token types configuration file does not contain any configuration information for the token type URI value that was specified. |
User response | Verify that the specified token type URI belongs to a token type configuration. |
Problem | The endpoint configuration file is missing the default token type. |
User response | Use the setSTSDefaultTokenType command to specify a default token type. |
Problem | An endpoint cannot be assigned the same token type more than once. |
User response | Assign a different token type to the endpoint, or allow the endpoint to remain assigned to the current token type. |
Problem | The application server cannot remove the default token type configuration. |
User response | Use the setSTSDefaultTokenType command to replace the current default token type with a different token type. The token type that you replace can be deleted if it is not set as the default token type. |
Problem | The application server can not remove the default properties. |
User response | Verify that each of the specified properties to be deleted is not a default property. |
Problem | The specified token type configuration does not contain one or more of the custom properties that have been specified. |
User response | Use the querySTSTokenTypeConfigurationCustomProperties command to review the custom properties for your token type configuration. |
Problem | The application server could not find the constructor for the command. |
User response | Verify that the install image has not been corrupted. |
Problem | Your configuration does not contain the configuration group name that has been specified. |
User response | Verify that the group name and path for the configuration group is spelled correctly. Do not include the root group name in the path. |
Problem | Your configuration does not contain the specified configuration group path. |
User response | Verify that the configuration group name and path are spelled correctly. Do not include the root group name in the path. |
Problem | Configuration group names in the same path must be unique. |
User response | Specify a unique configuration group name or a different path. |
Problem | The application server does not allow the root configuration group to be deleted. |
User response | Specify a path to the configuration group to remove. Do not include the root configuration group name in the path. |
Problem | The application server does not allow the root configuration group to be renamed. |
User response | Specify a path to the configuration group to rename. Do not include the root configuration group name. |
Problem | The configuration does not contain the configuration property that has been specified. |
User response | Verify that the name and type of the property is spelled correctly. |
Problem | Properties must contain a unique combination of name and type attributes. |
User response | Specify a unique name and type attribute combination. |
Problem | The token type is assigned to one or more endpoints. You must unassign the token type configuration from all targets before deleting the token type configuration. |
User response | Use the unassignSTSEndpointTokenType command to unassign each endpoint that is currently assigned to the token type. |
Problem | The jaasConfigName parameter is required to successfully execute this command. |
User response | Invoke the command and specify the jaasConfigName parameter. Specify the name of the JAAS configuration that contains the login modules to apply to the message for your endpoint, user and token type combination. |
Problem | The tokenTypeURI parameter is required to successfully execute this command. |
User response | Invoke the command and specify the tokenTypeURI parameter. Specify the URI of the token type that identifies the rule of interest. |
Problem | The issuer parameter is required to successfully execute this command. |
User response | Invoke the command and specify the issuer parameter. Specify the URI of the issuer that identifies the rule of interest. |
Problem | The issuer parameter is required to successfully execute this command. |
User response | Specify the issuer parameter or set the value of the nullIssuer parameter to true. |
Problem | For the parameters that were specified, additional parameters are required. You must specify at least one of the parameters with a prefix of new for this command. |
User response | = Specify at least one of the parameters with the following prefix for this command: new. |
Problem | At least one property must be specified with the identity parameter. |
User response | Specify at least one property in the identity parameter. |
Problem | For this command, at least one of the following parameters must be specified: newLocalName, newIssuer, defaultLocalName, or nullIssuer. |
User response | Specify a value for the newLocalName, newIssuer, defaultLocalName, or nullIssuer parameter and retry the command. |
Problem | Identity rules must be unique for an endpoint, issuer and token type combination. |
User response | Specify a unique identity rule. |
Problem | The application server did not execute the command because the trust authentication rule was not found in your configuration. |
User response | Use the listSTSEndpointTrustAuthenticationRule command to verify that the rule exists in the configuration. |
Problem | The application server did not execute the command because the token type assignment that has been specified was not found in your configuration. |
User response | Verify that the endpoint URI and token type URI values are spelled correctly. The endpoint URI and token type URI values are case sensitive. |
Problem | The rule must be unique for the endpoint, issuer and token type combination. |
User response | Specify unique parameters for the rule. Use the listSTSEndpointTrustAuthenticationRules command to view the rules for an endpoint user, issuer, and token type combination. |
Problem | The application server does not allow default properties to be used with the customProperties parameter. |
User response | Verify that each of the specified custom properties is not a default property. |
Problem | The STS is unable to dynamically refresh. |
User response | Review the log files for additional information or restart the server. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | A DefaultIssuerRule element does not exist in your configuration for the endpoint that has been specified. |
User response | Use the addSTSEndpointTrustAuthenticationRule command to create trust authentication rules under the DefaultIssuerRule rule for an endpoint. |
Problem | The IssuerRule element for the endpoint that was specified does not exist in your configuration. |
User response | Use the addSTSEndpointTrustAuthenticationRule command to create trust authentication rules under a specific IssuerRule element for an endpoint. |
Problem | This exception is unexpected. The cause is not immediately known. |
User response | If the problem persists, see problem determination information on the WebSphere Application Server Support page at http://www.ibm.com/software/webservers/appserv/was/support/. |
Problem | The TokenTypeRule element for the endpoint that was specified does not exist in your configuration. |
User response | Use the addSTSEndpointTrustAuthenticationRule command to create trust authentication rules under a specific TokenTypeRule element for an endpoint. |
Problem | The Identity for the endpoint that was specified does not exist in your configuration. |
User response | Use the addSTSEndpointTrustAuthenticationRule command to create trust authentication identities for an endpoint. |
Problem | The target endpoint must be a valid URL. |
User response | Specify a valid URL value for the target endpoint. |
Problem | The parameter value that was specified must be at least the minimum value required for the parameter. |
User response | Invoke the command and specify a value for the parameter that is greater than or equal to the minimum value required for the parameter. |
Problem | The application server could not modify the property, because it does not exist in your configuration. |
User response | Use the addSTSProperty command to create a security token service (STS) property. |
Problem | The application server could not add the property that was specified, because the property already exists in your configuration. |
User response | Use the editSTSProperty command to change the value of security token service (STS) properties. |
Problem | The application server could not edit the property that was specified, because the property is read-only. |
User response | Specify a different property to edit. |
Problem | The application server could not delete the property that was specified, because the property is needed by the application server. |
User response | Specify a different property to delete. |
Problem | The Security Context Token configuration cannot be deleted. |
User response | Specify a different configuration to delete. |