Explanation | The system cannot load the cell-level ws-security.xml configuration file. The file might be corrupted, missing, or in the wrong location. |
Action | Verify that the configuration file exists. If the file is missing, copy the ws-security.xml file from the ${USER_INSTALL_ROOT}/config/templates directory. |
Explanation | The system cannot load the server-level ws-security.xml configuration file. The file might be corrupted, missing, or in the wrong location. |
Action | Verify that the configuration file exists. If the file is missing, copy the ws-security.xml file from the ${USER_INSTALL_ROOT}/config/templates directory. |
Explanation | The NLS message catalog might not exist, is corrupted, or exists in the wrong location. An error occurred when the Web services configuration utilities attempted to locate this bundle. |
Action | Verify that the message catalog exists in the correct location. |
Explanation | An attempt to load the collection certificate store failed. The provider of the collection certificate store might have a null value. The providor of the collection certificate store might not be configured. The collection might have a null value. |
Action | The CollectionCertStore configuration might be corrupted or missing. Verify that the collection certificate store is configured properly in the binding. |
Explanation | The ContextManager class manages the state information for a request that is being processed. The code cannot access the ContextManager class for this message. Therefore, the code does not have access to this information. |
Action | No user action is required. |
Explanation | The CallbackHandler class does not support the specified Callback implementation. |
Action | Verify the configuration specifies the correct CallbackHandler class and that the class is implemented correctly. |
Explanation | There is a problem with the Java message beans that has prevented the SecurityTokenServiceAdmin MBean from activating. This message bean is used to perform a live refresh of the configuration of the Security Token Service. |
Action | There is no user action to correct this problem. |
Explanation | The format for the value for the Nonce cache timeout is not an integer. The Nonce is a randomly generated value. |
Action | Change the value for the Nonce cache timeout to an integer. The Nonce cache timeout value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceCacheTimeout in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The specified value for the Nonce cache timeout is less than the minimum value that is required. The Nonce is a randomly generated value. |
Action | Change the value for the Nonce cache timeout to one within the valid range. The Nonce cache timeout value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceCacheTimeout in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The format for the value of the Nonce max age is not an integer. The Nonce is a randomly generated value. |
Action | Change the the value for the Nonce max age to an integer. The Nonce max age value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceMaxAge in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The specified value for the Nonce max age is not within the valid range. The Nonce is a randomly generated value. |
Action | Change the value for the Nonce max age to one within the valid range. The Nonce max age value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceMaxAge in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The specified value for the Nonce clock skew is not within the valid range. The Nonce is a randomly generated value. |
Action | Change the value for the Nonce clock skew to one within the valid range. The Nonce clock skew value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceClockSkew in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The format for the value of the Nonce clock skew is not an integer. The Nonce is a randomly generated value. |
Action | Change the value for the Nonce clock skew to an integer. The Nonce clock skew value is specified by the custom property com.ibm.wsspi.wssecurity.core.NonceClockSkew in the WS-Security bindings. The Nonce is a randomly generated value. |
Explanation | The value of the Nonce is either missing from the SOAP message or it was not encoded with a supported encoding type. The Nonce is a randomly generated value. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The specified Nonce cache size is less than the minimum value that is required. The Nonce is a randomly generated value. |
Action | Specify a cache size greater the minimum value. The Nonce cache size value can be specified by the custom property com.ibm.ws.wssecurity.config.token.BasicAuth.Nonce.cacheSize in the WS-Security bindings or the com.ibm.websphere.wssecurity.util.nonceCacheSize Java system property. The Nonce is a randomly generated value. |
Explanation | The specified Nonce length is less than the minimum value that is required. The Nonce is a randomly generated value. |
Action | Specify the Nonce length greater the minimum. The Nonce length value can be specified by the com.ibm.websphere.wssecurity.util.nonceLength Java system property. The Nonce is a randomly generated value. |
Explanation | The CallbackHandler with prompt behavior is not supported for applications running on the Application Server. If this is used in the Application Server, it might cause the Application Server to hang. |
Action | Use a CallbackHandler that is supported for the Application Server. |
Explanation | The CallbackHandler with prompt behavior is not supported for applications running on the Application Server. If this is used in the Application Server, it might cause the Application Server to hang. |
Action | Use a CallbackHandler that is supported for the Application Server. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The specified value for the timestamp timeout is less than the minimum value that is required. |
Action | Change the value for the timestamp timeout to one that is within the valid range. The timestamp timeout value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampTimeout in the WS-Security bindings. |
Explanation | The format for the value of the timestamp max age is not an integer. |
Action | Change the value for the timestamp max age to an integer. The timestamp max age value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampMaxAge in the WS-Security bindings. |
Explanation | The specified value for the timestamp max age is not within the valid range. |
Action | Change the value for the timestamp max age to one within the valid range. The timestamp max age value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampMaxAge in the WS-Security bindings. |
Explanation | The specified value for the timestamp clock skew is not within the valid range. |
Action | Change the value for the timestamp clock skew to one within the valid range. The timestamp clock skew value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampClockSkew in the WS-Security bindings. |
Explanation | The format of the value for the timestamp clock skew is not an integer. |
Action | Change the value for the timestamp clock skew to an integer. The timestamp clock skew value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampClockSkew in the WS-Security bindings. |
Explanation | The format of the value for the timestamp cache timeout is not an integer. |
Action | Change the value for the timestamp cache timeout to an integer. The timestamp cache timeout value is specified by the custom property com.ibm.wsspi.wssecurity.core.TimestampTimeout in the WS-Security bindings. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The RSA-OAEP algorithm is only supported by JDK Version 1.5 and later. |
Action | If the application is not configured to use the RSA-OAEP algorithm, no action is required. If the application is configured to use the RSA-OAEP algorithm, change the Web services security binding configuration to use the http://www.w3.org/2001/04/xmlenc#rsa-1_5 algorithm instead. |
Explanation | This is for informational purposes only. |
Action | This is for informational purposes only. |
Explanation | An attempt was made to use the Web services security token propagation feature, but global security was not enabled in the Application Server. |
Action | Enable global security in the Application Server. |
Explanation | A WebSphere Credential is expected in the Lightweight Third-Party Authentication (LTPA) propagation token and none is found. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Cryptographic operations are processed using the software provider because the hardware cryptographic processing has failed. |
Action | Check the first failure data capture (FFDC) log file for error details and make sure the hardware cryptographic provider is properly configured. |
Explanation | This message is for informational purposes only. |
Action | No action is required. |
Explanation | This message is for informational purposes only. |
Action | No action is required. |
Explanation | A password is required to load the Java key store. This password does not exist in the binding. |
Action | Specify the key store password in the binding. |
Explanation | The key store path is incorrect, or the key store does not exist. |
Action | Verify the path to the key store in the binding does exist on the machine. |
Explanation | The I/O error could be caused by format problem with the data in the key store, no password is specified when required, or incorrect password is specified. |
Action | Verify that you specified the correct key store type and password in the binding. |
Explanation | The default provider does not support the key store type, the algorithm that is used to verify the key store integrity does not exist, or certificates in the key store cannot be loaded. |
Action | Use the iKeyman tool or keytool to create key store with the supported key store type. Refer to the information center for supported key store types. |
Explanation | The system cannot locate the Java class that you specified in the class path. |
Action | Verify that the class name is correct and exists in the appropriate class path. |
Explanation | The class default constructor does not exist, or the class is one of the following class types: abstract, interface, array, primitive, or void, or other permission problem. |
Action | Verify that the class default constructor exists. Verify that you did not specify any of the following class types: abstract, interface, array, primitive, or void. Verify that you have the proper Java 2 Security permission or file system permission. |
Explanation | The class default constructor does not exist or not public. |
Action | Verify that the class public default constructor exists. |
Explanation | The key store file does not contain at least one trusted certificate entry or has not successfully initialized. |
Action | Verify that the key store file is correctly configured for the parameters that the PKIXBuilderParameters object specifies. Verify that the key store file contains at least one trusted certificate entry. |
Explanation | The instantiated class is not a subclass of the required class type. |
Action | Verify that the class implementation extends the required base class or implements the required interfaces. |
Explanation | The certificate store type is not available or supported by the provider. |
Action | Verify that you specified a supported certificate store type. |
Explanation | The specified initialization parameters for this certificate store are incorrect. |
Action | Verify that you specified the certificate store configuration in the binding correctly. |
Explanation | The specified provider is not configured. |
Action | Verify that you configured the specified provider correctly. |
Explanation | The certificate file cannot be accessed because I/O errors occured. |
Action | Verify that you specified the correct certificate file path and the appropriate file system permissions. |
Explanation | The certificate file cannot be parsed. |
Action | Verify that the certificate file format is a supported certificate type. |
Explanation | Multiple XML elements exist in the SOAP message, where only one XML element with a specific namespace is expected. |
Action | Verify that the SOAP message conforms to the standard specifications. If the error persists, then refer to the information center for further troubleshooting and support. |
Explanation | The XML element with a specific namespace does not exist in the SOAP message. |
Action | Verify that the SOAP message conforms to the standard specifications. If the error persists, then refer to the information center for further troubleshooting and support. |
Explanation | One or more of the XML elements with a specific namespace do not exist in the SOAP message. |
Action | Verify that the SOAP message conforms to the standard specifications. If the error persists, then refer to the information center for further troubleshooting and support. |
Explanation | The required attribute does not exist in the XML element. |
Action | Verify that the SOAP message conforms to the standard specifications. If the error persists, then refer to the information center for further troubleshooting and support. |
Explanation | None of required elements with the specific namespaces exist in the SOAP message. |
Action | Verify that the SOAP message conforms to the standard specifications. If the error persists, then refer to the information center for further troubleshooting and support. |
Explanation | The encoding type that you requested is not supported. |
Action | Verify that you encoded the SOAP message with the supported encoding type. |
Explanation | The KeyIdentifier element requires the ValueType attribute, which cannot be found. |
Action | Verify that you specified the ValueType attribute for the KeyIdentifier element in the SOAP message. |
Explanation | The XML encryption process requires the EncryptedData element, which cannot be found. |
Action | Verify that you encrypted the SOAP message correctly using W3C XML encryption and Organization for the Advancement of Structured Information Standards (OASIS) Web service security specifications. |
Explanation | Internal configuration files cannot be loaded. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This message is a formatted version of a SOAP fault message. |
Action | Examine the formatted SOAP fault message, which will list the actual problem. |
Explanation | The certificate has expired. |
Action | Verify the expiration date of the certificate and obtain a valid new certificate. |
Explanation | The certificate is not valid. |
Action | Verify that the certificate is a valid one and obtain a valid certificate if necessary. |
Explanation | The certificate could not be mapped to a valid user in the registry. |
Action | Verify that there is a valid user that corresponds to the Distinguished Name for this certificate in the registry. Either obtain a certificate that has a corresponding valid user in the registry, or assure that the Distinguished Name can map to a valid user in the registry. |
Explanation | An internal class could not be instantiated. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | A certificate is about to expire in the keystore. |
Action | Open the keystore and validate the expiration dates for all of the certificates in the keystore. Generate new certificates, if necessary. |
Explanation | The Application Server expects an integer value. However, the specified value is not an integer number. |
Action | Correct the value for the property so that it is an integer number. |
Explanation | The timestamp of the nonce is too old and has expired. The message might have taken too long to arrive, or there could be a time syncronization problem between client and server. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. If they are both syncronized, it will need to be determined why the message is taking so long to arrive. |
Explanation | An implementation of the specified algorithm could not be obtained from the JCE provider. |
Action | Make sure that the JCE provider being used does provide the specified algorithm. |
Explanation | The clocks on the client and server might not be synchronized. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. |
Explanation | The time stamp in the message is too old and has expired. The message might have taken too long to arrive, or there could be a time syncronization problem between client and server. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. If they are both syncronized, it will need to be determined why the message is taking so long to arrive. |
Explanation | The clocks on the client and server might not be synchronized. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. |
Explanation | The clocks on the client and server might not be synchronized. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. |
Explanation | The clocks on the client and server might not be synchronized. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | A configuration file is missing. |
Action | Verify that the configuration file is in the specified location. |
Explanation | There has been an error processing an XML file. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | A Certificate Revocation List file cannot be found in the filesystem. |
Action | Verify that the file is located on the specified location. |
Explanation | There has been a problem creating a Certificate Revocation List from the CRL file. |
Action | Verify that the CRL file contents are correct. |
Explanation | The key could not be recovered. The password for recovering the key might be wrong. |
Action | Verify that the password to retrieve the key from the keystore is correct. |
Explanation | storepass attribute required for KeyStore. |
Action | Verify the KeyStore:- storepass attribute in the binding is required. |
Explanation | There was a problem parsing a nonce value. The nonce in the message is in an incorrect format. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | A nonce value should be unique on each message. The current message has a nonce that has already been found in a previous message. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | There has been a problem parsing a time stamp value found in the message. Could be timestamp is in an incorrect format. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The message arrived after the expiration time for the time stamp. The message might have taken too long to arrive, or there could be a time syncronization problem between client and server. |
Action | Ensure that the date, time, and time zone are synchronized for both the client and the server. If they are both syncronized, it will need to be determined why the message is taking so long to arrive. |
Explanation | A check for the time stamp type has determined that the type is not supported. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | A nonce was expected in the message but it was not found. |
Action | Verify that the security policies and bindings for the application sending the message are configured so a nonce is added to its messages. |
Explanation | A time stamp was expected in the message but it was not found. |
Action | Verify that the security policies and bindings for the application sending the message are configured so a time stamp is added to its messages. |
Explanation | The time stamp must have a wsu:Created element indicating the time of message creation. |
Action | A time stamp was expected for the UsernameToken when consuming the message. Check your bindings for the sending service and verify that they especify the use of a time stamp for the UsernameToken. |
Explanation | An identifier is used to uniquely label a section of a message. If more than one section have the same identifier, then it is impossible to associate the id to a unique section. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The security configuration for this service is not valid. |
Action | Check that the specified policy and bindings for this service are correct. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | No XPath expression was specified on an XPath element in the specified assertion in the policy. |
Action | Verify that all XPath elements in the specified assertion in the policy contain valid XPath expressions. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | An unsupported canonicalization method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | An unsupported signature method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | An unsupported digest method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | An unsupported transform method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | The key information content consumer type is unknown. A probable reason could be that there is an error in the key bindings. |
Action | Verify that key bindings for the application security bindings are correct. |
Explanation | An unsupported encryption method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | An unsupported key encryption method was specified. Possible causes are that the application security policy has specified a not valid Algorithm Suite assertion, or that the client and server have incompatible Algorithm Suite assertions in their policies. |
Action | Check the security policy for both server and client applications and ensure that the Algorithm Suite assertions are valid and compatible. |
Explanation | The Caller configuration must have a JAAS configuration or a Caller identity. One of the two must be present. This might be a problem with the application security bindings. |
Action | Verify that the application security bindings are correct for Caller configuration. |
Explanation | There is no configuration found for the signing key. There might be key bindings information missing in the application security bindings. |
Action | Verify that the key bindings configuration for signing key on the application security bindings are correct. |
Explanation | Reference to message parts are required in order to retrieve the signature algorithms from Policy. This could be an error in the bindings. |
Action | Verify that there are message parts to be signed on the application security bindings. |
Explanation | There was no data encryption method found in the configuration. The Algorithm Suite assertion in the policy might not be valid. |
Action | Verify that a valid Algorithm Suite is specified in the application security policy. |
Explanation | There is no configuration found for the encryption consumer key. There might be key bindings information missing in the application security bindings. |
Action | Verify that the key bindings for the encryption consumer in the application security bindings are correct. |
Explanation | Reference to message parts are required in order to retrieve the encryption algorithms from the policy. In this case there are none. |
Action | Verify that there are message parts to be encrypted in the application security bindings. |
Explanation | A token consumer configuration must have a class instance. A probable reason could be that there is an error in the security bindings relating to security tokens. |
Action | Verify that the token/consumer generator binding information in the application security bindings are correct. |
Explanation | A token consumer configuration must have a type. A probable reason could be that there is an error in the security bindings relating to security tokens. |
Action | Verify that the token consumer binding information in the application security bindings is correct. |
Explanation | A key consumer configuration must have a content consumer list. A probable reason could be that there is an error in the key bindings configuration. |
Action | Verify that the key bindings configuration is correct for the application security bindings. |
Explanation | A key information configuration must have a class instance. A probable reason could be that there is an error in the key bindings. |
Action | Verify that the key bindings configuration is correct for the application security bindings. |
Explanation | A key information configuration must have a type. A probable reason could be that there is an error in the key bindings. |
Action | Verify that the key bindings information in the application security bindings are correct. |
Explanation | An XPath transform was specified in the signing information but an XPath expression was not provided. |
Action | Verify that the application bindings do provide an XPath expression in the signing information. |
Explanation | Not valid or Unexpected QName for the TokenConsumer. |
Action | Verify that valid QName for the TokenConsumer is provided. |
Explanation | The expected reference is not available. |
Action | Turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | trustanchor is not available. |
Action | Verify that trustanchor information is provided in the binding. |
Explanation | If there is one or more Nonce or timestamp that need to be signed, there needs to be a MessagePart that needs to be signed/encrypted as well. |
Action | Verify the policy if there is one or more Nonce or timestamp that need to be signed, there needs to be a MessagePart that needs to be signed/encrypted as well. |
Explanation | Missing or incorrect algorithm attribute. |
Action | Verify the algorithm has been specified in the binding. |
Explanation | One of the possible reasons be the Algorithm URI couldnot be mapped to the Algorithm Factory. |
Action | Verify the algorithm information in the binding. |
Explanation | The Algorithm URI information could be missing or not valid in the binding. |
Action | Verify the Algorithm information in the binding. |
Explanation | There is mismatch of referencing signed parts in policy and binding. |
Action | PartReference in SigningInfo is required to be referenced correctly in the policy and binding. |
Explanation | information for the signing algorithm is not valid or incomplete. |
Action | One of the places to verify is the binding, ensure the algorithm provided is valid. |
Explanation | transform information for the signing algorithm is not valid or incomplete |
Action | Verify transform information in the binding. |
Explanation | (Required)Integrity or (Required)Confidentiality: At least one MessagePart is required. |
Action | Provide Required)Integrity or (Required)Confidentiality message part. |
Explanation | The order is negative or not valid value. |
Action | Verify the order is specified correctly in the binding. The order mentions how to process signature and encryption. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | type attribute required for KeyStore. |
Action | Verify the KeyStore:- type attribute in the binding is required. |
Explanation | path attribute required for KeyStore. |
Action | Verify the KeyStore:- path attribute in the binding is required. |
Explanation | alias attribute required for Key. |
Action | Verify the Key:- alias attribute in the binding is required. |
Explanation | name attribute required for Key. |
Action | Verify the Key:- name attribute in the binding is required. |
Explanation | Keystore reference is not valid. |
Action | Verify keystore is available, not corrupted and specified correctly in binding. |
Explanation | KeyStore doesnot have one of the following. Either KeyStoreRef attribute or storepass, path, type attributes. |
Action | Change the keystore element to have either KeyStoreRef or storepass,path,type attributes |
Explanation | When specifying a Header to be signed or encrypted, the Namespace attribute is required. |
Action | Specify the Namespace attribute for the Header on the EncryptedParts or SignedParts. |
Explanation | Only one KeyInfo is required in Generator SigningInfo. |
Action | Verify the binding for the Signature Generators KeyInfo. |
Explanation | Only one KeyInfo is required in Generator EncryptionInfo. |
Action | Verify the binding for the Encryption Generators KeyInfo. |
Explanation | TokenGenerator classname and instance attribute is required. |
Action | Verify binding for correct TokenGenerator classname. |
Explanation | TokenGenerator ValueType attribute is required. |
Action | Verify binding for valueType of TokenGenerator. |
Explanation | CallbackHandler classname attribute is required. |
Action | Verify the binding if the CallbackHandler className is valid. |
Explanation | BasicAuth: User id is null, but user password is not null. |
Action | Verify the User ID and password for the BasicAuth in the binding. |
Explanation | Generator SigningInfo or EncryptionInfo: Only one KeyInfo is required. |
Action | Verify the binding for keyinfo information. |
Explanation | The combination of secret key algorithms [{0}] and the type of key information [{1}] is not allowed. |
Action | Verify if the secret key algorithm information provided in policy and key information provided in binding are valid. |
Explanation | There are no allowed transform algorithms defined. |
Action | Verify if the transform algorithm in binding and algorithmSuite in policy are valid. |
Explanation | There are no allowed canonicalization algorithms defined. |
Action | Verify the algorithm attributes in binding and algorithmSuite in policy are valid. |
Explanation | There are no allowed signature algorithms defined. |
Action | Verify the algorithm attributes in binding and algorithmSuite in policy are valid. |
Explanation | There are no allowed digest algorithms defined. |
Action | Verify the algorithm attributes in binding and algorithmSuite in policy are valid. |
Explanation | There are no allowed data encryption algorithms defined. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | There are no allowed key encryption algorithms defined. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Null or empty is not allowed to the name of Integrity, Confidentiality, RequiredIntegrity, or RequiredConfidentiality. |
Action | Verify wsu:Id value is set valid for Integrity and Confidentiality in policy. |
Explanation | Null or empty is not allowed to the name of SecurityToken or RequiredSecurityToken. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | AddCreateTimestamp/@expires has a not valid format string. |
Action | Verify binding for valid timestamp format. |
Explanation | Unable to find the default configuration. |
Action | Verify default binding have not been modified, deleted or corrupted. |
Explanation | Null or empty is not allowed to the name of TokenGenerator or TokenConsumer. |
Action | Verify the binding for valid name attribute for TokenGenerator and TokenConsumer. |
Explanation | Null or empty is not allowed to the name of KeyInfo. |
Action | Verify the binding for valid name attribute for KeyInfo. |
Explanation | Missing TokenGenerator reference in the KeyInfo. |
Action | Verify the binding for TokenGenerator reference in KeyInfo. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The message contained tokens that could not be consumed. This could be a problem with the token consumer bindings. |
Action | Verify that the token consumer bindings in the application security bindings are correct. |
Explanation | The target element: {0} was not expected. |
Action | To get more information on the error, turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | Unexpected child element. |
Action | To get more information on the error, turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | Unexpected Namespace URI. |
Action | Verify the namespace URI is correct. |
Explanation | There is mismatch of WS-Security Namespace URI versions. |
Action | Verify in binding approrpriate WS-Security Namespace URI versions are specified. |
Explanation | The provided SigningInfo is corrupted or not valid. |
Action | Verify SigningInfo information in the binding. |
Explanation | The provided EncryptionInfo is corrupted or not valid. |
Action | Verify EncryptionInfo information in the binding. |
Explanation | The provided TokenConsumer is corrupted or not valid. |
Action | Verify TokenConsumer information in the binding. |
Explanation | Expected Security Token missing. |
Action | Verify the valuetype information of the Token in the binding. |
Explanation | Error during signature verification. |
Action | For more information on error turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | Error during message decryption. |
Action | For more information on error turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | The securitytoken provided in policy or binding is not supported or valid. |
Action | Verify the Token information in the policy and binding. |
Explanation | An exception while processing WS-Security message. |
Action | Turn on trace to collect more debug information. Refer to the information center to collect trace data. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The SOAP message might not have the security constraints defined, or the actor on the server and the client do not match. |
Action | Verify that the client has security configured for Web services and that the actor matches on both the client and the server. |
Explanation | The SOAP message might not have the security constraints defined, or the actor on the server and the client do not match. |
Action | Verify that the client has security configured for Web services and that the actor matches on both the client and the server. |
Explanation | The SOAP message might not have the security constraints defined, or the actor on the server and the client do not match. |
Action | Verify that the client has security configured for Web services and that the actor matches on both the client and the server. |
Explanation | The RequireSignatureConfirmation policy assertion might not be specified in the policies for the client or the server. |
Action | Verify that the RequireSignatureConfirmation policy assertion has been specified in the policies for both the client and the server. |
Explanation | The RequireSignatureConfirmation policy assertion might not be specified in the policies for the client or the server. |
Action | Verify that the RequireSignatureConfirmation policy assertion has been specified in the policies for both the client and the server. |
Explanation | The RequireSignatureConfirmation policy assertion might not be specified in the policies for the client or the server. |
Action | Verify that the RequireSignatureConfirmation policy assertion has been specified in the policies for both the client and the server. |
Explanation | The RequireSignatureConfirmation policy assertion might not be specified in the policies for the client or the server. |
Action | Verify that the RequireSignatureConfirmation policy assertion has been specified in the policies for both the client and the server. |
Explanation | An EncryptedHeader element with mustUnderstand equal 1 was not decrypted while processing the security header for a Web service. |
Action | Verify that the EncryptedHeader element was targeted to the correct role or actor. |
Explanation | The RequireSignatureConfirmation policy assertion might be specified in the service policy but not in the client policy. |
Action | Verify that the RequireSignatureConfirmation policy assertion is not needed in the client policy. |
Explanation | A signature digest must cover over the entire soap body, or cover over an entire soap header, or cover over a direct child element of the security header when the onlySignEntireHeadersAndBody assertion presents. Please refer to Section 6.6 "[Entire Header and Body Signatures] Property" of the WS-SecurityPolicy v1.2 Specification. |
Action | Check the security policy for both server and client applications and correct the corresponding SignedElements assertion. |
Explanation | The SAML holder-of-key assertion must be used for message signing or endorsing a request. |
Action | Verify the SAML token is configured as a protection token for message signing or endorsing a request. |
Explanation | The SAML sender-vouches assertion must be signed by the sender or protected with an SSL client certificate authentication. |
Action | Verify the SAML sender-vouches assertion is signed with a SOAP message. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | If using symmetric bindings, data encryption must be used instead of key encryption. |
Action | Verify that the bindings are configured to use data encryption if symmetric bindings are used in the policy. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The EncryptedHeader was not processed because of the exception. Because the mustUnderstand attribute was not equal to true, processing of the message was allowed to continue. |
Action | No action is required. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | A Timestamp cannot be added to a Timestamp. |
Action | Modify the policy to only add a Timestamp to message parts that are not a Timestamp. Multiple signed parts can be specified to achieve this. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The AlgorithmSuite specified in the client policy and the server policy might not be compatible. |
Action | Verify that the AlgorithmSuite specified in the client policy and the server policy are compatible. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The specified XPath expression was not properly formed. |
Action | Correct the XPath expression in the policy. |
Explanation | The Header/@Namespace attribute is required. The Header/@Name attribute is optional. |
Action | Verify that the Header/@Namespace is specified correctly in the policy. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The policy expected the specified message part to be encrypted. |
Action | Verify that the policies on both the client and the server specify the same EncryptedParts and EncryptedElements. |
Explanation | The policy expected the specified message part to be signed. |
Action | Verify that the policies on both the client and the server specify the same SignedParts and SignedElements. |
Explanation | The policy expected the specified message part to contain a Nonce element, which is a randomly generated value. |
Action | Verify that the policies on both the client and the server specify that a Nonce is required for the specified message part. |
Explanation | The policy expected a Timestamp header to be found in the message. |
Action | Verify that the policies on both the client and the server specify that a Timestamp is required on the message. |
Explanation | The policy expected the specified message part to contain a Timestamp element. |
Action | Verify that the policies on both the client and the server specify that a Timestamp is required for the specified message part. |
Explanation | The KeyStoreRef attribute name must be valid. |
Action | Verify that the KeyStoreRef attribute exists in the binding and valid. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | KeyInfo specified in the bindings probably is not valid. |
Action | Check the bindings |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The Embedded key id is missing |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | KeyIdentifier element does not have the correct Algorithm specified |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | bindings have the information related to Value Type of the token |
Action | Check the Value Type of the token configuration in the bindings |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | More than one caller token type was specified in the bindings without specifying and order attribute, and more than one caller token was found on the message. Not enough information available to decide which token to use as caller. |
Action | Specify a single token type to use as caller in the bindings, or utilize order attribute when specifying multiple callers to eliminate ambiguity. |
Explanation | A set of callers was defined in the bindings, and no caller token was found in the incoming message. |
Action | Do not require caller in the bindings or ensure that the client does send the required token. |
Explanation | This token type was designated as a caller, but more than one token of the same type was found in the message. Do not know which one to use as caller. |
Action | Service sending the message with multiple tokens of this same type should be reconfigured to send only one. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This supporting token type was designated as a caller, but more than one token of the same type was found in the message. Do not know which one to use as caller. |
Action | Service sending the message with multiple tokens of this same type should be reconfigured to send only one. |
Explanation | This protection token type was designated as a caller, but more than one token of the same type was found in the message. Do not know which one to use as caller. |
Action | Service sending the message with multiple tokens of this same type should be reconfigured to send only one. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | A keystore with the specified reference could not be loaded. |
Action | Verify that the keystore reference in the bindings is correct. |
Explanation | Multiple conflicting Web Services Addressing (WS-Addressing) namespaces in the SOAP message. |
Action | Make sure the correct and supported WS-Addressing namespace is used. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | It might be that the user is not included in token, or the user is not in user registry, or the token could not be validated. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | A keystore with the specified reference could not be loaded. |
Action | Verify that the keystore reference in the bindings is correct. |
Explanation | The specified key alias is not in keystore. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The certificate is expired. |
Action | Check keystore, and make sure certificate is not expired. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The keystore configuration used by key locator is not defined in the consumer side. |
Action | Check binding file. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The security token should be used for stand-alone tokens. |
Action | Check binding file. |
Explanation | The security token should be used for stand-alone tokens. |
Action | Check the binding file. |
Explanation | The security token need a matching token generator. |
Action | Check binding file for the security token type. |
Explanation | The Security token need a token generator reference. |
Action | Check binding file for the security token type. |
Explanation | The security token type need define a matching token consumer. |
Action | Check binding file for the security token type. |
Explanation | The Security token need a token consumer reference. |
Action | Check binding file for the security token type. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Nonce cache size must be an integer. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Nonce length must be an integer. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The certificate cache timeout has a minimum value. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The certificate cache size is less than the allowed minimum size. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Use integer number as cache size. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The token cache timeout is less than the minimum. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The token cache size is less than the allowed minimum. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Use integer value as cache size. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The token cushion is less than the minimum. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Only one wsse:Security element is allowed. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | JAAS login configuration name is not defined. |
Action | Check binding file and security.xml file for JAAS login name. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The request might be missing required elements. |
Action | Refer to the information center for information on the request formats. |
Explanation | The request does not meet the authentication requirements. |
Action | Refer to the configuration files for the authentication requirements. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The security token is not valid. |
Action | Obtain a new security token. |
Explanation | The request is missing some of the required authentication information. |
Action | Refer to the information center for information on the authentication requirements. |
Explanation | The Application Server cannot process the request because elements exist that are not understood. |
Action | Refer to the information center for information on the request formats. |
Explanation | The data in the request has expired. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The Application Server cannot process the request because the requested time range is not valid or not supported. |
Action | Refer to the documentation or the configuration to determine the valid time ranges. |
Explanation | The Application Server cannot process the request because the requested scope is not valid or not supported. |
Action | Refer to the documentation or the configuration to determine the valid scopes. |
Explanation | The security token has expired. |
Action | Renew the security token. |
Explanation | The Application Server cannot renew the security token. |
Action | Obtain a new security token. |
Explanation | The context token does not contain the required information. |
Action | Refer to the information center for information on the required context information. |
Explanation | Some of the values in the request that are associated with the security context token (SCT) are not supported. |
Action | Refer to the information center for information on the supported values. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The context token has expired. |
Action | If the token is renewable, renew the context token. Otherwise, obtain a new context token. |
Explanation | Some context tokens cannot be renewed. |
Action | Obtain a new context token. |
Explanation | The configuration file for the security token service is needed for normal operation. |
Action | Verify that the file has not been moved or become corrupted. |
Explanation | The plugins configuration file for the security token service is needed for normal operation. |
Action | Verify that the file has not been moved or become corrupted. |
Explanation | The targets configuration file for the security token service is needed for normal operation. |
Action | Verify that the file has not been moved or become corrupted. |
Explanation | There is a syntax problem for the URIs specifying the SCT token type, the SCT get request, or the SCT put request type. |
Action | Verify that the installation image has not been corrupted. |
Explanation | This issue causes errors for messages that are targeted for an unconfigured endpoint. |
Action | Verify that the configuration file for the security token service targets specifies a default token type. |
Explanation | There is a syntax problem for the URI specifying the wildcard mapping. |
Action | Verify that the installation image has not been corrupted. |
Explanation | This instance of the security token service is required for normal operation. |
Action | Verify that the instance of the security token service exists. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The format of the LDAP port number is wrong. |
Action | Check the LDAP port number and make sure it is correct. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The requested cryptographic algorithm is not available on this environment. |
Action | Specify an available cryptographic algorithm. |
Explanation | A not valid parameter for a cryptographic algorithm has been found. |
Action | Check parameters and ensure they are valid. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | There was an exception received while loading default bindings. The exception will contain the specific problem found. |
Action | Refer to the exception thrown for details and take appropriate action. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Default bindings were not found. |
Action | Check logs and trace to see if default bindings were found in the filesystem or if there were any loading errors, and take appropriate action. |
Explanation | There was a problem loading the ws-security.xml file. It could have been moved, deleted or corrupted. |
Action | Verify that the ws-security.xml file is present and intact in the WebSphere installation. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Loading of default and custom bindings failed. It is impossible to complete configuration. |
Action | Check trace and FFDC logs for problems logged during loading of custom and default bindings and take appropriate action. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Valid policy set attachment types are client, application, or system/trust. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Incomplete keystore configuration was found, either KeyStore Reference or KeyStore Path must be specified, but not both at the same time. |
Action | Check the keystore configuration in the binding and make sure either KeyStore Reference or KeyStore Path is specified. |
Explanation | The may be caused by instantiation of class that is an abstract class, an interface, an array class, a primitive type, or void, or the class has no default constructor, but could also be other reasons. |
Action | Make sure the class specified is not an abstract class, an interface, an array class, a primitive type, or void, and has default constructor. |
Explanation | This error is caused by the requested certificate type is not available from the JCE provider. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The AxisService from the BindingProvider object may not be correct for this Security Context Token. |
Action | Make sure the BindingProvider object specified on the cancel operation is correct. |
Explanation | The Security Context Token is not cancelled because of an exception. |
Action | Look at the exception and see if the security token service (STS) configuration needs to be modifed to support SCT cancel. |
Explanation | Either the createdDate or expiredDate is null. Both createdDate and expiredDate are required when renewing a Security Context Token. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The Security Context Token could not be renewed because an exception was received. |
Action | Make sure the security token service (STS) is configured to allow the Security Context Token to be renewed. Also check that the WSSGenerationContext and WSSConsumingContext specified on the renew operation are correct. |
Explanation | The Security Context Token could not be validated because an exception was received. |
Action | Make sure the security token service (STS) is configured correctly, and that the WSSGenerationContext and WSSConsumingContext specified on the validate operation are correct. |
Explanation | The Security Context Token is not renewable after expiration. |
Action | Make sure the renewableAfterExpiration property is set to true in the security token service (STS) configuration if the desired behavior is to renew the Security Context Token after expiration. |
Explanation | The encrypting key or signing key could not be retrieved from the security token. Either an exception occurred or null was returned. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The decrypting key or verifying key could not be retrieved from the security token because an exception was received. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The default duration for the timestamp for WSS APIs does not have a valid format. This value is defined in the web services security runtime. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | A required class could not be instantiated. |
Action | If the class was specified for token generators or consumers, make sure the class name is correct and that the class is in the correct location. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The request type is not recognized. |
Action | Verify that the plugins configuration file contains the correct information. |
Explanation | A valid URI value for the issue request type must be present in the SCT configuration. |
Action | Verify that the SCT configuration file contains a valid URI for the custom property issueRequestTypeRST. |
Explanation | A valid URI value for the cancel request type must be present in the SCT configuration. |
Action | Verify that the SCT configuration file contains a valid URI for the custom property cancelRequestTypeRST. |
Explanation | A valid URI value for the renew request type must be present in the SCT configuration. |
Action | Verify that the SCT configuration file contains a valid URI for the custom property renewRequestTypeRST. |
Explanation | A valid URI value for the validate request type must be present in the SCT configuration. |
Action | Verify that the SCT configuration file contains a valid URI for the custom property validateRequestTypeRST. |
Explanation | The SCT handler classes must be initialized before use. |
Action | Refresh the Security Token Service or restart the server. |
Explanation | Requests are required to contain Entropy and BinarySecret elements. |
Action | Refer to the documentation for acceptable issue request formats. |
Explanation | The attempt to cache the security context token failed. |
Action | Verify that the SCT configuration file contains the fully qualified name of an accessible token cache factory class under the property tokenCacheFactory. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Cancel requests must have the CancelTarget element, which specifies the UUID of the security context token to cancel. |
Action | Refer to the documentation for acceptable cancel request formats. |
Explanation | Failed to extract the UUID of the security context token from the CancelTarget element in the request. The UUID is needed to fulfill the cancel request. |
Action | Refer to the documentation for acceptable cancel request formats. |
Explanation | The SCT handler classes must be initialized before use. |
Action | Refresh the Security Token Service or restart the server. |
Explanation | Renew requests must have the RenewTarget element, which specifies the UUID of the security context token to renew. |
Action | Refer to the documentation for acceptable renew request formats. |
Explanation | Failed to extract the UUID of the security context token from the RenewTarget element in the request. The UUID is needed to fulfill the renew request. |
Action | Refer to the documentation for acceptable renew request formats. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Validate requests must have the ValidateTarget element, which specifies the UUID of the security context token to validate. |
Action | Refer to the documentation for acceptable validate request formats. |
Explanation | Failed to extract the UUID of the security context token from the ValidateTarget element in the request. The UUID is needed to fulfill the validate request. |
Action | Refer to the documentation for acceptable validate request formats. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | WS-Address might not be enabled. It is required for Secure Conversation. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | WS-SecureConversation client cache configuration file, WSSCCache.xml, could not be loaded by using JAXB. |
Action | Verify the WSSCCache.xml is in Cell name directory. If WSSCCache.xml existed and problem still persists, contact your service representative. |
Explanation | The request to using distributed SecurityContextToken cache could not be done. SecurityContextToken will be cached in local server only, and will not be distributed to all other cluster members. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Requested Security Token Response message does not have the valid life time information of the Security Context Token |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Might be due to a problem during the derived key generation |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | Security Context Token is expired. |
Action | When using WSSAPIs, user can try to renew the token and retry the request |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The Value Type specified in the token configuration is not correct |
Action | Check and correct the Value Type information in the bindings for the token consumer configuration |
Explanation | The security context token might be expired or there is a problem retrieving the token from the trust service |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The security context token might be expired or the token does not exist in the cache |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The security context is associated with more than one instance |
Action | Security Context Token should have instance information |
Explanation | Cannot renew the security context token |
Action | set renewableAfterExpiration property to true |
Explanation | The security context token is valid at the webservice endpoint specified in the RequestSecurityToken. |
Action | Ensure the endpoint address of the webservice (To: header) matches the AppliesTo URL specified in the RequestSecurityToken including port number. Verify an intermediate server is not modifying the To: header. |
Explanation | This is informational message only. Runtime will automatically request for a new SC token |
Action | Informational message |
Explanation | Newly issued security context token should have more lifetime than the WS-SecureConversation client cache cushion |
Action | Either lower the client cache cushion setting or increase the lifetime of the security context token |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | The requested property is not in WS-SecureConversation client cache configuration file. |
Action | Check WS-SecureConversation client cache configuration file. |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This exception is unexpected. The cause is not immediately known. |
Action | If the problem persists, additional information might be available if you search for the message ID on the following Web sites: |
Explanation | This is information only. |
Action | No action is required. |
Explanation | This is information only. |
Action | No action is required. |
Explanation | The Application Server encountered not valid settings while loading the configuration file. |
Action | Verify that the configuration files contain valid settings. |
Explanation | A problem was encountered when attempting to configure the STS. |
Action | Verify that the STS configuration files have not been corrupted or removed. |
Explanation | The token type that was specified is not valid for the endpoint. |
Action | Verify that the token type is valid for the endpoint. |
Explanation | One possibility is that the RequestSecurityToken element was not present in the sent message. Another is that the soap message may not have been decrypted, because of an issue with the policy set. |
Action | Verify that the policy set is correct. |
Explanation | The element can only occur once in the token request. |
Action | Remove the extra elements from the token request and resubmit the request. |
Explanation | The Application Server encountered a not valid element while processing the RequestSecurityToken. |
Action | Remove the not valid element from the RequestSecurityToken and resubmit the request. |
Explanation | The Application Server could not successfully process the RequestSecurityToken because of a missing header element. |
Action | Specify the missing header element in the RequestSecurityToken and resubmit the request. |
Explanation | The Application Server encountered an incorrect number of responses from the STS. |
Action | No user action is required. |
Explanation | The trust related policy set for the resource failed to load. |
Action | Verify that the trust related policy set for the resource is correct. |
Explanation | The attached WS-PolicySet binding file is not valid. |
Action | Regenerate the binding file. |
Explanation | The attached WS-PolicySet binding file is not valid. |
Action | Regenerate the binding file. |
Explanation | The attached WS-PolicySet policy for web services security is not valid. |
Action | Regenerate the policy file. |
Explanation | The attached WS-PolicySet policy for web services security is not valid. |
Action | Regenerate the policy file. |
Explanation | The attached WS-PolicySet policy for web services security is not valid. |
Action | Regenerate the policy file. |
Explanation | An unsupported assertion has been added to the Kerberos Token assertion. |
Action | Remove the unsupported assertion from the Kerberos Token assertion. |
Explanation | Two Kerberos version assertions have been defined in the policy. |
Action | Remove one of the assertions from the policy and use only one Kerberos version. |
Explanation | Two Kerberos version assertions have been defined in the policy. |
Action | Remove one of the assertions from the policy and use only one Kerberos version. |
Explanation | Only one of the following token reference assertions may be specified for a token: RequireKeyIdentifierReference, RequireEmbeddedTokenReference, RequireIssuerSerialReference, RequireThumbprintReference. |
Action | Regenerate the policy file. |
Explanation | The policy file contains a not valid X509Token, Kerberos or UsernameToken assertion. |
Action | Regenerate policy file with a valid token type. |
Explanation | The policy file contains a not valid SecureConversationToken assertion. |
Action | Regenerate policy file with a valid SecureConversation token type. |
Explanation | The policy file contains multiple namespaces. Only one namespace is allowed. |
Action | Verify that the policy file is correct. |
Explanation | The policy file contains an element that is not a known policy assertion. |
Action | Verify that the policy file is correct. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains multiple XPath elements in signedElements that are identical. The element will only be signed once. |
Action | No user action is required. |
Explanation | The policy file contains multiple XPath elements in encryptedElements that are identical. The element will only be encrypted once. |
Action | No user action is required. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | The policy file contains an assertion that is not valid or not supported. |
Action | Refer to the documentation to determine the valid and supported assertions. |
Explanation | A null value is not allowed for the Value Type for the token generator. |
Action | Specify a valid Value Type and regenerate the binding file. |
Explanation | The token types need to match. |
Action | Correct the token type in either the policy file or binding file and regenerate the file. |
Explanation | The token generator did not define a JAAS configuration. |
Action | Define a JAAS configuration for the token generator in the binding file and regenerate the file. |
Explanation | The two specified assertions are not valid together. Only one of them should be specified in the policy. |
Action | Correct the policy file and regenerate the file. |
Explanation | A null value is not allowed for the Value Type for the token consumer. |
Action | Specify a valid Value Type and regenerate the binding file. |
Explanation | The token consumer did not define a JAAS configuration. |
Action | Define a JAAS configuration for the token consumer in the binding file and regenerate the file. |
Explanation | The policy file contains more than one token with the same type. Duplicate tokens are not allowed. |
Action | Correct the policy file and regenerate the file. |
Explanation | The Token Generator token type in the bindings file must match the signature token type in the policy file. |
Action | Correct the policy or binding file and regenerate the file. |
Explanation | The Token Generator token type in the bindings file must match the encryption token type in the policy file. |
Action | Correct the policy or binding file and regenerate the file. |
Explanation | The Token Consumer token type in the bindings file must match the signature token type in the policy file. |
Action | Correct the policy or binding file and regenerate the file. |
Explanation | The Token Consumer token type in the bindings file must match the encryption token type in the policy file. |
Action | Correct the policy or binding file and regenerate the file. |
Explanation | A caller was defined that does not have a matching token in the policy. |
Action | Remove the caller from the bindings, or add a supporting or protection token of the same type to the policy. |
Explanation | The token consumer specified enforceTokenVersion. The token Value type must match the token consumer configuration. |
Action | Verify that the token generator and consumer configuration is correct. Removing enforceTokenVersion will allow the token with a different Value type to be consumed. |
Explanation | The policy file specifies no parts to be encrypted. The SignatureConfirmation element will not be encrypted. |
Action | Correct the policy file and regenerate the file. |
Explanation | The policy file specifies no parts to be signed. The SignatureConfirmation element will not be signed. |
Action | Correct the policy file and regenerate the file. |
Explanation | The audit subsystem failed initialization. One possible reason is the implementation class cannot be found or loaded. |
Action | Examine the exception for possible cause. Contact the vendor who provided the audit service extension implementation for help. |
Explanation | The WebSphere platform audit subsystem platform implementation failed generating a security audit event. |
Action | Examine the exception for possible cause. Contact WebSphere support for help if this problem was not caused by a configuration problem or failure of an external component such as an event log database. |
Explanation | The WebSphere platform audit subsystem platform implementation cannot generate a security audit event because critical data was missing. |
Action | Contact WebSphere support for help. |
Explanation | The above property determines what the valid value types are. |
Action | Change the value type in the binding and regenerate the file, or set the above property to true. |
Explanation | The LTPA token is only supported on WebSphere Server. |
Action | Change the token type in the policy and regenerate the file. |
Explanation | Kerberos login failed to generate the Kerberos AP_REQ token for the current message due to the exception. |
Action | Verify the intended user is valid in Kerberos registry and specified correctly in the binding file. Set JVM properties, com.ibm.security.jgss.debug=all, com.ibm.security.krb5.Krb5Debug=all, com.ibm.security.ktp.debug=all for more log messages. |
Explanation | Kerberos login failed to consume the Kerberos AP_REQ token for the current message due to the exception. |
Action | Verify the Kerberos Distribution Center(KDC) is configured properly to accept the request AP_REQ token. Set JVM properties, com.ibm.security.jgss.debug=all, com.ibm.security.krb5.Krb5Debug=all, com.ibm.security.ktp.debug=all for more log messages. |
Explanation | Kerberos login failed to consume the Kerberos AP_REQ token for the current message due to the exception. |
Action | Verify the Kerberos Distribution Center(KDC) is configured properly to accept the request AP_REQ token. Set JVM properties, com.ibm.security.jgss.debug=all, com.ibm.security.krb5.Krb5Debug=all, com.ibm.security.ktp.debug=all for more log messages. |
Explanation | Caller processing failed due to the exception. |
Action | Verify the caller configuration and look for other failures in JGSS and Java Kerberos logs. |
Explanation | The specified configuration is not supported with the bindings version thats used |
Action | Migrate bindings to a level that supports the configuration |
Explanation | Two and only two UsernameTokens Supporting tokens are allowed in policy when being used as a trusted id and an id assertion |
Action | Correct the policy and ensure that your it has exactly two UsernameTokens. |
Explanation | When a supporting token type is specified as a caller, one and exactly one supporting token of that type is allowed. |
Action | Correct the policy and ensure that your policy has exactly one token of that type. |
Explanation | In default bindings only one trustedId UsernameToken consumer is allowed. |
Action | Correct the bindings and ensure that it has exactly one trustedId UsernameToken consumer. |
Explanation | In default bindings only one idAssertion UsernameToken consumer is allowed. |
Action | Correct the bindings and ensure that it has exactly one idAssertion UsernameToken consumer. |
Explanation | Only one token consumer per supporting token type is allowed. |
Action | Correct the default bindings so only one token consumer for each supporting token type is configured. |
Explanation | A maximum of 2 UsernameTokens of the same type are allowed in the policy when using default bindings. The maximum of 2 is only allowed when setting up one UsernameToken as a trustedId, and another one as a callerId. |
Action | Correct the policy so a maximum of 2 SupportingToken UsernameToken assertions of the same type are found in the policy. |
Explanation | A caller was configured without an order attribute in a namespace requiring its use. |
Action | Regenerate the binding file with correct caller order attributes set. |
Explanation | The Value Type on the token in the message does not match the token consumer configuration. |
Action | Check and correct the Value Type information in the bindings. The token consumer and token generator configuration must both specify valid Value Types that are compatible. |
Explanation | The WSS API configuration is not valid. See the referenced exception. |
Action | Correct the WSS API configuration. |
Explanation | The SOAP message that has been received by the consumer or provider contained an XML digital signature in the security header. However, the application that is receiving the message is not configured for inbound XML digital signature. The security header in the inbound SOAP message contained a mustUnderstand attribute with a value of 1. Therefore, an exception has been created. |
Action | Complete one of the following tasks: - Add an inbound XML digital signature configuration to the application that is receiving the SOAP message. - Remove the outbound XML Digital signature configuration from the application that is sending the SOAP message. - Configure the application that is sending the SOAP message to not add the mustUnderstand attribute to the SOAP security header. |
Explanation | The SOAP message that has been received by the consumer or provider contained XML encryption information in the security header. However, the application that is receiving the message is not configured for inbound XML encryption. The security header in the inbound SOAP message contained a mustUnderstand attribute with a value of 1. Therefore, an exception has been created. |
Action | Complete one of the following tasks: - Add inbound XML encryption configuration to the application that is receiving the SOAP message. - Remove outbound XML encryption configuration from the application that is sending the SOAP message. - Configure the application that is sending the SOAP message to not add the mustUnderstand attribute to the SOAP security header. |
Explanation | A RunAs Subject may not exist or may not contain WebSphere user security attributes. |
Action | Check if the application server security is enabled. |
Explanation | The identity delimiter pattern appears more than once. |
Action | Either the user name or the unique representation of the user in the identity string {0} contains the identity delimeter pattern {1}. Modify the name representation to remove any ambiguity. |
Explanation | The user identity should be qualified by realm name when the com.ibm.wsspi.wssecurity.token.IDAssertion.sendRealm property value is set to true. |
Action | Check if the com.ibm.wsspi.wssecurity.token.IDAssertion.sendRealm property is set to true in binding on sending side. |
Explanation | Realm of the asserted identity is not in list of trusted inbound realms. |
Action | Verify the list of inbound trusted realms. |
Explanation | There was a problem loading named bindings or default bindings for this application. |
Action | Exception will have details on what went wrong during loading. Please examine specific exception and take corrective actions. |
Explanation | Only one token consumer per supporting token type is allowed. |
Action | Correct the default bindings so only one token consumer for each supporting token type is configured. |
Explanation | Kerberos login failed to generate the Kerberos AP_REQ token for the current message due to the exception stated. |
Action | Verify the intended user is valid in Kerberos registry and specified correctly in the binding file. Set JVM properties, com.ibm.security.jgss.debug=all, com.ibm.security.krb5.Krb5Debug=all, com.ibm.security.ktp.debug=all for more log messages. |
Explanation | The format to use for the property is in service_name/hostname. |
Action | Verify the value of property named com.ibm.wsspi.wssecurity.krbtoken.serviceSPN. |
Explanation | A securityTokenReference is not supported on default bindings. |
Action | Regenerate the token consumer in the default bindings, so the securityTokenReference is removed. |
Explanation | A securityTokenReference is not supported on default bindings. |
Action | Regenerate the token generator in the default bindings, so the securityTokenReference is removed. |
Explanation | In default bindings only one trustedId UsernameToken generator is allowed. |
Action | Correct the bindings and ensure that it has exactly one trustedId UsernameToken generator. |
Explanation | In default bindings only one idAssertion UsernameToken generator is allowed. |
Action | Correct the bindings and ensure that it has exactly one idAssertion UsernameToken generator. |
Explanation | Only one token generator per supporting token type is allowed. |
Action | Correct the default bindings so only one token generator for each supporting token type is configured. |
Explanation | In default bindings, we allow only a single supporting token of this type in the policy. |
Action | Regenerate the policy so only one supporting token of this type is in the policy. |
Explanation | Two UsernameToken token consumers, one configured as trusted id and the other as a caller id were found, but do not know which one to use, as only one UsernameToken assertion was found in the policy. This is an ambiguous situation. |
Action | Correct the policy so two Usernametoken SupportingToken assertions are in the policy, or remove one of the two UsernameToken token consumers from the default bindings. |
Explanation | Two UsernameToken token generators, one configured as trusted id and the other as a caller id were found, but do not know which one to use, as only one UsernameToken assertion was found in the policy. This is an ambiguous situation. |
Action | Correct the policy so two Usernametoken SupportingToken assertions are in the policy, or remove one of the two UsernameToken token generators from the default bindings. |
Explanation | A token consumer was not found in the bindings for the supporting token of this type. |
Action | Correct the bindings so a token consumer for the supporting token in the policy is defined. |
Explanation | A token generator was not found in the bindings for the supporting token of this type. |
Action | Correct the bindings so a token generator for the supporting token in the policy is defined. |
Explanation | After looking at bindings, no encryption bindings were found for the confidential part with the specified reference name in the policy. |
Action | Regenerate bindings so this confidential part specified in the policy has a correctly defined encryption binding. |
Explanation | After looking at bindings, no signature bindings were found for the integral part with the specified reference name in the policy. |
Action | Regenerate bindings so this integral part specified in the policy has a correctly defined signature binding. |
Explanation | When using default bindings, we allow 2 UsernameTokens of the same type, only when being used as callers. |
Action | Correct the default bindings, so these 2 UsernameTokens are used as callers, or to not use 2 UsernameTokens. |
Explanation | Only two UsernameTokens, one configured as trusted identity and the other as a caller identity are allowed when using default bindings. |
Action | Regenerate policy to use 2 UsernameTokens as caller identity and trusted identity. |
Explanation | Only two UsernameTokens, one configured as trusted identity and the other as a caller identity are allowed when using default bindings. |
Action | Regenerate policy to use 2 UsernameTokens as caller identity and trusted identity. |
Explanation | Default bindings are missing the token consumer for the signing token. |
Action | Regenerate the default bindings, so there is a token consumer for the signing token. |
Explanation | Integral parts were specified for inbound messages in the policy, but there was no matching signing information on the inbound section of the default bindings. |
Action | Regenerate the default bindings, so there are signature bindings for the specified inbound integral parts. |
Explanation | Default bindings are missing the token consumer for the encryption token. |
Action | Regenerate the default bindings, so there is a token consumer for the encryption token. |
Explanation | Confidential parts were specified for inbound messages in the policy, but there was no matching encryption information on the inbound section of the default bindings. |
Action | Regenerate the default bindings, so there are encryption bindings for the specified integral parts. |
Explanation | Integral parts were specified for outbound messages in the policy, but there was no matching signing information on the outbound section of the default bindings. |
Action | Regenerate the default bindings, so there are signature bindings for the specified outbound integral parts. |
Explanation | Confidential parts were specified for outbound messages in the policy, but there was no matching encryption information on the outbound section of the default bindings. |
Action | Regenerate the default bindings, so there are encryption bindings for the specified outbound integral parts. |
Explanation | The ValueType on the token generator is missing. |
Action | Check and correct the ValueType information in the bindings. The token generator configuration must specify a valid ValueType. |
Explanation | The ValueType on the token consumer is missing. |
Action | Check and correct the ValueType information in the bindings. The token consumer configuration must specify a valid ValueType. |
Explanation | An attempt to fill missing encryption information missing in custom bindings by loading missing information from default bindings failed. Default bindings loading failed earlier. |
Action | Inspect original error that prevented default bindings loading and take appropriate action. |
Explanation | An attempt to fill missing signature information in custom bindings by loading missing information from default bindings failed. Default bindings creation failed earlier. |
Action | Inspect original error that prevented default bindings creation and take appropriate action. |
Explanation | An attempt to fill missing supporting token information in custom bindings by loading missing information from default bindings failed. Default bindings creation failed earlier. |
Action | Inspect original error that prevented default bindings creation and take appropriate action. |
Explanation | An attempt to use default bindings failed. Default bindings creation failed earlier. |
Action | Inspect original error that prevented default bindings creation and take appropriate action. |
Explanation | The trust anchor could not be loaded because the path is null. |
Action | Verify the trust anchor path is specified in the bindings, or specify trustAnyCertificate. |
Explanation | There was a problem loading the bootstrap configuration. The caught exception has the precise reason. |
Action | Look at the exception that was caught and take appropriate action. |
Explanation | When a protection token type is specified as a caller, one and exactly one protection token of that type is allowed. |
Action | Correct the policy and ensure that your policy has exactly one token of that protection token type. |
Explanation | SCT lifetime is less than the RM sequence timeout. Message would not be able to be recovered as SCT will have expired before the RM sequence timeout time. It is recommended that SCT lifetime is equal or greater than the RM sequence timeout. |
Action | Adjust RM and/or SCT timeouts so SCT lifetime is equal or greater than the RM inactivity timeout. |
Explanation | None |
Action | None |
Explanation | At most one signature token and one encryption token can be declared in the WS-Security bindings |
Action | Modify the WS-Security bindings to ensure there is no more than one encryption token and one signature token |
Explanation | None |
Action | None |
Explanation | Request message part protection and response message part protection policies must be the same in order for bootstrap policy to be published. |
Action | Modify the trust system policy set to ensure the message part protection policies are the same for request and response. |
Explanation | The policy file contains an AlgorithmSuite assertion that has parameters that contradict settings in the bindings. |
Action | Modify either the policy file or the bindings to ensure the Algorithm suite parameters match. |
Explanation | The signature reference contains a transformation algorithm that can not be published using WS-Policy |
Action | Modify the WS-Security bindings to remove the transformation algorithm that can not be published using WS-Policy |
Explanation | The order attribute in the signature and encryption references in the bindings can not be published using WS-Policy |
Action | Modify the bindings to ensure that all signature order attributes are either higher or all lower than the encryption order attribute values. |
Explanation | Strict header layout can not be guaranteed when encrypting before signing. |
Action | Modify the policy and select an alternative header order. |
Explanation | Web services security runtime cannot find correrct SOAP action or correct WS-Addressing action to determine whether an operation level PolicySet must be used to validate the received message. The request message is therefore rejected for security consideration. |
Action | Modify web services client so that correct SOAP action or WS-Addressing action is specified in request messages. |
Explanation | A SAML assertion cannot be issued. |
Action | Ensure that the required assertion elements are specified. |
Explanation | The assertion token cannot be retrieved because the assertion ID is missing from the requesting message context. |
Action | Ensure that the assertion ID is generated for the SAML assertion. |
Explanation | The confirmation method or type for this request is not recognized. |
Action | The subject confirmation method can be either holder-of-key (HOK) or sender-vouches (SV). |
Explanation | The SAML token issue request to the STS failed. |
Action | The SAML token issue request to the STS failed. |
Explanation | The propagation token is not valid for this request. |
Action | Provide a valid propagation token for this request. |
Explanation | The token type must be SAML, which is the only token type processed by this login module. |
Action | Provide a SAML token type. |
Explanation | A SAML token cannot be located for the provided ID. |
Action | Provide a valid SAML ID. |
Explanation | The SOAP namespace specified in the trust client request is not valid. |
Action | Specify a SOAP namespace that is supported by the trust client. |
Explanation | The WS-Addressing namespace specified is not a valid namespace. |
Action | Specify a WS-Addressing namespace that is supported by the trust client. |
Explanation | The WS-Addressing namespace specified is not a valid namespace. |
Action | Specify a WS-Trust namespace that is supported by the trust client. |
Explanation | The application name is not set in the trust client. |
Action | Set the application name in the trust client provider configuration settings. |
Explanation | Configuring the outgoing request using the application trust policy set and bindings produced an error. |
Action | Verify that the product was installed properly, and the application classpath is correct. |
Explanation | The trust client cannot configure the outgoing request with the specified configuration setting. |
Action | Verify that the configuration setting is correct. |
Explanation | The trust client was unable to establish communication with the specified trust service provider. |
Action | Verify that the specified trust service provider address is correct. |
Explanation | The trust client is not initialized. |
Action | Verify that the trust client provider configuration settings are correct. |
Explanation | The trust client settings key is not one of the predefined keys required for the trust client. |
Action | Specify a trust client settings key from the list of predefined trust client keys. |
Explanation | The request security token cannot be added to the collection because the token action does not match the action of the existing requests in the collection. |
Action | Ensure that the request security token action matches the action of existing requests in the collection. |
Explanation | The request security token cannot be added to the collection because the token header does not match the header of the existing requests in the collection. |
Action | Ensure that the request security token header matches the header of the existing requests in the collection. |
Explanation | The request security token cannot be added to the collection because the token trust service provider address does not match the trust service provider address of the existing requests in the collection. |
Action | Ensure that the trust service provider of the request security token matches the provider of existing requests in the collection. |
Explanation | The specified trust client key value settings is not valid. |
Action | Verify that the value of the trust client settings key is correct. |
Explanation | Loading the application trust policy set and bindings produced an error. |
Action | Verify that the specified policy set and bindings names are correct. Also, verify that the policy set and bindings files exist, and are in the correct location. |
Explanation | The trust client was unable to access the necessary resources to create a new instance. |
Action | Verify that the product was installed properly, and the application classpath is correct. |
Explanation | The specified trust service provider is not a valid Web service address for processing trust client requests. |
Action | Verify that the specified trust service provider Web service address is correct and accessible. |
Explanation | The trust client failed to establish communications with the specified trust service provider. |
Action | Verify that the specified trust service provider Web service address is correct, and the application trust policy set and bindings are configured correctly for the trust service provider. |
Explanation | The trust client received a response from the trust service provider that is not valid. |
Action | Verify that the trust service provider address is correct, and the trust client is configured correctly for the specified trust service provider. |
Explanation | The SAML issuer configuration data property file did not load. |
Action | Verify that a valid SAML property file exists at the specified location. |
Explanation | The specified service name of the trust service provider cannot be used to process trust client requests. |
Action | Verify that the specified service name of the trust service provider matches the service name in the trust service provider WSDL file. |
Explanation | The specified port name of the trust service provider cannot be used to process trust client requests. |
Action | Verify that the specified port name of the trust service provider matches the port name in the trust service provider WSDL file. |
Explanation | The specified port name of the trust service provider cannot be used to process trust client requests. |
Action | Verify that the specified port name of the trust service provider matches the port name in the trust service provider WSDL file. |
Explanation | The WS-PolicySet policy for Web services security that is attached to the service specifies a SAML confirmation method that is different from the method used by the issued token. |
Action | Revise your configuration to ensure the confirmation method for the attached WS-PolicySet corresponds to the issued token. |
Explanation | The SAML token contains OneTimeUse or DoNotCacheCondition assertions; however, these assertions are not supported. |
Action | The SAML token provider must be configured to not include the OneTimeUse or the DoNotCacheCondition assertions, or set the validateOneTimeUse binding option to false. |
Explanation | The SAML token contains an AudienceRestriction assertion that cannot be verified. |
Action | Do not configure the AudienceRestriction assertion in the SAML token provider, or set the validateAudienceRestriction binding option to false. |
Explanation | The SAML issuer name or signer SubjectDN are not defined in the trusted issuer list that is defined in the bindings. |
Action | Check your bindings to make sure the issuer name and the signer SubjectDN of the certificate are trusted. |
Explanation | The SAML token specifies a confirmation method that is not supported. |
Action | The SAML token provider must be configured to not send SAML tokens with the unsupported confirmation method. |
Explanation | The received token is not supported. |
Action | The token provider must be configured to send only supported token types. See the Information Center for list of supported token types. |
Explanation | There was no token consumer configured for the token type received. |
Action | Configure a token consumer for the received token type so it can be processed. |
Explanation | A returned token is expected when a token validation request is made to the security token service. |
Action | The security token service must be configured to return a token when it handles a token validation request. |
Explanation | The ValueType of the token received from the security token service cannot be identified. |
Action | The security token service must be configured to return a ValueType for the exchanged token. |
Explanation | A token validation request was sent to the security token service but no results were returned. |
Action | The security token service must be configured to return a result on a token validation request. |
Explanation | A token validation request was sent to the security token service and multiple results were returned. This is not supported. |
Action | Configure the security token service to return a single result on a token validation request. |
Explanation | The outgoing request is not able to use the token in the RunAsSubject to exchange it for the requested token from the security token service. |
Action | Configure the security token service to return a GenericSecurityToken with the expected ValueType attribute value. |
Explanation | To parse a SAML token, the parser is required to determine the value of the ValueType attribute for the token. Receiving an unsupported SAML token type is one possible cause for this error. |
Action | Ensure the security token service that provides the token is configured to return a supported SAML token type. See the Information Center for list of supported SAML token types. |
Explanation | The outgoing request is not able to use the token in the RunAs subject to exchange it for the requested token from the security token service. |
Action | If a token cannot be extracted from the RunAs subject, change the configuration to issue a new token by removing the custom property, useRunAsSubjectOnly, from the callback handler. |