Explanation | This method is not implemented. |
Action | None |
Explanation | The key information for the Security Assertion Markup Language (SAML) provider in not available to sign a SAML assertion. |
Action | Check the configuration information for the provider and ensure that the signing key information for the provider exists in its respective keystore. |
Explanation | A key information object is not associated with a key alias. |
Action | Ensure that the key information object is associated with an alias during the creation process. |
Explanation | An attempt to create a CredentialConfig object, which is based on a null Subject, has been detected. A valid CredentialConfig object cannot be created. |
Action | Specify a valid Subject. |
Explanation | An attempt to create a CredentialConfig object, which is based on a Subject without a Principal, has been detected. A valid CredentialConfig object cannot be created. |
Action | Specify a valid Subject with a valid Principal. |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | The SAML Assertion Issuer address provided is not valid. |
Action | Ensure that the Security Assertion Markup Language (SAML) Assertion Issuer address is valid. |
Explanation | A signed SAML cannot be modified. |
Action | A signed SAML cannot be modified. |
Explanation | Only a string or OMElement data type is allowed for marshalling. |
Action | Provide either the required String or OMElement data type. |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | An unsupported confirmation method has been specified. |
Action | Specify a "bearer," "holder-of-key," or "sender-vouches" confirmation method. |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | This method is not implemented. |
Action | None |
Explanation | The create request for the TokenType value is not valid. |
Action | Provide a valid TokenType value. |
Explanation | The Security Assertion Markup Language (SAML) assertion namespace is not known. |
Action | Provide a valid namespace. |
Explanation | The Security Assertion Markup Language (SAML) assertion during the call to the newSAMLToken method is not valid. |
Action | Ensure that you provide a valid SAML assertion. |
Explanation | The Security Assertion Markup Language (SAML) token cannot be created from the XMLStructure value during a call to the newSAMLToken method. |
Action | Ensure that you provide a valid XML structure for the assertion. |
Explanation | The Security Assertion Markup Language (SAML) issuer is not associated with a name identifier. |
Action | Ensure that the SAML provider is associated with a name identifier. |
Explanation | This Security Assertion Markup Language (SAML) statement is not supported. |
Action | Do not use unsupported SAML statements. |
Explanation | A Null or empty ID has been provided for a Security Assertion Markup Language (SAML) assertion. |
Action | Provide a name identifier. |
Explanation | A null issue date has been provided. |
Action | Do not provide a null date value. |
Explanation | You cannot modify a signed Security Assertion Markup Language (SAML) assertion. |
Action | Do not attempt to modify a signed SAML assertion. |
Explanation | You cannot marshal an object that is not a String or an OMElement data type. |
Action | Check the type of object that you are attempting to marshal and ensure that it is a String or a OMElement data type. |
Explanation | The authentication method is not valid. |
Action | Use a valid authentication method. |
Explanation | A null argument value has been passed on a setAuthnContext method call. |
Action | Do not pass a null argument value. |
Explanation | A null argument value has been passed on a setAuthnInstant method call. |
Action | Do not pass a null argument value. |
Explanation | The Security Assertion Markup Language (SAML) assertion on a newSAMLToken method call is not valid. |
Action | Pass a valid XML structure for the assertion. |
Explanation | A Security Assertion Markup Language (SAML) token cannot be created from the XMLStructure that is provided on a call to the newSAMLToken method. |
Action | Pass a valid XML structure for the assertion. |
Explanation | The expected token type is SAML 2.0. However, a different version has been found. |
Action | Pass a valid SAML 2.0 version string. |
Explanation | The missing element and attribute must be specified. |
Action | Check and modify token issuer configuration. |
Explanation | The parameter type is incorrect. |
Action | Check and modify to use the correct class type. |
Explanation | The Security Assertion Markup Language (SAML) assertion was received at a time that is earlier than the NotBefore setting in the assertion. This condition is not allowed. A possible reason for the error is that the receiver's clock is out of sync with the clock of the creator of the assertion. |
Action | Synchronize the clocks of the receiver and the creator of the assertion or increase the clock skew using the clockSkew custom property on the configured SAML token consumer. |
Explanation | The Security Assertion Markup Language (SAML) assertion was received at a time that is at or after the NotOnOrAfter setting in the assertion. This condition is not allowed. Possible reasons for the error are that the receiver's clock is out of sync with the clock of the creator of the assertion or the assertion has been obtained and resent by an unauthorized application. |
Action | Synchronize the clocks of the receiver and the creator of the assertion or increase the clock skew using the clockSkew custom property on the configured SAML token consumer. |
Explanation | The IssueInstant in the Security Assertion Markup Language (SAML) assertion indicates that it was issued after the current time. This condition is not allowed. A possible reason for the error is that the receiver's clock is out of sync with the clock of the creator of the assertion. |
Action | Synchronize the clocks of the receiver and the creator of the assertion or increase the clock skew using the clockSkew custom property on the configured SAML token consumer. |
Explanation | A Security Assertion Markup Language (SAML) assertion must contain the attribute shown in the message. The SAML assertion being validated does not have this attribute, or the attribute does not have a value. |
Action | Ensure that the creator of the SAML assertion includes the attribute in the error message on the Assertion element. |
Explanation | A Security Assertion Markup Language (SAML) assertion must contain the element shown in the message. The SAML assertion being validated either does not have this element, or the element does not have a value. |
Action | Ensure that the creator of the SAML assertion includes the element indicated in the error message in the Assertion. |
Explanation | The Security Assertion Markup Language (SAML) assertion contains the element shown in the message, but there is no value for the element. This condition is not allowed. |
Action | Ensure that the creator of the SAML assertion includes a value for the element shown in the message. |
Explanation | When a Security Assertion Markup Language (SAML) assertion contains the element shown in the message, it must also contain the attribute shown in the message. The SAML assertion being validated does not have the attribute shown in the message, or the attribute does not have a value. |
Action | Ensure that the creator of the SAML assertion includes the attribute shown in the message. |
Explanation | The Security Assertion Markup Language (SAML) assertion on a newSAMLToken method call or inbound message is not valid. The reason for the error will be shown after this message. |
Action | See the user action for the message that appears after this error. |
Explanation | An element in the Security Assertion Markup Language (SAML) assertion being processed contains an attribute that is not supported. The valid values are shown in the message. |
Action | Ensure that the creator of the SAML assertion includes a valid value for the element's attribute shown in the message. |
Explanation | An element in the Security Assertion Markup Language (SAML) assertion being processed contains an element value that is not supported. The valid values are shown in the message. |
Action | Ensure that the creator of the SAML assertion includes a valid value for the element shown in the message. |
Explanation | A Security Assertion Markup Language (SAML) assertion must contain the element pair shown in the message. The SAML assertion being validated either does not have the sub-element shown in the message, or the sub-element does not have a value. |
Action | Ensure that the creator of the SAML assertion includes the element pair indicated in the error message in the Assertion. |
Explanation | The Security Assertion Markup Language (SAML) assertion being processed contains an element that is valid for the schema, but the run time does not support the element. Processing of the SAML assertion has stopped. |
Action | Ensure that the creator of the SAML assertion does not include the element shown in the error message. |
Explanation | The Security Assertion Markup Language (SAML) assertion being processed contains an element that is valid for the schema, but the run time does not support the element. Processing of the SAML assertion has stopped. |
Action | Ensure that the creator of the SAML assertion does not include the element shown in the error message. |
Explanation | If a Security Assertion Markup Language (SAML) V1.1 assertion contains an AttributeStatement element, the AttributeStatement element must contain at least one Subject or Attribute sub-elements. The SAML 1.1 assertion being validated contains an AttributeStatement element that contains neither Subject or Attribute sub-elements. |
Action | Ensure that the creator of the SAML assertion either does not include the AttributeStatement element, or includes at least one of the Subject or Attribute sub-elements in the AttributeStatement element. |
Explanation | The AuthenticationInstant in the Security Assertion Markup Language (SAML) assertion indicates that it was issued after the current time. This condition is not allowed. A possible reason for the error is that the receiver's clock is out of sync with the clock of the creator of the assertion. |
Action | Synchronize the clocks of the receiver and the creator of the assertion or increase the clock skew using the clockSkew custom property on the configured SAML token consumer. |
Explanation | If a Security Assertion Markup Language (SAML) V1.1 assertion contains a Subject element, the Subject element must contain at least one NameIdentifier or SubjectConfirmation sub-elements. The SAML 1.1 assertion being validated contains a Subject element that contains neither NameIdentifier or SubjectConfirmation sub-elements. |
Action | Ensure that the creator of the SAML assertion either does not include the Subject element, or includes at least one of the NameIdentifier or SubjectConfirmation sub-elements in the Subject element. |
Explanation | In the Security Assertion Markup Language (SAML) V1.1 schema, the ConfirmationMethod element is a child of the SubjectConfirmation element. Although the schema does not require that the ConfirmationMethod be present in the SubjectConfirmation element, in order for a SAML assertion to be processed successfully, at least one ConfirmationMethod must be present in the assertion. The valid values for the ConfirmationMethod element are [urn:oasis:names:tc:SAML:1.0:cm:bearer, urn:oasis:names:tc:SAML:1.0:cm:sender-vouches, and urn:oasis:names:tc:SAML:1.0:cm:holder-of-key]. |
Action | Ensure that the creator of the SAML assertion includes at least one ConfirmationMethod in the assertion. The ConfirmationMethod element is a child of the SubjectConfirmation element. The SubjectConfirmation element is a child of the Subject element, which can be a child of either the AttributeStatement or AuthenticationStatement elements. |
Explanation | The AuthnInstant in the Security Assertion Markup Language (SAML) assertion indicates that it was issued after the current time. This condition is not allowed. A possible reason for the error is that the receiver's clock is out of sync with the clock of the creator of the assertion. |
Action | Synchronize the clocks of the receiver and the creator of the assertion or increase the clock skew using the clockSkew custom property on the configured SAML token consumer. |
Explanation | The Security Assertion Markup Language (SAML) assertion was received at a time that is at or after the SessionNotOnOrAfter setting in the assertion. This condition is not allowed. Possible reasons for the error are that the receiver's clock is out of sync with the clock of the creator of the assertion or the assertion has been obtained and resent by an unauthorized application. |
Action | Synchronize the clocks of the receiver and the creator of the assertion or increase the clock skew using the clockSkew custom property on the configured SAML token consumer. |
Explanation | The value for the Version attribute in the Security Assertion Markup Language (SAML) V2.0 assertion being processed is not correct. There is only one correct value. The correct value is shown in the message. |
Action | Ensure that the creator of the SAML assertion sets the Version attribute in the SAML 2.0 assertion correctly. |
Explanation | The Security Assertion Markup Language (SAML) assertion was received at a time that is earlier than the NotBefore setting on the SubjectConfirmationData in the assertion. This condition is not allowed. A possible reason for the error is that the receiver's clock is out of sync with the clock of the creator of the assertion. |
Action | Synchronize the clocks of the receiver and the creator of the assertion or increase the clock skew using the clockSkew custom property on the configured SAML token consumer. |
Explanation | The Security Assertion Markup Language (SAML) assertion was received at a time that is at or after the NotOnOrAfter setting on the SubjectConfirmationData in the assertion. This condition is not allowed. Possible reasons for the error are that the receiver's clock is out of sync with the clock of the creator of the assertion, the assertion was cached on the client and resent after it expired, or the assertion has been obtained and resent by an unauthorized application. |
Action | Synchronize the clocks of the receiver and the creator of the assertion, increase the clock skew using the clockSkew custom property on the SAML token consumer in the WS-Security provider bindings or, if using a WebSphere Application Server client, increase the cache cushion using cacheCushion custom property on the SAML token generator in the WS-Security client bindings. |
Explanation | The method shown in the message was performed on an object that is read-only. This method is not allowed on read-only objects. |
Action | Ensure that the object is not read-only or do not invoke the method. |
Explanation | The method shown in the message was performed on an object that contains an encrypted Assertion. This method is not allowed on an object that contains an encrypted Assertion. |
Action | Ensure that the object does not contain an encrypted Assertion or do not invoke the method. |
Explanation | A SAMLAttribute object has a value set in a field that is not supported by the SAML token type that it is being added to. The attribute will be added to the SAML token, but the value for the unsupported attribute will not be reflected in the XML associated with the SAML token. |
Action | Do not set values in a SAMLAttribute object that are incompatible with the SAML token type to which they are being added. |