3.0 Identity Server (001)

Component 001

Event Code

Message

Remedy

100100001

 

Type: SEVERE:NIDP:INITIALIZE:001

100100002

 

Type: SEVERE:NIDP:INITIALIZE:002

100101001

No binding available or set for profile.

Type: SEVERE:NIDP:USERMSG:001

Cause: An action using Liberty or SAML protocols could not be completed because the server and trusted provider are not compatibly configured to interact to complete the action.

Action: Set the desired protocol profiles in the administration tool to match those supported at the trusted provider.

100101043

IDP is unable to load ESP metadata.

Type: SEVERE:NIDP:USERMSG:043

Cause: The IDP cannot connect to the metadata URL for the ESP. The IDP may not be able to resolve the domain name for the ESP or if HTTPS is being used, the IDP may not trust the SSL certificate for the ESP. The ESP might also not be running.

Action: Make sure that certificates for ESP are imported and trusted into IDP configuration. Check the metadata URL for the ESP and make sure the metadata can be retrieved from a browser: http://<DNS_name>/nesp/idff/metadata

If you are seeing this error after changing the IP address of the Linux Access Gateway, restart Tomcat on the Identity Server.

For additional help, see Troubleshooting 100101043 and 100101044 Liberty Metadata Load Errors in the Novell Access Manager 3.1 SP2 Identity Server Guide.

100101044

ESP is unable to load IDP metadata

Type: SEVERE:NIDP:USERMSG:044

Cause: The ESP cannot connect to the metadata URL for the IDP. The ESP may not be able to resolve the domain name for the IDP or if HTTPS is being used, the ESP may not trust the SSL certificate for the IDP. The IDP may also not be running

Action: Make sure the IDP is running and that all certificates are imported and trusted. Check the metadata URL for the IDP and make sure the metadata can be retrieved from a browser: http://<DNS_name>/nidp/idff/metadata A common cause is the base URL on the IDP is set incorrectly.

For additional help, see Troubleshooting 100101043 and 100101044 Liberty Metadata Load Errors in the Novell Access Manager 3.1 SP2 Identity Server Guide.

100101045

An error happened while the request was being sent to the correct cluster member for processing.

Type: SEVERE:NIDP:USERMSG:045

Cause: The target cluster member may be unavailable.

Action: Ensure that all cluster devices are operating correctly.

100102001

Incomplete web service configuration.

Type: SEVERE:NIDP:WSF:001

Cause: The web service instance type (attribute nidsWsfServiceInstanceType on the nidsWsfService object) is not available in the service definition.

Action: Delete the associated web service definition and recreate it.

100102002

Invalid web service configuration.

Type: SEVERE:NIDP:WSF:002

Cause: The web service configuration XML (attribute nidsConfigXML on the nidsWsfService object) has invalid XML.

Action: Delete the associated web service definition and recreate it.

100102003

Unable to instantiate the web service provider authority class. This class will be com.novell.nidp.liberty.wsf.config.authority.ldap.WSFConfigAuthorityLdap.

Type: SEVERE:NIDP:WSF:003

Cause: Some Java error (probably a classpath issue) is causing the main authority class to not instantiate.

Action: Review how the Access Manager product was installed and attempt to determine if Java class files are being accessed from an unexpected source.

100102004

Unable to load web services.

Type: SEVERE:NIDP:WSF:004

Cause: This error catches all failures encountered while trying to load all web services. The reason will be different depending on where the error happened.

Action: Try to delete and recreate the web services.

100102005

Unable to access Novell Secret Store.

Type: SEVERE:NIDP:WSF:005

Cause: The LDAP connection between the IDP and the User Store must be secure LDAP if Novell Secret Store is to be used as the back end storage for Credential Profile.

Action: Go to the associated user store and change the connection type to secure LDAP.

100102006

Unable to create user profile object.

Type: SEVERE:NIDP:WSF:006

Cause: A Liberty User Profile Object did not exist for the current user, so an attempt was made to create one. That attempt failed!

Action: Determine if the named container exists and that the administrator user has rights to create objects there.

100102007

Unable to instantiate password callback class.

Type: SEVERE:NIDP:WSF:007

Cause: Could not find the password callback class in the classpath.

Action: Make sure the password callback class to check UsernameToken that decrypts an encrypted message in WSS is in the classpath.

100102008

Unable to convert XML into Document.

Type: SEVERE:NIDP:WSF:008

Cause: This error occurred when converting XML to Document in WSS (Receiver side). It may happen due to incorrect WSC requests.

Action: Check the WSC (Sender side) request and resend it.

100102009

Unable to process WSSecurity (WSS) message.

Type:SEVERE:NIDP:WSF:009

Cause: This error occurred when processing WSS headers (Receiver side). It may happen due to incorrect WSS headers in WSC requests.

Action: Check the WSS headers in WSC (Sender side) request and resent it.

100102010

No WSS header found

Type: SEVERE:NIDP:WSF:010

Cause: This error occurred when processing WSS headers (Receiver side). It may happen due to no WSS headers in WSC requests.

Action: Check the WSS headers in WSC (Sender side) request and resend it.

100102011

No processed WSS header found

Type: SEVERE:NIDP:WSF:011

Cause: This error occurred after processing WSS headers (Receiver side). It may happen due to incorrect or no WSS headers in WSC requests.

Action: Check the WSS headers in WSC (Sender side) request and resend it.

100102012

WSS untrusted certificate

Type: SEVERE:NIDP:WSF:012

Cause: This error occurred when validating signature on WSS headers (Receiver side). The certificate used for the signature is not trusted.

Action: Check the certificate used to sign the message. The certificate is trusted if either it itself or the certificate of the issuer is installed in the trust store.

100102013

 

Type: SEVERE:NIDP:WSF:013

100102014

 

Type: SEVERE:NIDP:WSF:014

100102015

 

Type: SEVERE:NIDP:WSF:015

100102016

 

Type: SEVERE:NIDP:WSF:016

100102017

 

Type: SEVERE:NIDP:WSF:017

100102018

 

Type: SEVERE:NIDP:WSF:018

100102019

 

Type: SEVERE:NIDP:WSF:019

100102020

 

Type: SEVERE:NIDP:WSF:020

100102021

 

Type: SEVERE:NIDP:WSF:021

100102022

 

Type: SEVERE:NIDP:WSF:022

100102023

 

Type: SEVERE:NIDP:WSF:023

100102024

 

Type: SEVERE:NIDP:WSF:024

100102025

The Service Discovery Service has not been initialized.

Type: SEVERE:NIDP:WSF:025

Cause: The Discovery Service has not been enabled or created.

Action: Create and enable a Liberty Discovery Service using the Access Manager administration utility.

100102026

 

Type: SEVERE:NIDP:WSF:026

100102027

 

Type: SEVERE:NIDP:WSF:027

100102028

 

Type: SEVERE:NIDP:WSF:028

100102029

 

Type: SEVERE:NIDP:WSF:029

100102030

 

Type: SEVERE:NIDP:WSF:030

100102031

 

Type: SEVERE:NIDP:WSF:031

100102032

 

Type: SEVERE:NIDP:WSF:032

100102033

 

Type: SEVERE:NIDP:WSF:033

100103001

Web Service Consumer XML Configuration Parse Exception.

Type: SEVERE:NIDP:WSC:001

Cause: The nidsConfigXML attribute on the nidsWsf object has invalid XML.

Action: Delete the nidsConfigXML attribute and reconfigure WSC.

100103002

 

Type: SEVERE:NIDP:WSC:002

100103003

 

Type: SEVERE:NIDP:WSC:003

100103004

 

Type: SEVERE:NIDP:WSC:004

100103005

 

Type: SEVERE:NIDP:WSC:005

100103006

 

Type: SEVERE:NIDP:WSC:006

100103007

 

Type: SEVERE:NIDP:WSC:007

100103008

 

Type: SEVERE:NIDP:WSC:008

100103009

 

Type: SEVERE:NIDP:WSC:009

100103010

 

Type: SEVERE:NIDP:WSC:010

100103011

 

Type: SEVERE:NIDP:WSC:011

100103012

 

Type: SEVERE:NIDP:WSC:012

100103013

 

Type: SEVERE:NIDP:WSC:013

100103014

 

Type: SEVERE:NIDP:WSC:014

100103015

 

Type: SEVERE:NIDP:WSC:015

100103016

 

Type: SEVERE:NIDP:WSC:016

100103017

 

Type: SEVERE:NIDP:WSC:017

100104105

Could not initialize Kerberos/GSS

Type: SEVERE:NIDP:USERAUTH:105

Cause: Failure at GSS-API

Action: Check the following according the details of the error message: Keytab file - validity, presently only understands DES; Service Principal Name (SPN)

100104107

Kerberos Configuration is not properly initialized

Type: SEVERE:NIDP:USERAUTH:107

Cause: Kerberos Configuration is not properly initialized in the admin user interface

Action: Make sure all the required configuration setting are properly specified in admin UI

100104108

SPNEGO/Kerberos method not implemented

Type: SEVERE:NIDP:USERAUTH:108

Cause: SPNEGO/Kerberos NegTokenInit not implemented.

Action: NegTokenInit token not implemented as the server side does not need to generate it new. No Action needed.

100105001

An error happened while forwarding a request to a cluster member.

Type: SEVERE:NIDP:APP:001

Cause: An internal error occurred.

Action: Evaluate the error and take appropriate action.

100105002

Failed to initialize JNDI connections.

Type: SEVERE:NIDP:APP:002

Cause: NIDP attempts to create JNDI connections to each user store replica during NIDP startup. In this case, NIDP was unable to establish connections with the indicated host.

Action: Ensure that the host is available and that the configuration information for the replica is correct.

100105003

Error obtaining SOAP response.

Type: SEVERE:NIDP:APP:003

Cause: A SOAP request was made and a response was expected, but an error happened retrieving the response.

Action: Evaluate the indicated reason and take appropriate action.

100105004

Error in SOAP response format.

Type: SEVERE:NIDP:APP:004

Cause: A SOAP request was made and a response was expected, the response was obtained but the format of it was unexpected.

Action: Evaluate the indicated reason and take appropriate action.

100105005

Error executing Login Policy Check LDAP Extension for user on user store

Type: SEVERE:NIDP:APP:005

Cause: User authenticated using X509. An additional check of the directory's user login policy needs to be made using an LDAP method extension. This check was successfully done using an LDAP extension. However, after the LDAP extension is called, it must be called a second time to update the user account with a success or failure. This second call to the extension failed, so directory user account status may be erroneous.

Action: Check with eDirectory documentation for LDAP extension with OID 2.16.840.1.113719.1.39.42.100.25

100105006

 

Type: SEVERE:NIDP:APP:006

100105007

 

Type: SEVERE:NIDP:APP:007

100105008

The audit logging system is not operational.

Type: SEVERE:NIDP:APP:008

Cause: The audit logging system can, in rare circumstances, become non-operational.

Action: Examine the error description supplied and take appropriate action.

100106001

 

Type: SEVERE:NIDP:IDFF:001

200102001

Invalid access code found for web service specific user interaction query policy.

Type: ERROR:NIDP:WSF:001

Cause: The web service definition has a service level user interaction policy that is not ALWAYS or NEVER. Disallowed values are NO and ONCE.

Action: Using Access Manager management tools, edit the policy associated with the web service.

200102002

Invalid access code found for web service specific user interaction modify policy.

Type: ERROR:NIDP:WSF:002

Cause: The web service definition has a service level user interaction policy that is not ALWAYS or NEVER. Disallowed values are NO and ONCE.

Action: Using Access Manager management tools, edit the policy associated with the web service.

200102003

Unrecognized web service.

Type: ERROR:NIDP:WSF:003

Cause: The web service definition has a service type specifier (attribute nidsWsfServiceInstanceType on object nidsWsfService) that is not recognized.

Action: Using Access Manager management tools, delete the associated web service and recreate it.

200102004

Error writing user interaction access policy to the data store.

Type: ERROR:NIDP:WSF:004

Cause: The IDP received user interaction access policy from the user, but was unable to persist it to the data store.

Action: Check the Access Manager Configuration datastore to see if it is available.

200102005

Cannot read or write web service data because zero data locations are specified.

Type: ERROR:NIDP:WSF:005

Cause: When an IDSIS web service is reading or writing data it follows the configured data locations to know where to perform its operations. If the administrator has not set up any data locations then the operation must fail.

Action: Add at least one data location the web service.

200102006

Cannot read or write web service data because the first data location is unknown.

Type: ERROR:NIDP:WSF:006

Cause: When an IDSIS web service is reading or writing data it follows the configured data locations to know where to perform its operations.

Action: Delete all data locations from the associated web service and add them back into the list.

200102007

Unexpected error writing data to web service.

Type: ERROR:NIDP:WSF:007

Cause: Writing to web services is prone to various unexpected errors.

Action: Evaluate the reason for the error and take appropriate action.

200102008

Unable to locate the cached NIDPSession object given session id.

Type: ERROR:NIDP:WSF:008

Cause: The user session has expired.

Action: The user must login again.

200102009

Cached NIDPPrincipal object has zero NIDPSubject objects.

Type: ERROR:NIDP:WSF:009

Cause: The user session has expired.

Action: The user must login again.

200102010

No web service authority available.

Type: ERROR:NIDP:WSF:010

Cause: A web service of the provided type did not initialize correctly.

Action: Delete the web service and recreate it.

200102011

No web service available.

Type: ERROR:NIDP:WSF:011

Cause: A web service of the provided type does not exist, or is not enabled.

Action: Create or enable a web service of this type.

200102012

Unable to understand the web service request's XML.

Type: ERROR:NIDP:WSF:012

Cause: A web service sent a request to the IDP that cannot be parsed or it is missing data such that the request cannot be understood.

Action: Notify your system administrator that invalid web service requests are being made to the system.

200102013

Error processing web service query request.

Type: ERROR:NIDP:WSF:013

Cause: Processing web service requests may result in a number of unexpected errors.

Action: Evaluate the reason given in the error message, and take appropriate action.

200102014

Error processing web service modify request.

Type: ERROR:NIDP:WSF:014

Cause: Processing web service requests may result in a number of unexpected errors.

Action: Evaluate the reason given in the error message, and take appropriate action.

200102015

Unable to locate the user's local identifier in the resource id.

Type: ERROR:NIDP:WSF:015

Cause: The web service resource id, an identifier indicating what user the request is destined for, did not contain the information required to identify the user.

Action: Notify your system administrator that invalid web service requests are being made to the system.

200102016

Unable to locate a cached NIDPPrincipal object given the local id.

Type: ERROR:NIDP:WSF:016

Cause: The user session has expired.

Action: The user must login again.

200102017

Unable to locate a NIDPIdentity object given the local id.

Type: ERROR:NIDP:WSF:017

Cause: The user session has expired.

Action: The user must login again.

200103001

The indicated web service is not available or it has been disabled! An attempt was made to access this service to operate on the indicated data.

Type: ERROR:NIDP:WSC:001

Cause: The Web Service Consumer received a request and one of the data tokens referenced a data item that is not available in any of the services known to the Access Manager.

Action: The system has encountered an invalid configuration and should be restarted by the system administrator.

200103002

Cannot make web service request because there are zero web service resource offerings available.

Type: ERROR:NIDP:WSC:002

Cause: The Web Service Consumer received a request but there were zero service resource offerings provided. So, the web service has no destination service to which a request can be made.

Action: The user must login again.

200103003

Unable to locate an identity id from the authentications available in the provided NIDPSession.

Type: ERROR:NIDP:WSC:003

Cause: The user session has expired.

Action: The user must login again.

200104001

Could not get client certificate.

Type: ERROR:NIDP:USERAUTH:001

Cause: Could not get user certificate from the client browser

Action: Install user X509 certificate on the client browser and try again.

200104003

Could not read configuration

Type: ERROR:NIDP:USERAUTH:003

Cause: Could not read configuration out of file

Action: Make sure the X509 config properties file is present.

200104004

User Certificate Authentication Failed

Type: ERROR:NIDP:USERAUTH:004

Cause: User Certificate Authentication Failed due to the reasons in detailed message

Action: Take appropriate action as per the reasons in the detailed message

200104005

No matching Principal found.

Type: ERROR:NIDP:USERAUTH:005

Cause: No Principal from X509Certificate found in User store

Action: Check the X509Class Method and it's attribute mapping profile as defined using administration tool. Also, make sure the matched user exists in the User store.

200104006

More than one Principal matched.

Type: ERROR:NIDP:USERAUTH:006

Cause: Principal from X509Certificate Multiple users found in User store which matched Principal from X509Certificate based on X509Class attribute mapping profile.\

Action: Check the X509Class Method and it's attribute mapping profile as defined using administrator tool. Also, check if multiple user exists in the User store(s).

200104008

Error loading Trust store

Type: ERROR:NIDP:USERAUTH:008

200104009

Client certificate not yet valid.

Type: ERROR:NIDP:USERAUTH:009

Cause: X509 certificate is valid in the future

Action: Use a valid certificate

200104010

Client certificate no longer valid.

Type: ERROR:NIDP:USERAUTH:010

Cause: X509 certificate is expired

Action: Use a valid certificate

200104011

The Certificate has been revoked.

Type: ERROR:NIDP:USERAUTH:011

Cause: The Certificate has been revoked

Action: Use a valid certificate which is not revoked.

200104012

Error Parsing Certificate.

Type: ERROR:NIDP:USERAUTH:012

Cause: Error Parsing Certificate when performing certificate validations

Action: Use a valid X509 certificate.

200104017

Error getting CRL/OCSP.

Type: ERROR:NIDP:USERAUTH:017

Cause: Could not get to the CRL/OCSP URL for validations.

Action: Make sure the CRL/OCSP URLs are accessible Or disable validations in administration. Additionally, can define a different CRL/OCSP URL in the administration tool which the X509Class can also use for validations.

200104018

Could not verify CRL signature.

Type: ERROR:NIDP:USERAUTH:018

Cause: Could not verify signature on the fetched CRL

Action: Make sure the CRL server public key/certificate is in NIDP/ESP trust store.

200104019

Could not find Key for this server.

Type: ERROR:NIDP:USERAUTH:019

Cause: Could not find Key/Cert for NIDP/ESP server towards authenticating to OCSP server

Action: Make sure the NIDP/ESP Signing keystore has appropriate Key/Cert in it.

200104020

CRL/OCSP is too old; New version already available.

Type: ERROR:NIDP:USERAUTH:020

Cause: During validations, the fetched CRL Or OCSP is stale. Newer version will be available

Action: In case of CRLs, next attempt to fetch CRL should get a fresh CRL after purging the cached one. In case of OCSP, notify the OCSP server administrator.

200104021

No Issuer Certificate found.

Type: ERROR:NIDP:USERAUTH:021

Cause: Issuer of user certificate not found which is required for OCSP validations

Action: Make sure the issuer of user/client certificate is either found in certificate-chain or in NIDP/ESP trust store.

200104022

Error getting OCSP Response.

Type: ERROR:NIDP:USERAUTH:022

Cause: Could not get OCSP Response from the OCSP server

Action: Make sure its going to the right OCSP server.

200104023

Error processing OCSP Response.

Type: ERROR:NIDP:USERAUTH:023

Cause: OCSP response could not be processed

Action: Make sure its going to the right OCSP server and that it is operating correctly.

200104024

At least one parameter of OCSPProcessor was uninitialized.

Type: ERROR:NIDP:USERAUTH:024

Cause: At least one parameter of OCSPProcessor was uninitialized during OCSP validations

Action: Make sure the NIDP/ESP Signing keystore has appropriate Key/Cert in it. Also, that the NIDP/ESP OCSP trust store has the valid public-key/certificate of OCSP server.

200104025

Request was already generated.

Type: ERROR:NIDP:USERAUTH:025

Cause: OCSP request was already generated for certificate(s)

Action: Check the client certificate chain.

200104026

OCSP response was already processed

Type: ERROR:NIDP:USERAUTH:026

200104027

Internal error occurred in the OCSP Server.

Type: ERROR:NIDP:USERAUTH:027

Cause: OCSP server responded to the request with an internal error.

Action: Contact OCSP server administrator.

200104028

Your request did not fit the RFC 2560 syntax.

Type: ERROR:NIDP:USERAUTH:028

Cause: OCSP server responded to the request with malformed request message.

Action: Contact OCSP administrator and check the request.

200104029

Your request was not signed.

Type: ERROR:NIDP:USERAUTH:029

Cause: Request to OCSP server needs to be signed.

Action: Enable signing of OCSP requests in X509Class administration.

200104030

The server was too busy to answer you.

Type: ERROR:NIDP:USERAUTH:030

Cause: OCSP server is too busy to respond to requests.

Action: Contact OCSP server administrator.

200104031

The server could not authenticate you.

Type: ERROR:NIDP:USERAUTH:031

Cause: OCSP server could not authenticate Novell Identity server.

Action: Make sure Signing of OCSP requests is enabled and NIDP signing keystore has appropriate key in it. Also, make sure the OCSP server trusts Nidp server.

200104032

Unknown OCSPResponse status code.

Type: ERROR:NIDP:USERAUTH:032

Cause: OCSP server responded to the request with unknown status code.

Action: Contact OCSP server administrator.

200104033

No valid OCSPResponse obtained.

Type: ERROR:NIDP:USERAUTH:033

Cause: Invalid OCSP response obtained.

Action: Check the OCSP server response version and contact administrator.

200104034

Response was generated in the future.

Type: ERROR:NIDP:USERAUTH:034

Cause: OCSP response is not yet valid.

Action: Disable OCSP validations Or Contact OCSP server administrator.

200104035

Error verifying responder certificate.

Type: ERROR:NIDP:USERAUTH:035

Cause: This may happen when reading the OCSP trust store during OCSP validations.

Action: Make sure OCSP trust store exists on NIDP server.

200104036

Response seems to be signed with untrusted certificate.

Type: ERROR:NIDP:USERAUTH:036

Cause: OCSP server trusted-root certificate not found in OCSP trust store.

Action: Import OCSP server trusted root in Nidp's OCSP trust store.

200104037

The received responder id does not match your responder certificate.

Type: ERROR:NIDP:USERAUTH:037

Cause: The response ID received in OCSP response does not match.

Action: Make sure NIDP's OCSP trust store has the right OCSP server public-key certificate.

200104038

Could not verify OCSP server response.

Type: ERROR:NIDP:USERAUTH:038

Cause: OCSP server response is incorrect.

Action: Verify the OCSP server URL. Make sure NIDP's OCSP trust store has the right OCSP server public-key certificate.

200104039

No client certificates inside OCSP response.

Type: ERROR:NIDP:USERAUTH:039

Cause: Empty response from OCSP server.

Action: Verify the OCSP server URL.

200104040

Number of certificates inside OCSP response does not fit to request.

Type: ERROR:NIDP:USERAUTH:040

Cause: OCSP response does not contain the requested number of certificate status.

Action: Verify the OCSP server URL.

200104041

Certificate was revoked in the future.

Type: ERROR:NIDP:USERAUTH:041

Cause: OCSP response not yet valid.

Action: Verify the OCSP server URL.

200104042

Received certificate twice or one, that was not requested.

Type: ERROR:NIDP:USERAUTH:042

Cause: OCSP response does not match request.

Action: Verify the OCSP server URL.

200104043

Request was not accepted.

Type: ERROR:NIDP:USERAUTH:043

Cause: Could not connect to OCSP server.

Action: Verify the OCSP server URL.

200104044

Wrong response type (not application/ocsp-response).

Type: ERROR:NIDP:USERAUTH:044

Cause: Malformed OCSP response.

Action: Verify the OCSP server URL.

200104045

No OCSPResponse message.

Type: ERROR:NIDP:USERAUTH:045

Cause: No OCSPResponse message.

Action: Verify the OCSP server URL.

200104046

Could not read whole OCSPResponse.

Type: ERROR:NIDP:USERAUTH:046

Cause: Malformed OCSP response.

Action: Verify the connection to OCSP server URL.

200104047

Exception Occurred.

Type: ERROR:NIDP:USERAUTH:047

Cause: Error getting CRL.

Action: Verify the connection to CRL server URL.

200104051

Unsupported critical extension OID(s).

Type: ERROR:NIDP:USERAUTH:051

Cause: Some Critical extension OID(s) not understood.

Action: Check the certificate for unsupported critical extensions. If needed, add the processing of the critical extension in NDPCertPathChecker class.

200104053

Error processing CRL Response.

Type: ERROR:NIDP:USERAUTH:053

Cause: Error processing CRL Response.

Action: Check X509class config and user/client certificate CRL extension.

200104054

Error processing certificate validations.

Type: ERROR:NIDP:USERAUTH:054

Cause: Error processing CRL/OCSP validations.

Action: Check X509class config and user/client certificate CRL extension.

200104055

Protocol not supported or none specified.

Type: ERROR:NIDP:USERAUTH:055

Cause: Transport protocol not supported to fetch CRL.

Action: Currently, CRLs can be fetched over http and LDAP protocols. Make sure the X509class config and/or user/client certificate CRL extension does not have any other transport protocol specified.

200104057

Unable to do X509 Certificate based authentication over non SSL (HTTP)

Type: ERROR:NIDP:USERAUTH:057

Cause: URL protocol is HTTP

Action: URL protocol needs to be HTTPS

200104100

Error processing Authorization header

Type: ERROR:NIDP:USERAUTH:100

Cause: Could not process HTTP Authorization header

Action: Try with correct authorization header with base64 encoded SPNEGO token

200104101

Error processing SPNEGO/Kerberos

Type: ERROR:NIDP:USERAUTH:101

Cause: Error processing SPNEGO/Kerberos. The cause is included in detailed message

Action: Take action as per the detailed error message

200104102

No Kerberos Principal found in the token

Type: ERROR:NIDP:USERAUTH:102

Cause: Failure at GSS-API

Action: Make sure the Kerberos keytab file is generated correctly by KDC

200104103

No SPNEGO Token found

Type: ERROR:NIDP:USERAUTH:103

Cause: No SPNEGO Token found in the request

Action: Include the SPNEGO token in the request to use this authentication

200104104

GSS Context already established

Type: ERROR:NIDP:USERAUTH:104

Cause: GSS Context already established

Action: Close the browser and try again

200104106

Unrecognized SPNEGO Token

Type: ERROR:NIDP:USERAUTH:106

Cause: Unrecognized SPNEGO Token

Action: Include the correct SPNEGO token in the request to use this authentication

200104109

Malformed SPNEGO NegTokenInit

Type: ERROR:NIDP:USERAUTH:109

Cause: Malformed token NegTokenInit

Action: Try again with correct NegTokenInit token

200104110

Malformed SPNEGO Token field

Type: ERROR:NIDP:USERAUTH:110

Cause: Malformed SPNEGO Token field

Action: Try again with correct NegTokenInit token

200104111

Multiple users matched in the user stores

Type: ERROR:NIDP:USERAUTH:111

Cause: Multiple users matched in the user stores

Action: Make sure the users are unique in user stores

200104112

No user matched in the user stores

Type: ERROR:NIDP:USERAUTH:112

Cause: No user found in the user stores

Action: Make sure the user attribute (as defined in admin UI) is populated in correct format.

200107005

Error building certificate chain during validations.

Type: ERROR:NIDP::005

Cause: This could occur when all the CDPs are unreachable.

Action: Change the Certificate with correct CDPs or make sure CDP is up and able to serve.

300101002

An authenticated subject is required.

Type: WARN:NIDP:USERMSG:002

Cause: An action that can only be performed by an authenticated user was attempted.

Action: Provide proper user credentials and retry desired action.

300101003

An authentication principal is required.

Type: WARN:NIDP:USERMSG:003

Cause: An action that can only be performed by an authenticated user was attempted.

Action: User must be authenticated to perform operation.

300101004

Identity does not exist or is not specified.

Type: WARN:NIDP:USERMSG:004

Cause: An action was attempted that requires a federated identity to exist.

Action: Create a federated link prior to performing the action.

300101005

Invalid or no provider is specified.

Type: WARN:NIDP:USERMSG:005

Cause: An action was requested related to a trusted provider that does not exist.

Action: Add the desired provider as a trusted entity or check for invalid access to system.

300101006

An authenticated session is required.

Type: WARN:NIDP:USERMSG:006

Cause: An action that can only be performed by an authenticated user was attempted.

Action: Provide proper user credentials and retry desired action.

300101007

Invalid artifact.

Type: WARN:NIDP:USERMSG:007

Cause: An artifact was received from an identity provider that is invalid or has not been used within a reasonable time frame.

Action: Make sure that the provider sending the artifact is trusted or check for possible security intrusions.

300101008

No assertion returned in response.

Type: WARN:NIDP:USERMSG:008

Cause: Assertions will not be returned in a response whenever authentication at the identity provider fails. The cause for this can include invalid configurations and canceling the authentication process at the identity provider.

This response is also returned when a user has reached the maximum number of sessions and then attempts to access a protected resource that requires authentication.

Action: Make sure that both the identity and service providers are configured correctly to trust each other. Provide proper credentials during the authentication process at the identity provider.

300101009

Invalid issuer.

Type: WARN:NIDP:USERMSG:009

Cause: A response was received from a provider that is not trusted.

Action: Make sure intended provider is trusted or check for possible intrusions.

300101010

Response does not match request.

Type: WARN:NIDP:USERMSG:010

Cause: A response was received for a request that was not issued.

Action: Retry action and check for possible intrusion.

300101011

Assertion is being replayed.

Type: WARN:NIDP:USERMSG:011

Cause: An assertion has been received that was already used to authenticate a user at the service provider.

Action: This is a security mechanism that if persists may require some investigation to determine who is trying to replay the assertion. Assertions are only good for single use.

300101012

Assertion does not contain an authentication statement.

Type: WARN:NIDP:USERMSG:012

Cause: An identity provider has sent an assertion that is not complete.

Action: Check with administrator of trusted provider to determine why statement is not being sent.

300101013

Unable to validate the subject of the assertion.

Type: WARN:NIDP:USERMSG:013

Cause: A subject may not have been sent in the assertion or was not valid. This check protects from certain assertion attacks.

If the time is not in sync between the identity provider and the service provider, the subject is invalid because of the timestamp sent with the subject.

Action: If persistent, check the protocol message sent for a time discrepancy between the providers or a missing subject, then notify the administrator of the trusted site.

For more information, see “Federation with External SAML 2.0 Partner Gives 300101013 Error”.

300101014

Assertion not yet valid.

Type: WARN:NIDP:USERMSG:014

Cause: An assertion was received that is not valid until sometime in the future.

Action: Check server's clock for accuracy. Attempt to validate the clock accuracy of the computer generating the assertion.

300101015

Assertion no longer valid.

Type: WARN:NIDP:USERMSG:015

Cause: An assertion was received that had a time validity period that is in the past.

Action: Check server's clock for accuracy. Attempt to validate the clock accuracy of the computer generating the assertion. Try to authenticate again.

300101016

No matching audience.

Type: WARN:NIDP:USERMSG:016

Cause: An assertion was received that was not intended for your server.

Action: Determine the origin of the assertion and make sure that you want to accept assertions from it.

For more information, see “Access Manager 300101016 Error - No Matching Audience”.

300101017

Missing or invalid signature on assertion.

Type: WARN:NIDP:USERMSG:017

Cause: The identity provider did not sign.

Action: Check with provider of assertion to determine why assertion is not signed.

300101018

Missing or invalid signature on request/response.

Type: WARN:NIDP:USERMSG:018

300101020

Digital signature is required.

Type: WARN:NIDP:USERMSG:020

Cause: A protocol message was received that was expected to be digitally signed, but was not.

Action: It may be necessary to contact the trusted provider administrator to determine why the message is not signed. Make sure authentication request signing settings match those for the trusted provider.

300101021

Signature validation failed.

Type: WARN:NIDP:USERMSG:021

Cause: The digital signature of a protocol message could not be verified using the public key obtained in the metadata of a trusted provider.

Action: Update the metadata of trusted provider. This should ensure you have the latest signing certificate.

300101022

An undetermined problem in the message format has occurred.

Type: WARN:NIDP:USERMSG:022

Cause: An error was detected in the exchange of either a Liberty or SAML protocol message.

Action: Turn logging/tracing on to print out the message that is problematic. It may be necessary to contact Novell Technical Services in this case.

300101023

User lookup failed.

Type: WARN:NIDP:USERMSG:023

Cause: An attempt to identify a user failed while attempting to complete a federation at the server.

Action: Check the configuration for identifying users for the trusted provider and ensure the specified method can resolve to a single user in your directory.

300101024

Failed to load java class.

Type: WARN:NIDP:USERMSG:024

Cause: A Java class failed to be loaded during program execution.

Action: Check the logs to determine the class that is failing to load. Make sure the class being loaded is in the classpath of the JVM.

300101025

 

Type: WARN:NIDP:USERMSG:025

300101026

 

Type: WARN:NIDP:USERMSG:026

300101027

 

Type: WARN:NIDP:USERMSG:027

300101028

SOAP TLS authorization failed.

Type: WARN:NIDP:USERMSG:028

Cause: SSL mutual authentication is being used to authenticate a SOAP back channel session and the credentials cannot be validated.

Action: Make sure certificates for back channel communications are trusted on each end.

For more information, see “Access Manager 300101028 - SOAP TLS Authorization Failed”.

300101029

 

Type: WARN:NIDP:USERMSG:029

300101030

SOAP fault.

Type: WARN:NIDP:USERMSG:030

Cause: An error was detected in the transmission of protocols using SOAP.

Action: Turn tracing on and look for any obvious causes for the problem.

300101031

Received an identity that does not resolve to the current logged in user.

Type: WARN:NIDP:USERMSG:031

Cause: This is caused when a user is logged in with one identity and then attempts to authenticate as the identity of another user. For a given session, all authentications must resolve to the same user.

Action: Log out of the current user and log in again as the desired user.

300101032

Assertion is expired.

Type: WARN:NIDP:USERMSG:032

Cause: The use of the assertion to authenticate the server did not occur within the time limits specified by the assertion.

Action: Try and re-authenticate. Determine if there are any network latencies that may cause the assertion not to arrive in a timely fashion. Look for misuse of the assertion.

300101033

IDP return authentication failure.

Type: WARN:NIDP:USERMSG:033

Cause: An IDP's attempt to authenticate the server was unsuccessful. This particular authentication came from the IDP's intersite transfer service and was not requested by the server.

Action: Check at the IDP for a reason why the authentication was a failure. It may just be necessary to attempt authentication again.

300101034

No target is defined.

Type: WARN:NIDP:USERMSG:034

Cause: A request was made of the server's intersite transfer service without specifying a target resource.

Action: Requests for the intersite transfer service must include an id of the intended service provider to be authenticated as well as the target resource to be displayed. To avoid this error, provide an &amp;TARGET="value" on the URL.

300101035

 

Type: WARN:NIDP:USERMSG:035

300101036

Not enough memory to process request.

Type: WARN:NIDP:USERMSG:036

Cause: The system does not have enough memory to complete the requested action.

Action: Wait a few moments for memory to free up and retry request. It may be necessary to add additional memory to the server.

300101037

Server is not in a running state.

Type: WARN:NIDP:USERMSG:037

Cause: A request was made of the server that can only be performed when the server is in a running state.

Action: Start the server.

300101038

JSP file not found.

Type: WARN:NIDP:USERMSG:038

Cause: An attempt was made to load a JSP page that does not exist.

Action: Determine the JSP not loading and make sure it is in the correct location.

300101039

Invalid authentication credentials were provided.

Type: WARN:NIDP:USERMSG:039

Cause: A user has attempted to authenticate to the system with credentials that are not valid for the account.

Action: User needs to enter correct credentials.

300101040

User password has expired.

Type: WARN:NIDP:USERMSG:040

Cause: A user has attempted to authenticate to the system with a password that is expired.

Action: The user needs to create a new password.

300101041

User account identification failed.

Type: WARN:NIDP:USERMSG:041

Cause: Account identification can fail due to: 1. User cancels authentication request 2. User cannot be uniquely identified by Matching Expression 3. Necessary attributes to do user matching or provisioning were not obtained.

Action: Check Account Identification configuration for the trusted provider and make sure that necessary attributes are available. If using Matching Expressions, make sure that they include attributes that can resolve to a single user. If using Provisioning, make sure required attributes are all available in the defined attribute set for the trusted provider.

For more information, see “Access Manager Error 300101041 Provisioning New Users Using SAML2”.

300101042

Invalid assertion conditions.

Type: WARN:NIDP:USERMSG:042

Cause: A set of conditions that are not understood were sent as part of an assertion.

Action: Check with the provider of the assertion to determine what these conditions are and why they are being sent.

300101046

Unknown URL host.

Type: WARN:NIDP:USERMSG:046

Action: Use logs to determine the problematic host and determine why DNS is failing.

300101047

An untrusted provider is being referenced in a request or a response.

Type: WARN:NIDP:USERMSG:047

Action: Use logs to determine the provider that is untrusted and then create a trusted relationship if desired.

300101048

The LDAP servers are too busy to accept more users.

Type: WARN:NIDP:USERMSG:048

Cause: There are too many threads waiting to get an available LDAP connection. The LDAP servers are too busy to accept more users.

Action: Wait a few moments for the LDAP requests to be processed and retry the request. It may be necessary to add additional LDAP servers or upgrade the hardware specifications of the existing LDAP servers.

300101049

The HTTPS protocol was not used to access this authentication card.

Type: WARN:NIDP:USERMSG:049

Cause: Accessing the site was done via http, not https.

Action: Access the site again using https.

300101050

The Authentication Card specified is not valid.

Type: WARN:NIDP:USERMSG:050

Cause: An invalid card identifier was used, most likely due to modifying a url.

Action: Specify cards to use only by clicking on them.

300101051

The user’s session limit has been reached.

Type: WARN:NIDP:USERMSG:051

Cause: User has already logged in the maximum allowable times.

Action: Logout of one or more sessions.

300101052

A response was expected at the url but none was found.

Type: WARN:NIDP:USERMSG:052

Cause: The wrong endpoint may be accessed for the operation desired.

Action: Check the action being performed against the url/endpoint being accessed.

300101053

CardSpace authentication profile failed to load.

Type: WARN:NIDP:USERMSG:053

Cause: TrustedProvider failed to load (probably due to certificate errors).

Action: Check the certificates for the trusted provider and make sure they are valid.

300101054

CardSpace authentication fails becase a required attribute is not in assertion.

Type: WARN:NIDP:USERMSG:054

Cause: A required attribute was not returned in the assertion provided by an STS.

Action: Check the attribute value at the STS, or make the attribute optional.

300102001

No Discovery Service Configured! Unable to create the requested resource offering!

Type: WARN:NIDP:WSF:001

Cause: The system administrator did not create or enable a Discovery service.

Action: Create or enable a Discovery web service.

300102002

Unable to find user object with identifier.

Type: WARN:NIDP:WSF:002

Cause: An LDAP search was performed for a user object with a given identifier. This identifier may be a GUID. The search resulted in zero hits. This usually means that web service data cannot be read or written for the user.

Action: The user needs to login again.

300102003

Unrecognized select string for service.

Type: WARN:NIDP:WSF:003

Cause: The select string (XPath) is either incorrectly formed or not supported by the web service.

Action: The system administrator must enable services to support the select string.

300102004

Unable to process web service query request! Select string missing!

Type: WARN:NIDP:WSF:004

Cause: The select string (XPath) is not in the web service query request.

Action: Inform your system administrator that an improperly formatted web service request is being made.

300102005

Unable to perform trusted user interaction service request. Web service authority was not found.

Type: WARN:NIDP:WSF:005

Cause: An internal system error.

Action: The system has encountered an invalid configuration and should be restarted by the system administrator.

300102006

Unable to perform trusted user interaction service request. Unable to obtain trusted user interaction service description from SOAP headers.

Type: WARN:NIDP:WSF:006

Cause: The web service making the request did not provide valid or complete information about the trusted user interaction service.

Action: The system administrator must complete the definition of the trusted interaction service.

300102007

Unable to perform trusted user interaction service request. No trusted user interaction service description provided in SOAP headers.

Type: WARN:NIDP:WSF:007

Cause: The web service making the request did not provide valid or complete information about the trusted user interaction service.

Action: The system administrator must complete the definition of the trusted interaction service.

300102008

Trusted user interaction service failed.

Type: WARN:NIDP:WSF:008

Cause: There are various unexpected reasons for the failure of a trusted user interaction service request to fail.

Action: Evaluate the reason and take the appropriate actions.

300102009

Error creating user interaction redirection request.

Type: WARN:NIDP:WSF:009

Cause: There was an error converting the redirect request to an XML DOM.

Action: Evaluate the reason and take the appropriate actions.

300102010

Unable to perform user interaction redirection request. User intervention service not found.

Type: WARN:NIDP:WSF:010

Cause: There must be an interaction service on the IDP creating the user interaction redirection request.

Action: If it does not exist, using Access Manager management tools, create one.

300102011

Error reading data from LDAP data attribute plugin.

Type: WARN:NIDP:WSF:011

Cause: If a web service's data locations includes LDAP, then LDAP data attribute plugins are used to read data from the LDAP user store. This error provides descriptions of various errors that can happen while doing this.

Action: Evaluate the reason and take the appropriate actions.

300102012

Error writing data to LDAP data attribute plugin.

Type: WARN:NIDP:WSF:012

Cause: If a web service's data locations includes LDAP, then LDAP data attribute plugins are used to write data to the LDAP user store. This error provides descriptions of various errors that can happen while doing this.

Action: Evaluate the reason and take the appropriate actions.

300102013

Cannot read/write Credential Profile data because the user's LDAP user store distinguished name is not available.

Type: WARN:NIDP:WSF:013

Cause: All Credential Profile reads and writes end up operating on a user object in a user store. If this user object cannot be found, then the operation must fail. This may happen if a temporary identifier is being used for the authentication.

Action: Use a permanent federation to the service provider if your system allows it.

300102014

A Web Service request was received for a user, but the session for that user is not found.

Type: WARN:NIDP:WSF:014

Cause: The user's login has timed out and has been removed from the system.

Action: The user must login again.

300102015

A Web Service request was received for a user, but the session for that user has insufficient data in it.

Type: WARN:NIDP:WSF:015

Cause: An internal error has occurred.

Action: The user must login again.

300102016

A Web Service request was received for a user, but the Liberty User Profile object for that user is unavailable.

Type: WARN:NIDP:WSF:016

Cause: An internal error has occurred.

Action: Make sure the administrator user has rights to read, write and create Liberty User Profile objects in the configuration data store.

300102017

A Web Service request was received for a user, and attempt to read the requested attributes from the Liberty User Profile object was made, but an error occurred.

Type: WARN:NIDP:WSF:017

Cause: An internal error has occurred.

Action: Evaluate the reason and take the appropriate actions.

300102018

A Web Service request was received for a user, While reading user data from an LDAP user object, a mismatch occurred because the LDAP attribute is multi-valued, but the Liberty attribute is single-valued.

Type: WARN:NIDP:WSF:018

Cause: A multi-valued LDAP attribute has been mapped to a single-valued Liberty attribute.

Action: Change the attribute mapping.

300102019

The user used an X509 Certificate to authenticate and we tried to put the cert into the SecretStore as a Base64 DER encoded cert, but we got an encoding error from the security layer when trying to get the DER encoded cert. Result is that there will not be a X509 Certificate in Secret Store for this user.

Type: WARN:NIDP:WSF:019

Cause: The X509 certificate cannot be encoded.

Action: Review the type of X509 certificates that are being used for authentication.

300102020

A SAMLAssertion was requested for a given user. While generating the SAMLAssertion an error occurred.

Type: WARN:NIDP:WSF:020

Cause: The SAMLAssertion cannot be created.

Action: Review the reason for the failure and take appropriate actions.

300102021

 

Type: WARN:NIDP:WSF:021

300102022

 

Type: WARN:NIDP:WSF:022

300103001

The web service request did not return a response within the protocol timeout limit. Request abandoned.

Type: WARN:NIDP:WSC:001

Cause: The web service consumer waited for the web service request to return a response, but it did not during the allowed waiting period.

Action: This waiting period may be increased by click Access Manager > Identity Servers > Edit > Liberty > Web Service Consumer, and setting the Protocol Timeout to a higher value.

300103002

An unexpected error happened in the web service consumer while processing a web service request.

Type: WARN:NIDP:WSC:002

Cause: There are various reasons why a web service request could fail.

Action: Evaluate the reason and take appropriate actions.

300103003

Web service consumer request pending data packet id is not available in request.

Type: WARN:NIDP:WSC:003

Cause: After user interaction, processing of the original request returns to the web service consumer. A data packet containing information about how to continue the request is cached on the web service consumer. The id of that packet must be passed through all redirections and requests associated with the user interaction. If that id is not available when the web service consumer regains control, then the request cannot continue.

Action: Submit the request again.

300103004

The Web service consumer request pending data packet with the indicated id is not available in web service consumer's cache.

Type: WARN:NIDP:WSC:004

Cause: After user interaction, processing of the original request returns to the web service consumer. A data packet containing information about how to continue the request is cached on the web service consumer. The id of that packet must be passed through all redirections and requests associated with the user interaction. That id will be used to access the pending data packet when the web service consumer regains control. If the pending data packet with the corresponding id is no longer available on the system, then the request cannot continue. The data packet may have timed out.

Action: Submit the request again.

300104049

Could not find NIDP PKIX Certificate Path Checker Class.

Type: WARN:NIDP:USERAUTH:049

Cause: PKIX Certificate Path Checker Class not found.

Action: Warning message that PKIX Certificate Path Checker Class not found. This optional class is used to process custom certificate extensions. If required, this class needs to be in NIDP classpath. It may not be present on ESP.

300104050

Could not instantiate NIDP PKIX Certificate Path Checker Class.

Type: WARN:NIDP:USERAUTH:050

Cause: Incorrect class constructor.

Action: Make sure the class has the right constructor.

300105001

No user Login Policy Check LDAP Extension method available on user store.

Type: WARN:NIDP:APP:001

Cause: User authenticated using X509. An additional check of the directory's user login policy needs to be made using an LDAP method extension. However, the directory indicated does not support the required LDAP extension method.

Action: Make sure the LDAP extension method with OID 2.16.840.1.113719.1.39.42.100.25 is present in the user store. Versions 8.7.3 and greater of eDirectory should support this method.

300105002

 

Type: WARN:NIDP:APP:002

300105003

 

Type: WARN:NIDP:APP:003

300105004

 

Type: WARN:NIDP:APP:004

300105005

 

Type: WARN:NIDP:APP:005

300105006

 

Type: WARN:NIDP:APP:006

300105007

 

Type: WARN:NIDP:APP:007

300105008

 

Type: WARN:NIDP:APP:008

300105009

 

Type: WARN:NIDP:APP:009

300105010

 

Type: WARN:NIDP:APP:010

300105011

 

Type: WARN:NIDP:APP:011

300105012

 

Type: WARN:NIDP:APP:012

300105013

 

Type: WARN:NIDP:APP:013

300105014

 

Type: WARN:NIDP:APP:014

300105015

 

Type: WARN:NIDP:APP:015

300105016

 

Type: WARN:NIDP:APP:016

300105017

 

Type: WARN:NIDP:APP:017

300105018

 

Type: WARN:NIDP:APP:018

300105019

 

Type: WARN:NIDP:APP:019

300105020

 

Type: WARN:NIDP:APP:020

300105021

Unable to delete unneeded Image Pool Image File.

Type: WARN:NIDP:APP:21

Cause: On startup, the NIDP Image Pool is synchronized from eDirectory to the file system. This allows HTML pages to access images from a well known file system structure. Part of synchronization process involves deleting from the file system images that no longer exist in eDirectory. Also, the reverse is true, images that are new to eDirectory and do not yet exist on the file system are created in directories that reflect the image set. File system errors may occur during this synchronization process if a file or directory cannot be deleted or created.

Action: Ensure that no errant files are copied or directories manually created in the file system path [TOMCAT_HOME]/webapps/nidp/images/pool. Make sure the disk is not full.

300105022

Unable to create a necessary directory for the Image Pool.

Type: WARN:NIDP:APP:22

Cause: On startup, the NIDP Image Pool is synchronized from eDirectory to the file system. This allows HTML pages to access images from a well known file system structure. Part of synchronization process involves deleting from the file system images that no longer exist in eDirectory. Also, the reverse is true, images that are new to eDirectory and do not yet exist on the file system are created in directories that reflect the image set. File system errors may occur during this synchronization process if a file or directory cannot be deleted or created.

Action: Make sure the disk is not full.

300105023

Unable to create a necessary directory for the Image Pool.

Type: WARN:NIDP:APP:23

Cause: On startup, the NIDP Image Pool is synchronized from eDirectory to the file system. This allows HTML pages to access images from a well known file system structure. Part of synchronization process involves deleting from the file system images that no longer exist in eDirectory. Also, the reverse is true, images that are new to eDirectory and do not yet exist on the file system are created in directories that reflect the image set. File system errors may occur during this synchronization process if a file or directory cannot be deleted or created.

Action: Make sure the disk is not full.

300105024

Unable to update the "last used" attribute of an identity object.

Type: WARN:NIDP:APP:24

Cause: Each time an identity object is accessed, the "last used" time is updated. This allows the system to track identities that have not been used for a configurable time period so that they may be deleted.

Action: Make sure the administrator object for the Trust/Config data store has rights to the indicated directory context.

300105025

Unable to auto delete an identity object.

Type: WARN:NIDP:APP:25

Cause: Periodically, the IDP attempts to clean up (delete) identity objects that have not been used for a configurable period of time. If an old unused identity is found, an attempt will be made to delete it. If that delete fails, this error will be logged.

Action: Make sure the administrator object for the Trust/Config data store has rights to the indicated directory context.

300105027

No Filename specified in System property.

Type: WARN:NIDP:APP:27

Cause: Trying to read properties from file which is not specified in System property.

Action: Make sure the properties file is passed in the appropriate system property .

300105028

Error trying to delete a CardSpace Issued Card Identity Object.

Type: WARN:NIDP:APP:28

Cause: When a CardSpace Managed Card that is backed by a Personal Card is issued, an Identity object is created to represent the "Federation" that allows that card to log into the IDP without supplying any additional credentials. For security reasons, the user may delete that Identity object, or that "federation," when the associated card becomes out of date or compromised. However, when the system attempted to delete the Identity object, the indicated error happened.

Action: Examine the supplied error detail and take applicable actions.

300105029

Cannot load a custom LDAP Store Plugin module.

Type: WARN:NIDP:APP:29

Cause: The java.lang.Class.forName() method call failed to load the LDAP Store Plugin class.

Action: Ensure a valid Java class file is available in Access Manager's class path for the referenced plugin class file.

300105030

Cannot instantiate a custom LDAP Store Plugin module.

Type: WARN:NIDP:APP:30

Cause: The java.lang.Class.newInstance() method call failed to instantiate the LDAP Store Plugin class.

Action: Ensure a valid Java class file is available in Access Manager's class path for the referenced plugin class file. Also, ensure the LDAP Store Plugin has a zero parameter constructor.

300105031

A user store was configured with an unrecognized directory type.

Type: WARN:NIDP:APP:031

Cause: The configuration was manually modified to include an invalid directory type specifier. Or the configuration has been corrupted. Or there was no valid implementation of an LDAP Store Plugin for this directory type.

Action: Examine the supplied error detail and take applicable actions.

300106001

 

Type: WARN:NIDP:IDFF:001

300106002

 

Type: WARN:NIDP:IDFF:002

300106003

 

Type: WARN:NIDP:IDFF:003

300106004

 

Type: WARN:NIDP:IDFF:004

300106005

 

Type: WARN:NIDP:IDFF:005

500102001

The authentication information for the user was successfully found.

Type: INFO:NIDP:WSF:001

Scenario: A Web Service request was made to query or modify user attributes. The user's authentication information was successfully found.

See Also: 600102001

500102002

The Liberty User Profile object for the associated user was found in the configuration datastore.

Type: INFO:NIDP:WSF:002

Scenario: A Web Service request was made to query or modify user attributes. One of the data locations specified for the service is the Liberty User Profile object and that object was successfully found.

500102003

Created new user profile object.

Type: INFO:NIDP:WSF:003

Scenario: A request was made to query or modify user's attributes. A Liberty User Profile object did not yet exist for this user, so one was created.

500102004

Read data from user profile object.

Type: INFO:NIDP:WSF:004

Scenario: A Web Service request was made to query user attributes. One of the data locations specified for the service is the Liberty User Profile object and that object was successfully read.

See Also: 600102002

500102005

Attempted to read data from the Liberty User Profile object, but it did not contain the requested data.

Type: INFO:NIDP:WSF:005

Scenario: A Web Service request was made to query user attributes. One of the data locations specified for the service is the Liberty User Profile object. That object was successfully accessed but did not contain the requested data.

500102006

Read data from attributes obtained when a remote authentication source pushed the attributes to the NIDP.

Type: INFO:NIDP:WSF:006

Scenario: When a user authenticates, the authentication entity can push user attributes to the NIDP as part of the response to the authentication. The NIDP remembers these attributes for the life of that user session. If one of the data locations specified for a Web Service is remote, then these attributes may be returned as part of a query.

See Also: 600102005

500102007

Read data by making a call to a remote service made available through a user authentication.

Type: INFO:NIDP:WSF:007

Scenario: A request was made to query a user's attributes. One of the data locations for the Web Service was remote. So, a request was made to a remote service to read attributes.

See Also: 600102006

500102008

Completed building composite data that was read from all data locations for user.

Type: INFO:NIDP:WSF:008

Scenario: A request was made to query a user's attributes. If multiple data locations are specified for the Web Service, then attributes may be read from multiple data locations and then aggregated into a composite data structure.

See Also: 600102007

500102009

Initiating a user interaction redirect.

Type: INFO:NIDP:WSF:009

Scenario: A request was made to query or modify user's attributes. Policy indicates that the user must be asked if the attribute operation is permitted. The request indicated that a redirect user interaction service should be used to perform user interaction, so redirection is being invoked using the redirection user interaction service protocol.

500102010

Initiating a user interaction call to a trusted user interaction service.

Type: INFO:NIDP:WSF:010

Scenario: A request was made to query or modify user's attributes. Policy indicates that the user must be asked if the attribute operation is permitted. The request indicated that a trusted user interaction service should be used to perform user interaction, so that service is being invoked using the trusted user interaction service protocol.

500102011

Read Credential Profile data from Novell Secret Store.

Type: INFO:NIDP:WSF:011

Scenario: A request was made to query data from a user's Credential Profile. The data was successfully read.

See Also: 600102008

500102012

Read Credential Profile data from an extended user authentication object attribute.

Type: INFO:NIDP:WSF:012

Scenario: A request was made to query data from a user's Credential Profile. The data was read from an extended schema attribute on the user's authenticated user object.

See Also: 600102010

500102013

Web service data write denied because the LDAP attribute plugin access for the named data item is read only!

Type: INFO:NIDP:WSF:013

Scenario: The system administrator has marked this data item as read only in the LDAP Attribute Plugin.

500102014

Override not allowed. Cannot override existing data.

Type: INFO:NIDP:WSF:014

Scenario: The data that is being written already exists in the user's profile. Data override is not allowed so this data cannot be written.

500102015

Existing data changed since notChangedSince time.

Type: INFO:NIDP:WSF:015

Scenario: User profile data is marked with the last time the data changed. The query request indicated that it did not want the data written if the current data in the profile has been changed since an indicated time. The system determined that the current data in the profile has been changed since the time provided, so this data cannot be written.

500103001

Filled the user attribute request from data already in the web service consumer cache.

Type: INFO:NIDP:WSC:001

Scenario: When the WSC reads user attributes, it caches the results of each read. In this case, a subsequent request queried attributes already read, so they were provided from the WSC cache.

500103002

Web service consumer request complete.

Type: INFO:NIDP:WSC:002

Scenario: The WSC was asked to query or modify data for a given user. That request is complete.

500103003

Web service consumer request requires user interaction.

Type: INFO:NIDP:WSC:003

Scenario: The WSC was asked to query or modify data for a given user. The entity called to perform the operation indicated that the user must be asked if the attribute operation is acceptable.

500103004

User interaction policy and data values received.

Type: INFO:NIDP:WSC:004

Scenario: A Web Service request was made to query or modify user attributes. It was determined that the user must be asked if the attribute operation is acceptable. The user's answers have been returned to the NIDP.

500104002

Getting properties from file (informational)

Type: INFO:NIDP:USERAUTH:002

Scenario: Getting properties from file

500104007

X509 Authentication matched principal (informational)

Type: INFO:NIDP:USERAUTH:007

Scenario: X509 Authentication matched principal

500104013

No CRL/OCSP defined by the administrator

Type: INFO:NIDP:USERAUTH:013

Cause: No CRL/OCSP defined by the administrator

500104014

No CRL/OCSP found in the certificate.

Type: INFO:NIDP:USERAUTH:014

Cause: No CRL/OCSP found in the certificate

Action: CRL/OCSP validations are enabled but no CRL/OCSP responder URL was defined by the administrator. CRL/OCSP URLs may be defined if needed.

500104016

Could not fetch CRL from the local cache (informational)

Type: INFO:NIDP:USERAUTH:016

Scenario: Could not fetch CRL from the local cache, getting it from the CDP

500104048

Successfully loaded NIDP PKIX Certificate Path Checker Class (informational)

Type: INFO:NIDP:USERAUTH:048

Scenario: Successfully loaded NIDP PKIX Certificate Path Checker Class

500104113

Kerberos Principal match found in the user store (informational)

Type: INFO:NIDP:USERAUTH:113

Scenario: Kerberos Principal found in the user store

500105001

Forwarding HTTP request to cluster member.

Type: INFO:NIDP:APP:001

Scenario: A request was received on a cluster member that does not own the authentication information for the associated user. The request must be processed on the cluster member that does own the user authentication information, so the request is being forwarded to that cluster member.

500105002

Successfully initialized JNDI connections.

Type: INFO:NIDP:APP:002

Scenario: NIDP attempts to create JNDI connections to each user store replica during NIDP startup. In this case, NIDP was able to establish connections with the indicated host.

500105003

Failed X509 authentication due to Login Policy Check Extension Method evaluation.

Type: INFO:NIDP:APP:003

Scenario: The directory login policy for the indicated user denied login.

500105004

An recoverable error happened while forwarding a login request.

Type: INFO:NIDP:APP:004

Scenario: The request landed on the wrong cluster member. An attempt was made to proxy the request, but an error occurred! However, this ESP can process this request, so let execution proceed on this box.

500105005

 

Type: INFO:NIDP:APP:005

500105006

 

Type: INFO:NIDP:APP:006

500105007

 

Type: INFO:NIDP:APP:007

500105008

 

Type: INFO:NIDP:APP:008

500105009

 

Type: INFO:NIDP:APP:009

500105010

 

Type: INFO:NIDP:APP:010

500105011

 

Type: INFO:NIDP:APP:011

500105012

 

Type: INFO:NIDP:APP:012

500105013

 

Type: INFO:NIDP:APP:013

500105014

 

Type: INFO:NIDP:APP:014

500105015

 

Type: INFO:NIDP:APP:015

500105016

 

Type: INFO:NIDP:APP:016

500105017

 

Type: INFO:NIDP:APP:017

500105018

 

Type: INFO:NIDP:APP:018

500105019

 

Type: INFO:NIDP:APP:019

500105020

 

Type: INFO:NIDP:APP:020

500105021

 

Type: INFO:NIDP:APP:021

500105022

 

Type: INFO:NIDP:APP:022

500105023

 

Type: INFO:NIDP:APP:023

500105024

 

Type: INFO:NIDP:APP:024

500105025

 

Type: INFO:NIDP:APP:025

500105026

 

Type: INFO:NIDP:APP:026

500105027

 

Type: INFO:NIDP:APP:027

500105028

 

Type: INFO:NIDP:APP:028

500105029

 

Type: INFO:NIDP:APP:029

500105030

 

Type: INFO:NIDP:APP:030

500105031

 

Type: INFO:NIDP:APP:031

500105032

 

Type: INFO:NIDP:APP:032

500105033

 

Type: INFO:NIDP:APP:033

500105034

 

Type: INFO:NIDP:APP:034

500105035

 

Type: INFO:NIDP:APP:035

500105036

 

Type: INFO:NIDP:APP:036

500105037

 

Type: INFO:NIDP:APP:037

500105038

 

Type: INFO:NIDP:APP:038

500105039

 

Type: INFO:NIDP:APP:039

500105040

 

Type: INFO:NIDP:APP:040

500105041

 

Type: INFO:NIDP:APP:041

500105042

 

Type: INFO:NIDP:APP:042

500105043

 

Type: INFO:NIDP:APP:043

500105044

 

Type: INFO:NIDP:APP:044

500105045

 

Type: INFO:NIDP:APP:045

500105046

The specified identity object was deleted because it was not used for a configurable time period.

Type: INFO:NIDP:APP:046

Scenario: Periodically, the IDP attempts to clean up (delete) identity objects that have not been used for a configurable period of time. If an old unused identity is found, an attempt will be made to delete it. When this delete succeeds, this message will be logged.

500106001

 

Type: INFO:NIDP:IDFF:001

500106002

 

Type: INFO:NIDP:IDFF:002

500106003

 

Type: INFO:NIDP:IDFF:003

500106004

 

Type: INFO:NIDP:IDFF:004

500106005

 

Type: INFO:NIDP:IDFF:005

500106006

 

Type: INFO:NIDP:IDFF:006

500106007

 

Type: INFO:NIDP:IDFF:007

500106008

 

Type: INFO:NIDP:IDFF:008

600102001

Verbose user authentication information.

Type: DEBUG:NIDP:WSF:001

Scenario: Adds verbose authentication data to the fact that the user associated with the attribute request was found in the internal databases of the web service provider.

See Also: 500102001

600102002

Verbose user authentication information, attribute select string, and data.

Type: DEBUG:NIDP:WSF:002

Scenario: A Web Service request was made to query user attributes. One of the data locations specified for the service is the Liberty User Profile object. The data listed in this message was successfully read for the indicated user using the indicated XPath.

See Also: 500102004

600102003

Read single-valued attribute from user authentication LDAP object.

Type: DEBUG:NIDP:WSF:003

Scenario: A Web Service request to query user attribute data was received. One of the data locations was LDAP. This message displays the value read from the indicated LDAP attribute for the indicated user.

600102004

Read multi-valued attribute from user authentication LDAP object.

Type: DEBUG:NIDP:WSF:004

Scenario: A Web Service request to query user attribute data was received. One of the data locations was LDAP. This message displays the value read from the indicated LDAP attribute for the indicated user.

600102005

Verbose user authentication and attribute information.

Type: DEBUG:NIDP:WSF:005

Scenario: When a user authenticates, the authenticating entity can push user attributes to the NIDP as part of the response to the authentication. The NIDP remembers these attributes for the life of that user session. If one of the data locations specified for a Web Service is remote, then these attributes may be returned as part of a query.

See Also: 500102006

600102006

Adds verbose user and attribute information to attributes read from a remote service whose description was obtained at authentication time.

Type: DEBUG:NIDP:WSF:006

Scenario: A request was made to query a user's attributes. One of the data locations for the Web Service was remote. So, a request was made to a remote service to read attributes.

See Also: 500102007

600102007

Adds verbose user and attribute information to the final aggregated result of a web service query!

Type: DEBUG:NIDP:WSF:007

Scenario: A request was made to query a user's attributes. If multiple data locations are specified for the Web Service, then attributes may be read from multiple data locations and then aggregated into a composite data structure.

See Also: 500102008

600102008

Adds verbose data to reading Credential Profile data from Novell Secret Store.

Type: DEBUG:NIDP:WSF:008

Scenario: A request was made to query data from a user's Credential Profile. The data was successfully read.

See Also: 500102011

600102009

The user successfully logged into Novell Secret Store using SAML/SASL.

Type: DEBUG:NIDP:WSF:009

Scenario: To access secrets from Novell Secret Store, the user must authenticate to Novell Secret Store.

600102010

Adds verbose data to reading Credential Profile data from an extended user authentication object attribute.

Type: DEBUG:NIDP:WSF:010

Scenario: A request was made to query data from a user's Credential Profile. The data was read from an extended schema attribute on the user's authenticated user object.

See Also: 500102012

600105001

Do not need to proxy HTTP request to other cluster member. Well known URL that does not require the use of a proxy.

Type: DEBUG:NIDP:APP:001

Scenario: The request is one of a well known list of request types that may be processed on any cluster member, so it does not need to be forwarded to another cluster member.

600105002

Do not need to proxy HTTP request to other cluster member. This cluster member can handle requests for this user.

Type: DEBUG:NIDP:APP:002

Scenario: The request arrived at the cluster member that owns the authentication information for the user. The request may have come straight from the router to this cluster member, or the request may have been forwarded here by another cluster member.

600105003

Obtained IP address of cluster member handling this users requests from URL parameter.

Type: DEBUG:NIDP:APP:003

Scenario: Each request must be processed on the cluster member that owns the user authentication information. The IP address of that cluster member was found in a URL parameter.

600105004

Obtained IP address of cluster member handling this users requests from HTTP cookie.

Type: DEBUG:NIDP:APP:004

Scenario: Each request must be processed on the cluster member that owns the user authentication information. The IP address of that cluster member was found in an HTTP cookie.

600105005

Obtained IP address of cluster member handling this user's requests by asking cluster members which one handles this user session.

Type: DEBUG:NIDP:APP:005

Scenario: Each request must be processed on the cluster member that owns the user authentication information. The IP address of that cluster member was found by asking all cluster members which one knew about the user's session.

600105006

Must proxy HTTP request to other cluster member.

Type: DEBUG:NIDP:APP:006

Scenario: Each request must be processed on the cluster member that owns the user authentication information. It has been determined that this cluster member is not the correct cluster member to process this request, so the request must be forwarded to another cluster member.

600105007

Response of proxy HTTP request.

Type: DEBUG:NIDP:APP:007

Scenario: Each request must be processed on the cluster member that owns the user authentication information. It was determined that this cluster member is not the correct cluster member to process this request, so the request was forwarded to another cluster member. The results of the request, as processed on the other cluster member, are displayed here.

600105008

Successfully obtained SOAP response document.

Type: DEBUG:NIDP:APP:008

Scenario: A SOAP request was made and a response was expected, the response was successfully obtained.

600105009

 

Type:DEBUG:NIDP:APP:009

600105010

 

Type: DEBUG:NIDP:APP:010

600105011

 

Type: DEBUG:NIDP:APP:011