Express (Distributed operating systems), v8.0 > Reference > Messages
SECJ
SECJ0007E: Error during security initialization. The exception is {0}.
Explanation An unexpected error occurred during security initialization. Action This is a general error. Look for previous messages that might be related to the failure or to a configuration problem. Enabling security debug trace for components com.ibm.ws.security.* and com.ibm.ejs.security.* might yield additional information. SECJ0010E: Invalid credential
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0040E: Error occurred while generating new LTPA keys. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0041E: Can't set Authentication Mechanism to LTPA when LTPAConfig is null
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0045E: Error initializing security/SAS
Explanation An error occurred while initializing the Secure Association Service, which is part of the ORB security. Action Verify that the property file, usually sas.server.props, is present and has read permission. SECJ0046I: SAS Property:{0} has been updated
Explanation Informational. Action A security configuration change has caused a SAS Property to be updated. SECJ0047E: Missing or malformed security configuration URL specified by property {0}
Explanation The URL used to specify Secure Association Service properties is missing or malformed. Action The URL is usually specified as a property name when starting WebSphere from the command line with the -D argument. For example: -Dcom.ibm.CORBA.ConfigURL=file:/C:/wastd/AppServer/properties/sas.server.props. Verify that the property and URL is specified and refers to a valid file and the file has the read permission. SECJ0048E: Error updating or loading future security configuration URL specified by property {0}
Explanation The path or file specified in the property might be not valid or there could be a file permission problem. Action Verify that the path and file specified by the property is valid and the file has read permission. SECJ0049E: Configuration error encountered while starting the server
Explanation An unexpected RemoteException, OpException or IOException occurred during server startup. There could be problems with loading or writing of security configuration URL property files. Action Verify that the file associated with security configuration URL property file (typically sas.server.props) has read permission and is writable. SECJ0050E: Error encountered while shutting down the server
Explanation An unexpected RemoteException, OpException or IOException occurred during server shutdown. There could be problems with loading or writing of security configuration URL property files. Action Verify that the file associated with security configuration URL property file (typically sas.server.props) has read permission and is writable. SECJ0051E: IOException when determining whether configuration is current with property file {0} or {1}
Explanation A loadProperties() operation probably failed. Action Verify that the file associated with security configuration URL property file (typically sas.server.props) has read permission and is writable. SECJ0052E: Authorization failed while invoking ({0}){1} {2} - invalid credentials
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0053E: Authorization failed for {0} while invoking ({1}){2} {3} {4}
Explanation The user does not have the necessary permission to access the resource. This failure might be expected if the user should not be granted access. If this error is unexpected, then there are several possible causes. The user has not been mapped to one the roles protecting the resource if the user requires access to the protected resource. The user is not a member of one of the groups that might have been mapped to one of the roles. If WebSphere security is configured to use LDAP as the user registry, the WebSphere security LDAP user and group search filter configuration might not match what the LDAP directory expects. Action If the authorization failure is unexpected, verify the user, or a group that the user is a member of, is mapped to the role protecting the resource. Verify that the WebSphere security LDAP user and group filters configuration match what the LDAP directory expects. SECJ0054E: No own credentials
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0055E: Authentication failed for {0}. The user id or password might have been entered incorrectly or misspelled. The user id might not exist, the account could have expired or disabled. The password might have expired.
Explanation The user could not be authenticated. The user id or password might have been entered incorrectly. The user might not exist in the user registry that WebSphere is configured to authenticate to. If WebSphere security is configured to use LDAP as the user registry, the WebSphere security LDAP user and group search filter configuration might not match what the LDAP directory expects. Action Verify that the user id and password are entered correctly and exist in the user registry. If LDAP is configured as the security user registry, verify the WebSphere security LDAP user and group filters configuration match what the LDAP directory expects. Consult with the administrator of the user registry that WebSphere is configured to use if the problem persist. SECJ0056E: Authentication failed for reason {0}
Explanation Authentication failed with the specified reason. Action Verify that the user id and password are entered correctly. Consult with the administrator of the user registry if the problem persist. SECJ0057E: Invalid authentication data
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0058E: LTPAServer does not exist
Explanation This is an internal error probably due to LTPAServer initialization problems. Action More info at:
SECJ0059E: Cannot create LTPAServer without a password
Explanation The wrong constructor was used when trying to create an instance of LTPAServerBean. Action More info at:
SECJ0060E: LTPA configuration not found
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0061E: LTPAConfig creation exception
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0062E: LTPAConfig remove exception
Explanation This is an internal error. The ejbRemove() operation failed on the LTPAConfigBean. Action More info at:
SECJ0063E: Credential mapping failed due to invalid access ID
Explanation This is an internal error. Cannot get accessID from credential. Action More info at:
SECJ0064E: Credential mapping failed
Explanation The credential mapping can fail for a number of reasons: The credential token is not an instance of a supported CredentialToken type for a mapping. The principal identified in the credential cannot be mapped to an entry or found in the user registry. A user registry exception occurs if the user registry has been stopped. Action Verify that the user registry is operational. Also verify that the principal exists in the target user registry if appropriate. The exception reported with this error message might help to diagnose the problem. SECJ0065E: Unsupported encoding
Explanation This is an internal error. An UnsupportedEncodingException occurred when the LTPAServer tried to encode the token value. Action More info at:
SECJ0066E: registry impl object has been stopped
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0067E: Cannot map the credential of the given credential token for subject DN {0} into LDAP because of an LDAP filter mapping exception.
Explanation The credential mapping can fail for a number of reasons: The credential token is not an instance of a supported CredentialToken type for a mapping. The principal identified in the credential cannot be mapped to an entry or found in the user registry. A user registry exception occurs or if the user registry has been stopped. Action Verify that the user registry is operational. Also verify that the principal exists in the target user registry if appropriate. The exception reported with this error message might help to diagnose the problem. SECJ0068E: LDAP initialization error. The exception is {0}.
Explanation An unexpected exception occurred when configuring for LDAP. Action Verify that the WebSphere LDAP configuration settings such as the provider URL are correct in the Security Center GUI. If using SSL, make sure that the SSL configuration is correct. SECJ0069E: Problem getting Security Name for privilege id: {0}. The exception is {1}.
Explanation Cannot find a name for the specified SID in the Windows user registry.This can occur if a network time-out prevents the function from finding the name. It also occurs for SIDs that have no corresponding account name, such as a logon SID that identifies a logon session Action WebSphere might still have a reference to the user in the authorization table but, that user might have been removed from the Windows user registry. If you know the user, remove it from any resource protection permissions in WebSphere. If the user is still valid, then it needs to be recreated in the Windows user registry and then reassigned to proper resource permissions in WebSphere. SECJ0070E: No privilege id configured for: {0}
Explanation Unable to find a SID for the specified user in the Windows user registry. The user might not exist in the user registry. Action If appropriate create the user in the user registry. SECJ0072E: Error finding registry for type {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0073E: Error finding registry entry for privilege id {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0074E: Error creation user registry. The exception is {0}
Explanation An unexpected exception occurred when trying to load or create the user registry. Action Verify that the CLASSPATH used to start WebSphere is correct and that the jar files have at least the read permission and exist. SECJ0075E: Unsupported entry type {0}
Explanation This is an internal error. A registry of the specified type could not be looked up. Action More info at:
SECJ0076E: Error creating registry entry home
Explanation This is an internal error. Unable to create the home for the registry. Action More info at:
SECJ0077E: Registry impl class {0} not found for type {1}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0078E: User registry does not exist
Explanation Unable to lookup RegistryHome in name space or narrow failed. The class for the user registry was not registered in the name space correctly or the class file for the user registry cannot be found. Action Verify that the class path is correct and that the required classes exist. SECJ0079E: User type not supported in the user registry
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0080E: User entry is not found in the registry
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0081E: Registry exception
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0082E: Error during web security initialization
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0083E: Error initializing web cache on admin server
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0084W: Error while initializing security web configuration. The exception is {0}.
Explanation An error internal occurred while initializing the security attributes of a Web Application. Action More info at:
SECJ0085E: Error initializing admin web cache
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0086E: Configuration error
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0087E: Internal Server Error
Explanation The HttpServletResponse indicates an Internal Server Error has occurred. Action More info at:
SECJ0088E: Error deleting permission
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0089E: Error obtaining all permissions
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0090E: Error obtaining method group for method {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0091E: Error looking up Application home
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0092E: Application home not found
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0093E: Relation home not found
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0094E: Admin Application does not exist
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0095E: Exception while initializing admin permissions
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0096E: Error creating method group {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0097E: Error finding method groups
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0098E: Error finding method group {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0099E: Error finding method group for id {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0100E: Error storing method group
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0101E: Error removing method group
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0102E: Error creating method group
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0103E: MethodGroupHome does not exist
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0104E: Error creating predefined method groups
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0105E: An unexpected exception occurred when decoding the value [{0}] for password [{1}] in the security configured URL
Explanation The encoded password cannot be decoded because it is missing or malformed. Action Verify that the passwords in the security configuration URL are not corrupted or missing. Reset the affected password through the WebSphere Admin console if possible. If all else fails, reset the password to its plain text value in the security configuration URL (which is usually sas.server.props). SECJ0106E: An unexpected exception occurred when encoding the value [{0}] for password [{1}] in the security configured URL
Explanation The password cannot be encoded because it is missing or malformed. Action Verify that the passwords in the security configuration URL are not corrupted or missing. Reset the affected password through the WebSphere Admin console if possible. If all else fails, reset the password to its plain text value in the security configuration URL (which is usually sas.server.props). SECJ0107W: The {0} file does not exist
Explanation This exception is unexpected. The cause is not immediately known. Action If this message is from a warning, then it is a temporary problem which is usually recovered from automatically. If it is not a warning, then check the file permissions for the file to ensure that they are readable. If the file is missing, restore it. SECJ0108E: Unexpected exception occurred when getting user registry or registry attributes.
Explanation This exception is unexpected. The cause is not immediately known. Action Verify that the user registry has been configured in WebSphere properly. SECJ0109W: Recovering ({0}) from ({1})
Explanation The security configuration URL is being recovered from the future version. This might happen if the security configuration URL is missing or has been deleted. Action None SECJ0110E: I/O Error occurred when loading property URL {0}
Explanation A loadProperties() operation probably failed. Action Verify that the file permissions associated with security configuration URL property file (typically sas.server.props) are read and writable. SECJ0111W: RunAsMap Not defined properly for Application {0}
Explanation The run-as-bindings size is zero for this application. Action Verify that the run-as bindings are specified for the application if necessary. SECJ0112W: Authorization Table Not defined for Application {0}
Explanation No security constraints or roles have been defined for this application. Action If security is not necessary for this application, ignore this message. Otherwise, review the security requirements of this application. SECJ0113E: An unexpected exception occurred in getRequiredRoles for method {0} and resource {1}. The exception is {2}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0114W: Unable to extract the security attributes from the credential
Explanation The credential might be malformed or corrupted. Action More info at:
SECJ0115W: The credential has a null value for the public name
Explanation The credential is possibly malformed or corrupted. Action More info at:
SECJ0116W: Unable to extract the credential token from the credential
Explanation The credential is possibly malformed or corrupted. Action More info at:
SECJ0117E: Form login failed for user {0}
Explanation The user could not be authenticated by the FormLogin Servlet. The user id or password might have been entered incorrectly. The user might not exist in the user registry that WebSphere is configured to authenticate to. Action Verify that the user id and password are entered correctly. Consult with the administrator of the user registry if the problem persists. SECJ0118E: Authentication error during authentication for user {0}
Explanation An authentication error occurred during authentication. This could be due to a user name and password that is not valid. Action Verify that the user name and password specified are valid. SECJ0119E: Error getting the web app information for form login. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0120I: Trust Association Init loaded {0} interceptor(s)
Explanation Reports the number of Trust Association interceptors that have been added. Action None, informational only. SECJ0121I: Trust Association Init class {0} loaded successfully
Explanation Self Explanatory. Action None, informational only. SECJ0122I: Trust Association Init Interceptor signature: {0}
Explanation Reports the signature of the Trust Association interceptor. Action None, informational only. SECJ0123E: Trust Association Init Error retrieving class loader. Trust Association cannot be enabled.
Explanation getClassLoader() operation returned null. Action Verify that the appropriate Trust Association classes are installed and the class path is correct. SECJ0124E: Trust Association Init No interceptor class {0} found
Explanation The interceptor class file specified in trustedservers.properties cannot be found. Action Verify that the appropriate Trust Association classes are installed and the class path is correct. Also verify that the class specified in the trustedservers.properties file is correct and that the file has at least read permission. SECJ0125E: Trust Association Init Unable to load Trust Association class {0}.
Explanation A ClassNotFoundException occurred when trying to load the subject class. Action Verify that the appropriate Trust Association classes are installed and the class path is correct. SECJ0126E: Trust Association failed during validation. The exception is {0}. Make sure that the setup is correct and that the user credentials are valid.
Explanation When the appropriate interceptor is found for a given request, that interceptor then validates its trust with the reverse proxy server. This error message suggests that the validation has failed and therefore the reverse proxy cannot be trusted. For example, an incorrect or expired password might have been provided. Action In a production environment, the user might be alerted to check if there is an intruder in the system. In a development environment in which testing is underway, verify if the expected inputs from the reverse proxy server is in fact being passed to the interceptor correctly. The nature of these inputs really depends on how trust association is being established. For example, the simplest method would be to pass a user name/password through the Basic Authentication header. SECJ0127E: Unable to find a valid user for Trust Association
Explanation When the WebAuthenticator invoked an interceptor to return the authenticate user name, no such user name was returned. Action Verify that the reverse proxy server is inserting the correct user name in the HTTP request before it sends the request to WebSphere. SECJ0128E: An unexpected exception occurred during Trust Association. The exception is {0}.
Explanation This refers to all other exceptions that can be possibly created by an interceptor, when validating trust with the reverse proxy server and when getting the authenticated user name, aside from WebTrustAssociationFailedException and WebTrustAssociationUserException. Action Debug the problem from the stack trace that is printed together with this error message. We can also turn on the debug trace to get more information about the nature of the exception. SECJ0129E: Authorization failed for user {0} while invoking {1} on {2}, {3}
Explanation The user does not have the necessary permission to access the resource. Action Contact your WebSphere security administrator if this is unexpected. Your user must be mapped to one the roles protecting the resource if access to the protected resource is required. SECJ0130E: Unable to get source path from request header 'via'
Explanation When using WebSealTrustAssociationInterceptor, the "via" HTTP header in the HTTP Request object is examined. This message appears when the value for this header is not valid or corrupted. Action Make sure that WebSeal, the HTTP Server or both are properly working. SECJ0131E: Authentication failed. Unable to get the mapped credential for SecOwnCredentials.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0132I: Java 2 Security is enabled
Explanation Java 2 Security Manager is installed. Action None, informational only. SECJ0133E: Illegal {0} : {1}
Explanation An illegal Permission was attempted. Only the main thread can set the security manager. Action Verify that the code that is trying to set the security manager is not trying to subvert the WebSphere security manager. SECJ0134E: The current Java 2 Security policy does not permit the requested action.{0}Java 2 Security Permission: {1}, denied with exception message: {2}.{3}Violating code: {4}
Explanation The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. Action Verify that the attempted operation is permitted. SECJ0135W: Illegal System.exit() attempted
Explanation Only the main thread is allowed to exit the Java VM Action Verify that the code attempting the system exit is not trying to subvert the WebSphere security manager. SECJ0136I: Custom Registry:{0} has been initialized
Explanation Reports the Custom User Registry implementation that is being used. Action None, informational only. SECJ0137E: Could not get EnterpriseAppHome
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0138E: Failed to install the admin Application -
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0139E: Error to get initial naming context
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0140E: Failed to initialize Default SSL Settings
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0141E: Error to initialize default SSL configuration
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0145E: An unexpected exception occurred when decoding password in initial_ssl.properties
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0146I: ${WAS_HOME}/properties/initial_ssl.properties was not found
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0147E: Cannot map the credential of the given credential token for certificate subject DN {0} into LDAP because of an LDAP filter mapping exception. The CertificateMapperException is {1}
Explanation The Certificate mapping filter specified by the user in the global security settings is missing or malformed. Action Review the certificate mapping filter configuration in the LDAP Advanced properties in the Security Center and verify it is present and correct. SECJ0148E: Cannot create a credential map given credential token certificate subject DN {0} with filter {1} into LDAP because multiple entries match the filter. This ambiguous condition is not supported.
Explanation More than one user entry in LDAP matched the certificate mapping filter specified in the global security settings. It is not possible to map a subjectDN in a certificate to more than one user in an LDAP user registry. The mapping filter results in an ambiguous condition that cannot be supported. Action Specify a certificate mapping filter in the LDAP Advanced properties in the Security Center. SECJ0149E: Cannot map the credential of the given credential token for certificate subject DN {0} with filter {1} into LDAP because a NamingException occurred when searching LDAP. The NamingException is {2}
Explanation A naming exception occurred when searching LDAP. Action More info at:
SECJ0150E: Cannot map the credential of the given credential token for certificate subject DN {0} with filter {1} into LDAP because no entry in LDAP matches the DN or filter
Explanation No entry in LDAP can be found with the subject DN in the certificate or found with the filter. Action This might be the expected result depending on the subject DN in the certificate and filter. If the response is unexpected, review the certificate mapping filter defined in the LDAP advanced properties in the Security Center. SECJ0151E: Cannot create a credential for the mapped credential token into LDAP with subjectDN {0} and mapped name {1} using filter {2}. The exception is {3}
Explanation The DN in the certificate was successfully mapped to an entry in LDAP but, an unexpected exception occurred when trying to create a credential for the mapped entry. Action More info at:
SECJ0152W: SecurityLevel was either missing or set to a wrong value (valid values are: high, medium, low); default to high.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0153E: Invalid LDAP user ID
Explanation Using user ID that is not valid or the user ID is not a directory entry. The directory administration ID (root DN) is not a directory entry on most LDAP servers. Action Verify that the user ID is a valid directory entry. SECJ0154E: SSO Configuration error. FormLogin is configured for web application {0} but SSO is not enabled in the global security settings. SSO must be enabled to use FormLogin.
Explanation When LTPA is the authentication mechanism SSO must also be enabled if any web applications use FORM login. Action Enable SSO in the global security settings and restart WebSphere SECJ0155E: Deployment descriptor configuration error. security-role-ref {0} in ejb-jar.xml is not mapped to any security role in bean {1}, module {2}, application {3}.
Explanation A security role reference in the specified EJB's ejb-jar.xml file has not been mapped to a security role. This is a configuration error. Action The security-role-ref in the EJB's ejb-jar.xml deployment descriptor should be mapped to a security role. SECJ0156E: Unable to initialize user registry class {0} for type {1} due to exception: {2}
Explanation The WebSphere security code couldn't find, load, or had problems loading the user registry class. Action The exception mentioned in the message should provide additional clues including the class or file that could not be found or loaded. Verify that the mentioned file exists in the correct directory and PATH. SECJ0157I: Loaded Vendor AuthorizationTable: {0}
Explanation The vendor specified Authorization Table is loaded successfully. Action More info at:
SECJ0158I: Problem loading class {0}, using default authorization table provided by WebSphere
Explanation The Vendor specified Authorization Table could not be loaded successfully. The WebSphere provided authorization table will be used. Action Make sure that the vendor's implementation of Authorization Table is in the CLASSPATH and that it could be loaded. SECJ0159E: Cannot find class {0}
Explanation The Vendor specified Authorization Table class could not be found in the CLASSPATH. Action Make sure that the vendor's implementation of Authorization Table as specified in the sas.server.props file is in the CLASSPATH. SECJ0160E: Can not instantiate class {0}
Explanation The vendor specified Authorization Table class could not be instantiated. Action Make sure that the vendor's implementation of Authorization Table as specified in the sas.server.props file could be loaded and instantiated. SECJ0161E: Error returned from Vendor AuthorizationTable. The exception is {0}
Explanation The vendor specified Authorization Table failed during authorization check. Action Refer to the vendor's specific exception for details. If vendor's specific exception is not present, contact your service representative with the exception stack trace information present in the error log. SECJ0162E: Vendor''s specific exception. The exception is {0} .
Explanation This indicates the vendor's specific error. Example:- Server not started, Network failure, Server failed. Action Depends on the error. SECJ0163E: Generic Error from Vendor AuthorizationTable
Explanation Unknown error from Vendor's authorization table Action Contact your service representative with exception stack trace information present in the error log. SECJ0164E: Error number {0} while calling the operating system API {1}
Explanation An error was returned by the operating system API Action Depending on the API being called, check the operating system specific documentation SECJ0165W: Expand exception occurred. Skip the permission entry in app.policy file. The exception is {0}.
Explanation An expand exception occurred while expanding the permission in the application policy file. Action Check the permission entry syntax in the application policy file (app.policy or was.policy). To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. The trace.log file will contain the policy name.
SECJ0166W: Expand exception occurred. Skip the grant entry in app.policy file. The exception is {0}.
Explanation An expand exception occurred while expanding the grant entry in the pplication policy file. Action Check the grant entry syntax in the application policy file (app.policy or was.policy). To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. The trace.log file will contain the policy name.
SECJ0167W: Expand exception occurred. Skip the permission entry in filter.policy file. The exception is {0}.
Explanation While expanding the permission entry in filter.policy file, caught an expand exception Action Check the permission entry syntax in filter.policy file. SECJ0168W: Keystore {0} of type {1} is being ignored
Explanation Keystore of the above type is not supported. Action Use the supported type of keystores. SECJ0169W: Expand exception occurred. Skip the permission entry. The exception is {0}
Explanation While expanding the permission, caught an expand exception Action Check the permission entry syntax in your policy file. To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. The trace.log file will show the policy file name.
SECJ0170W: Expand exception occurred. Skip the grant entry. The exception is {0}.
Explanation While expanding the grant entry, caught an expand exception Action Check the grant entry syntax in your policy file. To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. The trace.log file will show the policy file name.
SECJ0171W: Expand exception occurred. Skip the signedby key entry. The exception is {0}.
Explanation An expand exception occurred while expanding the signedby entry. Action Check the signedby entry syntax in your policy file. To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. The trace.log file will show the policy file name.
SECJ0172E: Error {0} in encoding the FilePath
Explanation While encoding the FilePath, there was an error. Action Check the specified syntax. To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. trace.log will show the policy file name. SECJ0173W: Grant entry with codebase {0} and signedby {1} is being ignored
Explanation In the system extension policy files, the grant entries should not specify codebase and signedby values Action Remove the codebase and signedby values from the grant entry in the system extension policy file. (spi.policy or library.policy) SECJ0174W: Permission entry {0} is being ignored
Explanation In the system extension policy files, the permission entries with signatures are not supported in the current version. Action Remove the signature values from the permission entry in the system extension policy file. (spi.policy or library.policy) SECJ0175E: An exception was caught while retrieving data from the hashmap for the keyword {1}. The exception is {0}.
Explanation The data stored for the keyword "type" in the hashmap is incorrect Action This is an internal error. However, it could be caused by an incorrect xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0176E: An exception was caught while getting the policy template of type {1}. The exception is {0}.
Explanation Could not retrieve the policy template of the above type. Action This is an internal error. However, it could be caused by an incorrect xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0177W: An exception was caught while converting class path {1} to URL. The exception is {0}.
Explanation Could not convert the above class path to a URL Action Check the class path. Usually, this path was picked up from xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0178E: An exception was caught while retrieving the data from the hashmap for the keyword {1}. The exception is {0}.
Explanation Could not retrieve the resource adaptor policy file from the hashmap passed to setupPolicy(). Action Check the data stored in the hashmap for the resource adaptor keyword. It could be caused by incorrect xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0179E: An exception was caught while trying to get the Resource adaptor''s absolute file path. The exception is {0}.
Explanation Could not get the absolute filepath of the resource adaptor policy file. Action Check the filepath specified in resource.xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0180E: An exception was caught while trying to get the data from the hashmap using the keyword {1}. The exception is {0}.
Explanation Could not retrieve the deployed application policy file from the hashmap passed to setupPolicy(). Action This is an internal error. However, it could be caused by incorrect data in xml file. Check the type of the policy file and the hashmap being passed to setupPolicy(). Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0181W: An exception was caught while trying to get the resource adaptor module {1} absolute filepath. The exception is {0}.
Explanation Could not get the resource adaptor module's absolute filepath. Action It could be caused by incorrect data in resources.xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0182W: An exception was caught while trying to get the Canonical path for the file {1}. The exception is {0}.
Explanation Could not get the Canonical path for the specified file Action Check the specified file name passed to security. It could be caused by incorrect data in xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0183W: An exception was caught while trying to convert the filepath {1} to URL. The exception is {0}.
Explanation Could not convert the specified filepath to URL. Action Check the specified filepath. It could be caused by incorrect data in xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0184W: An exception was caught while trying to get the absolute path for the resource adaptor {1} in removePolicy(). The exception is {0}.
Explanation Could not get the absolute path for the resource adaptor in removePolicy(). Action Check the specified path. It could be caused by incorrect data in xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0185W: An exception was caught while trying to get the absolute path for the module {1} in removePolicy(). The exception is {0}
Explanation Could not get the absolute path for the module in removePolicy(). Action Check the specified path. It could be caused by incorrect data in xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information. SECJ0186E: Caught IOException while creating template for System Extension Policy of type {1} The exception is {0}
Explanation IOException occurred when creating the system extension template in the hashmap of all the templates. Action Check the IOException to see the cause for not being able to create the system extension template in the hashmap. SECJ0187E: Caught ParserException while creating template for System Extension Policy of type {1} The exception is.{0}
Explanation ParserException occurred when creating the system extension template in the hashmap of all the templates. Action Check the ParserException data. Check the specified policy file. SECJ0188E: Caught IOException while creating template for Application Policy {0}. The exception is {1}.
Explanation IOException occurred when creating the application policy template in the hashmap of all the templates. Action Check the specified policy file. SECJ0189E: Caught ParserException while creating template for Application Policy {0}. The exception is {1}.
Explanation ParserException occurred when creating the application policy template in the hashmap of all the templates. Action Check the ParserException data. Check the specified policy file. SECJ0190E: Caught IOException while creating template for was.policy {0}. The exception is {1}.
Explanation IOException occurred when putting the was.policy template in the hashmap of all the templates. Action Check the specified was.policy file. SECJ0191E: Caught ParserException while creating template for was.policy {0} . The exception is {1}.
Explanation ParserException occurred when putting the was.policy template in the hashmap of all the templates. Action Check the ParserException data. Check the specified was.policy file. SECJ0192E: Caught IOException while creating template for resource adaptor(read from WCCM) {1}. The exception is {0}.
Explanation IOException occurred when creating the resource adaptor template in the hashmap of all the templates. Action Check the specified ra.xml file's permission specification. SECJ0193E: Caught ParserException while creating template for resource adaptor(read from ra.xml) {0}. The line is [{1}]. The exception is {2}.
Explanation ParserException occurred when putting the resource adaptor template in the hashmap of all the templates. Action Check the ParserException data. Check the ra.xml's permission specification. SECJ0194E: Caught IOException while adding permission to the set of filtered permissions. The exception is {0}.
Explanation IOException occurred when adding permission to the set of filtered permissions. Action Check the filter.policy file. SECJ0195E: Caught ParserException while adding permission to the set of filtered permissions. The exception is {0}.
Explanation ParserException occurred when adding permission to the set of filtered permissions. Action Check the ParserException data. SECJ0196W: Custom permission {0} is being used in an application policy file {1}
Explanation Custom permission is being used in an application policy file. Action Make sure that it is all right to use a custom permission in an application policy file. SECJ0197E: Caught Invocation TargetException while constructing the permission object. This exception might be due to syntax error in the policy file. The exception is {0}.
Explanation Invocation TargetException occurred while constructing the permission object. Action Check the exception. SECJ0198E: An exception was caught while constructing the permission object. The exception is {0}.
Explanation An Exception occurred while constructing the permission object. Action Check the exception. SECJ0199E: Caught an IOException while adding the grant entry to the policy template of the resource adaptor {1} . The exception is {0}.
Explanation An IOException occurred while adding the grant entry to the policy template of the resource adaptor. Action Check the specified ra.xml file. SECJ0200E: Caught a ParserException while adding the grant entry {1} to the policy template of the resource adaptor {0}. The exception is {2}.
Explanation A ParserException occurred while adding the grant entry to the policy template of the resource adaptor. Action Check the syntax of permission specification in the specified ra.xml SECJ0201I: Error number {0} while calling the operating system API {1}
Explanation The above error number was returned by the above API. Action Depending on the API being called, check the operating system documentation for the API. SECJ0202I: Admin application initialized successfully
Explanation The Admin application initialized successfully Action None. Informational only. SECJ0203I: Naming application initialized successfully
Explanation The Naming application initialized successfully Action None. Informational only. SECJ0204I: Rolebased authorizer initialized successfully
Explanation The Rolebased authorizer initialized successfully Action None. Informational only. SECJ0205I: Security Admin mBean registered successfully
Explanation The Security Admin mBean registered successfully Action None. Informational only. SECJ0206E: Error creating or registering {0} mBean. The exception is {1}
Explanation An unexpected exception occurred when trying to create or register an mBean. Action There might be a problem with the configuration. The exception might include details. SECJ0207E: Failed to load {0} resource from cell. The exception is {1}
Explanation The specified resource could not be loaded due to an exception. Action The failure might be related to a configuration problem related to the resource. SECJ0208E: An unexpected exception occurred when attempting to authenticate the server''s id during security initialization. The exception is {0}.
Explanation The userId and password specified for the server's identity when configuring global security could not be used to authenticate the server. Action Verify that the userId and password are valid and meet the requirements for the user registry or authentication mechanism. SECJ0209E: An unexpected exception occurred when attempting to update the JAAS login configuration with WCCM JAAS configuration information. The exception is {0}
Explanation The WCCM JAAS login configuration information could not be pushed to the JAAS configuration object. Action More info at:
SECJ0210I: Security enabled {0}
Explanation Reports current security enabled or disabled status. Action None. Informational only SECJ0211E: Failed to lookup or rebind security server with name {0}. The exception is {1}.
Explanation An unexpected error occurred. It could be that the Cell Manager or Node Agent are not started. Action If a remote security server was specified when enabling global security, verify that the Node Agent and Cell Manager are running. SECJ0212I: WCCM JAAS configuration information successfully pushed to login provider class.
Explanation The WCCM JAAS login configuration information was pushed to the JAAS configuration object. Action None. Informational only. SECJ0213E: Unexpected JAAS login provider class {0} is currently configured. The expected configured class is {1}. When WebSphere security is enabled, this class is required.
Explanation WebSphere provides an implementation of javax.security.auth.login.Configuration and dynamically installs this class at server startup. Either some application code has installed a different login provider class or a problem occurred when WebSphere tried to dynamically install the class. Action Check for other server startup warning or error messages. SECJ0214W: Unexpected JAAS login provider class {0} is currently configured. The expected configured class is {1}. When WebSphere security is enabled, this class is required.
Explanation WebSphere provides an implementation of javax.security.auth.login.Configuration and dynamically installs this class at server startup. Either some application code has installed a different login provider class or a problem occurred when WebSphere tried to dynamically install the class. Action Check for other server startup warning or error messages. SECJ0215I: Successfully set JAAS login provider configuration class to {0}.
Explanation WebSphere provides an implementation of the javax.security.auth.login.Configuration class. This class was successfully set at server startup. Action None. Informational only. SECJ0216E: An exception occurred when setting JAAS login provider configuration class to {0}. The exception is {1}.
Explanation WebSphere provides an implementation of the javax.security.auth.login.Configuration class. This class could not be set at server startup. Action Configuration.class might not be present. This is an internal error. SECJ0217W: Detected a duplicate JAAS LoginModule alias name {0} when processing JAAS configuration information.
Explanation A duplicate JAAS LoginModule alias name exist either in a JAAS login URL or in the security.xml file. The duplicate will be replaced with the last one processed. Action Verify no duplicate JAAS LoginModule aliases exist in the login URLs or in the security.xml file. SECJ0218E: An exception was caught retrieving RoleBasedAuthorizer. The exception is {0}.
Explanation The Rolebased authorizer could not be retrieved due to an exception. Action More info at:
SECJ0219E: Unable to obtain or use a role-based authorizer because application {0} has not been loaded.
Explanation The application must be loaded for the role base authorizer can be used to enforce authorization. Action More info at:
SECJ0220W: The role based authorizer for module {0} has already been loaded.
Explanation The role based authorizer will load only once per module. Action None, informational only. SECJ0221E: An unexpected exception occurred in findMatchingMethod for method {0} and bean {1}, the exception is {2}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0222E: An unexpected exception occurred when trying to create a LoginContext. The LoginModule alias is {0} and the exception is {1}.
Explanation A JAAS LoginContext could not be created due to the unexpected exception. Action The problem could be due to a configuration error. SECJ0223E: User {0} authenticated successfully but unable to send redirect to the original request page. The {1} cookie is not present.
Explanation The HTTP cookie that contains the originally requested page was not found. Action More info at:
SECJ0224E: An unexpected exception occurred when trying to configure the security related web attributes for web applications {0}. The exception is {1}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0225W: PD Authentication disabled.
Explanation PD Authentication disabled. Action None, informational only. SECJ0226E: The LocalOS server ID ({0}) should not be the same value as the LocalOS realm ({1}) in the security.xml.
Explanation When the LocalOS server ID is equal to the LocalOS realm, the access ID returned by the operating system is the machine ID not the server ID. Action Make sure that the server ID is different from the machine ID. SECJ0227E: An exception occurred when creating class of type {0}. The exception is {1}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0228E: Object of type {0} is null.
Explanation Object created by reflection is null. Action More info at:
SECJ0229E: Method {0} of object of {1} type is null.
Explanation Method returned by reflection is null. Action More info at:
SECJ0230E: Invoking reflection method {0} of object type {1} throws exception {2}.
Explanation Reflection method invocation failed. Action More info at:
SECJ0231I: The Security component''s FFDC Diagnostic Module {0} registered successfully: {1}.
Explanation Describes whether the Security component's FFDC Diagnostic module was successfully registered. Action None. Informational only. SECJ0232E: An unexpected exception occurred when trying to get the User Registry from the Security Server. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0233E: An unexpected exception occurred when trying to get users from the User Registry with pattern {0} and limit {1}. The exception is {2}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0234E: An unexpected exception occurred when trying to get groups from the User Registry with pattern {0} and limit {1}. The exception is {2}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0235E: An unexpected exception occurred when trying to export the LTPA Keys from the security mbean. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0236E: An unexpected exception occurred when trying to import the LTPA Keys from the security mbean with properties {0}. The exception is {1}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0237E: One or more vital LTPAServerObject configuration attributes are null or not available. The attributes and values are password : {0}, expiration time {1}, private key {2}, public key {3}, and shared key {4}.
Explanation LTPA is the configurated authentication mechanism but it has not yet been properly configured. Keys or other LTPA configuration attributes are missing. Action Disable WebSphere security, restart the application server and properly configure LTPA authentication. SECJ0238E: An unexpected exception occurred when trying to create the initial LTPAServerObject. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0239I: Security service initialization started
Explanation Security service initialization started. Action None. Informational only SECJ0240I: Security service initialization completed successfully
Explanation Security service initialization started. Action None. Informational only SECJ0241I: Security service initialization completed successfully
Explanation Security service initialization started. Action None. Informational only SECJ0242I: Security service is starting
Explanation Security service started. Action None. Informational only SECJ0243I: Security service started successfully
Explanation Security service started. Action None. Informational only SECJ0244I: Security service failed to start successfully
Explanation Security service started. Action None. Informational only SECJ0245E: An unexpected exception occurred when the SecurityServerFactory tried to create the SecurityServer. The exception is {0}.
Explanation An error occurred that prevented the SecurityServer from being created. Action The log should contain additional errors that might indicate the cause of the problem. SECJ0246E: Caught unexpected exception in retrieving ORB SSL settings {0}
Explanation An unexpected exception occurred retrieving the ORB SSL settings. Action Verify that the property file, usually sas.server.props contents. Contact your service representative if the problem persists. SECJ0247I: ORB SSL Key File or Passwords settings were missing in server-cfg.xml
Explanation ORB SSL Key File or Passwords settings were missing in server-cfg.xml Action Verify that the server-cfg.xml file. SECJ0248I: Caught unexpected exception in retrieving ORB SSL initialization. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0249E: Failed to cleanup. The exception is {0}.
Explanation An unexpected exception occurred during the cleanup of the specified repository. Action More info at:
SECJ0250E: Error creating security server. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0251E: Error getting Initial Naming Context. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0252E: Error getting remote security server. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0253E: Generic Exception while getting remote security server. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0254E: Error getting Initial Naming Context. The exception is {0}.
Explanation javax.naming.NamingException occurred when getting Initial Naming Context. Action More info at:
SECJ0255E: Error creating security server/ The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0256E: Error binding SecurityServer to naming. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0257E: Failed to find security server in name space. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0258E: Cannot find user registry. The exception is {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0259E: IOException from CallbackHandler. The exception is {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0260E: Unsupported {0} callback in CallbackHandler. The exception is {1}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0261E: Something wrong during LoginModule commit. The exception is {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0262E: Exception occurred when removing {0} during cleanup. The exception is {1}
Explanation Unexpected exception occurred when removing the specified principal during cleanup. Action More info at:
SECJ0263E: Exception occurred when removing WSCredential during cleanup. The exception is {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0264E: fillAccessids: Error getting user registry. The exception is {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0265E: removeAccessIds: Error getting user registry. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0266E: Failed to create a new web attribute.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0267E: Failed to get RoleBasedConfigurator. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0268E: Problem loading class {0}, using default authorization table provided by WebSphere
Explanation The Vendor specified Authorization Table could not be loaded successfully. Therefore, using WebSphere provided authorization table. Action Check to make sure that the Vendor's implementation of Authorization Table is in the CLASSPATH and could be loaded. SECJ0269E: Failed to get actual credentials. The exception is {0}.
Explanation java.lang.reflect.InvocationTargetException occurred when trying to run getActualCredential() method. Action More info at:
SECJ0270E: Failed to get actual credentials. The exception is {0}.
Explanation Unexpected exception occurred when trying to run getActualCredential() method. Action More info at:
SECJ0271E: Error restoring original credentials.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0272E: Error setting to system credentials.
Explanation An unexpected exception occurred while restoring the original credentials. Action More info at:
SECJ0273E: Failed to load SecurityServer.xml. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0274E: Error getting Initial Naming Context. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0275E: Error trying to find user registry. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0276E: BasicAuthData credential is already destroyed. The exception is {0}.
Explanation CredentialDestroyedException occurred while trying to get BasicAuthData. The credential was already destroyed. Action More info at:
SECJ0277E: BasicAuthData credential is already expired. The exception is {0}.
Explanation javax.security.auth.login.CredentialExpiredException occurred while trying to get BasicAuthData. Action refresh the credential. SECJ0278E: TokenData credential is already destroyed. The exception is {0}.
Explanation CredentialDestroyedException occurred while trying to get credential token. The credential was already destroyed. Action More info at:
SECJ0279E: TokenData credential is already expired. The exception is {0}.
Explanation javax.security.auth.login.CredentialExpiredException occurred while trying to get token. Action refresh the credential. SECJ0280E: Error getting realm from registry. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0281E: Error creating user registry object. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0282E: Error getting initial context. The exception is {0}.
Explanation javax.naming.NamingException occurred while getting the initial naming context. Action More info at:
SECJ0283E: Error binding User Registry. The exception is {0}.
Explanation javax.naming.NamingException occurred while rebinding the user registry. Action More info at:
SECJ0284E: Error trying to find User Registry. The exception is {0}.
Explanation javax.naming.NamingException occurred while finding the user registry. Action More info at:
SECJ0285E: Failed to retrieve RoleBasedAuthorizer. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0286W: Error during security initialization.
Explanation Unexpected exception occurred when initializing security server component. Action None. This is warning. SECJ0287E: Failed to call setupPolicy for {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0288E: Error during security initialization.
Explanation An unexpected exception occurred when updating the authorization table. Action More info at:
SECJ0289E: Failed to call removePolicy for {0}.
Explanation A unexpected exception occurred when trying to call the removePolicy() method for the specified type. Action More info at:
SECJ0290W: All subjects assigned to Special role DenyAllRole for application {0} are removed.
Explanation All subjects assigned to Special role DenyAllRole for the specified application are removed. Action None. This is a warning. SECJ0291E: Failed to retrieve the information of Resource Adapter for provider ( {0} ) to call setupPolicy().
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0292E: Failed to retrieve the information of Resource Adapter of {0} to call setupPolicy().
Explanation An unexpected exception occurred when trying to retrieve the information of the Resource Adapter to call the setupPolicy() method. Action More info at:
SECJ0293E: No registry.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0294E: Error setting properties to file ({0}). The exception is {1}.
Explanation An IOException occurred when setting properties to the specified file. Action Verify that the property file exists, that it has read permission and is writable. SECJ0295E: Error getting properties to file ({0}). The exception is {1}.
Explanation An IOException occurred when getting properties from the specified file. Action Verify that the property file exists, and that it has read permission. SECJ0296E: Error checking password for user :{0}. The exception is {1}.
Explanation com.ibm.websphere.security.PasswordCheckFailedException occurred when checking the password for specified user. Action Verify that the password for the specified user. SECJ0297E: Error checking password for user :{0}. The exception is {1}.
Explanation com.ibm.websphere.security.CustomRegitryException exception occurred when checking the password for specified user. Action Verify that the password for the specified user. SECJ0298E: Error checking password for user :{0}. The exception is {1}.
Explanation Unknown exception occurred when checking the password for specified user. Action Verify that the password for the specified user. SECJ0299E: An exception was caught while decoding the file path: {0}. The exception is {1}.
Explanation Failed to decode the specified file. The details is shown in the exception. Action Verify that the policy files, xml files(resource.xml) to confirm the class path specified in them are correct. SECJ0300W: The file or directory ( {0} ) does not exist.
Explanation The specified file or directory does not exist. Action Verify that the policy files, xml files(resource.xml) to confirm the class path specified in them are correct. SECJ0301W: Failed to convert a file path {0} to CodeSource. The exception is {1}
Explanation MalformedURLException occurred when trying to convert the specified path to URL. Action Verify that the policy files, xml files(resource.xml) to confirm the class path specified in them are correct. SECJ0302W: No alias name for {0}.
Explanation This configuration does not have any alias name. Action No action is required. This is a warning message. SECJ0303E: Error getting registry''s realm. The exception is {0}
Explanation Exception occurred when getting registry's realm. Action More info at:
SECJ0304E: Cannot get user registry. The exception is {0}.
Explanation Unexpected exception occurred when getting user registry. Action More info at:
SECJ0305I: The role-based authorization check failed for {0} operation {1}:{2}. The user {3} (unique ID: {4}) was not granted any of the following required roles: {5}.
Explanation The caller does not have the necessary permission, this problem can occur because no credential is found on the thread, the caller is not authenticated, or the accessId might be null. Action If the failure is unexpected, verify that the caller has been granted the required role. SECJ0306E: No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: access check method {0} on resource {1} and module {2}. The stack trace is {3}.
Explanation No invocation or received credentials were established on this thread. This might cause the role based authorization check to fail. Action The stack trace is obtained by a local throw catch block that might be useful for debugging the problem. SECJ0307E: Unexpected exception is caught when trying to determine the code base location. Exception: {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0308I: Java2 security is installed.
Explanation JAVA2 security is enabled. Action None, informational only. SECJ0309I: Java 2 Security is disabled.
Explanation Java 2 Security Manager is NOT installed. Action None, informational only. SECJ0310E: Caught a ParserException while adding the grant entry to the policy template {1}. The exception is {0}
Explanation A ParserException occurred while adding the grant entry to the policy template. Action Check the ParserException data. Check the specified policy file. SECJ0311W: An exception was caught while trying to get the module {1} absolute filepath. The exception is {0}.
Explanation Could not get the module's absolute filepath. Action Check the filepath given to load the module. SECJ0312W: {$Application} phrase should not include ${was.module.path} keyword.
Explanation Syntax error in the policy file. ${Application} phrase should not include ${was.module.path} keyword. This entry is ignored. Action Check the application policy file. SECJ0313I: Java 2 Security Manager debug message flags are initialized: TrDebug: {0}, Access: {1}, Stack: {2}, Failure: {3}, Rethrow {4}
Explanation This message provides the current value of the java.security.debug property which is used to enable various debug information related to Java 2 Security. Action None, this is informational only. SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Refer to the InfoCenter for further information.{0}Permission:{1}Code:{2}{3}Stack Trace:{4}Code Base Location:{5}
Explanation The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. A caller on the call stack does not have the required permission. This might not be a problem if the caller properly handles this exception. Action Verify that the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions might be required, a doPrivileged API might be needed in some code on the call stack, or the Security Manager properly prevented access to a resource the caller does not have permission to access. SECJ0315W: The permission {0} specified in the application policy file:{1} does not exist.
Explanation The permission class specified in the application policy file(was.policy or app.policy) does not exist. Action Fix the specified application policy file. SECJ0316W: The permission {0} specified in the filter.policy file(filter.policy) does not exist.
Explanation The permission class specified in the filter.policy file does not exist. Action Fix the filter.policy file. SECJ0317W: The permission {0} specified in the application policy file({1}) is a part of the permission {2} specified in filter.policy.
Explanation The permission class specified in the application policy is not be removed. However, it is a part of the permission specified in filter.policy. Action If the permission should be filtered out, divide the permission specified in the application policy. SECJ0318I: The permission {0} specified in the application policy file({1}) were filtered out.
Explanation The permission specified in the application policy was removed because filer.policy has the same entry. Action none. Informational message. SECJ0319I: java.security.AllPermission was found in the application policy file {0}.
Explanation java.securityAllPermission was found in the application. Action none. Informational message. SECJ0320E: Error parsing {0}: {1}
Explanation There is a syntax error in the policy file. Action Use ${java.home}/jre/bin/policytool to verify the syntax or edit the policy file and correct the syntax error. SECJ0321E: Role based authorization is caller in role failed for security name {0}, accessId {1}, and role name {2}.
Explanation The caller does not have the necessary permission, there was no credential on the thread, the caller is not authenticated, or the accessId could be null. Action If the failure is unexpected, verify the caller has been granted the required role. SECJ0322W: Missing attribute in Security Configuration.
Explanation Required attribute CertificateFilter is missing. Certificate Filter is required when CertificateMapMode is CERTIFICATE_FILTER. Action Set CertificateFilter in the advanced LDAP settings. SECJ0323E: Invalid LDAP user/group ID
Explanation Using invalid user/group ID or the user/group ID is not a directory entry. The directory administration ID (root DN) is not a directory entry on most LDAP servers. Action Verify that the user/group ID is a valid directory entry. SECJ0324E: Error during Java 2 Security and Dynamic Policy initialization. The exception is {0}.
Explanation An unexpected error occurred during Java 2 Security and Dynamic Policy initialization. Action This is a general error. Look for previous messages that might be related to the failure or a configuration problem. Enabling security debug trace for security component com.ibm.ws.security.* might yield additional information. SECJ0325W: The permission {0} specified in the policy file {1} is unresolved.
Explanation The permission class specified in the policy file was not loaded. Action Confirm that the specified permission in then policy file is correct. If permission class is incorrect, this warning is issued. SECJ0326E: No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: role name {0}. The stack trace is {1}.
Explanation No invocation or received credentials were established on this thread. This might cause the role based authorization check to fail. Action The stack trace is obtained by a local throw catch block that might be useful for debugging the problem. SECJ0327E: Problem loading the registry properties file. The exception is {0}.
Explanation Unexpected exception occurred when loading registry properties file. Action More info at:
SECJ0328E: Registry implementation file is missing.
Explanation Cannot locate the registry implementation file. Action If you are using a Custom Registry make sure that your provide the registry implementation file in the GUI or in the scripting (whichever is being used). If you are using WAS supplied registries contact your service representative if the problem persists. SECJ0329E: The registry implementation file {0} is not a instance of the supported user registries.
Explanation This can happen when using custom registries and if they are not instances of UserRegistry or CustomRegistry. Action Make sure you implement the UserRegistry interface for your custom registry. SECJ0330E: The registry implementation file {0} cannot be loaded because of the following exception {1}
Explanation This can happen when the specified custom registry cannot be loaded. Action The custom registry implementation file should be in the class path as mentioned in the custom user registry section in the information center documentation. If this happens for WAS provided registries contact your service representative if the problem persists. SECJ0331E: The registry implementation file {0} cannot be initialized because of the following exception {1}
Explanation The specified custom registry implementation cannot be initialized. Action Make sure all of the properties required for the custom registry initialization are passed through the GUI or scripting (whichever is being used). If this happens for WAS provided registries, contact your service representative if the problem persists. SECJ0332E: The checkPassword method failed for user {0}.
Explanation The checkPassword method failed to return a user. Action If you are using WAS provided registries, this problem should have been preceeded by other authentication related exception(s). Refere to those exceptions to fix the actual authentication problem. If a custom registry is used, make sure to return a valid userId after authentication is successful. SECJ0333E: The mapCertificate method failed.
Explanation The mapCertificate method failed to return a user from the certificate chain. Action Make sure that the certificate should contain a valid user in the registry. This problem should have preceeded with other exception(s). Looking into them would help in narrowing down the problem. In addition if a custom registry is being used make sure you return a valid userId after successfully mapping the certificate. SECJ0334E: Cannot create credential for null user.
Explanation Internal Error. The user name provided to create the credential is null. Action More info at:
SECJ0335E: Authentication failed for user {0}.
Explanation The registry failed to return a user after authentication. Action This would happen if the authentication was not successful and the custom registry did not throw exceptions to indicate this. Make sure you are entering a current userID and password for authentication. This problem might have preceeded by other problems. Looking at those problems might narrow the problem down. SECJ0336E: Authentication failed for user {0} because of the following exception {1}
Explanation Authentication failed with the specified reason. Action Verify that the user id and password are entered correctly. Consult with the administrator of the user registry if the problem persist. SECJ0337E: The mapCertificate method is not supported.
Explanation Internal Error. Action Information purposes only. SECJ0338E: The following error occurs when getting the display name of the group {0}, {1}.
Explanation Error getting display name of a group. Action Make sure that the group is valid and has a display name. SECJ0339E: Could not get the display name of the group {0}.
Explanation Problem getting display name of a group. Action Make sure that the group is valid and has a display name. SECJ0340E: Could not get the uniqueId for the group {0}.
Explanation Problem getting uniqueId of a group. Action Make sure that the group is valid in the registry and if it is a custom registry make sure it also has an uniqueId. SECJ0341E: Could not get the uniqueId for the group {0} because of the following exception {1}.
Explanation Problem getting uniqueId of a group. Action Make sure that the group is valid in the registry and if it is a custom registry make sure it also has an uniqueId. SECJ0342E: Could not get the groups matching the pattern {0} because of the following exception {1}.
Explanation Internal Error. Action Make sure that the groups matching the pattern exist in the registry. Contact your service representative if the problem persists. SECJ0343E: Could not get the groups that the user {0} belongs to.
Explanation Internal Error. Action Make sure that the user is valid. Contact your service representative if the problem persists. SECJ0344E: Could not get the groups that the user {0} belongs to because of the following exception {1}.
Explanation Internal Error. Action Make sure that the user is valid. Contact your service representative if the problem persists. SECJ0345E: Could not get the users in the group {0} because of the following exception {1}.
Explanation Internal Error. Action Make sure that the group is valid. Contact your service representative if the problem persists. SECJ0346E: Could not get the name of the group whose uniqueId is {0} because of the following exception {1}.
Explanation Internal Error. Action Make sure that the group is valid. Contact your service representative if the problem persists. SECJ0347E: Could not get the name of the group whose uniqueId is {0}.
Explanation Internal Error. Action Make sure that the group is valid. Contact your service representative if the problem persists. SECJ0348E: Could not get the display name of the user {0}.
Explanation Internal Error. Action Make sure that the user is valid and has a display name. Contact your service representative if the problem persists. SECJ0349E: Could not get the display name of the user {0} because of the following exception {1}.
Explanation Internal Error. Action Make sure that the user is valid and has a display name. Contact your service representative if the problem persists. SECJ0350E: Could not get the uniqueId of the user {0}.
Explanation Internal Error. Action Make sure that the user is valid. Contact your service representative if the problem persists. SECJ0351E: Could not get the uniqueId of the user {0} due to the following exception {1}.
Explanation Internal Error. Action Make sure that the user is valid. Contact your service representative if the problem persists. SECJ0352E: Could not get the users matching the pattern {0} because of the following exception {1}.
Explanation Internal Error. Action Make sure that the users matching the pattern exist in the registry. Contact your service representative if the problem persists. SECJ0353E: Could not get the name of the user whose uniqueId is {0}.
Explanation Internal Error. Action Make sure that the user is valid. Contact your service representative if the problem persists. SECJ0354E: Could not get the name of the user whose uniqueId is {0} because of the following exception {1}.
Explanation Internal Error. Action Make sure that the user is valid. Contact your service representative if the problem persists. SECJ0355E: Validating the group {0} throws the following exception {1}.
Explanation Internal Error. Action Make sure that the group is valid. Contact your service representative if the problem persists. SECJ0356E: Could not get the realm for the registry in windows.
Explanation Not able to get the host name of the Windows machine or the domain controller. Action Make sure that the user who is running WAS has administrative and "act as part of operating system" privileges on the Windows machine and is also an administrator in the domain machine. Contact your service representative if the problem persists. SECJ0357E: The registry initialization failed with the following exception {0}.
Explanation Registry cannot be initialized. Internal Error. Action Make sure that the user who is running WAS has administrative and "act as part of operating system" privileges in the Windows machine and is also an administrator in the domain machine. Contact your service representative if the problem persists. SECJ0358E: Validating the user {0} throws the following exception {1}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0359E: Could not get the uniqueId for {0} because of the following exception {1}.
Explanation An exception occurred when getting the uniqueId of a user or group. Action Make sure that the user or group is valid in the registry. If the active user registry is a custom registry, make sure a uniqueIds exist for the user or group. SECJ0360E: Authentication failed for {0} because multiple users matched the user.
Explanation Authentication failed because multiple users were found in the registry with the same name. Action When using LDAP, make sure that the user shortname is unique. For example, if "uid" is used as the shortname, make sure that the uid is unique in the registry. SECJ0361E: Authentication failed for {0} because user is not found in the registry.
Explanation Authentication failed because the user does not exist. Action Make sure that the user is valid in the registry. Also, when using LDAP, make sure that the user is searchable. The admin id in some LDAP servers might not be searchable. SECJ0362E: Cannot create credential for the user {0}.
Explanation A user cannot be found to create the credential. Action Make sure that the user is valid in the registry. Contact your service representative if the problem persists. SECJ0363E: Cannot create credential for the user {0} because of the following exception {1}.
Explanation Cannot create credential. Action Make sure that the user is valid in the registry. If this error is preceeded by other exceptions, check those also. Contact your service representative if the problem persists. SECJ0364E: Cannot initialize ltpa object because of the following exception {0}.
Explanation The LTPA server object cannot be initialized. Action In most cases, this error occurs because the LTPA keys cannot be decrypted using the LTPA password. The password used to encrypt the keys is not the same password that is saved in the repository. The server might not come up when this problem occurs. If this happens, disable security, start the server, and then enter a new password for LTPA. Save the password, generate the keys, and then save again. Finally, turn on security and then stop and restart the server. Contact your service representative if the problem persists. SECJ0365E: Cannot create security object during initialization.
Explanation The security object cannot be created from the repository. This is an internal error. Action The security.xml might be corrupted or missing. Contact your service representative. SECJ0366E: Cannot obtain the WAS process type during initialization.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0367W: Warning, LTPA is configured as the authentication mechanism but SSO is disabled. Web applications that use FormBased Login, including the WebSphere web based admin console, might not work correctly.
Explanation SSO is required for FormBased logon to work in Web applications when LTPA is the authentication mechanism. Action If this is the intended configuration then ignore this warning. If this is not the intended configuration, then the enabled attribute of Single Sign-on element in the security.xml must be set to the true value. SECJ0368E: No such LTPA Algorithm. The exception is {0}.
Explanation This is an internal error. A NoSuchAlgorithmException occurred when the LTPAServer tried to sign the token. Action More info at:
SECJ0369E: Authentication failed when using LTPA. The exception is {0}.
Explanation Authentication has failed when using LTPA. Action There could be multiple reasons why this might have occurred. Most of the time this should have preceeded with other exceptions that will indicate what the exact problem is. This might occur if the userName, password or both are incorrect, if the setup of the registry is not valid. If problems persist contact your service representative. SECJ0370E: Validation of the token failed because the token is null.
Explanation Cannot validate the token since the token is null. Action More info at:
SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: {0}.
Explanation Cannot validate the token since the token has expired. Action Once the token timeout is reached, the token is not validated and authenticate again. This is normal. Make sure that all the WebSphere nodes and cell(s) are synchronized with respect to time, date and time zone. We can change the token expiration time if necessary. SECJ0372E: Validation of the inbound LTPA token failed. The configured LTPA keys are probably not the ones that generated the token signature.
Explanation The LTPA keys might not be the correct ones needed to verify the signature of the token. Action This error occurs if the keys used to encrypt the token are not the same as the keys used to decrypt. If a new set of keys has been generated, this is an expected error. Any tokens signed using the old keys will no longer work. Contact your service representative if the problem persists. SECJ0373E: Cannot create credential for the user {0} due to failed validation of the LTPA token. The exception is {1}.
Explanation This is an internal Error. Cannot create a credential after the token is validated. Action This error usually occurs due to an expired token or a token created with different LTPA keys.If the token is expired, you might need to increase the LTPA timeout. If the keys are not the same, make sure that one set of LTPA keys are used. SECJ0374E: The accessID in the token contains the wrong type. It should be either user or group. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0375E: Mismatch of realms during token validation.
Explanation The realm in the token does not match the current realm. Action This error can occur when a token is passed between one cell and another cell, and the realms do not match in these cells. If you are using LDAP, make sure that both cells use the same host name and port number. SECJ0376E: Error importing LTPA keys. The exception is {0}.
Explanation Cannot import LTPA keys. Action This error occurs when the password used to import the keys does not match the password that encrypted the keys. Make sure that the password is the same. If the problem persists, contact your service representative. SECJ0377E: Error exporting LTPA keys. The exception is {0}.
Explanation Cannot export LTPA keys. Action More info at:
SECJ0378E: Cannot get SecurityServer in the security MBean.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0379E: Cannot get LTPAServer in the security MBean.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ0380W: The keystore or truststore type specified is invalid. Adjusting to use the correct type, however, correct the SSL configuration for performance reasons.
Explanation The keystore or truststore type specified is not valid. Action Modify the SSL configuration so that the keystore or truststore type is a valid type. We can check the keystore and truststore types by loading them in WebSphere's IKeyMan tool. SECJ0381I: Warning, the com.ibm.websphere.java2secman.norethrow property is true. The WebSphere Java 2 Security Manager is not rethrowing AccessControl exceptions. This debug setting should not be used in a production environment. See the InfoCenter for Java 2 Security debugging features.
Explanation The com.ibm.websphere.java2secman.norethrow property, when it has a true value, instructs the Java 2 Security Manager to NOT rethrow AccessControl exceptions. This property is intented to assist developers when they are preparing their applications for Java 2 Security. When this property value is true, the Security Manager reports the AccessControl exception but does not rethrow or propagate the exception up the call stack. This might permit applications to access resources that would they would otherwise not have access to. This property should not be specified in a production environment, only in a debug or application development environment. Action If this message is unexpected or the application is running in a production environment, remove the com.ibm.ws.java2secman.norethrow property setting unless you understand the consequences. SECJ0382I: The alias {0} from the server level security has not been updated to the cell.
Explanation Informational. Action During the server and the cell security object merging, if a same alias name exists in both, the alias is not copied to the cell configuration. This is as designed. Normally, this should not happen since the alias names are unique. However, if a removeNode operation has been performed prior to the addNode operation, you might see this message since the removeNode does not remove the existing aliases. Also, if the alias names in the security.xml file were manually changed, then this message appears if the aliases match. SECJ0383I: Proceeding with merging the server's security configuration with the cell's for this Application Server.
Explanation Informational. Action This message appears when the Application Server contains its own security configuration that must be merged with cell level configuration. SECJ0384E: Trust Association Init Error. The Trust Association interceptor implementation {0} initialization failed. The error status/exception is {1}. If you receive this error message in association with a trust association interceptor that you are not using, you can ignore this message.
Explanation The initialization of this Trust Association implementation failed. Action Verify that the appropriate Trust Association properties required for the initialization are set up correctly. If you are using your own implementation, check your initilization method for any problems. If a single Trust Association implementation is used, this indicates that the Trust Association is not in effect. However, if multiple TrustAssociation implementations are used, Trust Association can be in effect if one of the implementations is successful. If you receive this error message in association with a trust association interceptor that you are not using, you can ignore this message. SECJ0385W: Cannot find and load the FIPS approved IBM JSSE or JCE providers. This can be a problem if the environment must use FIPS approved cryptographic algorithms and you are not using your own FIPS approved providers. The error status/exception is {0}.
Explanation Cannot find and load the FIPS approved IBM JSSE or JCE providers. This is a problem when the IBM FIPS approved JCE provider is missing. Websphere Application Server depends on it when a FIPS approved provider is required. However, a missing FIPS approved IBM JSSE provider might not be a problem provided that we have configured it to use your own FIPS approved JSSE provider. Action Make sure that the missing provider jar, if needed, is in the JDK ext directory. SECJ0386I: Initializing registry to use Tivoli Access Manager for authentication.
Explanation Authenticaton will be perfomed using Tivoli Access Manager. This requires that WebSphere is configured to use an external Tivoli Access Manager server. Action None, informational only. SECJ0387E: Error getting the PolicyConfiguration object for the contextID {0}. The exception is {1}.
Explanation Could not get the JACC provider PolicyConfiguration object. This object is required to propagate the security constraints information to the provider. Action Make sure that the JACC provider property javax.security.jacc.PolicyConfigurationFactory.provider is set correctly to the PolicyConfigurationFactory implementation class. The preferred way to set this property is to use the JACC configuration properties panel or wsadmin tool. Also make sure that the provider classes are in the class path of all the servers. SECJ0388E: Problem getting the PolicyConfiguration inService status. The exception is {1}.
Explanation The policy configuration object status could not be determined. Access will not be granted to this module. Action The module in question might be in the process of being deleted. If the problem persists, contact your service representative. SECJ0389E: Problem getting the PolicyContext key {0}. The exception is {1}.
Explanation The policy context key cannot be obtained to make the access decision. Action Make sure that the Policy Context Key in question is registered by the container. SECJ0390E: Error when caling isCallerInRole for role {0}. The exception is {1}.
Explanation Cannot determine the isCallerInRole because of the exception. Default is to return false. Make sure that the security role-ref information is correct. Action More info at:
SECJ0391E: Error when setting the Policy object to the provider''s policy implementation {0}. The exception is {1}.
Explanation The provider's policy implementation cannot be loaded because of the exception. Action Make sure that the JACC provider properties are set correctly and the provider classes are in the class path. If problem persists, contact your service representative. SECJ0392E: Error when checking the dataconstraint requirement for the contextID {0}. The exception is {1}.
Explanation Could not determine the dataconstraint requirements for this resource. The request will be denied. Action Make sure that the dataconstraint requirements are correctly configured in the deployment descriptor. SECJ0393E: Error when checking the isUserInRole requirement for the contextID {0}. The exception is {1}.
Explanation Could not determine the isUserInRole requirements for this resource. The default value false will be returned Action Make sure that the RoleRef information is correctly configured in the deployment descriptor. SECJ0394E: Principal exists in Subject returned by TAI.getSubject() but it does not implement java.security.Principal.
Explanation The Trust Association Interceptor did not have the correct principal in the Subject. The principal must implement java.security.Principal. Action Contact the provider of the Trust Association Interceptor to ensure this problem gets resolved. SECJ0395E: Could not locate the SecurityServer at host/port: {0} to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.
Explanation A SecurityServer could not be located for login. Action In some cases it is necessary to specify a valid bootstrap host/port in the com.ibm.CSI.securityServerHost and com.ibm.CSI.securityServerPort properties in the ${WAS_INSTALL_ROOT}/profiles/profile_name/properties/sas.client.props file. See sas.client.props for details. SECJ0396E: Error updating information to the JACC provider for application {0}. The exception is {1}.
Explanation Cannot provide the security policy information to the JACC provider because of the exception. Without this information the authorization decisions, cannot be made correctly when security is enabled. Action Make sure that the JACC provider is properly configured and can be accessed. After the problem is fixed, either re-install the application or run the propagatePolicyToJACCProvider tool to propagate the policy information to the JACC provider. For more information about this tool, search for propagatePolicyToJaccProvider in the information center documentation. SECJ0397W: Error removing information from the JACC provider for application {0}. The exception is {1}.
Explanation Cannot delete the security policy information from the JACC provider because of the exception. This problem creates redundant information in the JACC provider. Action Make sure that the JACC provider is properly configured and can be accessed. The JACC provider might have tools to remove this information. SECJ0398E: Error updating information to the JACC provider for application {0}. The exception is {1}.
Explanation Cannot provide the security policy information to the JACC provider because of the exception. Without this information, the authorization decisions cannot be made correctly when security is enabled. Action Make sure that the JACC provider is properly configured and can be accessed. After the problem is fixed, one can either re-install the application or run the propagatePolicyToJACCProvider tool to propagate the policy information to the JACC provider. For more information about this tool, search for propagatePolicyToJaccProvider in the information center documentation. If the modification involved removing any modules, you can delete the information in the JACC provider to avoid redundant data. SECJ0399E: Error updating deployment.xml information with the appContextIDForSecurity for application {0}. The exception is {1}.
Explanation The appContextIDForSecurity atribute is required when using JACC as the authorization. Action If JACC will not be used for authorization then this should not impact anything. If JACC will be used for authorization, contact your IBM representative if this problem persists. SECJ0400I: Successfully updated the application {0} with the appContextIDForSecurity information.
Explanation Information only. Action Information only. SECJ0401E: Error getting the WebModuleMetaData or missing metadata for context root {0}. The exception is {1}.
Explanation This is an internal error. Without the meta data, the moduleName and applicationName cannot be obtained for access decisions. Action More info at:
SECJ0402E: Error getting the RoleConfiguration object for the contextID {0}. The exception is {1}.
Explanation Could not get the JACC provider RoleConfiguration object. This object is required to propagate the authorizationTable information to the provider. Action If the authorizationTable information is required by the provider, make sure that the JACC provider properties related to the RoleConfigurationFactoryImplClass is set correctly. Also make sure that the implementation classes are in the class path of all the servers. SECJ0403E: The PolicyConfiguration object for the contextID {0} is null.
Explanation Could not get the JACC provider PolicyConfiguration object. This object is required to propagate the security constraints information to the provider. Action Make sure that the JACC provider property javax.security.jacc.PolicyConfigurationFactory.provider is set correctly to the PolicyConfigurationFactory implementation class. The preferred way to set this property is to use the JACC configuration properties panel or wsadmin tool. Also make sure that the provider classes are in the class path of all the servers. SECJ0404E: The {0} object is null.
Explanation Could not get the object required for security policy propagation. Action Make sure that the JACC provider properties are set correctly in the JACC configuration. Also make sure that all the provider classes are in the class path of all the servers. SECJ0405E: The {0} object cannot be obtained because of the following error {1}.
Explanation Could not get the object required for security policy propagation. Action Make sure that the JACC provider properties are set correctly in the JACC configuration. Also make sure that all the provider classes are in the class path of all the servers. SECJ0406E: Cannot obtain the earFile for application {0}.
Explanation The earFile is required to get the security policy information for the application. The configuration repository might be corrupted. Action More info at:
SECJ0407E: Cannot obtain the application name for propagating the security constraints to the provider.
Explanation The appname is required to propagate the security policy information to the provider. Action More info at:
SECJ0408E: An exception occurred when removing the security policy information from the provider for application {0} during uninstall. The exception is {1}.
Explanation Because of an exception, the security policy information might not have been removed completely from the provider during the application uninstallation. Action Make sure that the provider is up and running and the JACC configuration is correct. One can use the tools provided by the provider to remove the security policy information manully from the provider's repository. SECJ0409E: An exception occurred when propagating the security policy information for application {0} to the JACC provider. The exception is {1}.
Explanation Because of an exception, the security policy information might not have been propapated to the provider during the application installation. Action Make sure that the provider is up and running and the JACC configuration is correct. Once the problem is fixed, one can also use wsadmin.sh to manually propagate the security policy information to the provider instead of reinstalling the application. See the information center documentation for more details on running this tool. If problem persists, contact your service representative. SECJ0410E: An exception occurred when updating the security policy information for application {0} to the JACC provider. The exception is {1}.
Explanation Because of an exception, the security policy information might not have been updated to the provider during the application update. Action Make sure that the provider is up and running and the JACC configuration is correct. Once the problem is fixed, one can also use wsadmin.sh to manually propagate the security policy information to the provider instead of reinstalling the application. See the information center documentation for more details on running this tool. If problem persists, contact your service representative. SECJ0411E: An exception occurred when getting the authorization provider object from the configuration. The exception is {1}.
Explanation Because of an exception, the security policy information might not have been updated to the provider. Action Make sure that the provider is up and running and the JACC configuration is correct. Once the problem is fixed, one can also use wsadmin.sh to manually propagate the security policy information to the provider instead of reinstalling the application. See the information center documentation for more details on running this tool. If problem persists, contact your service representative. SECJ0412E: An Error occured when initializing the initialization class {0} of the JACC provider. The exception or the error code is {1}.
Explanation The initialization implementation of the provider failed with an exception or a non-zero error code. Action Verify that the JACC provider properties are correctly set and that the initialization classes are in the class path. Check the provider implementation for problems. An error code of zero (0) indicates success. SECJ0413I: The JACC provider is successfully initialized with the following setup. The policy class name is {0}. The PolicyConfigurationFactory class name is {1}. The optional RoleConfigurationFactory call name is {2}. The optional initialization class name is {3}.
Explanation This message is provided for information purposes only. Action No user action is required. SECJ0414W: FIPS is enabled but the IBMJCEFIPS provider is not active in the java.security file. To ensure FIPS algorithms usage for all WAS process types, uncomment the IBMJCEFIPS provider in the java.security file, ahead of the IBMJCE, and renumber the provider list in sequential order.
Explanation When the server is running in FIPS mode the IBMJCEFIPS provider should be in the java.security file. Action The java.security file needs to be changed to include the IBMJCEFIPS provider in the provider list before the IBMJCE provider. SECJ0415I: The security policy for application {0} is successfully propagated to the JACC provider.
Explanation This message is provided for information purposes only. Action No user action is required. SECJ0416I: The security policy for application {0} is successfully removed from the JACC provider.
Explanation This message is provided for information purposes only. Action No user action is required. SECJ0417I: FIPS is enabled.
Explanation The server is running in FIPS mode, using the IBMJCEFIPS provider. Action No user action is required. SECJ0418I: Cannot connect to the LDAP server {0}.
Explanation Security is unable to connect to some target LDAP servers, which might prevent future failover. Action If bring up additional servers for failover, verify that the required LDAP server is running. SECJ0419I: The user registry is currently connected to the LDAP server {0}.
Explanation This name refers to the LDAP host name that is currently used by the WAS security registry. Action No user action is required. SECJ0420I: Security run time is unable to update LDAP registry binding information.
Explanation new bind information might be incorrect. Action Verify bind DN and password are correct. SECJ0421I: Security run time has successfully updated LDAP registry binding information.
Explanation new LDAP bind information has been pushed to security run time. Action No user action is required. SECJ0422I: During addNode from node "{0}" the default node certificate did not exchange its signer with the cell default truststore. This might cause a handshake failure when the cell tries to communicate with the node. Manual signer exchange might need to occur.
Explanation It's likely the TrustStore named CellDefaultTrustStore or KeyStore named NodeDefaultKeyStore does not exist in the configuration. Action The node's signer certificates need to be added to the cell's truststores. SECJ0423I: During addNode from node "{0}" the default cell certificate did not exchange its signer with the node default truststore. This might cause a handshake failure when the node agent starts up. Manual signer exchange might need to occur.
Explanation It's likely the TrustStore named NodeDefaultTrustStore or KeyStore named CellDefaultKeyStore does not exist in the configuration. Action The cell's signer certificates need to be added to the node's truststores. SECJ0424E: During addNode from node "{0}" the default keystore and truststore were not already created. An attempt to create them on the DMGR failed with exception: {1}.
Explanation The creation of keystore and truststore with self-signed certificate failed. Action The node agent did not have certificates created when it was federated into the cell. The attempt to create them during addNode failed. SECJ0425I: The custom property {0} from the Node security.xml already exists in the Cell security.xml and will not overwrite the Cell value.
Explanation Informational. Action No user action is required. During the server and the cell security object merging, if a custom property with the same name exists in both, the property will not be copied to the cell configuration. It is normal for the cell to have custom properties that match the server. SECJ0426E: InternalServerId is used in the current dmgr configuration. Cannot add an older node. Modify the dmgr security configuration to use the serverID/passwd before adding an older version node.
Explanation An earlier leveled node cannot be added to a dmgr whose configuration is using the internalServerId. Action The dmgr configuration needs to be modified to use the serverID/password before an older version node can be added SECJ0427E: The server password is null or missing in the dmgr configuration. Cannot add an older version node unless the server password is entered.
Explanation An earlier leveled node cannot be added to a dmgr whose configuration is missing the server password Action The dmgr configuration needs to be modified to specify the server password SECJ0428E: The product cannot locate the HTTPS port value in the list of virtual hosts. Confirm that the port exists in the virtualhosts.xml file for the cell.
Explanation The product cannot locate the HTTPS port value specified in the URL. The port value is not found in the list of virtual hosts. Action Check that the HTTPS port value specified is in the virtualhosts.xml file for the cell. The virtualhosts.xml file is located in the PROFILE_ROOT/config/cells/cell_name directory. SECJ0429W: A login has occurred while admin security is disabled. An UNAUTHENTICATED Subject will be returned since most security subsystems are unavailable.
Explanation When admin security is disabled we do not initialize user registry or other services needed to properly authenticate. Therfore, we will return an UNAUTHENTICATED Subject to ensure the runtime continues to operate. Action If an authenticated JAAS Subject is desired, enable at least administrative security in the security configuration. SECJ0430W: The authentication cache currently has {0} entries which has exceeded the maximum size of {1}. The cache cleanup algorithm will remove some entries. Consider increasing the maximum cache size.
Explanation When the authentication cache maximum size is reached, some entries from the cache are evicted. This will cause some users to go back through the login modules which is a slower process. Action To increase the max cache size for the authentication cache, set the following System property (com.ibm.websphere.security.util.authCacheMaxSize) for each process that needs it. The property default is 25000 entries. SECJ0431E: Authentication had been already established.
Explanation Authentication had been already established. To login with another user, logout first. Action More info at:
SECJ4000E: JAAS Login Exception occurred at {0}.
Explanation JAAS Login exception occurred while refreshing the credential. Action Confirm user id, password and realm information are correct. If you still see the problem, contact your service representative with exception stack trace information present in the error log. SECJ4001E: Login failed for {0}/{1} {2}
Explanation Authentication can fail for many reasons. The user or password might not have been entered correctly, misspelled for instance. The user account might not exist, might have expired, or be disabled. The password might have expired or require a change at first logon. If WebSphere security is configured to use LDAP as the user registry, the WebSphere security LDAP user and group search filter configuration might not match what the LDAP directory expects. Action Confirm that the user information (realm name, user name, password) is valid. Try authenticating the user directly to the configured user registry outside of WebSphere authentication to verify that the user and password are valid in the user registry. The WebSphere information center documents additional user account requirements for specific user registries. SECJ4002E: No CORBA Credentials for {0}/{1}
Explanation Authentication failure occurred while invoking login() of realm/user since there is no CORBA credential. Action Confirm if the user information(realm name, user name password) is valid. SECJ4003E: Credential token login is not valid for LocalOS
Explanation JAAS Login failure occurred while invoking login() with token for LocalOS. Action LocalOS does not support login with token. Make sure that the application program is valid. SECJ4004E: Login failed for credential token {0}
Explanation JAAS Login failure occurred while invoking login() with token. Action Check the user authenticate data is correct. Enabling security debug trace will provide the details.(com.ibm.ws.security.auth.* ) SECJ4005E: No CORBA Credentials for credential token
Explanation JAAS Login returned null credential while invoking login() with token. There is no CORBA Credential. Action login returned null Credential. Check the user application how it authenticate. Enabling security debug trace will provide the details.(com.ibm.ws.security.auth.* ) SECJ4006E: Invalid Credential Type {0}
Explanation Getting the JAAS subject from CORBA credential failed with exception. Action Contact your service representative with exception stack trace information present in the error log. SECJ4007E: Not supposed to construct WSLoginHelperImpl object
Explanation WSLoginHelperImpl object instance should not be constructed. Action Check the user application. WSLoginHelperImpl should not be directly constructed. SECJ4008E: Missing some of the authentication data
Explanation Some of the authentication data is missing. Action Check the next message. It identifies what is missing. SECJ4009E: Either user name, realm or password data is missing.
Explanation User name, realm name or password is missing. Action Confirm that the necessary authentication data is passed. Enabling security debug trace for component com.ibm.ws.security.auth.* might yield additional information. SECJ4010E: Credential Token is null or empty array
Explanation Credential token is missing. Action Confirm that the necessary authentication data is passed. SECJ4011E: com.ibm.ejs.oa.EJSORB.getORBInstance() returns null
Explanation com.ibm.ejs.oa.EJSORB.getORBInstance() returns null Action Make sure that the ORB is initialized correctly in the user application. SECJ4012E: Error getting SecurityCurrent from the ORB {0}
Explanation Getting security current caused an exception. Action Make sure that the ORB is initialized correctly in the user application. SECJ4013E: An unexpected IOexception occurred in Login Module {0} CallbackHandler. The exception is {1}
Explanation Exception occurred while processing callbacks Action Contact your service representative with exception stack trace information present in the error log. SECJ4014E: Login Module {0} detected unsupported {1} callback in CallbackHandler {2}
Explanation Unsupported Exception occurred while processing callbacks Action Check the application. Contact your service representative with exception stack trace information present in the error log if the problem persists. SECJ4015E: An unexpected exception occurred during the JAAS login commit action in Login Module {0}. The exception is {1}.
Explanation Exception occurred while committing LoginModule Action Check the application. Contact your service representative with exception stack trace information present in the error log if the problem persists. SECJ4016E: An unexpected exception occurred in Login Module {0} when removing principal {1} during cleanup. The exception is {2}
Explanation Exception occurred while removing the principal. Action Contact your service representative with exception stack trace information present in the error log. SECJ4017E: An unexpected exception occurred in Login Module {0} when removing WSCredential during cleanup {1}
Explanation Exception occurred while removing the credential. Action Contact your service representative with exception stack trace information present in the error log. SECJ4018E: Removing CORBA Credential during cleanup {0}
Explanation Exception occurred while removing CORBA credential. Action Contact your service representative with exception stack trace information present in the error log. SECJ4019E: Not supposed to construct Util object
Explanation Util object instance should not be constructed. Action Check the user application. Util should not be directly constructed. SECJ4020E: CORBA: Invalid Attribute Type: {0} {1}
Explanation CORBA credential has attribute that is not valid. Action Contact your service representative with exception stack trace information present in the error log. SECJ4021E: CORBA: Duplicate Attribute Type: {0} {1}
Explanation CORBA credential has duplicate attributes. Action Contact your service representative with exception stack trace information present in the error log. SECJ4022E: CORBA: Not suppose to construct CredentialsHelper object
Explanation CredentialsHelper object instance should not be constructed. Action Check the user application. CredentialsHelper should not be directly constructed. SECJ4023E: Failed to create a Configuration instance.
Explanation Failed to create a configuration instance Action Contact your service representative with exception stack trace information present in the error log. SECJ4024W: {0} :Warning: getAppConfigurationEntry() was called with no configuration name.
Explanation getAppConfigurationEntry() was called with null string. Action Check the parameter if it is called from user application. If not, Contact your service representative. SECJ4025E: unable to get system input stream {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ4026W: WSDefaultPrincipalMapping() should not be invoked.
Explanation WSDefaultPrincipalMapping() should not be invoked. Action This is warning. Check the user application. WSDefaultPrincipalMappingshould not be directly constructed. SECJ4027W: {0} does not exist, use {1} wsj2cdpm.properties
Explanation Specified file did not exist. Use the default file. Action This is a warning. Check the specified file name. SECJ4028E: Unexpected Exception caught in new URL {0} : Exception is {1}
Explanation Unexpected exception occurred while creating a new URL. Action Check the specified URL. Contact your service representative with exception stack trace information present in the error log. SECJ4029E: Unexpected Exception caught in openStream URL {0} : Exception is {1}
Explanation Unexpected Exception occurred while opening an URL. Action Check the specified URL. Contact your service representative with exception stack trace information present in the error log. SECJ4030E: Unrecognizable Callback index = {0} {1}
Explanation Unrecognizable Callback is passed. Action Contact your service representative with information present in the error log. SECJ4031E: Unexpected IOException caught {0}
Explanation Unexpected IOException was caught while processing callbacks. Action Contact your service representative with exception stack trace information present in the error log. SECJ4032E: Method {0} detected missing or malformed data when trying to perform conversion. The data item name is {1} and value is {2}.
Explanation Internal problem related to malformed or corrupted data storage. Action Contact your service representative with exception stack trace information present in the error log. SECJ4033E: The LoginContext does not contain a Subject after authenticating user {0} with LoginModule alias {1}.
Explanation The LoginModule did not create a Subject. There is a problem with the LoginModule Action This problem could be due to a configuration error in security.xml or an internal error. SECJ4034I: Token Login failed. If the failure is due to an expiring token, verify the system date and time of the WebSphere nodes are synchronized or consider increasing the token timeout value. Authentication mechanism {0} and exception is {1}
Explanation Token Authentication failure might be caused by an expired token, token that is not valid, or a date or time synchronization problem between WebSphere nodes. Web browsers often cache WebSphere SSO cookies which contain the token to validate. These tokens do expire. Action Token validation failures are not always unexpected given tokens can expire. might consider increasing timeout value or verifying that the system date and time between WebSphere nodes is synchronized. SECJ4035E: {0} :ERROR: Could not get System property: {1}
Explanation Failed to get the specified property. Action Check if you defined the specified property correctly. SECJ4036E: {0} : Error: An exception occurred when trying to reflect on or invoke convertMapToString(). The exception is {1}
Explanation Exception occurred trying to reflect on or invoke convertMapToString(). Action Investigate the exception. Check class path. SECJ4037E: {0} :ERROR: Could not open URL: {1}. The exception is {2}
Explanation MalformedURLException occurred trying to connect the specified URL. Action Investigate the exception. Check the specified URL. SECJ4038E: {0} :ERROR: Could not create URL: {1}. The exception is {2}
Explanation IOException occurred trying to connect the specified URL. Action Investigate the exception. Check the specified URL. SECJ4039E: {0} :ERROR: A file parser exception occurred with file : {1}. The exception is {2}
Explanation IOException occurred trying to connect the specified URL. Action Investigate the exception. Check the specified URL. SECJ4040W: {0} :Warning: update() method passed either a null or empty string.
Explanation null or empty string was passed to update() method. Action This is a warning. SECJ4041E: {0} :ERROR: Could not create or open StringReader: {1}. The exception is {2}.
Explanation Could not create or open the specified StringReader. Action Investigate the exception. SECJ4042E: {0} :ERROR: A file parser exception occurred with file : {1}. The exception is {2}
Explanation IOException occurred trying to connect the specified stringreader. Action Investigate the exception. Check the specified string. SECJ4043W: {0} :Warning: An unexpected IOException occurred when closing a stream.
Explanation Unexpected IOException occurred trying to close a stream. Action This is a warning. SECJ4044E: WCCM jaas objects is not yet load.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ4045E: {0} : Error: An exception occurred when trying to reflect on or invoke convertMapToString(). The exception is {1}
Explanation Exception occurred trying to reflect on or invoke convertMapToString(). Action Investigate the exception. Check class path. SECJ4046E: Duplicate login config name {0}. Will over write.
Explanation Duplicate login configuration name was specified in the configuration data. Action Check the configuration data. SECJ4047E: IOException occurred during parsing jaas application configuration. The exception is {0}
Explanation IOException occurred during parsing jaas application configuration. Action Check the configuration file. Investigate the exception. SECJ4048E: ParserException occurred during parsing jaas application configuration. The exception is {0}
Explanation ParserException occurred during parsing jaas application configuration. Action Investigate the exception. It has the information of syntax error in the configuration file. SECJ4049E: Error creating credential from registry object. The exception is {0}.
Explanation Unexpected exception occurred while creating and initializing the user registry. Action Check the application and the registry set up. Contact your service representative if the problem persist. SECJ4050E: An unexpected exception is caught: {0}.
Explanation Unexpected exception occurred while restoring the credential. Action More info at:
SECJ4051E: PrivilegedActionException is caught while serialized Subject is being restored. The exception is {0}.
Explanation PrivilegedActionException occurred while restoring the credential. This exception is a wrapper of the exception created in doPrivileged block. Action Investigate the real source of the exception. Contact your service representative if the problem persist. SECJ4052E: InvalidCredentialType exception is caught while serialized Subject is being restored. The exception is {0}.
Explanation InvalidCredentialType exception occurred while restoring the credential. Action Investigate the SAS problem. Contact your service representative if the problem persist. SECJ4053E: InvalidCredential exception is caught while serialized Subject is being restored. The exception is {0}.
Explanation InvalidCredentialType exception occurred while restoring the credential. Action Investigate the SAS problem. Contact your service representative if the problem persist. SECJ4054E: InvalidCredentialType exception is caught while serialized Subject is being restored. The exception is {0}.
Explanation InvalidCredentialType exception occurred while restoring the credential. Action Investigate the SAS problem. Contact your service representative if the problem persist. SECJ4055E: InvalidCredential exception is caught while serialized Subject is being restored. The exception is {0}.
Explanation InvalidCredentialType exception occurred while restoring the credential. Action Investigate the SAS problem. Contact your service representative if the problem persist. SECJ4056E: Error getting initial context. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ4057I: WSMappingCallbackHandlerFactory implementation class {0} not defined.
Explanation WSMappingCallbackHandlerFactory implementation class might be defined in security.xml to customize Mapping CallbackHandler. This is not an error condition. When the implementation class is not defined, a default WebSphere implementation will be used. Action No action is required unless one wants to override the WebSphere default WSMappingCallbackHandlerFactory implementation. SECJ4058E: WSDefaultPrincipalMapping Initialization failed. The exception is {0}.
Explanation WSDefaultPrincipalMapping initialization failed. The JCA container managed principal/credential mapping most likely will not work properly. Action Examine the cause of the exception and correct the problem. The most likely cause for this error is that the WSMappingCallbackHandlerFactory implementation class was not configured properly. SECJ4059W: WSDefaultPrincipalMapping Initialization failed. Fall back to use WSMappingCallbackHandler.
Explanation WSDefaultPrincipalMapping initialization failed. The JCA container managed principal/credential mapping most likely will not work properly. Action Examine the cause of the exception and correct the problem. The most likely cause for this error is that the WSMappingCallbackHandlerFactory implementation class was not configured properly. SECJ4060W: Cannot find parameter {0} that might be needed by Mapping LoginModules.
Explanation Either the custom properties HashMap or the authentication data alias was not defined. Action This might not be a problem depending on the particilar mapping LoginModules. SECJ4061W: Exception {0} was thrown during mapping.
Explanation An exception was created by the WebSphere default principal/credential mapping function. Action This is most likely caused by incorrect authentcaiton data configuration. SECJ4062W: Cannot find the credential information.
Explanation WebSphere default principal/credential mapping function could not find the specified credential information. Action This is most likely caused by incorrect authentication data configuration. SECJ4063E: Exception {0} caught in processing callback {1}
Explanation Unexpected problem occured when processing a WAS V5 mapping callback type. Action Contact your service representative with information present in the error log. SECJ4064E: Trust state information missing in shared state, unable to perform identity assertion.
Explanation A Custom Login module must be provided and configured prior to this login module in the JAAS Login Configuration and should have provided trust information in shared state. Action Check a Custom Login Module is provided and configured prior to this login module in the JAAS Login Configuration and make sure that the shared state information is set correctly based on the requirement. SECJ4065W: Principal and X509Certificate provided in the trust information, using the principal.
Explanation Both a principal and X509Certificate are provided in the trust information, the principal has priority and will be used for the login. Action If login with the X509Certificate is desired then the principal should not be passed in the trust information. SECJ4066E: Could not find identity to perform identity assertion.
Explanation A Custom Login module must provide an identity to perform identity assertion. Action Check a Custom Login module to make sure an idenity is provided to the perform identity assertion. SECJ5000E: The following exception occurred while creating the attribute propagation token: {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ5001E: The following exception occurred while creating the attribute propagation token holder list from the authorization token: {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ5002W: An error occurred while serializing the custom object {0} from the current Subject. This does not cause the request to fail but this custom object will not get propagated.
Explanation The object mentioned above probably does not implement the java.io.Serializable interface. Action Ensure that the object implements the java.io.Serializable interface to ensure it gets propagated downstream. SECJ5003W: An error occurred while de-serializing a custom object from the inbound authorization token. This does not cause the request to fail but this custom object will not get restored in the inbound Subject.
Explanation The object failed to de-serialize at the target server. The likely cause is the implementation class is not present on the target server or the Java class version between the sending server and target server is different. Action Ensure that the correct java class exists at the target server. SECJ5004W: Trying to add propagation token name {0} and version {1} that already exists on the thread. The existing PropagationToken is returned and will not be overwritten.
Explanation Cannot overwrite an existing PropagationToken. The existing one is returned, so use it to set new attributes given the proper permission. Action Check the addPropagationToken SPI for the value returned. A null value indicates this is the first time the token is added. A non-null value indicates you are setting the token again which is not allowed. Use the returned value to add new attributes. SECJ5005E: Cannot create WSCredential without a valid com.ibm.wsspi.security.cred.uniqueId property value.
Explanation The com.ibm.wsspi.security.cred.uniqueId property has not been found during a properties login attempt. Action Ensure that the java.util.Hashtable used for a properties login contains a valid property value for com.ibm.wsspi.security.cred.uniqueId. SECJ5006E: Cannot create WSCredential without a valid com.ibm.wsspi.security.cred.securityName property value.
Explanation The com.ibm.wsspi.security.cred.securityName property has not been found during a properties login attempt. Action Ensure that the java.util.Hashtable used for a properties login contains a valid property value for com.ibm.wsspi.security.cred.securityName. SECJ5007E: Cannot create WSCredential without a valid com.ibm.wsspi.security.cred.longSecurityName property value.
Explanation The com.ibm.wsspi.security.cred.longSecurityName property has not been found during a properties login attempt. Action Ensure that the java.util.Hashtable used for a properties login contains a valid property value for com.ibm.wsspi.security.cred.longSecurityName. SECJ5008W: The realm specified in com.ibm.wsspi.security.cred.realm ({0}) does not match the current realm ({1}). This could cause problems when trying to make a downstream request.
Explanation The realm specified does not match the current security realm of this server. This could cause problems when trying to go downstream to another server on the same current realm. Action If a different realm is desired, set the supportedTargetRealms field to include the new realm you are specifying in order to go outbound to servers in the current realm. SECJ5009E: Could not create a WSCredential given the information provided during a propagation login. The following exception occurred: {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ5010E: Could not create default AuthenticationToken during propagation login. The following exception occurred: {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ5011E: Could not create default AuthorizationToken during propagation login. The following exception occurred: {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ5012E: Could not create default SingleSignonToken during propagation login. The following exception occurred: {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ5013E: Could not create default SingleSignonToken during propagation login. The following exception occurred: {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ5014E: Could not find the factory class {0} specified for this token. The exception is {1}.
Explanation The LTPA TokenFactory implementation is likely not present in the class path. Action Ensure that the LTPA TokenFactory implementation is located in the WebSphere class path. Typically these implementations are put in the ${WAS_INSTALL_ROOT}/classes directory. SECJ5015E: The LTPA TokenFactory {0} returned is null.
Explanation The LTPA TokenFactory implementation is likely not present in the class path or it cannot be initialized. Action Ensure that the LTPA TokenFactory implementation is located in the WebSphere class path. Typically these implementations are put in the ${WAS_INSTALL_ROOT}/classes directory. SECJ5016E: The LTPA TokenFactory {0} could not create a new LTPA token. The exception is {1}.
Explanation The LTPA TokenFactory implementation had a problem in the createToken method or the keys used to create a token were not present. Action Ensure that the LPTA keys are configured properly and check the createToken implementation on the TokenFactory interface. SECJ5017E: The Lightweight Third Party Authentication (LTPA) token could not be validated because the LTPA services are not available.
Explanation This error most likely occurs when the Simple WebSphere Authentication Mechanism (SWAM) authentication mechanism is the active authentication mechanism. SWAM is meant for stand-alone servers and is not supported by WebSphere Process Server or by an environment that requires cross server (server-to-server) secure communications. Action Ensure that the active authentication mechanism is LTPA. SECJ6000I: Security Auditing is enabled.
Explanation This audit message indicates that the WAS Security Auditing service is enabled. Action No action is required is this is the desired setting. SECJ6001I: Security Auditing is required.
Explanation This audit message indicates that security auditing records are required. Action No action is required if this is the desired setting. Note that the intention of this auditing policy is not to commit a business transaction unless the required security auditing records can be saved. SECJ6002E: Failed to load {0} name {1} and class name {2}.
Explanation Failed to load the specified class which wsas defined in the global security custom properties. Action Verify that the class name, class path, and class file are configured properly. SECJ6003I: Successfully loaded {0} name {1} and class name {2}.
Explanation Indicate that the specified provider class was loaded. Action No action is required. SECJ6004I: Security Auditing is disabled.
Explanation This audit message indicates that the WAS Security Auditing service is disabled. Action No action is required if this is the desired setting. SECJ6005E: Invalid configuration {0} = name {1} and class name {2}.
Explanation The provider configuration in global security custom properties was incorrect. Action Check the specified properties and in particular the first missing parameter in the error message. SECJ6006E: Security auditing is REQUIRED but {0} was not defined.
Explanation At least one AuditEventFactory and an AuditServiceProvider must be defined when the security auditing policy is set to REQUIRED. Action Verify that the two properties com.ibm.websphere.security.audit.auditEventFactory and com.ibm.wsspi.security.audit.auditServiceProvider are defined proerly in the global security custom properties. SECJ6007E: Undefined {0} = {1}.
Explanation The specified properties was not defined properly in the global security customer properties. Action Verified that the specified properties is defined properly in the global security custom properties. SECJ6008E: Exception caught in AuditService initialization, Exception = {0}.
Explanation Runtime exception occured most likely due to incorrect class definition, incorrect class path, or missing class files. Action Examine the exception for the cause of the problem. SECJ6009E: AuditEventFactory number {0} getActive() malfunction, Provider Exception = {1}.
Explanation The getActive method in the spcified AuditEventFactory implementation failed. Action Examine the exception for the cause of the problem. If the problem was not related to incorrect configuration, then consult with the vendor of the AuditEventFactory implementation. SECJ6010W: Extra AuditServiceProvider definition detected and discarded: {0}.
Explanation Extra AuditServiceProvider was defined and is discarded. Action The com.ibm.wsspi.security.audit.auditServiceProvider properties contains extra information than necessary. Any information following the valid AuditServiceProvider definition is discarded. SECJ6011W: Custom property {0} was not defined.
Explanation The specified audit service provider was not defined in the global security custom properties. Action Define the specified properties if security auditing service is required in your business environment. SECJ6012I: Security Auditing is optional.
Explanation This audit message indicates that security auditing records are optional. Action No action is required if this is the desired setting. Note that the intention of this auditing policy is not to suspend a business transaction when security auditing records cannot be saved. SECJ6013E: The configured J2EE AuditEventFactory implementation did not implement the J2EEAuditEventFactory interface.
Explanation As a convention, an AuditEventFactory implementation that is configured under the J2EE name must implement the J2EEAuditEventFactory interface. Action Examine the com.ibm.websphere.security.audit.AuditEventFactory properties in global security custom properties. SECJ6014I: AuditEventType = {0}, AuditOutcome = {1}, AuditOutcomeReason = {2}, unique Event ID = {3}, Cell Name = {4}, Node Name = {5}, Server Name = {6}, Component Name = {7}, App Name = {8}, Session ID = {9}, Resource Name = {10}, Resource Type = {11}, Method Name = {12}, Provider Name = {13}, Provider Successful = {14}, Exception = {15}.
Explanation This message is intended to be used by the defaultAuditEventFactoryImpl sendAccessAuditEvent method only. Action No action required. SECJ6015I: AuditEvent = {0}, AuditEventFactory Name = {1}.
Explanation This message is intended to be used by the defaultAuditServiceProviderImpl sendEvent method only. Action No action required. SECJ6016I: AuditEventType = {0}, AuditOutcome = {1}, AuditOutcomeReason = {2}, unique Event ID = {3}, Cell Name = {4}, Node Name = {5}, Server Name = {6}, Component Name = {7}, App Name = {8}, Session ID = {9}, Resource Name = {10}, Resource Type = {11}, Realm = {12}, Authn Mechanism = {13}, Authn Method = {14}, User Name = {15}, Provider Name = {16}, Provider Successful = {17}, Subject = {18}, Caller List = {19}, Remote Addr = {20}, Remote Host = {21}, Remote Port = {22}, Exception = {23}.
Explanation This message is intended to be used by the defaultAuditEventFactoryImpl sendAuthnAuditEvent method only. Action No action required. SECJ6017E: Unexpected Exception {0}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ6018I: AuditEventType = {0}, AuditOutcome = {1}, AuditOutcomeReason = {2}, unique Event ID = {3}, Cell Name = {4}, Node Name = {5}, Server Name = {6}, Component Name = {7}, App Name = {8}, Session ID = {9}, Resource Name = {10}, Resource Type = {11}, Method Name = {12}, Provider Name = {13}, Provider Successful = {14}, Subject = {15}, Exception = {16}.
Explanation This message is intended to be used by the defaultAuditEventFactoryImpl sendAuthzAuditEvent method only. Action No action required. SECJ6019I: AuditEventType = {0}, AuditOutcome = {1}, AuditOutcomeReason = {2}, unique Event ID = {3}, Cell Name = {4}, Node Name = {5}, Server Name = {6}, Component Name = {7}, App Name = {8}, Provider Name = {9}, Provider Successful = {10}, Original Realm = {11}, Original User Name = {12}, Mapped Realm = {13}, Mapped User Name = {14}, Exception = {15}.
Explanation This message is intended to be used by the defaultAuditEventFactoryImpl sendMappingAuditEvent method only. Action No action required. SECJ6020I: AuditEvent = {0} AuditEventFactory Name = {1}.
Explanation This message is intended to be used by the defaultAuditServiceProviderImpl sendEvent method only. Action No action required. SECJ6021I: AuditEventType = {0}, AuditOutcome = {1}, AuditOutcomeReason = {2}, unique Event ID = {3}, Cell Name = {4}, Node Name = {5}, Server Name = {6}, Component Name = {7}, App Name = {8}, Session ID = {9}, Realm = {10}, User Name = {11}, Provider Name = {12}, Provider Successful = {13}, Subject = {14}, Caller List = {15}, Remote Addr = {16}, Remote Host = {17}, Remote Port = {18}, Exception = {19}.
Explanation This message is intended to be used by the defaultAuditEventFactoryImpl sendLogoutAuditEvent method only. Action No action required. SECJ6022E: AuditServiceProvider malfunction when security auditing is required, Provider Exception = {0}.
Explanation The configured AuditServiceProvider did not run the method in a reasonable time period while security auditing function is required. Action Examine the exception for the cause of the problem. Typically the business transactions should have been aborted because no security auditing record can be logged. SECJ6023E: Auditing is enabled but could not get a handle to the audit context objects.
Explanation Could not obtain a handle to the Audit context objects in order to be able to populate with event data. Action Examine the exception for the cause of the problem. SECJ6024E: AuditServiceProvider failure logging audit event, Exception = {0}.
Explanation A failure occurred in the auditing subsystem, preventing the event from being processed/logged. Action Examine the exception for the cause of the problem. SECJ6025E: Failure generated a shared key. Exception = {0}.
Explanation A failure occurred during shared key generation. Action Examine the exception for the cause of the problem. SECJ6026E: Exception while opening up audit keystore file. Exception = {0}.
Explanation Could not open the audit keystore. Action Examine the exception for the cause of the problem. Ensure that the audit keystore exists. SECJ6027E: Exception while retrieving the signer information from the audit signer certificate. Exception = {0}.
Explanation A failure occurred while retrieving the audit signer certificate. Action Examine the exception for the cause of the problem. Ensure that the signer certificate exists. SECJ6028E: Exception retrieving a certificates''s encoded bytes UTF-8 format. Exception = {0}.
Explanation Certificate encoding error. Action Examine the exception for the cause of the problem. SECJ6029E: Unsupported encoding exception raised. Exception = {0}.
Explanation Encoding error. Action Examine the exception for the cause of the problem. SECJ6030E: Failure to encrypt the audit record. Exception = {0}.
Explanation Encryption error generated while trying to encrypt the audit record. Action Examine the exception for the cause of the problem. SECJ6031E: Failure to sign the audit record. Exception = {0}.
Explanation Signing error generated while trying to sign the audit record. Action Examine the exception for the cause of the problem. SECJ6032E: Failure writing audit record out to the binary log. Exception = {0}.
Explanation IO error writing the audit record to the binary log. Action Verify the log exists. Examine the exception for the cause of the problem. SECJ6033E: Failure to initialize Audit encryption algorithm. Exception = {0}.
Explanation Initialization failure of encryption algorithm. Action Examine the exception for the cause of the problem. SECJ6034E: Exception raised trying to create the Audit log. Exception = {0}.
Explanation Failed to create the output Audit log. Action Examine the exception for the cause of the problem. SECJ6035E: Failure to write to the Audit log.
Explanation Could not write the audit record to the Audit log. Action Verify the log exists. Check the error logs for any possible IO exceptions. SECJ6036E: AuditService not initialized.
Explanation Audit service was not initialized, which occurred most likely due to incorrect class definition, incorrect class path, or missing class files. Action Examine the exception for the cause of the problem. SECJ6037E: Configuration error: no audit event factories are defined.
Explanation No Audit Event Factory implementations are found in the configuration. Action Ensure that there is at least one audit event factory configured. SECJ6038E: Audit keystore not found.
Explanation Cannot find keystore created by the Auditor. Action Ensure that the keystore has been created containing the certificate generated by the Auditor. SECJ6039E: Configuration error: no audit service providers are defined.
Explanation No Audit Service Providerimplementations are found in the configuration. Action Ensure that there is at least one audit service provider configured. SECJ6040E: Unexpected exception while creating the audit record object. Exception = {0}.
Explanation An error occurred while building the auditable record data. Action Examine the exception for the cause of the problem. SECJ6041E: Failure to initialize Audit signing algorithm. Exception = {0}.
Explanation An error occurred during the initialization of the Audit signing algorithm. Action Examine the exception for the cause of the problem. SECJ6042E: Data that is not valid was passed into the signing algorithm.
Explanation A data stream that was not valid was passed in to the signing algorithm. Action Verify that a non-null byte stream of data is being passed in. SECJ6043E: Message digest data not valid
Explanation Message digest is null or not valid. Action Verify that the message digest is not null or not valid. SECJ6044E: Data that is not valid was passed into the encryption algorithm.
Explanation A data stream that is not valid was passed into the encryption algorithm. Action Verify that a non-null byte stream of data is being passed in. SECJ6045E: Shared key that is not valid has been encountered.
Explanation A shared key that is not valid was detected. Action Verify that a valid key is being used. Check the error logs for further information. SECJ6046E: Data that is not valid was passed into the decryption algorithm.
Explanation A data stream that is not valid was passed into the decryption algorithm. Action Verify that a non-null byte stream of data is being passed in. SECJ6047E: Unrecoverable error occurred in the audit subsystem.
Explanation An unrecoverable error occurred in the audit subsystem. Auditing is discontinued. Action Examine the error logs for the cause of the problem. SECJ6048E: Failure sending audit notification.
Explanation An error occurred while sending an audit notification. Action Examine the error logs for the cause of the problem. SECJ6049E: Error in the audit notification configuration.
Explanation Audit system failure policy set to WARN or FATAL, but notification configuration is not properly configured. Action Ensure audit notification is configured. SECJ6050E: Audit Event Factory did not initialize. Exception = {0}.
Explanation Audit Event Factory was not initialized, which occurred most likely due to incorrect class definition, incorrect class path, or missing class files. Action Examine the exception for the cause of the problem. SECJ6051E: User name specified as the auditor ID does not have auditor privileges.
Explanation Cannot assign a user who does not have the auditor role as the primary auditor. Action Ensure the user specified is given the auditor role or select a user who already has the auditor role. SECJ6052E: Workspace error occurred attempting to change the primary auditor ID.
Explanation An error occurred accessing the workspace. Action None SECJ6053E: The audit log wrapping behavior is set to NOWRAP and the maximum number of audit logs has been reached. Quiescing the server.
Explanation The server is in a quiesced state. The maximum number of audit logs has been reached and the wrapping behavior is set to not wrap the oldest log. Action Determine whether the maximum number of audit logs needs to be increased. To get the audit service and server running again, archive all the audit logs to a safe repository, and restart the server. SECJ6054E: The audit log wrapping behavior is set to SILENT_FAIL and the maximum number of audit logs has been reached. Audit logging will stop.
Explanation Audit logging stopped: maximum number of audit logs has been reached and the wrapping behavior is set to SILENT_FAIL. Action Determine whether the maximum number of audit logs needs to be increased. Archive all the saved audit logs to a safe repository and restart the server to restart the auditing service SECJ6100I: Invalid URI.
Explanation A web request is rejected because it contains a URI name that is not valid. Action Incorrect URI might be a simple user error or an indication of potential threat where malicious users explore the weakness of web applications. You might perform a correlation analysis of security auditing events. SECJ6101I: Web access security context not found.
Explanation A web request is rejected because no web access security context is configured. Action The cause might be a simple user error or an indication of potential threat where malicious users explore the weakness of web applications. You might perform a correlation analysis of security auditing events. SECJ6102I: Access to a web resource is allowed because no access control is required.
Explanation Access to a web resource does not require access control because there is no servlet mapping. Action The URI is not protected. No action is required is this is the desired configuration. Otherwise, proper security constraint should be added to the web application. SECJ6103I: Access to a web resource is allowed because no access control is required.
Explanation Access to a web resource does not require access control because there is no security constraint. Action The URI is not protected. No action is required is this is the desired configuration. Otherwise, proper security constraint should be added to the web application. SECJ6104I: Access to a web resource is allowed because the URI is either login page, error page or form login page.
Explanation Access to login page, error page, and form login page does not require access control. Action The URI is not protected. No action is required. SECJ6105I: Access to a web resource is denied because no security role is defined in the auth constraint.
Explanation According to Servlet V2.4 Spec, access to a web resource should be precluded if there is an auth constraint in the security constraint but there is no security role defined in the auth constraint. Action Modify the security constraint if the current behavior does not fit your needs. SECJ6106I: The request is redirected to {0} because the requested resource must be accessed via HTTPS.
Explanation The requested resource has a Data Constraint and requires SSL connection to it. Action No action is required. SECJ6107I: The request is denied because the {0} login method was not supported.
Explanation WebSphee Application Server does not support the configured login method. Action Modify the deployment descriptor to choose a supported login method. You might explore the Trust Association Interface and the UserRegistry interface and plug in your custom implementation to support the DIGEST login method. SECJ6108I: Access to a web resource is allowed because there is no auth constraint.
Explanation According to Servlet V2.4 Spec, access to a web resource should be permitted if there is no auth constraint in the security constraint. Action Modify the security constraint if the current behavior does not fit your needs. SECJ6109I: Access to a web resource is allowed because either the EVERYONE Special Subject was mapped to at least one of the required security role or if there is no auth constraint.
Explanation Access to a web resource is granted to any user without requiring authentication when the Everyone Special Subject was mapped to at least one of the required security role. Action Modify the security constraint if the current behavior does not fit your needs. SECJ6110I: SSO token {0} was validated successfully.
Explanation Authentication was successful. Action No action is required. SECJ6111I: SSO token {0} failed validation with an Exception.
Explanation Authentication failed due to internal failure. Action Examine the cause of the exception and correct the problem. If the problem persists, contact your service representative. SECJ6112I: SSO token {0} is expired and failed validation.
Explanation Authentication failed because the SSO token has expired. Action No action is required. SECJ6113I: SSO token {0} is invalid and failed validation.
Explanation Authentication failed because the SSO token was not valid. Action No action is required. SECJ6114I: Trust Accosication Interceptor challenges the web client for authentication information. Status code = {0}.
Explanation A Trust Association Interceptor engages in the authentication protocol and needs authentication information from the web client. Action No action is required. SECJ6115I: Authentication successful with Trust Accosication Interceptor.
Explanation The authentication via the specified Trust Association Interceptor was successful. Action No action is required. SECJ6116I: Authentication failed becasue Trust Accosication Interceptor user name cannot be mapped to WAS user.
Explanation The authentication via the specified Trust Association Interceptor failed because the asserted user name cannot be mapped to a valid WAS user. Action If this problem persists, the mapping problem is likely to be caused either by incorrect TAI configuration or by TAI implementation. SECJ6117I: Authentication failed due to missing or incorrect user name and/or password. Redirect to {0}.
Explanation Form based Authentication failed due to missing or incorrect user id or password. Typically a web user will be redirect to a login page to retry. Action No action is required. SECJ6118I: Authentication failed becasue Trust the client certificate cannot be mapped to WAS user.
Explanation The authentication based on the X509 client certificate failed because the certificate user name cannot be mapped to a valid WAS user. Action No action is required. SECJ6119I: Authentication failed becasue the client certicate user name cannot be mapped to WAS user.
Explanation The authentication failed because the client certificate user name cannot be mapped to a valid WAS user. Action The user might not be defined in the registry. Otherwise, verify the registry and mapping configuration. SECJ6120I: Authentication failed becasue the user registry was not defined.
Explanation The authentication failed because there is no active user registry defined to map the client certificate user name to a valid WAS user. Action Verify that the registry and mapping configuration. SECJ6121I: Client certificate Authentication failed due to internal error.
Explanation The authentication failed due to an unexpected runtime exception. Action Report the problem to IBM. SECJ6122I: Client certificate Authentication failed due to internal error. Will try Basec authentication which is permitted by the web application configuration.
Explanation The authentication failed due to an unexpected runtime exception. The web application configuration allows authentication using user id and password. Will try to see if there is user id and password information in the HTTP header. Action No action is required. SECJ6123I: HTTP authorization header is missing. Send out 401 challenge.
Explanation The authentication failed because there is no authorization header in the HTTP header. WAS will send a 401 challenge to the web client. Action No action is required. SECJ6124I: Basic authentication data is missing. Send out 401 challenge.
Explanation The authentication failed because there is no user id and password information in the HTTP header. WAS will send a 401 challenge to the web client. Action No action is required. SECJ6125I: Basic authentication failed due to incorrect user id and/or password Will send a 401 challenge.
Explanation The authentication failed because there the user id and password information in the HTTP header was incorrect. WAS will send a 401 challenge to the web client. Action No action is required. SECJ6126I: Basic authentication was successful.
Explanation Authentication using the user id and password in the HTTP header was successful. Action No action is required. SECJ6127I: Basic authentication failed due to internal error.
Explanation Basic Authentication failed and a runtime exception was caught. Action Report this problem to IBM. SECJ6128I: Authentication failed due to internal error.
Explanation Authentication failed and a runtime exception was caught. Action Report this problem to IBM. SECJ6129I: Access is allowed because security is disabled.
Explanation Access to the resource is allowed because WAS global security eas not enabled. Action No action required if this is the configured behavior. SECJ6130I: Access is allowed.
Explanation Access to the resource is allowed because the user or the groups the user is in have the required security role. Action No action required if this is the desired behavior. SECJ6131I: Access is denied.
Explanation Access to the resource is denied because the user or the groups the user is in does not have any of the required security role. Action No action required if this is the desired behavior. SECJ6132I: Access is denied, Reason: {0}.
Explanation Access to the resource is denied because the user or the groups the user is in does not have any of the required security role. Action No action required if this is the desired behavior. SECJ6133I: Parsing client certificate failed.
Explanation Access to the resource is denied because the user or the groups the user is in does not have any of the required security role. Action No action required. SECJ6134I: Session does not exist on server.
Explanation The client context id (= 0) in a MessageInContext message is not valid. Action No action required. SECJ6135I: Session does not exist on server.
Explanation The client context id is inconsistent with session state. Action This problem should be analyzed to determine whether it was due to program or operational error or due to spoofing attempt. SECJ6136I: Session or token expired.
Explanation The security token in the security context has expired. Action Typically token has a finite expiration time and this condition might be normal. SECJ6137I: ASSOC_ACCEPT message is illegal at the target. The client might not be using correct configuration.
Explanation The message type ASSOC_ACCEPT should not be received at the target server. This might occur due to an exception that occurred on the client which caused a mixup. Action Check the client configuration to ensure that there's nothing out of the ordinary that might be causing an exception to occur. SECJ6138I: Security context setup successfully.
Explanation The client security context was re-established successfully using the client session context identifier. The message type ASSOC_ACCEPT should not be received at the target server. Action No action is required. SECJ6139I: The authorization token is invalid.
Explanation Parsing the client authorization token failed. Action Need to determine if this is caused by programming error. SECJ6140I: Invalid GSS security token format.
Explanation GSS security context token contains OID number that is not valid or authentication mechanism that is not valid. Action No action required. SECJ6141I: Authentication failed due to internal error.
Explanation Authentication failed due to internal error. Action No action required. SECJ6142I: Cannot obtain the identity of the ITTPrincipalName.
Explanation The Identity token is not valid. Action No action is required. SECJ6143I: Authentication failed.
Explanation Could not validate Client Authentication Token or Client Certificates during Identity Assertion. Action No action is required. SECJ6144I: Authentication failed.
Explanation Failed to convert the client certificate. Action No action is required. SECJ6145I: Authenticate to unauthenticated credentials.
Explanation Setting the credentials to unauthenticated because there is no valid identity token. Action No action is required. SECJ6146I: Message type was not supported.
Explanation Message type is not EstablishContext and stateful=false. Action No action is required. SECJ6147I: Authentication failed.
Explanation Examine the exception for reason of failure. Action No action is required. SECJ6148I: Authentication succeeded.
Explanation The authentication was successful. Action No action is required. SECJ6149I: Principal/Credential mapping succeeded.
Explanation The J2EE Connection principal/credential mapping was successful. Action No action is required. SECJ6150I: The user has the required roles {0}.
Explanation The user has been granted to one or more of the required roles. Action No action is required. SECJ6151I: The user does not have the required roles {0}.
Explanation The user has not been granted any one of the required roles. Action No action is required. SECJ6152I: Form Logout.
Explanation The HTTP session is cleaned up after form logout. Action No action is required. SECJ6153I: Redirect to form based login page {0} to prompt for web client authentication data.
Explanation The web resource requires Form based authentication. Typically a web user will be redirected to a login page to enter user id and password. Action No action is required. SECJ6154I: Form based authentication was successful.
Explanation Form based authentication was successful. Action No action is required. SECJ6205W: The current Java 2 Security policy reported a potential violation of a Java 2 Security Permission. Refer to the InfoCenter for further information.{0}Permission:{1}Code:{2}Code Base Location:{3}
Explanation The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. A caller on the call stack does not have the required permission. This might not be a problem if the caller properly handles this exception. Action Verify that the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions might be required, an AccessController.doPrivileged call might be needed in some code on the call stack, or the Security Manager has properly prevented access to a resource that a caller does not have permission to access. SECJ6206W: The current Java 2 Security policy report a potential violation of a Java 2 Security Permission. Stack Trace:{0}
Explanation The Java Security Manager checkPermission() threw a SecurityException. A caller on the call stack does not have the required permission. Action Verify that the attempted operation is permitted by examining all Java 2 security files and application code. Additional permissions might be required. SECJ6207I: Authorized credential management is enabled.
Explanation Applications running in this server are considered "trusted". When applications are trusted, the security infrastructure will allow the creation of MVS credentials without a password, passticket, or certificate as an authenticator. Trusted applications must be enabled in order to use the LTPA authentication mechanism, identity assertion, or a Trust Association Interceptor with a "Local OS" user registry on z/OS. Trusted applications must also be enabled to use SAF authorization. Action No user action is required. SECJ6208I: Authorized credential management is disabled.
Explanation Applications running in this server are not considered "trusted". Since applications are not trusted, the security infrastructure has disallowed the creation of MVS credentials without a password, passticket, or certificate as an authenticator. Trusted applications must be enabled in order to use the LTPA authentication mechanism, identity assertion, or a Trust Association Interceptor with a "Local OS" user registry on z/OS. Trusted applications must also be enabled to use SAF authorization. Action No user action is required. SECJ6209I: Application thread identity synchronization is enabled.
Explanation The server has been configured to perform J2EE and operating system thread identity synchronization for applications that request it. Action No user action is required. SECJ6210W: Application thread identity synchronization has been disabled by the z/OS security product.
Explanation The server has been configured to perform J2EE and operating system thread identity synchronization for applications that request it but the security product has not authorized the use of this support. Action Contact the security product administrator to request authorization to use thread identity synchronization. SECJ6211I: Connection management thread identity synchronization is enabled.
Explanation The server has been configured to perform J2EE and operating system thread identity synchronization for connectors that are able to exploit it. Action No user action is required. SECJ6212W: Connection management thread identity synchronization has been disabled by the z/OS security product.
Explanation The server has been configured to perform J2EE and operating system thread identity synchronization for connectors that are able to exploit it but the security product has not authorized the use of this support. Action Contact the security product administrator to request authorization to use thread identity synchronization. SECJ6213I: Thread identity synchronization will not subject to SURROGAT authorization.
Explanation WebSphere will not perform SURROGAT class authorization checks prior to creating native security environments. Action No user action is required. SECJ6214I: SAF authorization is enabled.
Explanation WebSphere for z/OS has been configured to use the z/OS security product for authorization. The authorization policies for WebSphere must be defined in the EJBROLE class of the z/OS security product. Authorization policies embedded in the applications will be ignored. Action No user action is required. SECJ6215E: The SAF credential token {0} has been finalized but the underlying native credential has not been destroyed.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ6216I: SAF delegation is enabled.
Explanation The APPLDATA associated with the profile representing the J2EE role will be used to determine the id of a user that is in the role. An invocation Subject will be built with a credential for that user. Action No user action is required. SECJ6217E: Unable to create a SAF delegation credential for the SAF profile named "{0}" in application "{1}". The native service results information are: {2}.
Explanation The security service was unable to create a delegation credential. This failure is usually due to incorrect or missing APPLDATA associated with the EJBROLE profile associated with the application role. Action Verify that the EJBROLE profile exists and is defined correctly. If the profile is correct, use the information about the SAF service, and SAF service return codes to determine the cause of the failure. If the problem persists, contact the IBM support center. SECJ6218W: The SAF delegation implementation was unable to create a subject in the role named "{0}" in application "{1}" for role delegation. The current subject will be used.
Explanation An earlier error prevented WebSphere from creating a subject that was in the required role. The target method will be dispatched without a change the current security environment. This might result in authorization errors as the caller might not be in the required role. Action Examine the previous messages to determine the initial cause of th error. SECJ6219I: Basic authentication failed for user "{0}". The native service results related to the authentication failure are: {1}.
Explanation WebSphere was unable to authenticate the user with the password that was presented. It is likely that the user ID or password were not valid. Action Verify that the user ID is valid. If the user is valid, use the provided SAF serivce information to get more information about the cause of the failure. SECJ6220I: Certificate authentication failed for certificate with SubjectDN="{0}" and IssuerDN="{1}". The native service results related to the authentication failure are: {2}.
Explanation WebSphere was unable to map the certificate that was presented to a valid user. It is likely that the issuer of the certificate is not trusted or that the mapping rules do not account for issuer and subject distinguished names. Action Verify that the certificate chain is trusted. If the chain is valid and trusted, use the provided SAF service information to get more information about the cause of the failure. SECJ6221E: A native credential for user "{0}" cannot be recreated. The native service results related to this failure are: {1}.
Explanation An authorized service used to create a native z/OS credential has failed. The credential cannot be used by the caller. Action Use the provided SAF service information to determine the cause of the failure. If the problem persists, contact the IBM support center. SECJ6222I: Thread identity synchronization of user "{0}" was not authorized by the z/OS security product.
Explanation The z/OS security product did not authorize the creation of a security environment for the specified user. The security environment associated with the current address space will be used. Action Contact the security product administrator to authorize the creation of a security environment for the specified user if required by the application. SECJ6223E: Thread identity synchronization of user "{0}" failed. The native service results related to this failure are: {1}.
Explanation An authorized service used to perform thread identity synchronization has failed. The thread security environment might not have been associated with the current thread of execution. Action User the provided SAF service information to determine the cause of the failure. If the problem persists, contact the IBM support center. SECJ6224I: The custom SAF role to profile mapper "{0}" has been initialized.
Explanation A custom SAF role to profile mapper has been configured, loaded, and initialized. Action No user action is required. SECJ6225E: Unable to load the custom SAF role to profile mapper "{0}" due to the following exception: {1}
Explanation WebSphere was unable to load and and instantiate the configured class. This is generally due to an incorrect class name. Action Verify that the specified class name is correct and that it can be loaded by the WebSphere class loader. SECJ6226W: Thread identity synchronization of user "{0}" is not allowed on the "initial pthread task."
Explanation The BPX1TLS service does cannot be called from the initial pthread task (IPT). If this service is called on the IPT, future calls to perform connection management or application thread identity synchronization will fail. Action No action is required. SECJ6227W: Authentication failed for kerberos principal {0}. The native service results related to the authentication failure are: {1}.
Explanation WebSphere was unable to map the kerberos prinicpal that was presented to a valid RACF user. Action Verify that the kerberos principal is set to the KERBNAME value in the KERB segment of a valid RACF user. SECJ6228E: The distributed user name is null and will not be mapped not a SAF user.
Explanation The distributed user name is null and will not be mapped not a SAF user. Action Specify a valid distributed user name. SECJ6229E: The distributed realm name is null.
Explanation The distributed realm name is null and will not be mapped not a SAF user. Action Specify a valid distributed realm name. SECJ6230E: The distributed user name exceeds the maximum length of {1}. The distributed user, {0}, will not be mapped to a SAF user.
Explanation The distributed user name exceeds the maximum allowable length. Action Specify a valid distributed user name. SECJ6231E: The distributed realm name exceeds the maximum length of {1}. The distributed realm name is {0}. The distributed user will not be mapped to a SAF user.
Explanation The distributed realm name exceeds the maximum allowable length. Action Specify a valid distributed realm name. SECJ6232E: The distributed user could not be mapped to a SAF user, most likely because there was no match in the SAF database filters. The distributed user name is: {0}. The distributed realm name is: {1}.
Explanation The distributed user could not be mapped to a SAF user, most likely because there was no match for the distributed user name and realm name in the RACMAP profiles of the SAF database. Action Verify that a RACMAP profile exists in the SAF database for the distributed user name and realm name. SECJ6233I: The version number of the SAF product is: {0}.
Explanation The version of the SAF product is displayed. Action No user action is required. SECJ6234I: The SAF feature for distributed identity mapping is in effect.
Explanation The SAF feature for distributed identity mapping is in effect. Distributed users will be mapped to SAF users using the filters defined in the SAF RACMAP profiles. Action No user action is required. SECJ6235I: The SAF feature for distributed identity mapping is not in effect.
Explanation The SAF feature for distributed identity mapping is not in effect. Action No user action is required. SECJ6236E: Authorization failed; the exception is {0}.
Explanation Authorization failed for the user. The exception has information on why the authorization failed. Action Examine the message in the exception for more information. SECJ6237E: Authorization failed. The SAF user {0} does not have {1} access to any of the following SAF profiles in the EJBROLE class: {2}.
Explanation Authorization failed for the user. Action Consult with the SAF administrator for granting the necessary access in the SAF database. SECJ7000I: Security Configuration Name
Explanation None Action None SECJ7001I: Value
Explanation None Action None SECJ7002I: Security Settings
Explanation None Action None SECJ7003I: Active authentication mechanism
Explanation None Action None SECJ7004I: Active RMI/IIOP authentication protocol
Explanation None Action None SECJ7005I: User account repository
Explanation None Action None SECJ7006I: Authentication cache timeout
Explanation None Action None SECJ7007I: Default SSL settings
Explanation None Action None SECJ7008I: Administrative security
Explanation None Action None SECJ7009I: Restrict access to resource authentication data
Explanation None Action None SECJ7010I: Java 2 security
Explanation None Action None SECJ7011I: Warn if applications are granted custom permissions
Explanation None Action None SECJ7012I: Use realm-qualified user names
Explanation None Action None SECJ7013I: Use the local security server
Explanation None Action None SECJ7014I: Authentication mechanisms and expiration
Explanation None Action None SECJ7015I: Authentication configuration
Explanation None Action None SECJ7016I: Authentication context implementation class
Explanation None Action None SECJ7017I: Authentication validation config
Explanation None Action None SECJ7018I: Password
Explanation None Action None SECJ7019I: Simple authentication config
Explanation None Action None SECJ7020I: Timeout of authentication data forwarded between servers
Explanation None Action None SECJ7021I: Enable trust association
Explanation None Action None SECJ7022I: Interceptors
Explanation None Action None SECJ7023I: Interceptor class name
Explanation None Action None SECJ7024I: Single signon (SSO)
Explanation None Action None SECJ7025I: Domain name
Explanation None Action None SECJ7026I: Requires SSL
Explanation None Action None SECJ7027I: User Registry
Explanation None Action None SECJ7028I: Realm
Explanation None Action None SECJ7029I: Server user ID
Explanation None Action None SECJ7030I: Server user password
Explanation None Action None SECJ7031I: Authorization configuration
Explanation None Action None SECJ7032I: External authorization using a JACC provider
Explanation None Action None SECJ7033I: Authorization providers
Explanation None Action None SECJ7034I: Provider initialization class name
Explanation None Action None SECJ7035I: J2EE Policy implementation class name
Explanation None Action None SECJ7036I: Name
Explanation None Action None SECJ7037I: Policy configuration factory class name
Explanation None Action None SECJ7038I: Requires the EJB arguments policy context handler for access decisions
Explanation None Action None SECJ7039I: Role configuration factory class name
Explanation None Action None SECJ7040I: Supports dynamic module updates
Explanation None Action None SECJ7041I: Application login configuration
Explanation None Action None SECJ7042I: Entries
Explanation None Action None SECJ7043I: Alias
Explanation None Action None SECJ7044I: JAAS login modules
Explanation None Action None SECJ7045I: Authentication strategy
Explanation None Action None SECJ7046I: Module class name
Explanation None Action None SECJ7047I: Custom properties
Explanation None Action None SECJ7048I: Value
Explanation None Action None SECJ7049I: CSI
Explanation None Action None SECJ7050I: Claims
Explanation None Action None SECJ7051I: Stateful sessions
Explanation None Action None SECJ7052I: Layers
Explanation None Action None SECJ7053I: Supported ciphers
Explanation None Action None SECJ7054I: Enable
Explanation None Action None SECJ7055I: Establish trust in client
Explanation None Action None SECJ7056I: Required Quality of protection (QoP) settings
Explanation None Action None SECJ7057I: Confidentiality
Explanation None Action None SECJ7058I: Enable Protection
Explanation None Action None SECJ7059I: Integrity
Explanation None Action None SECJ7060I: Server Authentication
Explanation None Action None SECJ7061I: SSL configurations
Explanation None Action None SECJ7062I: performs
Explanation None Action None SECJ7063I: Session GC Idle Time
Explanation None Action None SECJ7064I: Session GC Interval
Explanation None Action None SECJ7065I: Authentication Layer Retry Count
Explanation None Action None SECJ7066I: SAS
Explanation None Action None SECJ7067I: SSL configuration repertoires
Explanation None Action None SECJ7068I: SSL settings
Explanation None Action None SECJ7069I: Client authentication
Explanation None Action None SECJ7070I: Cryptographic token
Explanation None Action None SECJ7071I: Key file format
Explanation None Action None SECJ7072I: Key file name
Explanation None Action None SECJ7073I: Key file password
Explanation None Action None SECJ7074I: Security level
Explanation None Action None SECJ7075I: Trust file format
Explanation None Action None SECJ7076I: Trust file name
Explanation None Action None SECJ7077I: Trust file password
Explanation None Action None SECJ7078I: Cryptographic token
Explanation None Action None SECJ7079I: Library file
Explanation None Action None SECJ7080I: Token Type
Explanation None Action None SECJ7081I: Custom properties
Explanation None Action None SECJ7082I: System login configuration
Explanation None Action None SECJ7083I: Properties
Explanation None Action None SECJ7084I: Enable pluggable authentication
Explanation None Action None SECJ7085I: Required
Explanation None Action None SECJ7086I: Global security
Explanation None Action None SECJ7088I: Security
Explanation None Action None SECJ7089I: Console Name
Explanation None Action None SECJ7090I: Console Path Name
Explanation None Action None SECJ7091I: Name
Explanation None Action None SECJ7092I: JAAS
Explanation None Action None SECJ7093I: System logins
Explanation None Action None SECJ7094I: Application logins
Explanation None Action None SECJ7095I: Administrative users and groups
Explanation None Action None SECJ7096I: Administrative Role Name
Explanation None Action None SECJ7097I: Administrative Role Value
Explanation None Action None SECJ7098I: Administrator User
Explanation None Action None SECJ7099I: No Administrator User
Explanation None Action None SECJ7100I: Operator User
Explanation None Action None SECJ7101I: No Operator user or group
Explanation None Action None SECJ7102I: Moderator User
Explanation None Action None SECJ7103I: No Moderator user or group
Explanation None Action None SECJ7104I: Configurator User
Explanation None Action None SECJ7105I: No Configurator user or group
Explanation None Action None SECJ7106I: Administrative User Roles
Explanation None Action None SECJ7107I: Administrative Group Roles
Explanation None Action None SECJ7108I: Administrator Group
Explanation None Action None SECJ7109I: Operator Group
Explanation None Action None SECJ7110I: Moderator Group
Explanation None Action None SECJ7111I: Configurator Group
Explanation None Action None SECJ7112I: CORBA Naming Console Name
Explanation None Action None SECJ7113I: CORBA Naming Role Name
Explanation None Action None SECJ7114I: CORBA Naming Role Value
Explanation None Action None SECJ7115I: CORBA Naming Console Path
Explanation None Action None SECJ7116I: Read
Explanation None Action None SECJ7117I: Everyone
Explanation None Action None SECJ7118I: ServerId
Explanation None Action None SECJ7119I: All Authenticated Users and Groups
Explanation None Action None SECJ7120I: Specific User Ids
Explanation None Action None SECJ7121I: No roles defined
Explanation None Action None SECJ7122I: CORBA Naming Service Groups
Explanation None Action None SECJ7123I: Write
Explanation None Action None SECJ7124I: Create
Explanation None Action None SECJ7125I: Delete
Explanation None Action None SECJ7126I: Environment
Explanation None Action None SECJ7127I: Naming
Explanation None Action None SECJ7128I: SSL certificate and key management
Explanation None Action None SECJ7129I: Console Name for Certificate Management
Explanation None Action None SECJ7130I: Console Path for Certificate Management
Explanation None Action None SECJ7131I: Certificate Alias
Explanation None Action None SECJ7132I: Certificate Expiry
Explanation None Action None SECJ7133I: Certificate Management
Explanation None Action None SECJ7134I: RMI/IIOP security
Explanation None Action None SECJ7135I: Authentication mechanisms and expiration
Explanation None Action None SECJ7136I: Authentication expiration
Explanation None Action None SECJ7137I: Application security
Explanation None Action None SECJ7138I: External authorization providers
Explanation None Action None SECJ7139I: Manage endpoint security configurations
Explanation None Action None SECJ7140I: Web security
Explanation None Action None SECJ7141I: Trust association
Explanation None Action None SECJ7142I: Interceptors
Explanation None Action None SECJ7143I: Single signon (SSO)
Explanation None Action None SECJ7144I: Key stores
Explanation None Action None SECJ7145I: Trust managers
Explanation None Action None SECJ7146I: Key managers
Explanation None Action None SECJ7147I: Management scope
Explanation None Action None SECJ7148I: Key set groups
Explanation None Action None SECJ7149I: Key sets
Explanation None Action None SECJ7150I: Schedules
Explanation None Action None SECJ7151I: Notifications
Explanation None Action None SECJ7152I: Manage certificate expiration
Explanation None Action None SECJ7153I: Web Authentication
Explanation None Action None SECJ7154I: Internal server ID
Explanation None Action None SECJ7155I: Use the registry server id instead of the internal server id
Explanation None Action None SECJ7156I: Trusted identity
Explanation None Action None SECJ7157I: Password
Explanation None Action None SECJ7158I: Client Authentication Supported
Explanation None Action None SECJ7159I: Enabled Ciphers
Explanation None Action None SECJ7160I: JSSE Provider
Explanation None Action None SECJ7161I: Trust store
Explanation None Action None SECJ7162I: SSL Protocol
Explanation None Action None SECJ7163I: File-based key store
Explanation None Action None SECJ7164I: Host list
Explanation None Action None SECJ7165I: Initialize at startup
Explanation None Action None SECJ7166I: Path
Explanation None Action None SECJ7167I: Provider
Explanation None Action None SECJ7168I: Type
Explanation None Action None SECJ7169I: milliseconds
Explanation None Action None SECJ7170I: seconds
Explanation None Action None SECJ7171I: minutes
Explanation None Action None SECJ7172I: Dynamically update run time when SSL configuration changes occur
Explanation None Action None SECJ7173I: Ignore case for authorization
Explanation None Action None SECJ7174I: Custom registry class name
Explanation None Action None SECJ7175I: Default client certificate alias
Explanation None Action None SECJ7176I: Default server certificate alias
Explanation None Action None SECJ7177I: Algorithm
Explanation None Action None SECJ7178I: Class name
Explanation None Action None SECJ7179I: Additional Trust Manager attributes
Explanation None Action None SECJ7180I: Key file name
Explanation None Action None SECJ7181I: Class name
Explanation None Action None SECJ7182I: Hover help key
Explanation None Action None SECJ7183I: Inclusive
Explanation None Action None SECJ7184I: NLS Range Key
Explanation None Action None SECJ7185I: Range
Explanation None Action None SECJ7186I: Class name
Explanation None Action None SECJ7187I: Certificate alias
Explanation None Action None SECJ7188I: Direction
Explanation None Action None SECJ7189I: Scope Name
Explanation None Action None SECJ7190I: Scope Type
Explanation None Action None SECJ7191I: Automatically generate keys
Explanation None Action None SECJ7192I: Key set
Explanation None Action None SECJ7193I: Minute
Explanation None Action None SECJ7194I: Key alias prefix name
Explanation None Action None SECJ7195I: Delete key references that are beyond the maximum number of keys
Explanation None Action None SECJ7196I: Specifies a key pair instead of a key
Explanation None Action None SECJ7197I: Key generation class
Explanation None Action None SECJ7198I: Maximum key references
Explanation None Action None SECJ7199I: Key reference
Explanation None Action None SECJ7200I: Key Alias
Explanation None Action None SECJ7201I: Version
Explanation None Action None SECJ7202I: Day of week
Explanation None Action None SECJ7203I: Frequency
Explanation None Action None SECJ7204I: Hour
Explanation None Action None SECJ7205I: Next start date
Explanation None Action None SECJ7206I: List of e-mail addresses
Explanation None Action None SECJ7207I: Log to SystemOut
Explanation None Action None SECJ7208I: Automatically replace expiring self-signed certificates
Explanation None Action None SECJ7209I: Expiration notification threshold
Explanation None Action None SECJ7210I: Delete old certificate after replacement
Explanation None Action None SECJ7211I: Enable checking
Explanation None Action None SECJ7212I: Schedules
Explanation None Action None SECJ7213I: Notifications
Explanation None Action None SECJ7214I: days
Explanation None Action None SECJ7215I: messages
Explanation None Action None SECJ7216I: Primary administrative user name
Explanation None Action None SECJ7217I: General settings
Explanation None Action None SECJ7218I: CORBA Naming Service Users
Explanation None Action None SECJ7219I: Base distinguished name
Explanation None Action None SECJ7220I: Bind distinguished name
Explanation None Action None SECJ7221I: Bind password
Explanation None Action None SECJ7222I: Reuse connection
Explanation None Action None SECJ7223I: Search timeout
Explanation None Action None SECJ7224I: SSL enabled
Explanation None Action None SECJ7225I: Custom registry class name
Explanation None Action None SECJ7226I: Use the United States FIPS algorithms
Explanation None Action None SECJ7227I: Deployer User
Explanation None Action None SECJ7228I: No Deployer user or group
Explanation None Action None SECJ7229I: Moderator Group
Explanation None Action None SECJ7230I: AdminSecurityManager User
Explanation None Action None SECJ7231I: No AdminSecurityManager user or group
Explanation None Action None SECJ7232I: AdminSecurityManager Group
Explanation None Action None SECJ7233I: Primary Authentication Method for Administrative Actions
Explanation None Action None SECJ7234I: Allow basic authentication
Explanation None Action None SECJ7235I: Allow fallback to LTPA
Explanation None Action None SECJ7236I: Kerberos configuration file
Explanation None Action None SECJ7237I: Kerberos keytab file
Explanation None Action None SECJ7238I: Kerberos realm name
Explanation None Action None SECJ7239I: Kerberos service name
Explanation None Action None SECJ7240I: Kerberos service name password
Explanation None Action None SECJ7241I: Trim Kerberos realm from principal name
Explanation None Action None SECJ7242I: Personal certificate for encryption
Explanation None Action None SECJ7243I: Trusted signers keystore
Explanation None Action None SECJ7244I: Nonce cache timeout
Explanation None Action None SECJ7245I: Token timeout
Explanation None Action None SECJ7246I: Automatically reload SPNEGO Configuration
Explanation None Action None SECJ7247I: SPNEGO Configuration reload timeout
Explanation None Action None SECJ7248I: SPNEGO Filters
Explanation None Action None SECJ7249I: Enable delegation of Kerberos credentials
Explanation None Action None SECJ7250I: SPNEGO Filter class
Explanation None Action None SECJ7251I: SPNEGO Filter criteria
Explanation None Action None SECJ7252I: Host name
Explanation None Action None SECJ7253I: NTLM token received page URL
Explanation None Action None SECJ7254I: SPNEGO not supported page URL
Explanation None Action None SECJ7255I: Description
Explanation None Action None SECJ7256I: Usage
Explanation None Action None SECJ7257I: Supported message layer authentication mechanisms
Explanation None Action None SECJ7258I: Security domains
Explanation None Action None SECJ7259I: Application and Java 2 Security
Explanation None Action None SECJ7260I: LTPA Timeout
Explanation None Action None SECJ7261I: User Realm
Explanation None Action None SECJ7262I: Authorization Provider
Explanation None Action None SECJ7263I: JAAS Application Logins
Explanation None Action None SECJ7264I: JAAS System Logins
Explanation None Action None SECJ7265I: RMI/IIOP Security
Explanation None Action None SECJ7266I: Trust Association
Explanation None Action None SECJ7267I: Is Credential Forwardable
Explanation None Action None SECJ7268I: Limit
Explanation None Action None SECJ7269I: Use native authorization
Explanation None Action None SECJ7270I: Use claim
Explanation None Action None SECJ7271I: Stateful sessions
Explanation None Action None SECJ7272I: Enable out of sequence detection
Explanation None Action None SECJ7273I: Enable replay detection
Explanation None Action None SECJ7274I: External
Explanation None Action None SECJ7275I: Cookie Protection
Explanation None Action None SECJ7276I: Session Security
Explanation None Action None SECJ7277I: HttpOnly custom property
Explanation None Action None SECJ7278I: Servers
Explanation None Action None SECJ7279I: Application servers
Explanation None Action None SECJ7280I: Session management
Explanation None Action None SECJ7281I: Single signon requires SSL
Explanation None Action None SECJ7300E: Failed in attempt to add administrative user to virtual member manager
Explanation Admin user id could not be added to virtual member manager file-based registry Action Validate virtual member manager has been configured SECJ7305E: Found other virtual member manager repository configurations. Only the built-in virtual member manager file-based repository is supported through the wizard
Explanation Found other virtual member manager repository configurations but only file-based is supported in the wizard Action None SECJ7310E: Workspace exception while adding user to admin-authz.xml
Explanation An error occuring accessing the Workspace Action None SECJ7311E: Failed to add user to admin-authz.xml
Explanation Error occurred updating the admin-authz.xml file with the new admin user Action None SECJ7312E: Failed to get to Security workspace
Explanation Exception raised when accessing the Security object in the workspace Action None SECJ7320E: Invalid user registry type
Explanation Valid user registry types are: LDAPUserRegistry, LocalOSUserRegistry, CustomUserRegistry, WIMUserRegistry Action Ensure user registry type is a valid type SECJ7321E: Invalid LDAP user registry type
Explanation LDAP registry type was not a valid type Action Ensure user registry type is a valid type SECJ7330E: Failed to verify admin user would not be locked out of console
Explanation Exception raised while verifying at least one admin id in the admin-authz.xml exists in the user registry Action None SECJ7331E: Failed to auto-generate the LTPA password
Explanation Could not auto-generate an LTPA password Action None SECJ7332E: Failed to auto-generate the Server Id
Explanation Could not auto-generate a Server Id Action None SECJ7333E: Could not find admin name in the specified user registry
Explanation Admin name does not exist in the specified user registry Action Ensure that the admin name exists in the user registry prior to executing command SECJ7334E: Exception raised while applying wizard security settings
Explanation Caught exception while applying wizard security settings Action None SECJ7335E: Exception raised while getting wizard security settings
Explanation Caught exception while getting wizard security settings Action None SECJ7336E: Exception raised while getting Application Security setting
Explanation Caught exception while getting Application Security setting Action None SECJ7337E: Exception raised while getting Global Security setting
Explanation Caught exception while getting Global Security setting Action None SECJ7338E: Exception raised while setting Global Security setting
Explanation Caught exception while setting Global Security setting Action None SECJ7339E: Exception raised while validating admin name
Explanation Caught exception while validating admin name Action None SECJ7340E: Exception raised trying to connect to LDAP server
Explanation Exception raised connecting to the LDAP server Action Verify input parameters are correct SECJ7341E: Exception raised while setting useRegistryServerId
Explanation Exception raised while setting useRegistryServerId in the user registry object Action None SECJ7342E: Failed to validate user/password
Explanation Failed to validate user password in federated respositories Action None SECJ7350E: Exception raised while adding adminId to user registry
Explanation Exception raised while adding adminId to user registry Action None SECJ7355E: Failed to add the adminID to the user registry object
Explanation Failed to add the adminID to the user registry object Action None SECJ7356E: Unsupported audit system failure action type
Explanation The audit system failure action type provided is not supported. Supported types are: WARN, NOWARN, and FATAL Action Verify the audit system failure action type is correctly specified SECJ7357E: Configuration error detected in the audit configuration
Explanation Error detected in the audit configuration Action Verify that the audit configuration is correctly specified in the audit.xml SECJ7358E: Non valid or no value specified for auditor identity.
Explanation The auditor identity is a required field. Action Verify that a value has been specified for the auditor identity SECJ7359E: Non valid or no value specified for auditor password.
Explanation The auditor password is a required field. Action Verify that a value has been specified for the auditor password SECJ7360E: Non valid or no reference specified for the keystore.
Explanation The keystore reference is a required field. Action Verify that a valid reference has been specified for the keystore SECJ7361E: Non valid or no reference specified to uniquely identify this implementation.
Explanation The uniqueName reference is a required field. Action Verify that a valid reference has been specified for the uniqueName SECJ7362E: Non valid or no reference specified for the class name of this implementation.
Explanation The className reference is a required field. Action Verify that a valid reference has been specified for the className SECJ7363E: Non valid or no reference specified for the event formatter class name.
Explanation The eventFormatterClassName reference is a required field. Action Verify that a valid reference has been specified for the eventFormatterClassName SECJ7364E: Non valid or no reference specified for the location of the binary audit file.
Explanation The fileLocation reference is a required field. Action Verify that a valid reference has been specified for the fileLocation SECJ7365E: Non valid or no reference specified for the audit filters.
Explanation The auditFilters reference is a required field. Action Verify that a valid reference has been specified for the auditFilters SECJ7366E: Failed to create object.
Explanation Failure occurred trying to create a configuration object. Action None SECJ7367E: Non valid or no reference specified for the event type.
Explanation The eventType field is required. Action Verify that a valid reference has been specified for the event type SECJ7368E: Non valid or no reference specified for the audit outcome.
Explanation The outcome field is required. Action Verify that a valid reference has been specified for the audit outcome SECJ7369E: Non valid or no reference specified for the audit service provider.
Explanation The provider field is required. Action Verify that a valid reference has been specified for the audit service provider SECJ7370E: Non valid or no value specified for the audit specification reference.
Explanation The audit specification reference field is required. Action Verify that a valid value has been specified for the audit specification reference SECJ7371E: Non valid or no reference specified for the audit event factory implementation.
Explanation The eventFactory field is required. Action Verify that a valid reference has been specified for the audit event factory implementation SECJ7372E: Failure to retrieve the audit specifications.
Explanation Failure while retrieving the audit specifications. Action None SECJ7373E: Non valid reference to Binary File audit service provider implementation.
Explanation Reference must be to a Binary File audit service provider implementation. Action Verify that a valid reference has been specified to a Binary File implementation SECJ7374E: Audit Notification Monitor already configured.
Explanation Audit Notification Monitor has already been configured. Action None SECJ7375E: Non valid name for Audit Notification Monitor.
Explanation Non valid name for audit notification monitor specified. Action Verify that a valid name has been specified for the audit notification monitor SECJ7376E: Non valid reference for Audit Notification.
Explanation Non valid reference for audit notification specified. Action Verify that a valid reference has been specified for the audit notification SECJ7377E: Unsupported operation: cannot delete a subset of a multi-set defined filter.
Explanation Admin task does not support deletion of a subset of a multi-set defined filter. Action None SECJ7378E: No attributes specified on the modify command.
Explanation No attributes were specified on the modify command. Action Supply attribute(s) to modify on the audit object SECJ7379E: No attributes specified on the delete command.
Explanation No attributes were specified on the delete command. Action Supply attribute(s) to delete the specified object SECJ7380E: Unable to delete audit service provider: provider in use
Explanation Audit service provider is in use by an audit event factory implementation and cannot be deleted. Action None SECJ7381E: Audit Notification Monitor is not configured.
Explanation Audit Notification Monitor is not configured. Action None SECJ7382E: Non valid reference for Audit Notification Monitor.
Explanation Non valid reference for audit notification monitor specified. Action Verify that a valid reference has been specified for the audit notification monitor SECJ7383E: Non valid name for Audit Notification.
Explanation Non valid name for audit notification specified. Action Verify that a valid name has been specified for the audit notification SECJ7384E: Must enter an email list when send email is true.
Explanation Must enter an email list when send email is true. Action Supply an email list SECJ7385E: Non valid email format specified.
Explanation Must either specify "html" or "text". Action Supply a valid email format SECJ7386E: Audit notification already configured.
Explanation Audit notification already exists. Action None SECJ7387E: Audit notification is in use.
Explanation Audit notification is in use and cannot be deleted. Action None SECJ7388E: Non valid value specified for the audit policy.
Explanation Valid values are WARN, NOWARN, and FATAL. Action Specify a valid audit policy value SECJ7389E: An audit event factory implementation with this unique name is already configured.
Explanation Cannot configure an audit event factory with the same unique name as one that is already configured. Action Specify a unique name for the new audit event factory SECJ7390E: An audit service provider implementation with this unique name is already configured.
Explanation Cannot configure an audit service provider implementation with the same unique name as one that is already configured. Action Specify a unique name for the new audit service provider implementation SECJ7391E: The custom properties have been invalidly specified.
Explanation Custom properties must be specified as name-value pairs, separated by a comma, semicolon or space. Action Enter a valid syntax for the custom properties SECJ7392E: The audit service provider referenced is not an IBM Binary service provider implementation.
Explanation The referenced service provider is not the default IBM Binary service provider implementation. Action Enter a valid reference to a IBM Binary service provider implementation SECJ7393E: Audit specification not configured.
Explanation The referenced audit specification does not exist in the audit.xml. Action None SECJ7394E: Non valid email list specified.
Explanation The email list specfied is not valid, null or empty. Action Supply a valid email list SECJ7395E: Non valid value for maximum number of audit logs was specified.
Explanation The maximum number of audit logs needs to a number greater than 0. Action Supply a valid value for maximum number of audit logs SECJ7396E: Non valid value for maximum size of each audit log was specified.
Explanation The maximum size of and audit log needs to a value greater than 0. Action Supply a valid value for maximum number of audit logs SECJ7397E: Exception validating existance of audit log filepath.
Explanation An exception occurred validating or creating the file path location for the audit logs. Action None SECJ7398E: Missing password for the audit encryption key store.
Explanation No password was supplied for the audit encryption key store. Action Supply a password for the audit encryption key store SECJ7399E: Audit encryption key store password does not match verify password.
Explanation Encryption key store password and the confirm password values do not match. Action Confirm the audit encryption key store password SECJ7400E: Key store file did not verify, make sure the file exists, check key store type and password.
Explanation When creating a key store object with an existing key store file the file must exist and a valid password and key store type must be supplied. Action Make sure the key store file exists with a valid password and key store type. Then rerun the command. SECJ7401E: Creating a read only key store object. File should already exist.
Explanation When creating a hardware key store object the file in the path specified should already exist. Action Rerun the command with a specifying a file that already exists. SECJ7402E: Encryption key file object already exists.
Explanation The specified object already exists. Unable to create another one. Action Create the object with a unique name SECJ7403E: Must specify only one option for either autogenerating or importing a certificate.
Explanation The values for auto-generating a certificate and importing a certificate matched. Must specify true for one or the other. Action Specify either auto-generating a certificate or importing a certificate. SECJ7404E: Missing value for new certificate alias name.
Explanation No value was specified for the new certificate alias name. Action Supply a value for the certificate alias name. SECJ7405E: No value was specified for the key file name for the certificate to import
Explanation When selecting to import an existing certificate, a key file name for the certificate must be entered. Action Supply a key file name for the certificate to import SECJ7406E: No value was specified for the key file path for the certificate to import
Explanation When selecting to import an existing certificate, a key file path for the certificate must be entered. Action Supply a key file path for the certificate to import SECJ7407E: No value was specified for the key file type for the certificate to import
Explanation When selecting to import an existing certificate, a key file type for the certificate must be entered. Action Supply a key file type for the certificate to import SECJ7408E: No value was specified for the key file password for the certificate to import
Explanation When selecting to import an existing certificate, a key file password for the certificate must be entered. Action Supply a key file password for the certificate to import SECJ7409E: No name was specified for the certificate alias to import
Explanation When selecting to import an existing certificate, a certificate aliase for the certificate must be entered. Action Supply a certificate alias name for the certificate to import SECJ7410E: No name was specified for the audit key store.
Explanation Must specify a name for the audit key store Action Supply a name for the audit key store SECJ7411E: No key store location was specified for the audit key store.
Explanation Must specify a key store location for the audit key store Action Supply a key store location for the audit key store SECJ7412E: No key store type was specified for the audit key store.
Explanation Must specify a key store type for the audit key store Action Supply a key store type for the audit key store SECJ7413E: No key store password was specified for the audit key store.
Explanation Must specify a key store password for the audit key store Action Supply a key store password for the audit key store SECJ7414E: No key store confirmation password was specified for the audit key store.
Explanation Must specify a confirmation key store password to for the audit key store Action Supply a confirmation key store password for the audit key store SECJ7415E: Failure creating the audit keystore object
Explanation Failed to create the audit keystore ObjectName Action None SECJ7416E: Failure creating the audit keystore
Explanation Failed to create the audit keystore Action None SECJ7417E: Failure creating the self signed certificate for audit encryption
Explanation Failed to create the self signed certificate for audit encryption Action None SECJ7418E: Failure importing the self signed certificate for audit encryption
Explanation Failed to import the self signed certificate for audit encryption Action None SECJ7419E: Found certificate with the same alias in the keystore.
Explanation A certificate with the same alias name already exists in the keystore. Cannot add. Action None SECJ7420E: Alias is not a personal certificate in key store.
Explanation The alias is either not in the key store or it is not a personal certificate in the key store. Action Rerun the command with a personal certificate that is located in the key store. SECJ7421E: Options to select certificate to use for signing are mutually exclusive.
Explanation Cannot select reusing encryption certificate for signing with autogenerating or importing. Options are mutually exclusive. Action Select only one option: to reuse the certificate used for encrypting audit records, autogenerating a certificate to use to sign the audit records, or import a certificate. SECJ7422E: Cannot use the encryption certificate as the signer certificate: No encryption keystore found.
Explanation No encryption keystore found: unable to reuse the same certificate for signing audit records. Action None SECJ7423E: No keystore found matching the supplied unique name or reference id.
Explanation Cannot find a keystore with the supplied unique name or reference id. Action None SECJ7424E: Audit.xml is not found.
Explanation No audit.xml was found for this profile. Auditing is not configured. Action Ensure auditing is configured properly. SECJ7425E: Cannot specify keystore for encryption: encryption not enabled.
Explanation When encryption is not enabled, cannot configure the encryption keystore. Action Enable encryption before setting the encryption keystore. SECJ7426E: No reference id was specified for the audit key store.
Explanation Must specify a valid reference id for the audit key store Action Supply a reference id for the audit key store SECJ7427E: Failed to list the certificate aliases.
Explanation Could not list the certificate aliases in the referenced keystore. Action Verify that at least one certificate alias exists in the keystore. SECJ7428E: Could not find certificate alias in the referenced keystore.
Explanation Certificate alias does not exist in the referenced keystore. Action Make sure to specify a certificate alias that does exist in the referenced keystore. SECJ7429E: Missing unique name for audit specification.
Explanation A unique name was not specified for the audit specification. Action Specify a unique name for the audit specification. SECJ7430E: Cannot configure encryption when enable value is false.
Explanation Encryption for audit cannot be configured when the enable value is false. Either use true for enable or, if the intention is to disable/delete encryption, use the appropriate disable/delete tasks. Action Specify true as the enable value if the intention is to configure encryption for audit. SECJ7431E: Cannot configure signing when enable value is false.
Explanation Signing for audit cannot be configured when the enable value is false. Either use true for enable or, if the intention is to disable/delete signing, use the appropriate disable/delete tasks. Action Specify true as the enable value if the intention is to configure signing for audit. SECJ7432E: Cannot change the default audit event factory implementation classname.
Explanation The classname specified does not match the default audit event factory implementation classname. Action Ensure that when specifying class name on the modify command and the implementation is the default audit event factory implementation, that it matches the default classname. SECJ7433E: Cannot change the default audit service provider implementation classname.
Explanation The classname specified does not match the default audit service provider implementation classname. Action Ensure that when specifying class name on the modify command and the implementation is the default audit service provider implementation, that it matches the default classname. SECJ7434E: The audit service provider referenced is not a third party provider implementation.
Explanation The referenced service provider is not a third party service provider implementation. Action Enter a valid reference to a third party service provider implementation SECJ7435E: Empty value specified for auditorId. Cannot delete the auditorId when auditing is enabled.
Explanation Auditing is enabled and requires an auditorId and auditorPwd. Action Disable auditing before deleting the auditorId SECJ7436E: Empty value specified for auditorPwd. Cannot delete the auditorPwd when auditing is enabled.
Explanation Auditing is enabled and requires an auditorId and auditorPwd. Action Disable auditing before deleting the auditorPwd SECJ7437E: Empty value specified for keystore. Cannot delete the encryption keystore when encryption is enabled or being enabled.
Explanation Encryption is enabled or is being enabled. The encryption keystore is in use and cannot be deleted Action Disable encryption before deleting the encryption keystore. SECJ7438E: Empty value specified for notification reference. Cannot delete the audit notification when audit notification is enabled or is being enabled.
Explanation Audit notification is enabled or is being enabled. The notification reference may be in use and cannot be deleted. Action Disable audit notification before deleteing the audit notification reference. SECJ7439E: Empty value specified for the certAlias. Cannot delete the certificate alias when audit encryption is enabled or is being enabled.
Explanation Audit encryption is enabled or is being enabled. The certificate alias is in use and cannot be deleted. Action Disable audit encryption before deleteing the certificate alias. SECJ7440E: Empty value specified for keystore. Cannot delete the signing keystore when signing is enabled or being enabled.
Explanation Signing is enabled or is being enabled. The signing keystore is in use and cannot be deleted Action Disable encryption before deleting the signing keystore. SECJ7441E: Empty or non valid value specified for scope name.
Explanation Non valid value was specified for the scope name. An empty value is not valid. Action Specify a valid value for the scope name SECJ7442E: Empty value specified for encryption certificate reference. Cannot delete the encryption certificate when encryption is enabled or being enabled.
Explanation Encryption is enabled or is being enabled. The encryption certificate is in use and cannot be deleted Action Disable encryption before deleting the encryption certificate. SECJ7443E: Non valid or no value specified for the audit encryption certificate reference.
Explanation The reference ID for the audit encryption certificate has not been specified correctly Action Specify a valid value for the audit encryption certificate reference. SECJ7444I: Record Number
Explanation None Action None SECJ7445I: Event Type
Explanation None Action None SECJ7446I: Outcome
Explanation None Action None SECJ7447E: Failure while reading the specified Binary Audit Log. Either a pathname that is not valid was specified or the file is corrupted.
Explanation Could not open or read the Binary Audit Log. Action Check the pathname specified for the location of the Binary Audit Log. SECJ7448E: Non valid or no value specified for the fully qualified path of the Binary Audit Log.
Explanation The expected fully qualified filename for the Binary Audit Log was specified incorrectly. Action Check the pathname specified for the location of the Binary Audit Log. SECJ7449E: Non valid or empty value specified for the report mode. Valid values are basic, complete or custom. The default mode is basic.
Explanation A non valid value was specified for the report mode. Action Specify a non-empty or valid value for the report mode. SECJ7450E: Non valid sequence set specified. Either a single sequence record number can be specified or a group of sequence records may be specified as begin:end.
Explanation A non valid value was specified for the sequence set of audit records to report Action Specify a non-empty or valid value for the sequence set. SECJ7451E: Non valid or no value specified for the fully qualified path for the location of the output html report.
Explanation The expected fully qualified file location for the output html report was specified incorrectly. Action Specify a non-empty valid name for the file location of the output html report. SECJ7452E: Non valid sequence set specified: the beginning sequence number is greater than the ending sequence number.
Explanation A non valid value was specified for the sequence set of audit records to report Action Make sure that the starting sequence number is less than the ending sequence number. SECJ7453E: The report mode chosen is custom but no data points were specified.
Explanation When specifying a report mode of custom, one or more data points must be specified. Action Specify one or more data points when electing to generate a custom report. SECJ7454E: The specified data points for the custom report contain one or more of the following: event type, sequence number or outcome type. These cannot be specified as values for this parameter. They will always be provided by default.
Explanation Event type, sequence number, and outcome may not be specified under the -dataPoints parameter. All three of these pieces of data will always be reported. Action Do not specify event type, sequence number and outcome as values for the -dataPoints parameter. SECJ7455I: The Binary Audit Log specified is not encrypted.
Explanation The Binary Audit Log specified has not been encrypted. Action none SECJ7456E: Non valid timestamp range specified. Either a single timestamp can be specified or a group of timestamp records may be specified as begin:end.
Explanation A non valid value was specified for the timestamp set of audit records to report Action Specify a non-empty or valid value for the timestap set. SECJ7457E: Non valid timestamp range specified: the beginning timestamp is greater than the ending timestamp.
Explanation A non valid value was specified for the timestamps of audit records to report Action Make sure that the starting timestamp is less than the ending timestamp. SECJ7458E: Non valid timestamp specified. Timestamp must be in "MMddhhmmyyyy" format.
Explanation A non valid value was specified for timestamp of audit records to report Action Specify a non-empty or valid value for the timestamp. SECJ7459E: Non valid sequence number specified. Sequence numbers begin at 0 and have integer values.
Explanation A non valid value was specified for the sequence number associated with an audit records to report Action Specify a non-empty or valid value for the sequence number. SECJ7460E: The output file location specified is not an HTML file. The output log for the read audit records must be in HTML format.
Explanation The output file specified was not in HTML format. Action Specify an HTML file as the output file location. SECJ7461E: Failed to get the host name of the machine on which the Audit Reader is running.
Explanation An exception was raised while attempting to obtain the host name of the machine on which the Audit Reader is running. Action none SECJ7462E: Exception was raised while trying to get an instance of the keystore with the specified keystore type and provider type.
Explanation An instance of the keystore could not be obtained. Action Verify that the encryption keystore does exist. SECJ7463E: Exception was raised while trying to get an instance of the keystore with the specified provider. No such provider exists.
Explanation No such provider exists for this keystore. Action Verify that the provider is valid and that the keystore does exist. SECJ7464E: Exception was raised while trying to open the keystore. The keystore location is malformed.
Explanation The keystore location url is malformed. Action Verify that the keystore location is valid and that the keystore does exist. SECJ7465E: A certificate exception was raised while trying to load the keystore.
Explanation The keystore could not be loaded due to a certificate exception. Action none SECJ7466E: Exception was raised while loading the keystore. A particular crypto algorithm was requested by is not available.
Explanation The crypto algorithm associated with this keystore is not available. Action Ensure the crypto algorithm is available. SECJ7467E: The named file "{0}" does not exist.
Explanation Could not open or read the file. Action Specify a valid filename. SECJ7468E: Error loading the keystore. The password may have been incorrectly specified.
Explanation Could not open the keystore. Action Verify that the password was correctly specfied and verify the keystore exists. SECJ7469E: The user has not been included in the required role of "{0}".
Explanation The user must be included in all the required roles needed to run the task. Action Ensure the acting user has been given the proper role(s). SECJ7470E: An invalid value has been specified for the binary audit log wrapping behavior.
Explanation An invalid value was specified for the binary audit log wrapping behavior. Valid values are: WRAP, NOWRAP or SILENT_FAIL. Action Specify a valid value for the binary audit log wrapping behavior. SECJ7501I: Administrative Security is not being used, therefore this option is not being used
Explanation Administrative Security is not being used, therefore this option is not being used Action None SECJ7502E: An exception occured while parsing the XML file "{0}". Detailed message: {1}
Explanation An exception occured while parsing a configuration document. Action Check the error logs for more information into the failure. SECJ7503E: Unable access file or directory "{0}". The file or directory might be missing or corrupted.
Explanation Unable to fine the specified file or directory. Action Ensure that the file or directory reported exists and is not corrupted before continuing. SECJ7504E: The security ConfigChecker class "{0}" could not be loaded due to the following exception: {1}
Explanation The class could not be loaded. Check exception message for details Action Check that the class name exists and the class has been added to the plugin.xml. Check the exception message for details SECJ7505E: The security check, {0}, threw the following exception: {1}
Explanation A security check threw an unexpected exception Action Examine the associated exception to determine the cause SECJ7520I: Multiple Administrative user IDs are configured. When WAS security is enabled, a single security ID under the Administrator role is initially configured as the Security Server ID. Configuring multiple administrative user ids as Administrator can protect this server ID and enable more effective audit logging
Explanation Multiple Administrative user IDs are configured. When WAS security is enabled, a single security ID under the Administrator role is initially configured as the Security Server ID. Configuring multiple administrative user ids as Administrator can protect this server ID and enable more effective audit logging Action None SECJ7521W: Multiple Administrative user IDs are not configured. When WAS security is enabled, a single security ID the Administrator role is initially configured as the Security Server ID. Configuring multiple administrative user ids as Administrator can protect this server ID and enable more effective audit logging
Explanation Multiple Administrative user IDs are not configured. When WAS security is enabled, a single security ID the Administrator role is initially configured as the Security Server ID. Configuring multiple administrative user ids as Administrator can protect this server ID and enable more effective audit logging Action None SECJ7522I: Multiple Administrative User Roles are configured. A number of administrative roles are defined to provide degrees of authority that are needed to perform certain administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled.
Explanation Multiple Administrative User Roles are configured. A number of administrative roles are defined to provide degrees of authority that are needed to perform certain administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled. Action None SECJ7523W: Multiple Administrative User Roles are not configured. A number of administrative roles are defined to provide degrees of authority that are needed to perform certain administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled.
Explanation Multiple Administrative User Roles are not configured. A number of administrative roles are defined to provide degrees of authority that are needed to perform certain administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled. Action None SECJ7524I: Administrative Security is enabled. Only users with specific rights can use the WAS administrative tools to perform any administrative operation
Explanation This message is for informational purposes only. Action None SECJ7525W: Administrative Security is disabled. Only users with specific rights can use the WAS administrative tools to perform any administrative operation. Note that other important security features listed might be reported as enabled, but they will not take effect until administrative security is activated. The settings include the authentication of users, the use of SSL, and the choice of user account repository. In particular, application security, including authentication and role-based authorization, is not enforced unless administrative security is active.
Explanation Administrative Security is disabled. Note that other important security features listed might be reported as enabled, but they will not take effect until administrative security is activated. The settings include the authentication of users, the use of SSL, and the choice of user account repository. In particular, application security, including authentication and role-based authorization, is not enforced unless administrative security is active. Action None SECJ7526I: Application security is enabled. Application security enables security for the applications in the environment. This type of security provides application isolation and requirements for authenticating application users.
Explanation Application security is enabled. Application security enables security for the applications in the environment. This type of security provides application isolation and requirements for authenticating application users. Action None SECJ7527W: Application security is disabled. Application security enables security for the applications in the environment. This type of security provides application isolation and requirements for authenticating application users.
Explanation Application security is disabled. Application security enables security for the applications in the environment. This type of security provides application isolation and requirements for authenticating application users. Action Enable application security if applicable. SECJ7528I: CORBA Naming roles are configured
Explanation CORBA Naming roles are configured Action None SECJ7529W: The CORBA Namespace can be modified by All Authenticated users. Any authenticated user can alter the JNDI namespace. The default naming security policy is to grant all users read access to the CosNaming space and to grant any authenticated user the privilege to modify the contents of the CosNaming space. We can restrict user access to the CosNaming space.
Explanation The CORBA Namespace can be modified by All Authenticated users. Any authenticated user can alter the JNDI namespace. The default naming security policy is to grant all users read access to the CosNaming space and to grant any authenticated user the privilege to modify the contents of the CosNaming space. We can restrict user access to the CosNaming space. Action Restrict user access to the CosNaming space if applicable. SECJ7530W: The CORBA Namespace can be modified by Everyone. Anyone can alter the JNDI namespace. The default naming security policy is to grant all users read access to the CosNaming space and to grant any authenticated user the privilege to modify the contents of the CosNaming space. We can restrict user access to the CosNaming space.
Explanation The CORBA Namespace can be modified by Everyone. Anyone can alter the JNDI namespace. The default naming security policy is to grant all users read access to the CosNaming space and to grant any authenticated user the privilege to modify the contents of the CosNaming space. We can restrict user access to the CosNaming space. Action Restrict user access to the CosNaming space if applicable. SECJ7531I: Encryption is enabled on Distributed Replication Service(DRS). This ensures that the data shared among WebSphere Application servers is encrypted.
Explanation Encryption is enabled on Distributed Replication Service(DRS). This ensures that the data shared among WebSphere Application servers is encrypted. Action None SECJ7532I: Data Replication Service(DRS) is not being used to exchange data among WebSphere Application servers
Explanation Data Replication Service(DRS) is not being used to exchange data among WebSphere Application servers Action None SECJ7533W: Encryption is disabled on Distributed Replication Service(DRS). The data shared among WebSphere Application servers is not encrypted.
Explanation Encryption is disabled on Distributed Replication Service(DRS). The data shared among WebSphere Application servers is not encrypted. Action Enable Distributed Replication Service encryption if needed. SECJ7534I: Java 2 security is enabled. Java 2 security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 security guards access to system resources such as file I/O, sockets, and properties.
Explanation Java 2 security is enabled. Java 2 security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 security guards access to system resources such as file I/O, sockets, and properties. Action None SECJ7535W: Java 2 security is disabled. Java 2 security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 security guards access to system resources such as file I/O, sockets, and properties.
Explanation Java 2 security is disabled. Java 2 security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 security guards access to system resources such as file I/O, sockets, and properties. Action Enable Java 2 security if applicable. SECJ7536I: User Registry is LDAP. SSL between WAS and LDAP is enabled. This ensures that the communication between WAS and LDAP is encrypted
Explanation User Registry is LDAP. SSL between WAS and LDAP is enabled. This ensures that the communication between WAS and LDAP is encrypted Action None SECJ7537I: User registry being used is not LDAP
Explanation User registry being used is not LDAP Action None SECJ7538W: User Registry is LDAP. SSL between WAS and LDAP is disabled. The communication between WAS and LDAP is not encrypted
Explanation User Registry is LDAP. SSL between WAS and LDAP server is disabled. The communication between WAS and LDAP is not encrypted Action Enable SSL between the WAS and LDAP server if needed. SECJ7539I: WAS Sample Applications are not installed. WAS ships with examples to demonstrate various parts of WAS. These samples might be installed by default and are not intended for use in a production environment. Some of these samples can provide an intruder with information about the system.
Explanation WAS Sample Applications are not installed. WAS ships with examples to demonstrate various parts of WAS. These samples might be installed by default and are not intended for use in a production environment. Some of these samples can provide an intruder with information about the system. Action None SECJ7540W: WAS Sample Applications are installed. WAS ships with examples to demonstrate various parts of WAS. These samples might be installed by default and are not intended for use in a production environment. Some of these samples can provide an intruder with information about the system.
Explanation WAS Sample Applications are installed. WAS ships with examples to demonstrate various parts of WAS. These samples might be installed by default and are not intended for use in a production environment. Some of these samples can provide an intruder with information about the system. Action Un-install sample application if not needed. SECJ7541W: Special subject "{0}" is configured for the Administrator role. It is not recommended to have Everyone and AllAuthenticatedUsers specified for the Administrator role.
Explanation A special subject is configured for the Administrator role. It is not recommended to have Everyone and AllAuthenticatedUsers specified for the Administrator role. Action refer to the infoCenter to determine if a more secure configuration is more suitable. SECJ7542W: Special subject "{0}" is configured for one of the administrative roles. It is not recommended to have Everyone specified for any of the administrative user roles.
Explanation A special subject is configured for one of the administrative roles. It is not recommended to have Everyone specified for any of the administrative user roles. Action Remove the Everyone subject from any of the administrative user roles if applicable. SECJ7543W: Special subject "{0}" is configured for one of the administrative roles. It is not recommended to have AllAuthenticatedUsers specified for any of the administrative user roles.
Explanation A special subject is configured for one of the administrative roles. It is not recommended to have AllAuthenticatedUsers specified for any of the administrative user roles. Action Remove the AllAuthenticatedUsers subject from any of the administrative user roles if applicable. SECJ7544I: Output is logged in the following location: {0}
Explanation None Action None SECJ7545W: The {0} file does not exist
Explanation This exception is unexpected. The cause is not immediately known. Action Check the file permissions for the file to ensure that they are readable. If the file is missing, create or restore it. SECJ7546E: The service name {0} is not valid. It contains a slash character (/).
Explanation This exception is unexpected. The cause is not immediately known. Action The service name contains the slash character. The service name is the first component of the Kerberos service principal name. SECJ7547E: Authentication mechanism type is not valid
Explanation Valid authentication mechanism types are: KRB5, LTPA Action Ensure user authentication mechanism type is a valid type SECJ7702E: Security domain {0} does not exist.
Explanation The security configuration does not exist. Action Run the command with a pre-existing security configuration. SECJ7703E: {0} already exists in the {1} security configuration.
Explanation A scope can only be mapped in one security configuration at time. Action Rerun the command using a scope that is not already mapped to a security configuration. SECJ7704E: User registry does not exist in the security configuration.
Explanation The user registry specified does not exist in the configuration. Action Rerun the command using a user registry that exist in the configuration. SECJ7705E: Login module type is not valid.
Explanation Valid login module types are: system, application. Action Ensure that the login module type is a valid type. SECJ7706E: Authentication strategy type is not valid.
Explanation Valid authentication strategy types are: REQUIRED, REQUISITE, SUFFICIENT, OTPIONAL. Action Ensure that the authentication strategy type is a valid type. SECJ7707E: The number of authentication startegies in the list must match the number of login modules in the list.
Explanation Each login module provided must have a corresponding authentication strategy. Action Ensure that there is an authenticatino startegy type for each login module. SECJ7708E: The {0} does not exist.
Explanation The login module specified does not exist. Action Ensure that the login module exists. SECJ7709E: Authentication level is not valid.
Explanation Valid authentication levels are: Never, Supported, Required. Action Ensure that the authentication level is valid. SECJ7710E: Authentication mechanism is not valid.
Explanation Valid authentication mechanisms are: KRB5, LTPA, Custom, BasicAuth. Action Ensure that the authentication mechanisms is valid. SECJ7711E: SSL configuration is not valid.
Explanation Valid ssl configuration not supplied. Action Ensure that the ssl configuration is exists. SECJ7712E: Either use the server identity or specify a trusted identity not both.
Explanation If user server identity is enabled a trusted identity and password should not be specified. Action Specify either a trusted identity or enable user server identity. SECJ7713E: Password and server id must be provided at the same time.
Explanation When a server id is proviced then a password must be specified as well. Action Ensure a server id and password are provided. SECJ7714E: When automatic generation of the server identity is enabled then server id and password should not be specified.
Explanation When automatic generation of the server id is enable then no server id and password should be provided. Action Ensure no server id and password is provided when automatic generation of server id is enabled. SECJ7715E: Unknown user name or bad password.
Explanation User name or password are unable to authenticate to the user registry. Action Ensure a valid user name and password are specified. SECJ7716E: Primary administrative user Id does not exist in the registry.
Explanation The primary administrative id specified was not found the user registry. Action Ensure a primary administrative id is provided. SECJ7717E: One or more resources are still mapped to the security configuration. Not able to delete the security configuration at this time.
Explanation At least one resource is still mapped to the security configuration. The security configuration cannot be removed until there are no scopes mapped to it. Action Ensure that there no now scopes mapped to the security configuration before deleting it. SECJ7718E: {0} is not a valid resource name.
Explanation The resource name provided is not valid. Action Ensure a valid resource name is provided. SECJ7719E: {0} is not mapped to the {1} security configuration.
Explanation The scope is not mapped to the security configuration. Action Rerun the command using a scope that is mapped to the security configuration. SECJ7720E: Unable to enable security when there is no active user registry.
Explanation There is an attempt to enable global security when there is no active user registry defined. Action Ensure an user registry is defined when enabling global security. SECJ7721E: The authentication mechanism is not valid.
Explanation The authentication mechanism type is not valid it should be LTPA or KRB5. Action Ensure the authentication mechanism type is valid. SECJ7722E: The authentication mechanism is not configured.
Explanation Unable to find the authentication mechanism in the user registry. Action Ensure a authentication mechanism is configured. SECJ7723E: {0} is not configured unable to set it to the active user registry.
Explanation Unable to set the active user registry because the user registry provide is not configured. Action Ensure the user registry is configured before setting it to the active user registry. SECJ7724E: Error in the user registry configuration unable to verify access to the user registry.
Explanation An error occurred trying to access the user registry. Unable to verify the registry is configured properly. Action Ensure the user registry is configured correctly. SECJ7725E: The user registry has no realm name defined.
Explanation Unable to make this user registry the active user registry because it does not have realm name defined. Action Ensure the user registry has a realm name. SECJ7726E: {0} is the active user registry unable to unconfigure.
Explanation A user registy cannot be unconfigured if it is the active user registry. Action Change the active user registry in the global security setting then unconfigure the user registry. SECJ7727E: Unable to unset the activeUserRegistry attribute when global security is enabled.
Explanation The activeUserRegistry attribute must point to a user registry object when global security is enabled. Action Ensure global security is not enables when changing unsetting the activeUserRegistry. SECJ7728E: No singleSignon attribute was found.
Explanation The LTPA authMechanism must contain a singleSignon attribute. Action Ensure that the security.xml file contains an LTPA authMechanism with a singleSignon attribute. SECJ7729E: No LTPA auth mechanism was found.
Explanation An LTPA auth mechanism must be defined. Action Ensure that an LTPA auth mechanism is defined. SECJ7730E: No trust association was found.
Explanation An LTPA auth mechanism must contain a trust association. Action Ensure that an LTPA auth mechanism contains a trust association. SECJ7731E: The specified interceptor does not exist.
Explanation The specified interceptor does not exist. Action Either create the interceptor, or specify a different interceptor class name. SECJ7732E: The specified auth data entry does not exist.
Explanation The specified auth data entry does not exist. Action Either create the auth data entry, or specify a different auth data entry which does exist. SECJ7733E: Realm {0} does not exist.
Explanation The specified realm does not exist. Action Run the command with a realm that exists. SECJ7734E: Certificate mode type is not valid.
Explanation Valid certificate mode types are: EXACT_DN or CERTIFICATE_FILTER. Action Ensure that the certificate mode type is a valid type. SECJ7735E: The login object does not exist.
Explanation The login object does not exist in the configuration. Action Ensure that the login object exists. SECJ7736E: The JAAS login entry {0} does not exist.
Explanation The JAAS login entry does not exist in the configuration. Action Ensure that the JAAS login entry exists. SECJ7737E: Cannot remove {0}.
Explanation The specified login module cannot be removed. Certian login module cannot be removed. Action Run the command with a login module that can be removed. SECJ7738E: The CSI object does not exist.
Explanation The CSI object does not exist in the configuration. Action Ensure that the CSI object exists. SECJ7739E: Filter object already exists.
Explanation The specified object already exists. Unable to create another one. Action Create the object with a unique name. SECJ7740E: The URLs specified is malformed.
Explanation A MalformedURLException was encountered parsing one of the specified URLs. Action Verify the URL syntax is correct. SECJ7741E: Filter is malformed, verify syntax of the specified filter rules.
Explanation The specified filter rules are not valid. Action Verify the filter rules conform to the syntax supported by the default HTTPHeaderFilter class. SECJ7742E: InternalServerId cannot be used with Kerberos authentication mechanism. Modify the dmgr security configuration to use the serverID/passwd before configure Kerberos authentication mechanism.
Explanation Modify the dmgr security configuration to use the serverID/password with Kerberos authentication mechanism. Action The Kerberos authentication cannot be configured with InternalServerId. SECJ7743E: When useServerIdentity is false then a trusted identity should be provided.
Explanation When a user specifies useServerIdentity is false then a trusted identity should be provided. Action Run the command specifying a trusted id. SECJ7744E: A custom registry class name must be provided.
Explanation When configuring a custom user registry a class name must be provided. Action Run the command providing custom registry class name. SECJ7745E: A certificate alias must be provided when a key store is provided.
Explanation When a key store object is provided a certificate alias must be provided. Action Run the command providing a certificate alias. SECJ7746E: The nonce cache timeout value must be greater than the token timeout value.
Explanation If the nonce cache timeout is less than the token timeout, then the token could be used multiple times since the nonce value would have expired prior to the token becoming not valid. Action Run the command specifying a nonce value greater than the token expiration. SECJ7747E: {0} is not a RSA token key store.
Explanation A RSA key store must be used on a RSA authorization mechanism. Action Run the command specifying a RSA key store. SECJ7748E: {0} is not a RSA token trust store.
Explanation A RSA trust store must be used on a RSA authorization mechanism. Action Run the command specifying a RSA trust store. SECJ7749E: A key store must be specified when a certificate alias is specified.
Explanation When a certificate alias is specified a key store object must be specified. Action Run the command providing a key store. SECJ7750E: Certificate {0} is not in key store {1}.
Explanation The certificate alias provided is not in the key store. Action Run the command providing a certificate alias that is in the key store. SECJ7751E: The RSAToken authentication mechanism is missing from the security.xml configuration which may cause problems with administrative security.
Explanation A security configuration does not have the required RSAToken authentication mechanism configured. Action This may be a problem with a migrated configuration that needs correction. SECJ7752E: Communication type is not valid, specify inbound or outbound.
Explanation The communication type specified is not valid. Either inbound or outbound needs to be specified. Action Run the command specifying the correct communication type. SECJ7753E: No realms provided to add to the trusted realm list.
Explanation No realm name were provided to add the the trusted realm list. Action Ensure a realm or realm list is provided when the command is run. SECJ7754E: {0} does not exist.
Explanation The realm name or resource name provided does not exist. Action Ensure the realm name or resource name being used exists. SECJ7755E: The trusted realm object does not exist.
Explanation The trusted realm object does not exist. Action Run the command on a security domain that has the trusted realm object defined. SECJ7756E: The {0} value must be greater then 0.
Explanation The number of elements return by the task needs to be greater then 0. Action Ensure the number is greater then 0. SECJ7757E: There are no trusted realms in {0}.
Explanation There are no trusted realms for the realm, resource, or domain provided. Action Run the command on realm, resourse, or domain that has trusted realms. SECJ7758E: The following users or groups or special subjects {0} cannot be added to role {1}.
Explanation The users or groups are already assigned to this role. Action Run the command by correcting the user, group or specialSubject list. SECJ7759E: The following users or groups or special subjects {0} cannot be removed from role {1}.
Explanation The users or groups are not assigned to this role and hence cannot be removed. Action Run the command by correcting the user, group or specialSubject list. SECJ7760E: The role name {0} does not exist.
Explanation The role name is not a valid role. Action Use a valid role. SECJ7761E: Only specify one parameter, securityDomainName, resourceName, or securityRealmName.
Explanation Only one parameter can be used at time either securityDomainName, resourceName, or securityRealmName. Action Run the command and specify either securityDomainName, resourceName, or securityRealmName, SECJ7762E: Unable to find the registry object.
Explanation The registry object matching the domain, resource, or realm provide does not exist. Action Run the command with a domain, resource, or realm that has a user registry associated with it. SECJ7763E: A filter must be specified when certificateMapMode is set to CERTIFICATE_FILTER.
Explanation When the certificateMapMode is set to CERTIFICATE_FILTER a filter must be provided. Action Ensure a filter is provided when certificateMapMode is set to CERTIFICATE_FILTER. SECJ7764E: The authorization configuration object does not exist.
Explanation The authorization configuration object does not exist in the configuration. Action Ensure an authorization configuration object exists. SECJ7765E: The timeout value must have a minimum value of {0}.
Explanation The value should be the minimum value specified. Action Ensure the timeout value has the minimum value specified. SECJ7766E: The authentication mechanism is not configured.
Explanation The specified authentication mechanism needs to be configured before it can be used. Action Ensure that an authentication mechanism is configured. SECJ7767E: serverSpn {0} is malformed, it must be in the format of <service>/ <host name> or <service>/ <host name>@KerberosRealm.
Explanation The Kerberos service principal name format is malformed. Action Verify the Kerberos service principal name (SPN) SECJ7768E: Mismatch Kerberos realm name. The krb5Realm is {0} but the default Kerberos realm in the {1} is {2}
Explanation The Kerberos realm name is not the same with default Kerberos realm in the Kerberos configuration file (krb5.ini/krb5.conf). Action Verify the Kerberos realm name against the default Kerberos default realm in the Kerberos configuration file. SECJ7769E: The Kerberos realm name is null.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ7770E: The {0} is missing in the active user registry object.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ7771E: The {0} is missing in the Kerberos authentication mechanism object.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ7772E: The {0} is missing in the Kerberos configuration file {1}.
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ7773E: Custom property string {0} is not formatted correctly.
Explanation The custom property string is not formatted correctly. The format needs to be a comma separated string of attribute=value pairs, each pair should be in quotes. Action Ensure the custom property string is formatted correctly. SECJ7774E: Login module cannot be created using the name of the login module proxy class {0}.
Explanation The login module proxy class name cannot be used when creating a new login module. Action Ensure the login module proxy class is not used when creating a login module. SECJ7775E: Resource {0} cannot be part of any security domain becuase, its product version is not 7.0 or greater. Check the corresponding node''s product version.
Explanation The server must be running a 7.0 or greater version to be mapped to a domain. Action Ensure that servers are at the correct level. SECJ7776E: The cluster has one or more members that is not version 7.0 or greater. One of the members is {0} in node {1} that is not version 7.0 or greater.
Explanation The server must be running a 7.0 or greater version to be mapped to a domain. Action Ensure that servers are at the correct level. SECJ7777I: Password check for {0} in {1} succeeded.
Explanation A test to check the users password on a particular realm was sucessful. Action none. SECJ7778I: Password check for {0} in {1} failed.
Explanation A test to check the users password on a particular realm was failed. Action none. SECJ7779E: Mismatch Kerberos configuration file (krb5.ini/krb5.conf). The krb5.ini/krb5.conf file for Kerberos authentication mechanism is {0} but the krb5.ini/krb5.conf file for SPNEGO Web authentication is {1}
Explanation The Kerberos configuration file (krb5.ini/krb5.conf) for Kerberos authentication mechanism is not the same with the SPNEGO Web authentication. Action Verify the krb5.ini/krb5.conf file for Kerberos authentication and SPNEGO Web authentication are the same one. SECJ7780E: Mismatch Kerberos keytab file. The keytab file for Kerberos authentication mechanism is {0} but the keytab file for SPNEGO Web authentication is {1}
Explanation The Kerberos keytab for Kerberos authentication mechanism is not the same with the SPNEGO Web authentication. Action Verify the Kerberos keytab file for Kerberos authentication and SPNEGO Web authentication are the same one. SECJ7781E: Cannot enable SPNEGO Web authentication without defining any SPNEGO Web authentication filters.
Explanation Cannot enable SPNEGO Web authentication without defined any SPNEGO Web authentication filter. Action Create at least one SPNEGO Web authentication filter before enabled the SPENGO Web Authentication. SECJ7782E: We cannot install an application across multiple security domains. Make sure that all the deployment targets belong to the same security domain.
Explanation Application cannot be installed accross multiple security domains. Action Verify that user is not installing this application accorss multiple security domains. SECJ7783W: The application is being installed across deployment targets that use different security domains. Depending on the security attributes defined in the security domains this can cause security problems.
Explanation The application is being installed across deployment targets that use different security domains. Depending on the security attributes defined in the security domains this can cause security problems. Action Refer to the information center documentation for more information before you proceed with this installation to make sure that you would not run into any security related issues. SECJ7784W: The security custom properties security.zOS.domainName and security.zOS.domainType are specified in the security configuration, but these properties are deprecated. For backwards compatibilty, these values will override the one specified in the new custom property com.ibm.security.SAF.profilePrefix.
Explanation The security custom properties security.zOS.domainName and security.zOS.domainType are deprecated, but they are currently specified in the security configuration. For backwards compatibilty, the values of these old properties will override whatever is specified in the the new custom property com.ibm.security.SAF.profilePrefix. Action The deprecated properties should be deleted from the security configuration, unless the configuration is part of a mixed-version cell that has a member at 6.1 or previous. SECJ7785E: The {0} is missing in the Kerberos configuration file {1} and the Kerberos authentication mechanism object.
Explanation The entry is not found in the Kerberos configuration file and the Kerberos authentication object. Action Add the entry in the Kerberos configuration file or specify this entry. SECJ7786E: The {0} member cannot be added to the {1} cluster since the cluster is associated with a security domain.
Explanation A server from previous releases cannot be added to a cluster when the cluster is associated with a security domain either directly or indirectly. Action Mixed clusters are not supported with security domains. SECJ7787I: The {0} member is being associated with the global security configuration.
Explanation This message is for informational purposes only. Action No action is required. SECJ7788E: The {0} resource cannot be mapped to a domain since a server level security configuration is associated with the resource either directly or indirectly.
Explanation A server that contains server lever security configuration is being associated with a domain. The server level security configuration is deprecated. Action The offending server or a cluster member should not contain the server level security configuration if it needs to be mapped to a domain. SECJ7789E: Can not convert the server level security configuration to a domain configuration since the {0} server does not have a server level security configured.
Explanation A server should contain the server level security configuration to be converted to a security domain. Action Make sure that the server name is correct and it has a server level security configuration associated with it. SECJ7790I: In addition to global security, this server process is associated with a domain security configuration. The domain name of this server is: {0}.
Explanation This message is for informational purposes only. Action No action is required. SECJ7791I: Inbound trusted foreign realms are defined. The following is the list of such realms {0}.
Explanation This message is for informational purposes only. Action No action is required. SECJ7792I: Outbound trusted foreign realms are defined. The following is a the list of such realms {0}.
Explanation This message is for informational purposes only. Action No action is required. SECJ7793I: A User registry of type {0} is defined at the domain level for the server. This will override use of the global security registry.
Explanation This message is for informational purposes only. Action No action is required. SECJ7794I: No User registry is defined at the domain level of the server. The global security registry will be used.
Explanation This message is for informational purposes only. Action No action is required. SECJ7795E: The global security realm {0} can not be removed from the list of trusted realms.
Explanation The global security configuration realm is always trusted and can not be removed form the list of trusted realms. Action Ensure the realm being removed is not the global security realm. SECJ7796E: The security domain default realm {0} can not be removed form the list of trusted realms.
Explanation The security domain default realm is always trusted and can not be removed form the list of trusted realms. Action Ensure the realm being removed is not domain default realm. SECJ7797E: The resource must be a single server resource in order for it to be converted to a security domain.
Explanation The resource provided is not a single server resource. Action Ensure the resource provided is a single server resource. SECJ7798E: Can not delete the last SPNEGO filter because SPNEGO Web authentication is enabled.
Explanation The SPNEGO Web authentication is enabled, it requires at least one SPNEGO filter. Action Disable SPNEGO Web authentication before delete the last SPNEGO filter. SECJ7799E: Can not delete all SPNEGO filters because SPNEGO Web authentication is enabled.
Explanation The SPNEGO Web authentication is enabled, it requires at least one SPNEGO filter. Action Disable SPNEGO Web authentication before delete all SPNEGO filters. SECJ7800I: The following login configurations {0} are available for security domain {1}.
Explanation This message is for informational purposes only. Action No action is required. SECJ7801I: Java 2 security is enabled in security domain {0}.
Explanation This message is for informational purposes only. Action No action is required. SECJ7802I: Application security is enabled in security domain {0}.
Explanation This message is for informational purposes only. Action No action is required. SECJ7803I: Application security is disabled in security domain {0}.
Explanation This message is for informational purposes only. Action No action is required. SECJ7804I: The following security configuration (0} is configured at the security domain {1}.
Explanation This message is for informational purposes only. It will list some of the security properties that are configured at the security domain level. Action No action is required. SECJ7805I: The resource is not being accessed using secure HTTPS protocol.
Explanation This message is for informational purposes only. It indicates that the security HTTPS protocol is not used when accessing the resource. Action If the resource is implemented to be accessed using the non-secure HTTP protocol, no action is required. If this resource should only be accessed using HTTPS change the deployment descriptor to add appropriate data-constraints. SECJ7806E: The LTPA token validation fails because the current realm {0} does not match or trust the realm in the token {1}.
Explanation LTPA validation checks to make sure that the current realm matches the realm in the token for validation to work. Action For successful validation make sure that the realm in the token is configured in the trusted inbound realms list for the current realm. SECJ7807W: The cell resource {0} is specified in the domain-security-map.xml file during addNode. This resource is converted to the server resource {1}.
Explanation If a federated node contains a domain associated with the cell scope, it will be changed to the server scope for that node during the addNode operation so that current cell configuration is not impacted. Action If the cell scope needs to be configured in the domain-security-map.xml file, associate the cell resource after the node has been federated. SECJ7808I: The domain {0} has been created because a cell wide domain exists in a mixed version setup.
Explanation This special domain is created to associate previous version servers, clusters and SIBuses to this domain. Action If any of the old servers, clusters and SIBuses need to use the cell wide domain instead of the special domain, they need to be removed from this special domain. This might impact the security configuration of the resources deployed in these processes based on the cell wide domain security configuration. SECJ7809E: The {0} domain can not be delete because a the cell is a mixed version setup.
Explanation The cell is in mixed version setup. The special security domain can not be removed. Action This operation can not be performed in the current configuration. SECJ7810E: The {0} command can not be run on the {1} security domain.
Explanation Security configuration operation can not be run on the special security domain. Action This operation can not be performed on the security domain. SECJ7811E: Can not create a security domain named {0}. The name is reserved for a special case security domain.
Explanation The security domain name being used is reserved for a special case securty domain and can not be created with the command. Action Endure another security domain name is used when running the command. SECJ7812E: AccessId is not formatted correctly. It should bin the form: user: <RealmName>/ <uniqueId> or group: <RealmName>/ <uniqueId>.
Explanation The AccessId of needs to be in the form of user: or group: followed by the realm name slash uniqueId. Action Endure the AccessId is in the correct format. SECJ7813E: A duplicate alias name exists. We must use a unique alias name.
Explanation A duplicate alias name in the format alias or nodeName/alias already exists. Action Input a unique alias name SECJ7814E: This command is not supported in local mode
Explanation This command is not supported in local mode Action This command is not supported in local mode SECJ7815E: The parameter values entered do not match the values at the global security configuration (security.xml) for this registry. Make sure the values match since this registry configuration should be consistent in all security configurations in the cell.
Explanation The Federated Repository registry configuration should be consistent across all the security domains and should match the values at the global security configuration (security.xml). Action Make sure that the parameter values for this task match the values at the global security configuration for this registry. SECJ7816I: The parameter values entered do not match the values at the global security configuration (security.xml) for this registry. These values have been ignored and replaced with the values from the global security configuration (security.xml) for this registry.
Explanation Since the registry configuration should be consistent across all security configurations the values from the global security configuration are copied to the configuration. Action No action is required. SECJ7817I: The parameter values entered do not match the values at the global security configuration (security.xml) for this registry. These values have been ignored and replaced with the values {0}, {1}, {2} from the global security configuration (security.xml) for this registry.
Explanation Since the registry configuration should be consistent across all security configurations the values from the global security configuration are copied to the configuration. Action No action is required. SECJ7818I: The resource {0} has been removed from the security domain {1} since the resource no longer exists.
Explanation Once a resource is removed from the system, its association with any domain will also be removed. Action No action is required. SECJ7819E: Unknown host name {0}
Explanation The host name is unknown. Action Ensure that a valid host name is specified. SECJ7821E: The object {0} does not exist in the security.xml file.
Explanation The security configuration does not have this object. Action Run the command with a pre-existing security configuration. SECJ7822E: The certificate with the {0} alias cannot be used because it is not connected to both the servant and control region key rings.
Explanation To use the certificate, it must be connected to both the servant and control region key rings. Action Ensure that the certificate is connected to both the servant and control region key rings. SECJ7823E: A security domain name must be specified when not in an AdminAgent process
Explanation To obtain the pathname of a security domain belonging to a non-AdminAgent process, a security domain name must be specified. Action Ensure a security domain name has been specified if the process is not an AdminAgent. SECJ7824E: The {0} cluster is mapped to the {1} security domain. The cluster member being added to the {2} cluster must be on a node that is version 7.0 or higher if the cluster is mapped to a security domain.
Explanation When a cluster is mapped to a security domain all members of that cluster have to be running on a version 7.0 or higner. Action Ensure the node of the cluster member is version 7.0 or higher. SECJ7825E: The number of LDAP hosts in the ldapHost parameter needs to equal the number of port numbers in the ldapPort parameter.
Explanation When configuring multiple LDAP hosts there needs to be a port number provided for each hostname in the list of LDAP hosts. Action Ensure there is a port for each LDAP host in the list of LDAP hosts. SECJ8000E: Authentication provider {0} is already defined in the cell.
Explanation The name of each authentication provider must be unique. Action Specify a unique name for the authentication provider. SECJ8002E: Authentication provider {0} is not defined in the cell.
Explanation An authentication provider with the specified name does not exist in the security configuration. Action Specify the name of an existing authentication provider. Use the displayJaspiProviderNames command to list the names of defined authentication providers. SECJ8005E: The command result object type is not valid: {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ8008E: The {0} class name is not valid: {1}. Specify a valid class name.
Explanation The class name of an authentication provider or module must not be empty. Action Specify a non-empty class name for the authentication provider or module. SECJ8009E: Authentication provider {0} is already defined in domain {1}.
Explanation The name of each authentication provider must be unique. Action Specify a unique name for the authentication provider. SECJ8010E: Authentication provider {0} is not defined in domain {1}.
Explanation An authentication provider with the specified name does not exist in the security configuration. Action Specify the name of an existing authentication provider. Use the displayJaspiProviderNames command to list the names of defined authentication providers. SECJ8021E: Security domain {0} is not defined. The existing domains include: {1}.
Explanation A security domain with the specified name does not exist. Action Specify the name of an existing security domain. SECJ8022E: Authentication cache timoue value invalid. Timeout must be less than or equal to the LTPA token timeout value.
Explanation The authentication cache timeout value must be less than or equal to the LTPA token timeout value. Action Specify a timeout value that is less than or equal to the LTPA token timeout value. SECJ8023E: An unexpected exception occurred processing Jaspi bindings during application deployment. Failed command: {0}, exception: {1}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ8024E: An error occurred processing Jaspi bindings during application deployment. {0}
Explanation This exception is unexpected. The cause is not immediately known. Action More info at:
SECJ8026W: JASPI authentication can only be enabled on version 8 and higher nodes.
Explanation JASPI authentication only functions on version 8 and higher nodes. Action Only use JASPI authentication on version 8 and higher nodes. SECJ8027E: The path and name of file where JASPI persistent registrations are stored must be specified using property {0}.
Explanation The named property must specify path and name of file where JASPI persistent registrations are stored. Action Specify the path and name of a file where JASPI persistent registrations are stored. SECJ8028E: AuthConfigFactory is null, JASPI bindings cannot be registered.
Explanation JASPI bindings cannot be registered because a JASPI factory implementation is not defined. Action Verify the fully qualified class name of the default JASPI factory implementation class is defined using the property authconfigprovider.factory in java.security in java/jre/lib/security. SECJ8029E: The provider name in the application's or web module's bindings is null or is empty.
Explanation The web module's JASPI binding cannot be registered in AuthConfigFactory because the provider name is null. Action Verify the provider name in the application's or web module's bindings is defined in the security configuration. SECJ8030E: Applications with JASPI bindings can be deployed only on nodes at version 8 and higher.
Explanation An application to be deployed contains JASPI bindings in ibm-application-bnd or in ibm-web-bnd files. Action JASPI authentication is supported on version 8 and higher nodes. Verify JASPI bindings are not defined in the application's bindings. SECJ8031I: JASPI binding has been registered: Application={0}, Web Module={1}, Registration ID={2}[{3}], Provider Class={4}.
Explanation The named JASPI provider will perform authentication of web requests for the named application and web module. Action none.