CWWKS

CWWKS1751E: Validation failed for the ID token requested by [{0}] because the (iss) issuer [{1}] specified in the token does not match the [issuerIdentifier] attribute [{2}] for the provider specified in the OpenID Connect client configuration.
Explanation ID token validation failed because the issuer specified in the OpenID Connect client (relying party or RP) configuration and the issuer in the token do not match.
Action Make sure that the [issuerIdentifier] attribute specified in the OpenID Connect client (RP) configuration matches with the issuer for the OpenID Connect provider (OP) being used.
CWWKS1752E: An error occurred while attempting to sign an ID token using the [{0}] algorithm: [{1}].
Explanation An ID token cannot be created because it could not be signed. The reason for the error is shown after the message.
Action See the user action for the message that appears after this error.
CWWKS1753E: An error occurred while attempting to sign an ID token using the [{0}] algorithm: [{1}].
Explanation An ID token cannot be created because it could not be signed. The reason for the error is shown after the message.
Action If using asymmetric signature, check that a valid private key is used to sign the token. For example, check whether a key is expired. Check the keyStore element referenced by the default SSL in server.xml to find information about the key store file that contains the private key. Also, see the user action for the message that appears after this error.
CWWKS1754E: Validation failed for the ID token requested by [{1}] because the (aud) audience [{0}] specified in the token does not match the clientId [{1}] specified in the OpenID Connect client configuration.
Explanation The audience in the ID token should match the client id. In this case, the (aud) audience in the ID token did not match the client id, so the ID token validation failed.
Action Make sure that [clientId] attribute specified in OpenID Connect client (relying party or RP) configuration is correct. The value is case sensitive.
CWWKS1755E: Validation failed for the ID token requested by [{1}] because the (azp) authorized party [{0}] specified in the token does not match the clientId [{1}] specified in the OpenID Connect client configuration.
Explanation The authorized party in the ID token should match the client id. In this case, the (azp) authorized party in the ID token did not match the client id, so the ID token validation failed.
Action Make sure that the [clientId] attribute specified in the OpenID Connect client (relying party or RP) configuration is correct. The value is case sensitive.
CWWKS1756E: Validation failed for the ID token requested by [{0}] using the [{2}] algorithm due to a signature verification failure: [{1}].
Explanation An ID token cannot be validated because the signature could not be verified. The reason for the error is shown after the message.
Action See the user action for the message that appears after this error.
CWWKS1757E: Validation failed for the ID token requested by [{0}] using the [{2}] algorithm due to a signature verification failure: [{1}].
Explanation An ID token cannot be validated because the signature could not be verified. The reason for the error is shown after the message.
Action If using asymmetric signature, ensure that the public key in the certificate can be used for digital signature purposes. Check the keyStore element referenced by the default SSL configuration in server.xml to find information about the key store that contains the key. Also, see the user action for the message that appears after this error.
CWWKS1758E: Validation failed for the ID token requested by the [{0}] due to [{1}]. This might have been caused by either the current time [{2}] being after the token expiration time [{3}] or the issue time [{4}] being too far away from the current time [{2}].
Explanation An ID token cannot be validated because the current time shown is not between the token issue and expiration times.
Action Make sure that OpenID Connect client (relying party or RP) and OpenID Connect provider (OP) system clocks are in sync (if they are on two systems).
CWWKS1759E: Validation failed for the ID token requested by the [{0}] due to hash mismatch of access token [{1}] and the at_hash claim [{2}] in the ID token.
Explanation The at_hash in the ID Token enables OpenID Connect clients to prevent token substitution attacks. The at_hash value should match with the value of the hash of the access token received by the OpenID Connect client.
Action Ensure that the communication between the OpenID Connect client (relying party or RP) and OpenID Connect provider (OP) is safe to avoid the tampering of the access token received by the RP.
CWWKS1760E: Validation failed for the ID token requested by the [{0}] due to signature being missing in the ID token. OpenID Connect client (relying paarty or RP) configuration specified [{1}] algorithm and expects a signed ID token.
Explanation An ID token cannot be validated because the token was not signed. OpenID Connect client (relying party or RP) is expecting a signed token.
Action Ensure that the OpenID Connect provider enables the token to be signed.
CWWKS1761E: Validation failed for the ID token requested by the [{0}] due to a mismatch of signing algorithms between the OpenID Connect client [{1}] and the OpenID Connect provider [{2}].
Explanation An ID token cannot be validated because OpenID Connect client (relying party or RP) and OpenID Connect provider (OP) are using different signature algorithms to sign/verify the token.
Action Ensure that the RP specified signatureAlgorithm matches the OP signature algorithm.
Reference topic    

Terms and conditions for product documentation | Feedback

Last updated: Jan 2, 2018 8:44:57 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v8r0/index.jsp?topic=/com.ibm.websphere.messages.doc/com.ibm.ws.security.openidconnect.common.OidcCommonMessages.html

© Copyright IBM Corporation 2006, 2011. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)