IBM Security Access Manager Version December Error Message Reference IBM

Transcription

1 IBM Security Access Manager Version December 2017 Error Message Reference IBM

2

3 IBM Security Access Manager Version December 2017 Error Message Reference IBM

4 ii IBM Security Access Manager Version December 2017: Error Message Reference

5 Contents Chapter 1. Message overview Message types Message format Events that are generated by the events framework. 4 Chapter 2. Appliance messages Backup restore messages Event messages Fixpack messages Licensing messages Remote syslog messages Restart shutdown messages Snapshot messages Support messages Update messages Chapter 3. Audit messages Chapter 4. Authentication service messages Chapter 5. Context-based access messages Chapter 6. Database messages Chapter 7. End-user license agreement messages Chapter 8. HTTP redirect messages.. 61 Chapter 9. IDasS admin messages Chapter 10. Key encryption and signature service messages Chapter 11. Key encryption and signature service Java KeyStore messages Chapter 12. Knowledge questions messages Chapter 13. Liberty messages Chapter 14. Logging messages Chapter 15. Multi-Factor Authentication messages Chapter 16. OAuth 2.0 messages Chapter 17. One-time password messages Chapter 18. Policy messages Chapter 19. Reporting messages Chapter 20. SCIM messages Chapter 21. Secure reverse proxy messages Chapter 22. Security Access Manager configuration messages Chapter 23. Security token service module messages Chapter 24. Single sign-on protocol service messages Chapter 25. SOAP client messages 451 Chapter 26. Software development kit messages Chapter 27. Username password messages Chapter 28. Utility messages iii

6 iv IBM Security Access Manager Version December 2017: Error Message Reference

7 Chapter 1. Message overview Message types Message format Messages indicate events that occur during the operation of the system. Depending on their purpose, messages might be displayed on the screen. By default, all informational, warning, and error messages are written to the message logs. The logs can be reviewed later to determine what events occurred, to see what corrective actions were taken, and to audit all the actions performed. For more information about message logs, see the Troubleshooting topics in the IBM Knowledge Center. IBM Security Access Manager uses messages of specific types. The following types of messages are used: Informational messages Indicate conditions that are worthy of noting but do not require you to take any precautions or perform an action. Warning messages Indicate that a condition is detected that you must be aware of, but does not necessarily require that you take any action. Error messages Indicates that a condition occurred that requires you to take action. Messages that are logged by IBM Security Access Manager adhere to message standards. Each message consists of a message identifier (ID) and accompanying message text. Message ID format A message ID consists of 10 alphanumeric characters that uniquely identify the message. A message ID is composed of: v Three-character product identifier v Two-character or three-character component or subsystem identifier v Three-digit or four-digit serial or message number v One-character type code that indicates the severity of the message The figure that follows shows a graphical representation of a possible message ID and identifies its different parts. (Some messages might use 2 characters for the component ID and 4 digits for the serial number.) 1

8 FBT RTE 033 I Severity I - Informational W -- Warning E Error Message number (3 digits) Component or subsystem identifier (3 characters) IBM product prefix (3 characters) Figure 1. Message ID format Component identifiers The component identifier indicates which component or subsystem produced the message. ADM AUD AUT CC CE CFG CO CON CTG CTJ DIS DPW FBT FDB FMS ELA HRD IAS IDA IDS IN ISJ ISL KES Administration commands Audit Authentication service Common Auditing and Reporting Service disk cache Common Auditing and Reporting Service emitter Configuration properties Common Audit Service Configuration Console Security Access Manager console Authorization service Single Sign On for Bluemix service Directory Integrator component used by Single Sign On Secure reverse proxy Protocol service Database Management service End-user license agreement HTTP redirect Single sign-on administration Single sign-on administration Identity service Common Auditing and Reporting Service installation Alias service JDBC component Alias service LDAP component Key encryption and signature service 2 IBM Security Access Manager Version December 2017: Error Message Reference

9 KJK KQA LOG MB MET MGT MOD Key encryption and signature service Java KeyStore Knowledge questions Logging Common Audit Service Configuration MBean Metadata handling Management Module OAU OAuth 2.0 OTP PWD RBA RPT RTE SDK SO SOC SPS STM STS STZ SU SYS TAC TRC UPD UTI WS WSS XS XU Severity One-time password Password handling Context-based access Report messages Runtime environment component configuration Software development kit Single Sign On service SOAP client Single sign-on protocol service Secure token service Secure token service modules RACF PassTicket tokens Common Audit Staging Utility System alert messages Security Access Manager configuration Trust client Username password Utility Common Auditing and Reporting Service Mobile service Mobile services security management Common Audit Service XML data store Common Audit Service XML store utilities Associated with each message is a severity level that indicates whether corrective action must be taken. Chapter 1. Message overview 3

10 Table 1. Severity level Severity I (Informational) W (Warning) E (Error) Description Provides information or feedback about normal events that occur. In general, no action needs to be performed in response to an informational message. FBTRTE033I The domain default was successfully created. FBTSTM066I The Trust Service has been disabled. Indicates that a potentially undesirable condition has occurred, but processing can continue. Intervention or corrective action might be necessary in response to a warning message. FBTLOG002W An integer was expected. FBTTRC004W The returned RequestSecurityTokenResponse did not have a wsu:id Indicates that a problem has occurred that requires intervention or correction before processing can continue. An error message might be accompanied by one or more warning or informational messages that provide additional details about the problem. FBTCON013E The federation with ID insert could not be retrieved from the single sign-on protocol service. This error can occur if the console is unable to communicate with the single sign-on protocol service. FBTSML260E The binding value value for attribute attr is not valid for profile profile. Message text The text of the message, in the system locale, also is recorded in the log file. If the message text is not available in the language that you want, the English language text is used. Events that are generated by the events framework Use the Event Log management page in the appliance to view system events. In the local management interface, select Monitor Analysis and Diagnostics > Logs > Event Log. All of the following events are generated by the events framework. These events are displayed in the event log or broadcasted to an external collector, such as SNMP, if configured. Informational messages These events are generated to indicate conditions that are worthy of noting but do not require you to do anything. Event ID See WGASY0000I. Description This message is an identifier for generic information messages. It includes an informational message and the name of the server that generated the message. CPU usage These events are generated when the CPU usage of the system reaches certain thresholds. 4 IBM Security Access Manager Version December 2017: Error Message Reference

11 Event ID See WGAWA0643W. See WGAWA0043W. See WGAWA0650I. Description This warning message is generated when the CPU usage exceeds the warning threshold. This error message is generated when the CPU usage exceeds the error threshold. This informational message is generated when the CPU utilization falls below the configured threshold. Disk usage These events are generated when the disk usage of the system reaches certain thresholds. Event ID See WGAWA0644W. See WGAWA0044W. See WGAWA0649I. Description This warning message is generated when the disk usage exceeds the warning threshold. This error message is generated when the disk usage exceeds the error threshold. This informational message is generated when the disk utilization falls below the configured threshold. Certificate expiry These events are generated when there are expired or soon to expire certificates in the SSL certificate database. Event ID See WGAWA0645W. See WGAWA0045W. See WGAWA0046W. Description This warning message is generated when a certificate will expire within the warning threshold. This error message is generated when a certificate will expire within the error threshold. This error message is generated when a certificate has expired. The message includes the certificate label of the expired certificate. Stopped reverse proxy instances These events are generated when there are configured reverse proxy instances in the appliance that are currently not running or has recovered. Event ID See WGAWA0047W. See WGAWA0648I. Description This error message is generated when a reverse proxy instance is configured but not running. The message includes the name of the reverse proxy instance. This informational message is generated when the reverse proxy has recovered. Runtime database size These events are generated when the disk usage of the runtime database reaches certain thresholds. Chapter 1. Message overview 5

12 Event ID See WGAWA0055W. See WGAWA0646W. See WGAWA0649I. Description This error message is generated when the disk usage reaches the error threshold. This warning message is generated when the disk usage reaches the warning threshold. This informational message is generated when the disk usage for the runtime database falls below the configured threshold. Pending changes These events are generated when there are changes in the local management interface or web services that are not yet deployed or have been deployed. Event ID See WGAWA0642W. See WGAWA0640W. See WGAWA0653I. Description The error message is generated when pending changes did not complete deploying within the command timeout. This informational message is generated when changes that are made by using the LMI/Web services are not active because they have not yet been deployed. This informational message is generated when pending changes have been deployed. Time synchronization These events are generated when the NTP server is not configured or configured for the appliance. Event ID See WGAWA0647W. See WGAWA0652I. Description This warning message is generated when the clock on the appliance is not currently synchronized. This informational message is generated when the appliance has been updated with NTP configuration information. Related concepts: Chapter 2, Appliance messages, on page 7 6 IBM Security Access Manager Version December 2017: Error Message Reference

13 Chapter 2. Appliance messages Backup restore messages These messages are provided by the appliance. These messages are provided by the backup restore component. GLGBK1002E An attempt by the interface_name operator, user_name, to back up partition, partition_number has failed. This message is generated when an attempt to back up a partition has failed. The message includes the partition number that was to be duplicated. Review subsequent log messages to determine why the operation failed. This message is generated when an attempt to swap the active partition has failed. The message includes the partition number that was to be swapped. Review subsequent log messages to determine why the operation failed. GLGBK1004E An attempt by the interface_name operator, user_name, to swap the active partition to partition, partition_number has failed. Event messages These messages are provided by the event component. GLGSY0000W The service was terminated and restarted unexpectedly. System service was terminated unexpectedly and subsequently restarted. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0001E The configuration component has failed to apply a configuration change. A reboot is required. Configuration failed unexpectedly whilst applying changes. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0002E The configuration component has failed to apply the appliance configuration during appliance startup. A reboot is required. Configuration failed unexpectedly during startup. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0003E The configuration component has failed to successfully validate policy during appliance startup. A reboot is required. The configuration could not be validated successfully and the appliance could not start. The appliance will reboot in an unconfigured state. User response: No action required. GLGSY0004E An unexpected failure has occurred in the configuration component. Configuration failed unexpectedly. User response: If the problem persists, check IBM Electronic Support for additional information - 7

14 GLGSY0005E GLGSY0022E product/security_systems/ ibm_security_access_manager_for_web User response: This is an informational message. No action is required. GLGSY0005E The attempted policy migration has failed. The previous configuration did not migrate to the new partition successfully. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0006E An attempt to locate and copy specified files to new partition during policy migration has failed. The previous configuration did not migrate to the new partition successfully. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0012E The policy was not validated by the configuration component. The configuration was rolled back and the Local Management Interface was restarted. The previous configuration could not be validated successfully. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0013E The configuration was not reset to the factory defaults. The configuration could not be reset to factory defaults. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0016E The appliance was automatically restarted to recover from a startup configuration attempt that failed. After encountering an error, the appliance has restarted to retry booting. GLGSY0017E Restart the appliance manually to recover from a startup configuration attempt that failed. An error occurred during startup and the appliance must be rebooted manually. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0018E An unrecoverable error has occurred while attempting to configure network interfaces. The configuration of the appliance network interfaces has failed. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0019W The component_name has stopped unexpectedly. A required component has stopped without warning. If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0021W Authentication failed for user user_name. This message is generated when user tries to log on to the appliance with invalid credentials. action is required. This is an audit event. No GLGSY0022E FIPS error detected. Checksum validation failed for file file_name. This message is generated if a checksummed file is modified in an unauthorized manner when running in FIPS mode. If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web 8 IBM Security Access Manager Version December 2017: Error Message Reference

15 GLGSY0023E GLGSY0032E GLGSY0023E FIPS error detected. File file_name has been deleted. This message is generated if a checksummed file is removed in an unauthorized manner when running in FIPS mode. If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0032E The attempt to add the route, route_detail, has failed. The route specified is invalid. User response: Verify that the static route specified in the policy are correct for the current network configuration of the appliance. GLGSY0024E FIPS error detected. Component component_name has failed to enter FIPS mode. This message is generated if a component fails to enter FIPS mode. If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0027W Invalid SNMP alert configuration: algorithm_name is not allowed in FIPS mode. This message is generated in FIPS mode when an SNMPv3 alert is configured to use a cryptographic algorithm that's not FIPS approved. Update the SNMP alert configuration to use FIPS approved cryptographic algorithms. GLGSY0028E FIPS error detected. Component sshd has failed to enter FIPS mode. This message is generated if sshd fails to enter FIPS mode. If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0031W The Certificate Authority with subject name, subject_name, expires in less than num_days days. User response: certificate. A Certificate Authority will expire soon. Update the Certificate Authority Chapter 2. Appliance messages 9

16 GLGFP1002E GLGRL1002W Fixpack messages These messages are provided by the fixpack component. GLGFP1002E An attempt by the interface_name operator, user_name, to install the fix pack file, file_name, has failed. This message is generated when a fix pack file fails to install successfully. The message lists the uploaded file name and the name of the user who requested the installation. Review subsequent log messages to determine why the operation failed. GLGFP1003E The fix pack file, file_name, was not found. This message is generated when a fix pack file cannot be found. If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGFP1004E The fix pack file, file_name, does not have a valid digital signature. This message is generated when a fix pack file does not contain the correct digital signature. If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGFP1005E The fix pack file, file_name, is not a valid fix pack file. This message is generated when a fix pack file is not in the correct format. The file might be corrupt. If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGFP1007E An attempt by the interface_name operator, user_name, to uninstall the fix pack file, file_name, has failed. This message is generated when a fix pack file fails to uninstall. Review subsequent log messages to determine why the operation failed. Licensing messages These messages are provided by the licensing component. GLGLI0001W The type license expires in less than num_days days. A license will expire soon. The system might not receive updates after the license expires. User response: Update the system license to continue receiving updates after the expiry date. GLGLI0002E The type license has expired. A license has expired. The system might not receive updates because of this. User response: Update the system license to continue receiving updates. Remote syslog messages These messages are provided by the remote syslog component. GLGRL1002W An error occurred attempting to send an event to a remote syslog server, server. The server refused the event. The remote syslog response configuration may be incorrect. The remote syslog server may not have been running the syslog service, or it may be misconfigured. An intermediate firewall may have blocked the event. Verify the remote syslog server parameters are specified correctly. Verify the remote syslog server itself is configured correctly. Restart shutdown messages These messages are provided by the restart shutdown component. 10 IBM Security Access Manager Version December 2017: Error Message Reference

17 GLGRS1002E GLGSY0011E GLGRS1002E An attempt by the interface_name operator user_name to restart the appliance has failed. This message is generated when an attempt to restart the appliance has failed. The message includes which user requested the restart operation. Review subsequent log messages to determine why the operation failed. appliance has failed. This message is generated when an attempt to shut down the appliance has failed. The message includes which user requested the shutdown operation. Review subsequent log messages to determine why the operation failed. GLGRS1004E An attempt by the interface_name operator user_name to shut down the Snapshot messages These messages are provided by the snapshot component. GLGSS1002E An attempt by the interface_name operator user_name to create a settings snapshot file has failed. This message is generated when an attempt to create a settings snapshot file has failed. The message includes which user requested the settings snapshot creation. Review subsequent log messages to determine why the operation failed. GLGSS1004E An attempt by the interface_name operator user_name to delete a settings snapshot file, file_name, has failed. This message is generated when an attempt to delete a settings snapshot file has failed. The message includes which user requested the settings snapshot deletion and the name of the file that was to be deleted. Review subsequent log messages to determine why the operation failed. GLGSS1006E An attempt by the interface_name operator, user_name, apply a configuration change from the settings snapshot file, file_name, has failed. This message is generated when an attempt to apply a configuration change using a settings snapshot file has failed. The message includes which user requested the configuration change and the name of the file that was to be applied. Review subsequent log messages to determine why the operation failed. GLGSS1008E An attempt by the interface_name operator, user_name, to upload a settings snapshot file has failed. This message is generated when an attempt to upload a settings snapshot file has failed. The message includes which user requested the file upload. Review subsequent log messages to determine why the operation failed. GLGSS1009E The settings snapshot file, file_name, uploaded by the interface_name user, user_name, has failed validation. This message is generated when a settings snapshot file was uploaded but failed validation. The message includes which user requested the performed the action and the name of the file uploaded. Review subsequent log messages to determine why the operation failed. GLGSY0010E An attempt to apply a configuration change using a settings snapshot has failed. The previous policy has been restored. The configuration contained within the snapshot could not be successfully applied. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0011E Restoring the previous policy after a failed attempt to apply a configuration from a settings snapshot file has resulted in at least one failure. The policy contained within the snapshot could not be successfully applied. User response: If the problem persists, check IBM Electronic Support for additional information - Chapter 2. Appliance messages 11

18 GLGSI1002E GLGUP1011E product/security_systems/ ibm_security_access_manager_for_web Support messages These messages are provided by the support component. GLGSI1002E An attempt by the interface_name operator user_name to create a new support information file has failed. This message is generated when an attempt to create a new support information has failed. The message includes which user requested the support information file creation. Review subsequent log messages to determine why the operation failed. GLGSI1004E An attempt by the interface_name operator user_name to delete a support information file, file_name, has failed. This message is generated when an attempt to delete a support information has failed. The message includes the name of the file that was to be deleted and which user requested the deletion. Review subsequent log messages to determine why the operation failed. GLGSY0007E The directory, directory_name, is not valid. The creation of support information file has failed. An internal error occurred whilst generating the support information file. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0008W Information needed for a support information file has not been found. An internal error occurred whilst generating the support information file. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web GLGSY0009W An attempt to add a comment to a support information file has failed An internal error occurred whilst adding a comment to a support information file. User response: If the problem persists, check IBM Electronic Support for additional information - product/security_systems/ ibm_security_access_manager_for_web Update messages These messages are provided by the update component. GLGUP1002E An attempt by the interface_name operator, user_name, to install module_name update version version_number has failed. This message is generated when an attempt to install an update has failed. The message includes the update type, the update version number, and identifies the user who attempted to install it. Review subsequent log messages to determine why the operation failed. GLGUP1009E An attempt to apply the update, id, has failed. An attempt to update the system has failed. The system will continue to operate with the current content. Review subsequent log messages to determine why the operation failed. GLGUP1010E An attempt to uninstall the update, id, has failed. An attempt to uninstall an update has failed. The system will continue to operate with the current content. Review subsequent log messages to determine why the operation failed. GLGUP1011E An attempt to download the secondary update catalog has failed. An attempt to download the secondary update catalog has failed. The system will try to download it again at the next scheduled interval. Check network connectivity between the appliance and the internet. 12 IBM Security Access Manager Version December 2017: Error Message Reference

19 GLGUP1012E GLGUP1014E GLGUP1012E An attempt to download the primary update catalog has failed. Common causes of this failure are not having a license installed and DNS errors. An attempt to download the primary update catalog has failed. The system will try to download it again at the next scheduled interval. Check network connectivity between the appliance and the internet. GLGUP1013E The digital signature of the downloaded update, file, could not be verified. The digital signature of the downloaded update could not be verified. The system will delete the update and attempt to download it again at the next scheduled interval. Check network connectivity between the appliance and the internet. GLGUP1014E An attempt to download an update, file, has failed. An attempt to download an update has failed. The system will delete the update and attempt to download it again at the next scheduled interval. Check network connectivity between the appliance and the internet. Chapter 2. Appliance messages 13

20 14 IBM Security Access Manager Version December 2017: Error Message Reference

21 Chapter 3. Audit messages These messages are provided by the audit component. FBTAUD001E Check the audit configuration to ensure that it is correct. The audit configuration settings might contain errors or ommissions. try restarting the server. System will not audit. Check the audit properties or FBTAUD002E The passed-in audit provider is not supported. This error occurs due to problems in the audit configuration. try restarting the server. System will not audit. Check the audit properties or FBTAUD003E The audit configuration property insert is not defined or is incorrect. This error occurs due to problems in the audit configuration. System will not audit. Correctly specify the property and restart the server. FBTAUD004E An error was encountered while initializing the file logger. This error occurs due to problems in the audit configuration. System will not audit. Check the file logger properties and the encapsulated exception to solve the problem. FBTAUD005E An error was encountered while initializing context to the Common Audit Serivice server. Check the JNDI connection property and emitter profile for possible errors. This error occurs due to problems in the audit configuration. System will not audit. Check the properties mentioned in the error and the encapsulated exception to solve the problem. FBTAUD006E An error was encountered while sending the audit event to the Common Audit Service server. This error occurs because of problems in the audit configuration, or because of connectivity problems with the Common Audit Service server. event. System will not audit this particular Ensure that the Common Audit Service server is running and check the encapsulated exception to solve the problem. FBTAUD007E An error was encountered while initializing the audit component. This error occurs because of problems in the audit configuration, or because of connectivity problems with the Common Audit Service server. event. System will not audit this particular Ensure that the Common Audit Service server is running and check the previous exceptions in the log to determine the cause of the problem. FBTAUD008E An event completion exception was encountered because all of the event data is not filled in correctly. This error occurs if any of the required elements in the event are not set. System will not audit this particular event and will log an exception. Check the encapsulated exception to solve the problem. FBTAUD009E System could not audit a call because a required parameter to the API is not available. This error occurs if any of the required elements in the event are not set. System will not audit this particular event and will log an exception. 15

22 FBTAUD010E Check the parameter that is not being passed correctly. FBTAUD010E An event validation exception was encountered because all of the event data is not correctly filled in. This error occurs if any of the required elements in the event are not set. System will not audit this particular event and log an exception. Check the encapsulated exception to solve the problem. 16 IBM Security Access Manager Version December 2017: Error Message Reference

23 Chapter 4. Authentication service messages These messages are provided by the authentication service component. FBTAUT001E The request does not contain any of the these required parameters [parameters]. Please re-access the protected resource. This problem happens because the request does not contain any of the required parameters. The request is not processed. None. FBTAUT002E Authentication service receives invalid transaction ID [id]. Ensure that the transaction with the specified ID exist and has not been processed. Please re-access the protected resource. This problem happens because the transaction with the specified ID does not exist or has been processed. The request is not processed. None. FBTAUT003E Authentication service receives invalid policy ID [id]. Ensure that the policy with the specified ID exist. Please re-access the protected resource. This problem happens because the policy with the specified ID does not exist. The request is not processed. None. FBTAUT004E Authentication service receives invalid state ID [id]. Ensure that you do not use back button on the browser or perform multiple authentication processes in the same browser. Please re-access the protected resource. This problem happens happens because (1) the user uses back button on the browser, (2) the user performs multiple authentication processes in the same browser, (3) the user modifies the state ID parameter value, or (4) the user's session has expired. The request is not processed. None. FBTAUT005E Authentication service encounters error while executing [name] mapping rule. This problem happens happens because (1) the mapping rule is not syntactically correct, or (2) the mapping rule contains logic error. The request is not processed. Ensure that the mapping rule is syntactically correct, and does not contain any logic error. FBTAUT006E Authentication service cannot perform TOTP authentication because the username parameter is missing. If you specify the username parameter using literal value, ensure that it is not NULL. If you specify the username parameter using context attribute reference, ensure that the referenced context attribute is not NULL. If you do not specify the username parameter, ensure that the authentication policy requires the user to login before he/she is challenged by TOTP authentication. The request is not processed. FBTAUT007E Authentication service cannot perform HOTP authentication because the username parameter is missing. If you specify the username parameter using literal value, ensure that it is not NULL. If you specify the username parameter using context attribute reference, ensure that the referenced context attribute is not NULL. If you do not specify the username parameter, ensure that the authentication policy requires the user to login before he/she is challenged by HOTP authentication. The request is not processed. 17

24 FBTAUT008E FBTAUT014E FBTAUT008E Authentication service cannot perform RSA authentication because the username parameter is missing. If you specify the username parameter using literal value, ensure that it is not NULL. If you specify the username parameter using context attribute reference, ensure that the referenced context attribute is not NULL. If you do not specify the username parameter, ensure that the authentication policy requires the user to login before he/she is challenged by RSA authentication. The request is not processed. FBTAUT009E Authentication service cannot perform MAC one-time password authentication because the supplied delivery type is invalid. The valid values for the deliverytype are parameter are and SMS. or SMS. The delivery type should be set to The request is not processed. Modify the deliverytype value to one of the supported values. FBTAUT010E Authentication service cannot perform MAC one-time password authentication because the username parameter is missing. If you specify the username parameter using literal value, ensure that it is not NULL. If you specify the username parameter using context attribute reference, ensure that the referenced context attribute is not NULL. If you do not specify the username parameter, ensure that the authentication policy requires the user to login before he/she is challenged by MAC one-time password authentication. The request is not processed. FBTAUT011E Authentication service cannot perform one-time password authentication because the username parameter is missing. If you specify the username parameter using literal value, ensure that it is not NULL. If you specify the username parameter using context attribute reference, ensure that the referenced context attribute is not NULL. If you do not specify the username parameter, ensure that the authentication policy requires the user to login before he/she is challenged by one-time password authentication. The request is not processed. FBTAUT012E Authentication service receives invalid target URL [url]. Ensure that the target URL is specified. Please re-access the protected resource. This problem happens because the target URL is not specified. The request is not processed. None. FBTAUT013E Authentication service cannot create a user credential because there is a duplicate credential attribute [attribute] specified for authentication policy [policy]. This problem happens because there is a duplicate credential attribute. The request is not processed. None. FBTAUT014E Authentication service cannot perform EULA authentication because the username parameter is missing. If you specify the username parameter using literal value, ensure that it is not NULL. If you specify the username parameter using context attribute reference, ensure that the referenced context attribute is not NULL. If you do not specify the username parameter, ensure that the authentication policy requires the user to login before he/she is challenged by EULA authentication. The request is not processed. 18 IBM Security Access Manager Version December 2017: Error Message Reference

25 FBTAUT015E FBTAUT022E FBTAUT015E Authentication service cannot perform knowledge questions based authentication because the username parameter is missing. If you specify the username parameter using literal value, ensure that it is not NULL. If you specify the username parameter using context attribute reference, ensure that the referenced context attribute is not NULL. If you do not specify the username parameter, ensure that the authentication policy requires the user to login before he/she is challenged by the knowledge questions based authentication. The request is not processed. FBTAUT016E Authentication service cannot parse the request data content. This happens if the request does not contain any JSON data, the JSON data in not valid, or the content-type header was not application/json. The request is not processed. Modify the client request. FBTAUT017E Authentication service received an invalid state ID [id]. This problem happens happens because (1) the requester performs multiple authentication processes in the same session, (2) the requester supplied the wrong or modified state ID parameter value, or (3) the requester's session has expired. The request is not processed. None. FBTAUT018E Authentication service received an invalid JSON request. This request could not be processed. This problem happens happens because (1) the request is not valid for the given authentication policy (2) the request is not valid for the current authentication mechanism or authentication state, or (3) The JSON data could not be parsed or read, or contained too many levels of nested objects. The request is not processed. None. FBTAUT019E Authentication service cannot perform Mobile User Approval authentication because an OAuth access token is missing. Ensure that the authentication policy requires the user to obtain an OAuth access token before he/she is challenged by Mobile User Approval authentication. The request is not processed. FBTAUT020E Authentication service cannot perform Mobile User Approval authentication because the username parameter is missing. If you specify the username parameter using literal value, ensure that it is not NULL. If you specify the username parameter using context attribute reference, ensure that the referenced context attribute is not NULL. If you do not specify the username parameter, ensure that the authentication policy requires the user to login before he/she is challenged by Mobile User Approval authentication. The request is not processed. FBTAUT021E Authentication service cannot perform Mobile Multi Factor authentication because the username parameter is missing. If you specify the username parameter using literal value, ensure that it is not NULL. If you specify the username parameter using context attribute reference, ensure that the referenced context attribute is not NULL. If you do not specify the username parameter, ensure that the authentication policy requires the user to login before he/she is challenged by Mobile Multi Factor authentication. The request is not processed. FBTAUT022E The target URL targeturl is not whitelisted. The target URL received by the system is rejected because it is not whitelisted. The flow is stopped. Chapter 4. Authentication service messages 19

26 FBTAUT023E should be whitelisted. Check if the target URL FBTAUT023E Authentication service cannot perform Universal 2nd Factor authentication because the username parameter is missing. If you specify the username parameter using literal value, ensure that it is not NULL. If you specify the username parameter using context attribute reference, ensure that the referenced context attribute is not NULL. If you do not specify the username parameter, ensure that the authentication policy requires the user to login before he/she is challenged by Universal 2nd Factor authentication. The request is not processed. 20 IBM Security Access Manager Version December 2017: Error Message Reference

27 Chapter 5. Context-based access messages These messages are provided by the context-based access component. FBTRBA001E A database error occurred. occurred. An unrecoverable database error Command execution is halted. Check the server logs for more details to trace the cause of the error. FBTRBA002E An error occurred when managing the policy. Command execution is halted. Check the server logs for more details to trace the cause of the error. FBTRBA003E An error occurred during command execution. Command execution is halted. Check the server logs for more details to trace the cause of the error. FBTRBA005E A required parameter parameter name is missing or invalid. Command execution is halted. Check the server logs for more details to trace the cause of the error. FBTRBA007E The policy file does not exist. Command execution is halted. Specify a policy file that exists and run the command again. FBTRBA008E Creation of database connection failed. Check the database configuration and network connectivity to the database server. created. The database connection could not be Command execution is halted. Ensure that the database is configured correctly. Also check that the network connectivity to the database server is available. FBTRBA009E Unable to modify the application parameter task or role name. An attempt to locate and modify a particular set of application parameters failed during deployment. Command execution is halted. Check the server logs for more details to trace the cause of the error. FBTRBA0100E The action: action failed because the resource [resource] was not found. The requested action on the specified resource could not be completed because the resource was not found. No action necessary. Ensure that the resource and action requested are valid. FBTRBA0101E The import cannot be performed while another import is in progress. The system can only perform one import operation at a time. ignored. The new import operation request was Retry the new import operation after the original import operation is completed. FBTRBA0106E The action action failed because the resource ID [id] is not valid for a resource of type: [type]. The requested action on the specified resource could not be completed because the resource ID is invalid. No action is necessary. Ensure that the resource and action requested are valid. FBTRBA0107E The action action failed for resource [] because the request body contains 21

28 FBTRBA0108W FBTRBA0116E improperly structured JSON. The requested action on the specified resource could not be completed because the request body contains malformed or improperly structured JSON. No action is necessary. Ensure that the request body contains the appropriately structured JSON for the requested action. FBTRBA0108W The update failed because the resource was not found. The requested action on the specified resource could not be completed because the resource was not found. No action necessary. Ensure that the resource and action requested are valid. FBTRBA0109W The resource already exists. The requested action on the specified resource could not be completed because the resource already exists. No action necessary. Ensure that the resource and action requested are valid. FBTRBA010E The IBM Tivoli Federated Identity Manager runtime is not deployed. Deploy the IBM Tivoli Federated Identity Manager runtime before continuing. The risk-based access runtime requires that the IBM Tivoli Federated Identity Manager runtime be deployed first. Command execution is halted. Deploy the IBM Tivoli Federated Identity Manager runtime before proceeding. FBTRBA0110E The device id was not found. The requested device does not exist. No action necessary. Ensure that the resource and action requested are valid. FBTRBA0111E The user userid does not have any registered devices. The requested user does not have any devices registered. No action necessary. Ensure that the resource and action requested are valid. FBTRBA0112E Devices with IDs ids were not found. One or more of the requested devices does not exist. No action necessary. Ensure that the resource and action requested are valid. FBTRBA0113E No devices last used before timestamp were found. No devices last used before the requested timestamp were found. No action necessary. Ensure that the resource and action requested are valid. FBTRBA0114E The file export failed. The file export failed. This can occur if the file does not exist, there are access permissions either at the source or destination, or because there was an I/O error. No action is necessary. Examine the logs for the cause of the exception. Ensure that the file exists, that access permissions are set properly, and that there is sufficient space to export the file. FBTRBA0115E The file import failed. The file import failed. This can occur if the file does not exist, there are access permissions either at the source or destination, or because there was an I/O error. No action is necessary. Examine the logs for the cause of the exception. Ensure that the file exists, that access permissions are set properly, and that there is sufficient space to import the file. FBTRBA0116E value. The filter string is empty. The filter query parameter has an empty No action is necessary. If filtering is required add valid content to the value of the filter field. 22 IBM Security Access Manager Version December 2017: Error Message Reference

29 FBTRBA0117E FBTRBA0126E FBTRBA0117E The filter contains unknown java.sql.types [filterobj]. Supported values are supportedvalues. An unknown or unsupported java.sql.types type was passed into the filter. No action is necessary. If filtering is required use supported java.sql.types. FBTRBA0122E The action failed because the policy set is attached to one or more resources. The resources are [policysetname]. The action is not allowed when the policy set is referenced by another resource. No action necessary. >Remove references to the policy set and retry the action. FBTRBA0118E The filter format is not valid. Filters should be in the format of supportedvalues. supported format. An invalid filter syntax was used. No action is necessary. If filtering is required use FBTRBA0119E No matching field name for [jsonfieldname] was found. supported format. An invalid filter syntax was used. No action is necessary. If filtering is required use FBTRBA011E The risk-based access deployment failed. An error occurred during risk-based access deployment. Command execution is halted. Check the server logs for more details to trace the cause of the error. FBTRBA0120E The filter function: function is not valid. Supported functions are: supportedfunctions. supported format. An invalid filter type was used. No action is necessary. If filtering is required use FBTRBA0121E The action failed because the policy is contained in one or more policy sets. The policy sets are [policysetnames]. The action is not allowed when the policy is referenced by another resource. No action necessary. Remove references to the policy and retry the action. FBTRBA0123E Returned improper datatype of: passeddatatype. Expected a JavaScript object. The specified data type was returned, but was incorrect. A JavaScript object was expected. No action is necessary. Ensure that the getmetadata function returns the JavaScript object in the authentication rule JavaScript. FBTRBA0124E The fieldwithissue object has experienced exceptiontype. Cannot convert passeddatatype object type to a newdatatype object type. Conversion to the new data type did not complete because of an exception. No action is necessary. Ensure that the data types in authentication rule JavaScript match the required specifications. FBTRBA0125E Expected key, missingkey, was not found in the JavaScript. At least one expected key was not found in the Javascript getmetadata function. No action is necessary. Ensure that the getmetadata function in the authentication rule JavaScript contains the appropriate keys and fields. FBTRBA0126E The authentication rule JavaScript must contain the getmetadata function with the metadata values stored inside. The program expected the getmetadata function in the JavaScript, and it was not found. No action is necessary. Ensure that the getmetadata function in the athentication rule JavaScript exists. Chapter 5. Context-based access messages 23