Security Association ServiceJSAS0010E: [{0}] Null reference to Vault. The problem may be an out of memory error. Restart the server machine and try again. {1}
Explanation
This message indicates that an error occurred while creating a vault instance during initialization of the server.
User Response:
The problem may be an out of memory error. Restart the server machine and try again.
JSAS0011E: [{0}] Java Exception. Exception = {1}
Explanation
This is an unexpected exception. The cause can not be immediately determined.
User Response:
For further information on resolving this error, please consult support. For more information, see Get support for WebSphere Application Server for iSeries.
JSAS0020E: [{0}] Null reference to LoginHelper. The problem may be an out of memory error. Restart the server machine and try again.
Explanation
This message indicates an internal error occurred while trying to create an instance of LoginHelperImpl.
User Response:
The problem may be an out of memory error. Restart the server machine and try again.
JSAS0025E: [{0}] Null reference to ORB. The problem may be an out of memory error. Restart the server machine and try again.
Explanation
This message indicates that a reference to the ORB was null.
User Response:
The problem may be an out of memory error. Restart the server machine and try again.
JSAS0026E: [{0}] Exception connecting object to the ORB. Check the SSL configuration to ensure that the SSL keyStore and trustStore properties are set properly. Ensure that the keystore has at least one personal certificate and that the signer for the personal certificate is added to the truststore. Attempt loading the keystore and truststore into WebSphere's IKeyMan and ensure that the file type specified in the configuration (usually JKS) is the correct file type. Make sure the password specified for the keystore and truststore is valid. Use the same password for both keystore and truststore. {1}
Explanation
An internal exception occurred. In all likelihood your server key ring is invalid, does not contain a server certificate, or can't be found.
User Response:
Check the SSL configuration to ensure that the SSL keyStore and trustStore properties are set properly. Ensure that the keystore has at least one personal certificate and that the signer for the personal certificate is added to the truststore. Attempt loading the keystore and truststore into WebSphere's IKeyMan and ensure that the file type specified in the configuration (usually JKS) is the correct file type. Make sure the password specified for the keystore and truststore is valid. Use the same password for both keystore and truststore.
JSAS0027E: [{0}] ORB data conversion exception. This typically occurs when the ORB is processing a data string with characters that are not consistent with the code pages supported by the ORB. Refer to product documentation for additional information. {1}
Explanation
An internal exception occurred. The probable cause is that a data string processed by the ORB (such as the server's realm/name) contains characters that are not consistent with the code pages supported by the ORB.
User Response:
Check the security configuration files to ensure that data strings contain only characters from code pages that are supported by the ORB.
JSAS0030E: [{0}] Unable to get Current. Check to ensure the correct Java class files are in the program classpath. Make sure you are not using the wrong version of SAS.JAR. {1}
Explanation
This message indicates an internal error occurred while trying to access Current via resolve_initial_references.
User Response:
Check to ensure the correct Java class files are in the program classpath. Make sure you are not using the wrong version of SAS.JAR.
JSAS0040E: [{0}] Unable to initialize security context. Check to ensure the userid/password is valid. Restart the client and retry the operation.
Explanation
The outcome of init_security_context is failure. Any reason for a secure association failure with the target server could cause this error. There are times when this is benign such as for method invocations that do not require security.
User Response:
Check to ensure the userid/password is valid. Restart the client and retry the operation.
JSAS0051E: [{0}] Invalid authentication target. Verify that the security configuration has a valid authentication target selected.
Explanation
The authentication target is not of the type BasicAuth, LocalOS or LTPA. Sometimes only LocalOS or LTPA are valid authentication targets for certain methods.
User Response:
Verify that the security configuration has a valid authentication target selected.
JSAS0052E: [{0}] Invalid credential token. Retry the operation after a few minutes. If using request_login for Domino, ensure that Domino/WebSphere SSO is setup correctly. {1}
Explanation
The credential token is null, expired, or has been tampered with. Since the token is digitally signed, any modification of the bytes in the token will not verify. Typically this error is due to a null token, however.
User Response:
Retry the operation after a few minutes. If using request_login for Domino, ensure that Domino/WebSphere SSO is setup correctly.
JSAS0053E: [{0}] Unable to validate credential token. Retry the operation after a few minutes. If using request_login for Domino, ensure that Domino/WebSphere SSO is setup correctly.
Explanation
The credential token is null, expired, or has been tampered with. Since the token is digitally signed, any modification of the bytes in the token will not verify. Typically this error is due to a null token, however.
User Response:
Retry the operation after a few minutes. If using request_login for Domino, ensure that Domino/WebSphere SSO is setup correctly.
JSAS0054E: [{0}] Unable to set invocation credentials. Retry the operation. Ensure the program is creating the credential properly before setting it as the invocation credential. You may need to restart the client or server which has the invalid credential. {1}
Explanation
This error could occur for one of the following reasons: the credential is null, the credential is not a subtype of org.omg.SecurityLevel2.Credentials, the credential has been marked invalid during a failed login attempt, or while the security server was unavailable.
User Response:
Retry the operation. Ensure the program is creating the credential properly before setting it as the invocation credential. You may need to restart the client or server which has the invalid credential.
JSAS0060W: [{0}] Unable to build security context. Occasionally, problems with the client and/or server configuration is responsible for these errors. Often it's related to SSL connections not being created. This could be due to invalid settings in the security configuration. The SAS.JAR may not be specified in the classpath or is not the same version as the server. The JDK you are using must also have the JSSE extension classes in /java/jre/lib/ext directory. The java.security file must include the IBMJCE provider.
Explanation
This indicates that the building of the security context failed. Typically the reasons for this are: cannot find the session in the session table, a TCP/IP connection is made instead of an SSL connection, or a Java runtime exception occurred.
User Response:
Occasionally, problems with the client and/or server configuration is responsible for these errors. Often it's related to SSL connections not being created. This could be due to invalid settings in the security configuration. The SAS.JAR may not be specified in the classpath or is not the same version as the server. The JDK you are using must also have the JSSE extension classes in /java/jre/lib/ext directory. The java.security file must include the IBMJCE provider.
JSAS0070E: [{0}] Unable to complete secure association at the client. Retry the client program after a few minutes wait. {1}
Explanation
An attempt to communicate with the server failed. The server may be down or the host and port is incorrect.
User Response:
Retry the client program after a few minutes wait.
JSAS0071E: [{0}] NO_PERMISSION caught, unable to complete secure association at the client. Retry the client program after a few minutes wait. Ensure that the client program is using the correct version of SAS.JAR in the classpath. {1}
Explanation
An attempt establish a secure association with the server failed with a NO_PERMISSION.
User Response:
Retry the client program after a few minutes wait. Ensure that the client program is using the correct version of SAS.JAR in the classpath.
JSAS0100E: [{0}] Null target security name. Verify that the principalName specified in the server configuration is valid.
Explanation
The target security retrieved from a security tagged component in the IOR is null.
User Response:
Verify that the principalName specified in the server configuration is valid.
JSAS0110E: [{0}] Client credentials were not the correct type. Ensure that the client program is correctly following the CORBA programming model. Also, verify that the correct version of SAS.JAR is in the client classpath. {1}
Explanation
This indicates that the credentials object being passed to current are not SAS credentials but of some other type or no type was specified.
User Response:
Ensure that the client program is correctly following the CORBA programming model. Also, verify that the correct version of SAS.JAR is in the client classpath.
JSAS0120E: [{0}] Unable to create SecurityContext object. Try to review the client security configuration file (sas.client.props). If recent changes have been made you may want to undo these changes. {1}
Explanation
A problem occurred while trying obtain the security context object while adding a new security session. This typically occurs while the client is trying to login.
User Response:
Try to review the client security configuration file (sas.client.props). If recent changes have been made you may want to undo these changes.
JSAS0130E: [{0}] Client credentials were not valid. Restart the client so that it logs in with new credentials. Once client credentials are marked invalid, they must be thrown away and news ones created. {1}
Explanation
This indicates that the client credentials were marked invalid at some point. Some of the reasons they could be marked invalid are: credential token expired, userid/password invalid, security server unavailable so unable to verify the user information.
User Response:
Restart the client so that it logs in with new credentials. Once client credentials are marked invalid, they must be thrown away and news ones created.
JSAS0150E: [{0}] Unable to find session in session table. Retry the operation. If the error repeats itself, restart the client program. Check the client properties to ensure the login information is correct.
Explanation
This error indicates that the session key used to lookup the session in the session table has not been found in the session table. This is typically a side effect of another problem such as an invalid credential or a security service is unavailable.
User Response:
Retry the operation. If the error repeats itself, restart the client program. Check the client properties to ensure the login information is correct.
JSAS0170E: [{0}] Null session handle in session table. Check to see if a server process has terminated just prior to receiving these errors. If a process has terminated, restart the process and retry the operation. Verify that the client userid/password is valid. If the login fails, the session will be deleted on the client side and the credentials will be marked invalid. If a retry occurs, you will likely see this error. Restart the client program after verifying the login info.
Explanation
An attempt to access a security session from the session tables on either the client or the server has failed. This error is typically a side effect of another problem. The session probably has already been deleted or has never been added.
User Response:
Check to see if a server process has terminated just prior to receiving these errors. If a process has terminated, restart the process and retry the operation. Verify that the client userid/password is valid. If the login fails, the session will be deleted on the client side and the credentials will be marked invalid. If a retry occurs, you will likely see this error. Restart the client program after verifying the login info.
JSAS0180E: [{0}] Unable to get PrincipalAuthenticator from Current. Check the security configuration to ensure that the authenticationTarget is set properly.
Explanation
The problem is typically related to the configuration.
User Response:
Check security configuration to ensure that the authenticationTarget is set properly.
JSAS0185E: [{0}] Validation of BasicAuth Token not supported. Check the client code to ensure it's not calling validate incorrectly. Resubmit the request after waiting a few minutes.
Explanation
Trying to validate a BasicAuth token which consists of just a userid and password. This should be authenticated not validated.
User Response:
Check the client code to ensure it's not calling validate incorrectly. Resubmit the request after waiting a few minutes.
JSAS0186E: [{0}] Authentication with BasicAuth Token not supported. Check the client code to ensure it's not calling the wrong principal authenticator. Resubmit the request after waiting a few minutes.
Explanation
Trying to authenticate a BasicAuth token which consists of just a userid and password in either the LTPA or LocalOS PrincipalAuthenticator.
User Response:
Check the client code to ensure it's not calling the wrong principal authenticator. Resubmit the request after waiting a few minutes.
JSAS0190E: [{0}] Invalid or null client security name, unable to authenticate. Verify the information used to login. Retry the operation with a valid userid. If a properties login is performed, check the properties file to ensure a userid has been set.
Explanation
The userid passed into authenticate was null or invalid.
User Response:
Verify the information used to login. Retry the operation with a valid userid. If a properties login is performed, check the properties file to ensure a userid has been set.
JSAS0191E: [{0}] Null or empty BasicAuth Token, unable to authenticate. Verify the information used to login. Retry the operation with a valid userid and password. If a properties login is performed, check the properties file to ensure a userid and password has been set.
Explanation
The userid and/or password passed into authenticate was null.
User Response:
Verify the information used to login. Retry the operation with a valid userid and password. If a properties login is performed, check the properties file to ensure a userid and password has been set.
JSAS0199E: [{0}] Security server could not be initialized. The probable cause for this problem is that the class com.ibm.WebSphereSecurityImpl.SecurityServerImpl cannot be located. This is typically in the wssec.jar file.
Explanation
The security server cannot be located. Ensure that wssec.jar is located in the classpath.
User Response:
The probable cause for this problem is that the class com.ibm.WebSphereSecurityImpl.SecurityServerImpl cannot be located. This is typically in the wssec.jar file.
JSAS0200E: [{0}] Attempt to establish a secure association at the target server failed. Check your userid/password to verify the correctness. Retry the operation after a few minutes. Message={1}, ErrorCode={2}
Explanation
The attempt to authenticate the client has been rejected. Most of the time this is due to an invalid userid/password. Some of the time this is due to a security server being unavailable.
User Response:
Check your userid/password to verify the correctness. Retry the operation after a few minutes.
JSAS0202E: [{0}] Credential token expired. {1}
Explanation
The credential token associated with the user credential has expired. This typically occurs with LTPA.
User Response:
Close the client and login again.
JSAS0208E: [{0}] Internal error: system exception.
Explanation
This is an unexpected exception. The cause can not be immediately determined.
User Response:
For further information on resolving this error, please consult support. For more information, see Get support for WebSphere Application Server for iSeries.
JSAS0240E: [{0}] Login failed. Verify the userid/password is correct. Check the properties file to ensure the login source is valid. If this error occurs on the server, check the server properties to ensure the principalName has a valid realm and userid. {1}
Explanation
This message indicates that the attempt at authenticating failed.
User Response:
Verify the userid/password is correct. Check the properties file to ensure the login source is valid. If this error occurs on the server, check the server properties to ensure the principalName has a valid realm and userid.
JSAS0241E: [{0}] Attempting to receive LocalOS credential from remote node. LocalOS credentials are only supported on the same node.
Explanation
This message indicates that the LocalOS credential is trying to access a resource on a node other than the one it was authenticated on.
User Response:
Check the user code to determine if there's a naming lookup to another node or an EJB access to another node.
JSAS0250E: [{0}] Secure association compromised. Retry the operation. Might want to contact your network administrator to see if any network problems occurred during the time of the errors. Message={1}, ErrorCode={2}.
Explanation
The message from the server has been corrupted. This could be due to message tampering or just a power spike causing bytes to get jumbled.
User Response:
Retry the operation. Might want to contact your network administrator to see if any network problems occurred during the time of the errors.
JSAS0300E: [{0}] Invalid message type returned from target. Retry the operation after a few minutes. If the problem persists, there should be messages on the server system which may give a better indication of what the problem is. Further tracing on the server may be necessary. Message: {1}, ErrorCode: {2}.
Explanation
A message type sent from the server to the client is not a valid message type. Typically this occurs when the server throws an exception during the processing of a request. Typically, the request has not completed.
User Response:
Retry the operation after a few minutes. If the problem persists, there should be messages on the server system which may give a better indication of what the problem is. Further tracing on the server may be necessary.
JSAS0310E: [{0}] Invalid security attribute type, unable to authenticate. Verify the program to ensure that the attribute being accessed is a valid credential attribute. You may need to contact your system administrator to verify that all of the attributes you need have been set in the user registry. {1}
Explanation
A security attribute is a value stored in the credential object such as userid or groupid. Either the type trying to be accessed is not a valid credential attribute type or the attribute being accessed is null.
User Response:
Verify the program to ensure that the attribute being accessed is a valid credential attribute. You may need to contact your system administrator to verify that all of the attributes you need have been set in the user registry.
JSAS0320E: [{0}] Connection type found in session entry was not valid for this security context. Ensure that the security configuration has the SSL keyStore and trustStore properties specified, and that the keystore file has valid, non-expired certificates.
Explanation
The connection type was not SSL, but rather some other type of connection, likely TCPIP.
User Response:
Ensure that the security configuration has the SSL keyStore and trustStore properties specified, and that the keystore file has valid, non-expired certificates.
JSAS0340E: [{0}] Invalid communication direction for security feature. Ensure the call to get_security_features passes in org.omg.Security.CommunicationDirection._SecDirectionBoth.
Explanation
The communication direction passed into get_security_features currently only supports org.omg.Security.CommunicationDirection._SecDirectionBoth.
User Response:
Ensure the call to get_security_features passes in org.omg.Security.CommunicationDirection._SecDirectionBoth.
JSAS0350E: [{0}] Security attribute type is null or invalid. Verify the program to ensure that the attribute being accessed is a valid credential attribute. You may need to contact your system administrator to verify that all of the attributes you need have been set in the user registry. {1}
Explanation
A security attribute is a value stored in the credential object such as userid or groupid. Either the type trying to be accessed is not a valid credential attribute type or the attribute being accessed is null.
User Response:
Verify the program to ensure that the attribute being accessed is a valid credential attribute. You may need to contact your system administrator to verify that all of the attributes you need have been set in the user registry.
JSAS0355E: [{0}] Duplicate security attribute type specified. Verify the program to ensure that the same attribute is not trying to be retrieved more than once at the same time. {1}
Explanation
This error indicates that the same attribute in the credential object is being accessed more than once for a single get_attributes call.
User Response:
Verify the program to ensure that the same attribute is not trying to be retrieved more than once at the same time.
JSAS0360E: [{0}] Security attribute list is null. Verify that the list of attributes that is trying to be set is not null. Retry the operation.
Explanation
While calling set_attributes on the credential, the attribute list is null.
User Response:
Verify that the list of attributes that is trying to be set is not null. Retry the operation.
JSAS0370E: [{0}] Security attribute list contains null attribute type or attribute family. Verify that the list of attributes that is trying to be set does not contain a null attribute. Retry the operation.
Explanation
While calling set_attributes on the credential, the attribute list contains a type which is null.
User Response:
Verify that the list of attributes that is trying to be set does not contain a null attribute. Retry the operation.
JSAS0380E: [{0}] Security attribute list contains null member. Verify that the list of attributes that is trying to be set does not contain a null attribute. Retry the operation.
Explanation
While calling set_attributes on the credential, the attribute list contains a type which is null.
User Response:
Verify that the list of attributes that is trying to be set does not contain a null attribute. Retry the operation.
JSAS0400E: [{0}] Could not close the key file; processing will continue.
Explanation
A java I/O Exception occurred while trying to close the keyfile.
User Response:
Processing should continue.
JSAS0402E: [{0}] The standardClaimQOPModels attribute contains an invalid option; using the default value: {1}. Correct the value specified on the standardClaimQOPModels property if you do not want to use Confidentiality.
Explanation
The option specified in standardClaimQOPModels is not valid. Valid options include Authenticity, Integrity, Confidentiality, and Advanced.
User Response:
Correct the value specified on the standardClaimQOPModels property if you do not want to use Confidentiality.
JSAS0403E: [{0}] The delegateCredentials property contains an illegal delegation mode. Correct the value specified on the delegateCredentials property. The default is None.
Explanation
Valid delegateCredentials property values include None, Simple, Scoped, Traced, and MethodDefined.
User Response:
Correct the value specified on the delegateCredentials property. The default is None.
JSAS0404E: [{0}] The loginTimeout property is out of range. Correct the value so that it falls between 0 and 600 specified in seconds. Currently using the value: {1}
Explanation
The valid range is 0 - 600.
User Response:
Correct the value so that it falls between 0 and 600 specified in seconds.
JSAS0405E: [{0}] The property contains a non-integer string value; defaulting to {1}. Correct the value specified in the property so that it is an integer number.
Explanation
The value entered could not be represented as an integer number.
User Response:
Correct the value specified in the property so that it is an integer number.
JSAS0406E: [{0}] The standardPerformQOPModels attribute contains an invalid option; defaulting to {1}. Correct the value specified on the standardPerformQOPModels property if you do not want to use Confidentiality.
Explanation
The option specified in standardPerformQOPModels is not valid. Valid options include Authenticity, Integrity, Confidentiality, and Advanced.
User Response:
Correct the value specified on the standardPerformQOPModels property if you do not want to use Confidentiality.
JSAS0408E: [{0}] The SSLCredentialsTimeout property is out of range; using the default value of {1}. Correct the value specified in the property so that it is in the valid range.
Explanation
The valid range for SSLCredentialsTimeout property is 0 through 364 days specified in seconds.
User Response:
Correct the value specified in the property so that it is in the valid range.
JSAS0409E: [{0}] The SSLCredentialsTimeout property contains a non-integer string value; using the default value of {1}. Correct the value specified in the property so that it is an integer number.
Explanation
The value entered could not be represented as an integer number.
User Response:
Correct the value specified in the property so that it is an integer number.
JSAS0410E: [{0}] The SSLPort property contains a non-integer string value; using the default value of {1}. Correct the value specified in the property so that it is an integer number.
Explanation
The value entered could not be represented as an integer number.
User Response:
Correct the value specified in the property so that it is an integer number.
JSAS0411E: [{0}] The SSLV3SessionTimeout property is out of range; using default value of {1}. Correct the value specified so that it is within the valid range.
Explanation
The valid range for SSLV3SessionTimeout is 0 through 1 day specified in seconds.
User Response:
Correct the value specified so that it is within the valid range.
JSAS0412E: [{0}] The SSLV3SessionTimeout property contains a non-integer string value; using default value of {1}. Correct the value specified in the property so that it is an integer number.
Explanation
The value entered could not be represented as an integer number.
User Response:
Correct the value specified in the property so that it is an integer number.
JSAS0413E: [{0}] A problem occurred while processing the security configuration. Verify the data entered in the security configuration is valid. {1}
Explanation
A java runtime exception occurred while processing the security configuration.
User Response:
Verify the data entered in the security configuration is valid.
JSAS0414E: [{0}] The configuration is incorrect; the server may not start or may not function correctly. If you get this error, other errors will have preceded it which describe the problems with the configuration.
Explanation
Based on the verification level which determines how tightly to verify the configuration, it has been determined that the configuration is not consistent. The verification levels are Completeness, Consistency, PassivelyCorrect and ActivelyCorrect. The default for com.ibm.CORBA.verificationLevel is Consistency.
User Response:
If you get this error, other errors will have preceded it which describe the problems with the configuration.
JSAS0415E: [{0}] The configuration is incorrect. If you get this error, other errors will have preceded it which describe the problems with the configuration.
Explanation
Based on the verification level which determines how tightly to verify the configuration, it has been determined that the configuration is not consistent. The verification levels are Completeness, Consistency, PassivelyCorrect and ActivelyCorrect. The default for com.ibm.CORBA.verificationLevel is Consistency.
User Response:
If you get this error, other errors will have preceded it which describe the problems with the configuration.
JSAS0416E: [{0}] The configuration is in an unknown state. If you get this error, other errors will have preceded it which describe the problems with the configuration.
Explanation
Based on the verification level which determines how tightly to verify the configuration, it has been determined that the configuration is not consistent. The verification levels are Completeness, Consistency, PassivelyCorrect and ActivelyCorrect. The default for com.ibm.CORBA.verificationLevel is Consistency.
User Response:
If you get this error, other errors will have preceded it which describe the problems with the configuration.
JSAS0417E: [{0}] The active correctness verification produced a verification result of {1}
Explanation
The verification results are: Unknown (-1), Success (0), ConfigIncomplete (1), ConfigInconsistent (2), and ConfigWrong (3).
User Response:
If you get anything other than 0, you will have preceding messages which describe the specific problem.
JSAS0418E: [{0}] The configuration has not been initialized. Ensure that the security configuration is complete and in the location specified by the com.ibm.CORBA.ConfigURL. This location is typically WASROOT/properties.
Explanation
This indicates that the security configuration has not been processed.
User Response:
Ensure that the security configuration is complete and in the location specified by the com.ibm.CORBA.ConfigURL. This location is typically WASROOT/properties.
JSAS0420E: [{0}] None of the association options have been set. Ensure that at least one of these association options are set.
Explanation
At least one of the following association options must be set: DCEClientAssociationEnabled, DCEServerAssociationEnabled, SSLTypeIClientAssociationEnabled, SSLTypeIServerAssociationEnabled, LTPAClientAssociationEnabled, LTPAServerAssociationEnabled, LocalOSClientAssociationEnabled, LocalOSServerAssociationEnabled.
User Response:
Ensure that at least one of these association options are set.
JSAS0422E: [{0}] The configuration is incomplete. A preceding message will likely tell you the exact reason why it is incomplete. The likely reasons are no Bootstrap Repository location, no association options selected, or the configuration has not been initialized.
Explanation
A verification result of ConfigIncomplete (1) has been returned.
User Response:
A preceding message will likely tell you the exact reason why it is incomplete. The likely reasons are no Bootstrap Repository location, no association options selected, or the configuration has not been initialized.
JSAS0423E: [{0}] The completeness verification produced a verification result of {1}.
Explanation
The verification results are: Unknown (-1), Success (0), ConfigIncomplete (1), ConfigInconsistent (2), and ConfigWrong (3).
User Response:
If you get anything other than 0, you will have preceding messages which describe the specific problem.
JSAS0424E: [{0}] The login source is Properties, however either the userid or password were not specified. Specify a userid on com.ibm.CORBA.loginUserid and password on com.ibm.CORBA.loginPassword if you intend to use the login source of properties.
Explanation
This indicates an inconsistency in the configuration because a login source of properties needs to have a userid and password specified.
User Response:
Specify a userid on com.ibm.CORBA.loginUserid and password on com.ibm.CORBA.loginPassword if you intend to use the login source of properties.
JSAS0425E: [{0}] The login source is KeyTable, however the KeyTable file was not specified. Specify a KeyTable file on com.ibm.CORBA.keytabFileName if you intend to use the login source of KeyTable.
Explanation
This indicates an inconsistency in the configuration because a login source of KeyTable needs to have a KeyTable file specified.
User Response:
Specify a KeyTable file on com.ibm.CORBA.keytabFileName if you intend to use the login source of KeyTable.
JSAS0427E: [{0}] The specified perform-QOP options are not valid. Verify that the above properties are consistent.
Explanation
The property com.ibm.CORBA.standardPerformQOPModels is set to advanced, however, the way that the following properties are set are inconsistent: performClientAuthentication, performServerAuthentication, performMessageReplayDetection, performMessageOutOfSequenceDetection, performMessageIntegrity, and performMessageConfidentiality.
User Response:
Verify that the above properties are consistent.
JSAS0428E: [{0}] The specified claim-QOP options are not valid. Verify that the above properties are consistent.
Explanation
The property com.ibm.CORBA.standardClaimQOPModels is set to advanced, however, the way that the following properties are set are inconsistent: performClientAuthentication, performServerAuthentication, performMessageReplayDetection, performMessageOutOfSequenceDetection, performMessageIntegrity, and performMessageConfidentiality.
User Response:
Verify that the above properties are consistent.
JSAS0429E: [{0}] The configuration is inconsistent. The exact reason of the inconsistency will be in a preceding message.
Explanation
This error occurs when there are dependencies between two configuration options and one of the dependencies is not met. For example, if SSL is configured but the keystore file is not.
User Response:
The exact reason of the inconsistency will be explained in a preceding message.
JSAS0430E: [{0}] The consistency verification produced a verification result of {1}
Explanation
The verification results are: Unknown (-1), Success (0), ConfigIncomplete (1), ConfigInconsistent (2), and ConfigWrong (3).
User Response:
If you get anything other than 0, you will have preceding messages which describe the specific problem.
JSAS0431E: [{0}] The passive correctness verification produced a verification result of {1}
Explanation
The verification results are: Unknown (-1), Success (0), ConfigIncomplete (1), ConfigInconsistent (2), and ConfigWrong (3).
User Response:
If you get anything other than 0, you will have preceding messages which describe the specific problem.
JSAS0433E: [{0}] The performClientAuthentication is set, but none of the server association options are set. Ensure that at least one of the server association properties are set to true.
Explanation
The property com.ibm.CORBA.performClientAuthentication is set, however, one of the following is not set: SSLTypeIServerAssociationEnabled, SSLTypeIIServerAssociationEnabled, LTPAServerAssociationEnabled, or LocalOSServerAssociationEnabled.
User Response:
Ensure that at least one of the server association properties are set to true.
JSAS0435E: [{0}] Credentials are invalid. Login again to get new credentials. Sometimes it is necessary to restart the client and/or server to ensure that you are using new credentials. Once credentials are marked invalid, they cannot become valid again. {1}
Explanation
The invalid flag on the credential object has been set to true. Typically this is due to the credential being rejected by the server when trying to authenticate. A NO_PERMISSION exception has likely been thrown by the server.
User Response:
Login again to get new credentials. Sometimes it is necessary to restart the client and/or server to ensure that you are using new credentials. Once credentials are marked invalid, they cannot become valid again.
JSAS0436E: [{0}] The configuration is ambiguous about which security mechanism to use. Try to review the client or server security configuration files. If recent changes have been made you may want to undo these changes. {1}
Explanation
This error indicates that the client or server configuration properties are not valid or are conflicting. Some properties cannot be set together and still be valid.
User Response:
Try to review the client or server security configuration files. If recent changes have been made you may want to undo these changes.
JSAS0437E: [{0}] The DCE tagged component was not correctly formed and can not be parsed. Ensure that the server version you are trying to connect to is supported. Make sure the SAS.JAR you are using on the client side is compatible with that of the server.
Explanation
While parsing the tagged component, a SystemException occurred.
User Response:
Ensure that the server version you are trying to connect to is supported. Make sure the SAS.JAR you are using on the client side is compatible with that of the server.
JSAS0438E: [{0}] Invalid initial reference name. Verify that security is enabled in the client/server configuration (com.ibm.CORBA.securityEnabled=true). Check the client program to ensure that a valid name is passed into "resolve_initial_references". {1}
Explanation
This indicates that the name passed into "resolve_initial_references" in the program is invalid or has not yet been registered.
User Response:
Verify that security is enabled in the client/server configuration (com.ibm.CORBA.securityEnabled=true). Check the client program to ensure that a valid name is passed into "resolve_initial_references".
JSAS0439E: [{0}] Unable to get Credentials. Verify that the client set the credentials properly before invoking the request. Ensure that the correct userid/password was specified when logging in. {1}
Explanation
On the server side, there must be a set of received credentials when communicating over SSL and Mutual Authentication is enabled. Without the received credentials the server will throw a NO_PERMISSION exception.
User Response:
Verify that the client set the credentials properly before invoking the request. Ensure that the correct userid/password was specified when logging in.
JSAS0441E: [{0}] ASSOC_ACCEPT message is illegal at the target. Retry the operation after a few minutes. Check the client configuration to ensure there's nothing out of the ordinary that might be causing an exception to occur.
Explanation
The message type ASSOC_ACCEPT should not be received at the target server. This might occur due to an exception that occurred on the client which caused a mixup.
User Response:
Retry the operation after a few minutes. Check the client configuration to ensure there's nothing out of the ordinary that might be causing an exception to occur.
JSAS0442E: [{0}] ASSOC_REJECT message is illegal at the target. Retry the operation after a few minutes. Check the client configuration to ensure there's nothing out of the ordinary that might be causing an exception to occur.
Explanation
The message type ASSOC_REJECT should not be received at the target server. This might occur due to an exception that occurred on the client which caused a mixup.
User Response:
Retry the operation after a few minutes. Check the client configuration to ensure there's nothing out of the ordinary that might be causing an exception to occur.
JSAS0443E: [{0}] Request holder service data key for Security Context invalid. Ensure that the correct SAS.JAR is in the server and client classpath. There might be a mismatch between these files on the client and the server. {1}
Explanation
The key used to find the security context is invalid.
User Response:
Ensure that the correct SAS.JAR is in the server and client classpath. There might be a mismatch between these files on the client and the server.
JSAS0445E: [{0}] Unknown host. An attempt will be made to use the host name, however, if this fails you'll need to take action. Contact your network administrator to ensure that the hostname and IP address which you have configured on the server is valid. {1}
Explanation
From the host name, could not convert to the dotted IP address.
User Response:
An attempt will be made to use the host name, however, if this fails you'll need to take action. Contact your network administrator to ensure that the hostname and IP address which you have configured on the server is valid.
JSAS0446E: [{0}] The listening port has not been initialized yet. Check the configuration to ensure there is not a property which inadvertently sets the port to something already using it. Stop the server and wait for about 2 minutes before restarting the server so that all ports that were in use will be released.
Explanation
This indicates that the port specified in the server connection data is 0.
User Response:
Check the configuration to ensure there is not a property which inadvertently sets the port to something already using it. Stop the server and wait for about 2 minutes before restarting the server so that all ports that were in use will be released.
JSAS0447E: [{0}] The security tagged component assistor is not an ObjectImpl and therefore can not be registered with the ORB. Check to ensure you have the same version of SAS.JAR as the server. Check the dates of the file on the server to ensure they match the dates of other JAR files on the server in case a mismatch has occurred.
Explanation
The SecurityTaggedComponentAssistorImpl.class file in the SAS.JAR is not valid.
User Response:
Check to ensure you have the same version of SAS.JAR as the server. Check the dates of the file on the server to ensure they match the dates of other JAR files on the server in case a mismatch has occurred.
JSAS0449E: [{0}] The SSL tagged component was not correctly formed and can not be parsed. Ensure that the server version you are trying to connect to is supported. Make sure the SAS.JAR you are using on the client side is compatible with that of the server. {1}
Explanation
While parsing the tagged component, a SystemException occurred.
User Response:
Ensure that the server version you are trying to connect to is supported. Make sure the SAS.JAR you are using on the client side is compatible with that of the server.
JSAS0450E: [{0}] Failed to initialize security context. Have the client verify that the userid/password specified during login is valid. {1}
Explanation
This indicates that a client is trying to establish a secure association with the server but failed to authenticate.
User Response:
Have the client verify that the userid/password specified during login is valid.
JSAS0451E: [{0}] Credentials do not contain a Public security name. The client should specify a userid and password in most cases in order to get authenticated.
Explanation
The public security name is the client's userid. In this case, a userid was not specified.
User Response:
The client should specify a userid and password in most cases in order to get authenticated.
JSAS0452E: [{0}] The security context is no longer valid. Try to review the client or server security configuration files. If recent changes have been made you may want to undo these changes. {1}
Explanation
This error typically occurs when adding a security session on the client or server.
User Response:
Try to review the client or server security configuration files. If recent changes have been made you may want to undo these changes.
JSAS0453E: [{0}] No credentials could be found identifying the local target. Check the com.ibm.CORBA.PrincipalName, com.ibm.CORBA.LoginUserid, and com.ibm.CORBA.LoginPassword properties to ensure they are valid. For the com.ibm.CORBA.PrincipalName, ensure the correct realm is specified in front of the userid (realm/userid).
Explanation
The server credentials could not be found.
User Response:
Check the security configuration for com.ibm.CORBA.PrincipalName, com.ibm.CORBA.LoginUserid, and com.ibm.CORBA.LoginPassword properties to ensure they are valid. For the com.ibm.CORBA.PrincipalName, ensure the correct realm is specified in front of the userid (realm/userid).
JSAS0454E: [{0}] Could not create local credentials. Check the security configuration for com.ibm.CORBA.PrincipalName, com.ibm.CORBA.LoginUserid, and com.ibm.CORBA.LoginPassword properties to ensure they are valid. For the com.ibm.CORBA.PrincipalName, ensure the correct realm is specified in front of the userid (realm/userid). {1}
Explanation
This indicates that a login failed on the server.
User Response:
Check the security configuration for com.ibm.CORBA.PrincipalName, com.ibm.CORBA.UserID, and com.ibm.CORBA.Password properties to ensure they are valid. For the com.ibm.CORBA.PrincipalName, ensure the correct realm is specified in front of the userid (realm/userid).
JSAS0455E: ERROR in {0}: The certificate with alias {1} from keyStore {2} is expired.
Explanation
A certificate is expired in the keystore.
User Response:
Open the keystore and validate the expiration dates on all certificates in the keystore. Remove any expired certs.
JSAS0456W: WARNING in {0}: The certificate with alias {1} from keyStore {2} will be expired in {3} days.
Explanation
A certificate is about to expire in the keystore.
User Response:
Open the keystore and validate the expiration dates on all certificates in the keystore. Prepare to generate new certificates, if necessary.
JSAS0461E: [{0}] Invalid credential token, unable to validate. Retry the operation after a few minutes. If using request_login for Domino, ensure that Domino/WebSphere SSO is setup correctly.
Explanation
The credential token is null, expired, or has been tampered with. Since the token is digitally signed, any modification of the bytes in the token will not verify. Typically this error is due to a null token, however.
User Response:
Retry the operation after a few minutes. If using request_login for Domino, ensure that Domino/WebSphere SSO is setup correctly.
JSAS0462E: [{0}] I/O Error trying to open the security bootstrap repository. Check the property bootstrapRepositoryLocation in the security configuration to be sure it points to a valid filename and location. If the path is correct, rename the file to allow it to recreate a new file. {1}
Explanation
An error occurred while opening the file pointed to by the bootstrapRepositoryLocation property.
User Response:
Check the property bootstrapRepositoryLocation in the security configuration to be sure it points to a valid filename and location. If the path is correct, rename the file to allow it to recreate a new file.
JSAS0463E: [{0}] I/O Error while processing the security bootstrap repository. Stop the adminserver, rename this file to anything else, restart your adminserver and the file should get recreated. Try running "java com.ibm.ISecurityUtilityImpl.BootstrapRepository %WAS_ROOT%/etc/secbootstrap" to see if it can be read. Make sure %WAS_ROOT% points to the correct WebSphere install path. /WebSphere/AppServer. {1}
Explanation
The file pointed to by BootstrapRepositoryLocation in the security configuration has been corrupted.
User Response:
Stop the adminserver, rename this file to anything else, restart your adminserver and the file should get recreated. Try running "java com.ibm.ISecurityUtilityImpl.BootstrapRepository %WAS_ROOT%/etc/secbootstrap" to see if it can be read. Make sure %WAS_ROOT% points to the correct WebSphere install path.
JSAS0464E: [{0}] I/O Error while writing the security bootstrap repository. Stop the adminserver, rename this file to anything else, restart your adminserver and the file should get recreated. Try running "java com.ibm.ISecurityUtilityImpl.BootstrapRepository %WAS_ROOT%/etc/secbootstrap" to see if it can be read. Make sure %WAS_ROOT% points to the correct WebSphere install path. {1}
Explanation
The file pointed to by BootstrapRepositoryLocation in the security configuration has been corrupted.
User Response:
Stop the adminserver, rename this file to anything else, restart your adminserver and the file should get recreated. Try running "java com.ibm.ISecurityUtilityImpl.BootstrapRepository %WAS_ROOT%/etc/secbootstrap" to see if it can be read. Make sure %WAS_ROOT% points to the correct WebSphere install path.
JSAS0465E: [{0}] THE SECURITY SERVICE HAS ALREADY BEEN INITIALIZED WITH THIS ORB. The ServiceInit (the call that enables security) will return immediately without reinitializing security multiple times.
Explanation
This indicates that security for this ORB has already been initialized and an attempt to initialize it again is occurring.
User Response:
The ServiceInit (the call that enables security) will return immediately without reinitializing the security.
JSAS0466E: [{0}] An I/O error occurred while processing the message buffer. Retry the operation. {1}
Explanation
A Java InputStream read error occurred.
User Response:
Retry the operation.
JSAS0467E: [{0}] The host address in the IOR is null or blank. Make sure the version of SAS.JAR is valid for the WebSphere release you are running. Restart the server and try the operation again.
Explanation
The server's host address is null as read from the IOR which the server exported.
User Response:
Make sure the version of SAS.JAR is valid for the WebSphere release you are running. Restart the server and try the operation again.
JSAS0469E: [{0}] The IOR is not correctly formed -- the connection will be refused. Ensure that the client version you are using is supported by the server. Check the SAS.JAR date and size and verify it is the same as that of the server. Check the classpath to ensure it includes the correct version of SAS.JAR.
Explanation
Specific values in the IOR that should exist were null. This usually indicates that an exception occurred while trying to read them or there is an interoperability problem with another version of the server.
User Response:
Ensure that the client version you are using is supported by the server. Check the SAS.JAR date and size and verify it is the same as that of the server. Check the classpath to ensure it includes the correct version of SAS.JAR.
JSAS0471E: [{0}] The requestCredsExpiration property is out of range; using the default {1}. Correct the value specified in the requestCredsExpiration property so that it is within the valid range.
Explanation
The valid range for the requestCredsExpiration property is 10 minutes through 364 days.
User Response:
Correct the value specified in the requestCredsExpiration property so that it is within the valid range.
JSAS0472E: [{0}] The BasicAuth expiration time is smaller than the ORB request timeout; A method request could take longer than the period over which the requesting credentials will remain valid. If you are setting these properties explicitly, ensure that requestTimeout is smaller than requestCredsExpiration.
Explanation
The property com.ibm.CORBA.requestCredsExpiration is smaller than the property com.ibm.CORBA.requestTimeout. The default for com.ibm.CORBA.requestCredsExpiration is infinite (this has no bearing on the LTPA token timeout). The default for com.ibm.CORBA.requestTimeout is 180 seconds.
User Response:
If you are setting these properties explicitly, ensure that requestTimeout is smaller than requestCredsExpiration.
JSAS0473E: [{0}] Invalid mechanism type. Check the security configuration to ensure the properties are set correctly. Retry the operation.
Explanation
The security mechanism is not a valid mechanism as defined in the mechanism factory.
User Response:
Check the security configuration to ensure the properties are set correctly. Retry the operation.
JSAS0475E: [{0}] Invalid expiry time. Check to ensure the value passed into is_valid is not negative.
Explanation
The value passed into the is_valid method is negative.
User Response:
Check to ensure the value passed into is_valid is not negative.
JSAS0476E: [{0}] Invalid credential type. Ensure that the client authentication target in the client properties is set to a value that the server supports. {1}
Explanation
The credential object passed to the server is not a type which the server supports.
User Response:
Ensure that the client authentication target in the client properties is set to a value that the server supports.
JSAS0477E: [{0}] Invalid credential. Retry the operation. Ensure the program is creating the credential properly before setting it as the invocation credential. You may need to restart the client or server which has the invalid credential. {1}
Explanation
If the credential is null OR the credential is not a subtype of org.omg.SecurityLevel2.Credentials OR the credential has been marked invalid during a failed login attempt or while the security server was unavailable.
User Response:
Retry the operation. Ensure the program is creating the credential properly before setting it as the invocation credential. You may need to restart the client or server which has the invalid credential.
JSAS0479E: [{0}] Unable to sleep. Restart the server. {1}
Explanation
A Java runtime exception occurred while a thread was trying to sleep for a specified number of seconds.
User Response:
JSAS0480E: [{0}] Failed to find the correct entry in key file. Ensure that the property com.ibm.ssl.keyStoreFile is pointing to a keyfile which contains the realm and security name which you are looking for. {1}
Explanation
The keyfile entry to the specified realm and security name was not found in the keyfile.
User Response:
Ensure that the property com.ibm.ssl.keyStoreFile is pointing to a keyfile which contains the realm and security name which you are looking for.
JSAS0484E: [{0}] A problem occurred while decoding the loginPassword property. Retype the password on the loginPassword property and restart the program. {1}
Explanation
A java runtime exception occurred while decoding the loginPassword property.
User Response:
Retype the password on the loginPassword property and restart the program.
JSAS0485E: [{0}] A problem occurred while decoding the keystore password property. Retype the password on the keystore password property and restart the program. {1}
Explanation
A java runtime exception occurred while decoding the keystore password property.
User Response:
Retype the password on the keystore password property and restart the program.
JSAS0486E: [{0}] A problem occurred while decoding the truststore password property. Retype the password on the trustword password property and restart the program. {1}
Explanation
A java runtime exception occurred while decoding the truststore password property.
User Response:
Retype the password on the com.ibm. property and restart the program.
JSAS0488E: [{0}] An exception was thrown while registering the request interceptor to the orb. The exception is: {1}
Explanation
This is typically a problem in the orb.
User Response:
Make sure an orb.properties exists in java/jre/lib directory.
JSAS0489E: [{0}] Unauthenticated credentials can not be sent via Identity Assertion because they are not supported by the configuration.
Explanation
The configuration does not allow for an anonymous identity token.
User Response:
Make sure the client gets prompted and enters valid credentials.
JSAS0490E: [{0}] Identity type stored in the credential (Client Authentication Token) does not match the effective policy Identity type (ITTPrincipalName not supported).
Explanation
The type of credential is not one that is supported for Identity Assertion.
User Response:
Review the client configuration, specifically the authenticationTarget to ensure contains a supported value.
JSAS0491E: [{0}] Identity type stored in the credential (Client certificates) does not match the effective policy Identity type (ITTX509CertChain not supported).
Explanation
The server does not support certificate based credentials.
User Response:
To communicate with this downstream server using Identity Assertion, the originating client should try a different authentication mechanism such as BasicAuth.
JSAS0492E: [{0}] Identity type stored in the credential (ITTPrincipalName) does not match the effective policy Identity type (ITTPrincipalName not supported).
Explanation
The server does not support principal based credentials.
User Response:
To communicate with this downstream server using Identity Assertion, the originating client should try a different authentication mechanism such as SSL client certificates.
JSAS0493E: [{0}] Identity type stored in the credential (ITTDistinguishedName) does not match the effective policy Identity type (ITTDistinguishedName not supported).
Explanation
The server does not support distinguished name based credentials.
User Response:
To communicate with this downstream server using Identity Assertion, the originating client should try a different authentication mechanism which is principal based rather than DN based.
JSAS0494E: [{0}] The server's {1} credentials are NULL.
Explanation
The server did not set the credentials during bootstrap.
User Response:
Try restarting the server. Report the problem to customer support.
JSAS0495E: [{0}] The server's {1} credentials are invalid. Realm/security_name == NULL.
Explanation
The server's credentials are invalid.
User Response:
Try logging in again and specifying a realm and/or username.
JSAS0496E: [{0}] The expiration time for {1} credentials is too short relative to the ORB request timeout and/or the security cache timeout; a method request could take longer than the period over which the credentials will remain valid, or the credentials could expire while in the server cache.
Explanation
A method request could take longer than the credential expiration period.
User Response:
Either increase the cache timeout or decrease the ORB request timeout.
JSAS0497E: [{0}] A problem occurred while decoding the HardwareTokenPassword property. {1}
Explanation
The password for the hardware crypto device could not be decoded properly.
User Response:
Go back to the configuration and retype the password.
JSAS0498E: [{0}] The loginSource property contains an illegal option; the default is {1}.
Explanation
Valid loginSource options are: prompt, properties, stdin, key file, key table, none.
User Response:
Modify the loginSource to contain a valid option.
JSAS0500I: CSIv2 protocol has been enabled.
Explanation
None.
User Response:
None.
JSAS0501I: Realm name has been set: {1}
Explanation
None.
User Response:
None.
JSAS0502I: Realm name has not been set.
Explanation
None.
User Response:
None.
JSAS0503I: Claim stateful has been enabled.
Explanation
None.
User Response:
None.
JSAS0504I: Claim stateless has been enabled.
Explanation
None.
User Response:
None.
JSAS0505I: Claim secure transport layer with SSL/TLS required has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0506I: Claim secure transport layer with SSL/TLS supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0507I: No claim secure transport layer has been set.
Explanation
None.
User Response:
None.
JSAS0508I: Claim client authentication at transport layer required has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0509I: Claim client authentication at transport layer supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0510I: No claim client authentication at transport layer has been set.
Explanation
None.
User Response:
None.
JSAS0511I: Claim message 128-bit SSL/TLS cipher suites required has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0512I: Claim message 128-bit SSL/TLS cipher suites supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0513I: No claim message 128-bit SSL/TLS cipher suites has been set.
Explanation
None.
User Response:
None.
JSAS0514I: Claim message 40-bit SSL/TLS cipher suites required has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0515I: Claim message 40-bit SSL/TLS cipher suites supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0516I: No claim message 40-bit SSL/TLS cipher suites has been set.
Explanation
None.
User Response:
None.
JSAS0517I: Claim client authentication required has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0518I: Claim client authentication supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0519I: No claim client authentication has been set.
Explanation
None.
User Response:
None.
JSAS0520I: Claim identity assertion supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0521I: No claim identity assertion has been set.
Explanation
None.
User Response:
None.
JSAS0522I: Perform stateful has been enabled.
Explanation
None.
User Response:
None.
JSAS0523I: Perform stateless has been enabled.
Explanation
None.
User Response:
None.
JSAS0524I: Perform secure transport layer with SSL/TLS required has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0525I: Perform secure transport layer with SSL/TLS supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0526I: No perform secure transport layer has been set.
Explanation
None.
User Response:
None.
JSAS0527I: Perform client authentication at transport layer required has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0528I: Perform client authentication at transport layer supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0529I: No perform client authentication at transport layer has been set.
Explanation
None.
User Response:
None.
JSAS0530I: Perform message 128-bit SSL/TLS cipher suites required has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0531I: Perform message 128-bit SSL/TLS cipher suites supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0532I: No perform message 128-bit SSL/TLS cipher suites has been set.
Explanation
None.
User Response:
None.
JSAS0533I: Perform message 40-bit SSL/TLS cipher suites required has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0534I: Perform message 40-bit SSL/TLS cipher suites supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0535I: No perform message 40-bit SSL/TLS cipher suites has been set.
Explanation
None.
User Response:
None.
JSAS0536I: Perform client authentication required has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0537I: Perform client authentication supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0538I: No perform client authentication has been set.
Explanation
None.
User Response:
None.
JSAS0539I: Perform identity assertion supported has been set.
: {1}
Explanation
None.
User Response:
None.
JSAS0540I: No perform identity assertion has been set.
Explanation
None.
User Response:
None.
JSAS0541I: Trusted principal list should be defined for Identity Assertion.
: {1}. TrustedPrincipalList is not defined.
Explanation
None.
User Response:
None.
JSAS0542I: Claim transport security mechanism should be defined when claim transport client auth is enabled.
: {1}, : {2}, : {3}, : {4}
Explanation
None.
User Response:
None.
JSAS0543I: Claim transport security mechanism should be defined when claim transport QOP is enabled.
: {1}, : {2}, : {3}, : {4}, : {5}, : {6}.
Explanation
None.
User Response:
None.
JSAS0544I:
is not applicable in client configuration. Disabled the property.
Explanation
None.
User Response:
None.
JSAS0545I:
is not applicable in client configuration. Disabled the property.
Explanation
None.
User Response:
None.
JSAS0546I:
is not applicable in client configuration. Disabled the property.
Explanation
None.
User Response:
None.
JSAS0547I: Perform transport security mechanism should be defined when perform transport client auth is enabled.
: {1}, : {2}, : {3}, : {4}.
Explanation
None.
User Response:
None.
JSAS0548I: Perform transport security mechanism should be defined when perform transport QOP is enabled.
: {1}, : {2}, : {3}, : {4}, : {5}, : {6}
Explanation
None.
User Response:
None.
JSAS0549I: Coalescing client config with server security mechanism
Explanation
None.
User Response:
None.
JSAS0550I: Evaluation of the transport layer failed.
Explanation
None.
User Response:
None.
JSAS0551I: Evaluation of the message layer failed.
Explanation
None.
User Response:
None.
JSAS0552I: Evaluation of the identity assertion layer failed.
Explanation
None.
User Response:
None.
JSAS0600E: CSIv2 Tagged Component is NULL.
Explanation
The IOR from the server does not contain a CSIv2 tagged component.
User Response:
May need to restart the server, redeploy the object or check the client configuration.
JSAS0601E: The CSIv2 client configuration does not support SECIOP.
Explanation
The WebSphere implementation does not support SECIOP.
User Response:
You cannot communicate to a server over SECIOP.
JSAS0602E: No valid transport tagged components exist in the IOR.
Explanation
The transport tag is not a recognized or supported transport.
User Response:
Find out from the server your are connecting to what transports are supported.
JSAS0603E: The server does not support SSL/TLS, but the client is configured to require it.
Explanation
Since the client requires SSL and the server does not support it, the connection fails.
User Response:
If you are able to connect over TCP/IP (no data signing or encryption), specify SSL supported instead of required.
JSAS0604E: The client requires SSL client certificate authentication but the server does not support it.
Explanation
The server does not support SSL client authentication.
User Response:
Try using BasicAuth (userid/password) client authentication instead.
JSAS0605E: The client supports SSL client certificate authentication but the server does not support it.
Explanation
The server will not authenticate the client using SSL client certificates.
User Response:
Try using BasicAuth (userid/password) client authentication instead.
JSAS0606E: The server requires SSL client certificate authentication but the client does not support it.
Explanation
The client is not configured to use SSL client certificate authentication.
User Response:
Review the client configuration to ensure it is setup to perform SSL client certificate authentication.
JSAS0607E: The client requires SSL Confidentiality but the server does not support it.
Explanation
The client requires SSL confidentiality but the server does not support it.
User Response:
Modify the client configuration to not require confidentiality or have the system administrator change the server configuration to support it.
JSAS0608E: The server requires SSL Confidentiality but the client does not support it.
Explanation
The server requires SSL confidentiality but the client does not support it.
User Response:
Modify the client configuration to support confidentiality.
JSAS0609E: The client requires SSL Integrity but the server does not support it.
Explanation
The client requires SSL Integrity but the server does not support it.
User Response:
Modify the client configuration to not require Integrity or have the system administrator change the server configuration to support it.
JSAS0610E: The server requires SSL Integrity but the client does not support it.
Explanation
The server requires SSL Integrity but the client does not support it.
User Response:
Modify the client configuration to support Integrity.
JSAS0611E: No authentication mechanism is defined at client authentication layer.
Explanation
The CSIv2 tagged component did not specify an authentication mechanism.
User Response:
Retry the client application or restart the server to re-export the IOR for the object.
JSAS0612E: The client requires client authentication (e.g., userid/password or token), but the server does not support it.
Explanation
The server currently will not accept BasicAuth or any other client authentication mechanism.
User Response:
Configure the client for SSL client authentication or contact the server administrator.
JSAS0613E: The server requires client authentication (e.g., userid/password or token), but the client does not support it.
Explanation
The client currently will not accept BasicAuth or any other client authentication mechanism.
User Response:
Configure the client for BasicAuth client authentication or contact the server administrator.
JSAS0614E: The authentication mechanism OID supplied by the server is an unsupported OID for this WebSphere release.
Explanation
The server is supplying an unsupported OID.
User Response:
Try using SSL client certificate authentication.
JSAS0615E: The client configuration specifies the Kerberos authentication mechanism, but the server does not support it.
Explanation
The authentication mechanism of the server is not supported by the client.
User Response:
Modify the authenticationTarget in the client configuration to something supported by the server.
JSAS0616E: The client configuration specifies the LTPA authentication mechanism, but the server does not support it.
Explanation
The authentication mechanism of the server is not supported by the client.
User Response:
Modify the authenticationTarget in the client configuration to something supported by the server.
JSAS0617E: The client configuration specifies the Custom authentication mechanism, but the server does not support it.
Explanation
The authentication mechanism of the server is not supported by the client.
User Response:
Modify the authenticationTarget in the client configuration to something supported by the server.
JSAS0618E: The target security name is NULL in CSIv2 tagged component.
Explanation
A value in the CSIv2 tagged component required for client authentication is null.
User Response:
Try using SSL client authentication or contact the system administrator.
JSAS0619E: The sending server requires Identity Assertion but the receiving server does not support it.
Explanation
The receiving server has not configured Identity Assertion.
User Response:
Modify the configuration on the receiving server to support Identity Assertion.
JSAS0620E: No supported naming mechanisms are defined in attribute layer for Identity Assertion.
Explanation
A naming mechanism is needed to determine how to encode/decode the identity token.
User Response:
The receiving server may not support Identity Assertion. Try contacting the system administrator of the receiving server.
JSAS0621E: The target server does not support any identity token types.
Explanation
The target server likely does not support Identity Assertion.
User Response:
The target server may need to review how it exports the tagged components. Contact the system administrator of the target server.
JSAS0622E: [{0}] GSSEncodeDecodeException has occurred: {1}
Explanation
An exception has occurred while encoding or decoding security information.
User Response:
Report this problem to WebSphere support.
JSAS0623E: [{0}] The verificationLevel property contains an illegal option; the default is {1}.
Explanation
Valid property values are activelycorrect, passivelycorrect, consistency, and completeness.
User Response:
Modify the verification level to match one of these values.
JSAS0624E: [{0}] Exception caught when instantiating Custom authentication mechanism instance {1}, message: {2}, exception: {3}
Explanation
The custom authentication mechanism when implements WSSecurityContext interface is having problems being instantiated.
User Response:
Review the constructor of this class and make sure the proper class is specified in the configuration.
JSAS0625E: [{0}] Cannot instantiate WSSecurityContext instance for OID: {1}
Explanation
The OID specified in the credential does not have a corresponding WSSecurityContext implementation.
User Response:
Ensure that the WSSecurityContext configuration specifies an implementation for this OID.
JSAS0626E: [{0}] OID verification failed: credential OID ({1}) != configured OID ({2}).
Explanation
The credential has an OID which does not match the configured authenticationTarget OID.
User Response:
Modify the authenticationTarget to support the credential OID.
JSAS0627E: [{0}] The com.ibm.CSI.protocol property has an invalid value: {1}. Setting the protocol to {2}.
Explanation
Valid protocol values are ibm, csiv2, and both.
User Response:
Correct the protocol property to contain a valid value.
JSAS0628E: [{0}] The authenticationRetryCount property contains a non-integer string value; the default is {1}.
Explanation
The property contains a non-integer value.
User Response:
Make sure the property contains a non-integer value.
JSAS0629E: [{0}] MalformedURLException reading com.ibm.CORBA.ConfigURL={1}. Exception: {2}
Explanation
The URL syntax is incorrect.
User Response:
Typically, ensure there is only a single / after file: in the URL string.
JSAS0630E: [{0}] IOException reading com.ibm.CORBA.ConfigURL={1}. Exception: {2}
Explanation
The file pointed to by the ConfigURL may not exist.
User Response:
Check the URL syntax and that the file exists in the location specified.
JSAS0631E: [{0}] Exception reading com.ibm.CORBA.ConfigURL={1}. Exception: {2}
Explanation
The file pointed to by the ConfigURL may not exist.
User Response:
Check the URL syntax and that the file exists in the location specified.
JSAS0632E: [{0}] PrivilegedActionException reading com.ibm.CORBA.ConfigURL={1}. Exception: {2}
Explanation
There is not enough SecurityManager access control to read the ConfigURL property.
User Response:
Add more access to the java.security file for this property.
JSAS0633E: [{0}] NoSuchAlgorithmException - This exception is thrown when a particular cryptographic algorithm is requested but is not available in the environment. Exception: {1}
Explanation
This exception is thrown when a particular cryptographic algorithm is requested but is not available in the environment.
User Response:
Check the SSL configuration to ensure that a cipher specified is not invalid or a particular provider specified is valid.
JSAS0634E: [{0}] KeyStoreException - This is the generic KeyStore exception. Exception: {1}
Explanation
This is an exception thrown while trying to access a KeyStore.
User Response:
Validate the location of the keystore, the password used to access the keystore and the keystore type.
JSAS0635E: [{0}] UnrecoverableKeyException - This exception is thrown if a key in the keystore cannot be recovered. Exception: {1}
Explanation
This exception is thrown if a key in the keystore cannot be recovered.
User Response:
Typically this indicates some kind of corruption in the keystore. Ensure that the keystore type specified is valid.
JSAS0636E: [{0}] NoSuchProviderException - This exception is thrown when a particular security provider is requested but is not available in the environment. Exception: {1}
Explanation
This exception is thrown when a particular security provider is requested but is not available in the environment.
User Response:
Check that the keyStoreProvider, trustStoreProvider, and sslContextProvider have valid providers specified.
JSAS0637E: [{0}] KeyManagementException - This is the general key management exception, for all operations dealing with key management. Subclasses could include: KeyIDConflict, KeyAuthorizationFailureException, ExpiredKeyException. Exception: {1}
Explanation
This is the general key management exception, for all operations dealing with key management. Subclasses could include: KeyIDConflict, KeyAuthorizationFailureException, ExpiredKeyException
User Response:
Check that the certificates within the keystore are not expired and can all be viewed from within IKeyMan.
JSAS1400I: The configuration appears to be actively correct.
Explanation
None.
User Response:
None.
JSAS1401I: The configuration has been initialized.
Explanation
None.
User Response:
None.
JSAS1402I: Security has been enabled.
Explanation
None.
User Response:
None.
JSAS1404I: The login source has been set:
Explanation
None.
User Response:
None.
JSAS1405I: The login userid has been set:
Explanation
None.
User Response:
None.
JSAS1406I: The login password has been set:
Explanation
None.
User Response:
None.
JSAS1407I: The keytab file name has been set:
Explanation
None.
User Response:
None.
JSAS1408I: The key file name has been set:
Explanation
None.
User Response:
None.
JSAS1409I: The principal has been set: {1}
Explanation
None.
User Response:
None.
JSAS1410I: The principal was not set:
Explanation
None.
User Response:
None.
JSAS1411I: DCE client-association has been enabled.
Explanation
None.
User Response:
None.
JSAS1412I: DCE server-association has been enabled.
Explanation
None.
User Response:
None.
JSAS1413I: SSL Type-I client-association has been enabled.
Explanation
None.
User Response:
None.
JSAS1414I: SSL Type-I server-association has been enabled.
Explanation
None.
User Response:
None.
JSAS1415I: LTPA client-association has been enabled.
Explanation
None.
User Response:
None.
JSAS1416I: LTPA server-association has been enabled.
Explanation
None.
User Response:
None.
JSAS1417I: Local operating system client-association has been enabled.
Explanation
None.
User Response:
None.
JSAS1418I: Local operating system server-association has been enabled.
Explanation
None.
User Response:
None.
JSAS1419I: The authentication target has been set:
Explanation
None.
User Response:
None.
JSAS1422I: The SSL session timeout has been set:
Explanation
None.
User Response:
None.
JSAS1423I: The SSL credentials timeout has been set:
Explanation
None.
User Response:
None.
JSAS1425I: The SSL port has been set:
Explanation
None.
User Response:
None.
JSAS1426I: The standard perform-QOP model has been set:
Explanation
None.
User Response:
None.
JSAS1427I: The perform client-authentication has been set:
Explanation
None.
User Response:
None.
JSAS1428I: The perform server-authentication has been set:
Explanation
None.
User Response:
None.
JSAS1429I: The perform message replay detection has been set:
Explanation
None.
User Response:
None.
JSAS1430I: The perform message out-of-sequence detection has been set:
Explanation
None.
User Response:
None.
JSAS1431I: The perform message integrity has been set:
Explanation
None.
User Response:
None.
JSAS1432I: The perform message confidentiality has been set:
Explanation
None.
User Response:
None.
JSAS1433I: The standard claim-QOP model has been set:
Explanation
None.
User Response:
None.
JSAS1434I: The claim client-authentication required has been set:
Explanation
None.
User Response:
None.
JSAS1435I: The claim server-authentication required has been set:
Explanation
None.
User Response:
None.
JSAS1436I: The claim message replay detection required has been set:
Explanation
None.
User Response:
None.
JSAS1437I: The claim message out-of-sequence detection required has been set:
Explanation
None.
User Response:
None.
JSAS1438I: The claim message integrity required has been set:
Explanation
None.
User Response:
None.
JSAS1439I: The claim message confidentiality required has been set:
Explanation
None.
User Response:
None.
JSAS1440I: The claim client-authentication supported has been set:
Explanation
None.
User Response:
None.
JSAS1441I: The claim server-authentication supported has been set:
Explanation
None.
User Response:
None.
JSAS1442I: The claim message replay detection supported has been set:
Explanation
None.
User Response:
None.
JSAS1443I: The claim message out-of-sequence supported has been set:
Explanation
None.
User Response:
None.
JSAS1444I: The claim message integrity supported has been set:
Explanation
None.
User Response:
None.
JSAS1445I: The claim message confidentiality supported has been set:
Explanation
None.
User Response:
None.
JSAS1446I: The delegation mode has been set:
Explanation
None.
User Response:
None.
JSAS1447I: The security service will not be disabled during bootstrap activation.
Explanation
None.
User Response:
None.
JSAS1448I: The security bootstrap repository port has been set:
Explanation
None.
User Response:
None.
JSAS1449I: The configuration appears to be complete.
Explanation
None.
User Response:
None.
JSAS1450I: The configuration appears to be consistent.
Explanation
None.
User Response:
None.
JSAS1451I: The configuration appears to be passively correct.
Explanation
None.
User Response:
None.
JSAS1452I: The SSL server keystore has been set:
Explanation
None.
User Response:
None.
JSAS1453I: The SSL server keystore password has been set:
Explanation
None.
User Response:
None.
JSAS1454I: The indicated entry was not found in the key file.
Explanation
None.
User Response:
None.
JSAS1455I: Unable to login principal: null authentication information.
Explanation
None.
User Response:
None.
JSAS1456I: Trying again to form a secure association with the target.
Explanation
None.
User Response:
None.
JSAS1457I: [{0}] We couldn't close the security bootstrap repository. {1}
Explanation
None.
User Response:
None.
JSAS1458I: BasicAuth credentials will not expire.
Explanation
None.
User Response:
None.
JSAS1459I: The BasicAuth credentials expiration has been set:
Explanation
None.
User Response:
None.
JSAS1460I: Successfully loaded configured key file:
Explanation
None.
User Response:
None.
JSAS1461I: SSL security compound tag will be exported.
Explanation
None.
User Response:
None.
JSAS1474W: [{0}] Unable to refresh the server's credentials, reset to minimum expiration time. Restart the server.
Explanation
The server credential needs to be refreshed so that the token does not expire. This message indicates that the refresh failed. This could be due to a problem logging into the server to get a new credential token or that the credential has been marked invalid. The expiration time will be set explicitly to correct the problem temporarily.
User Response:
JSAS1475W: [{0}] The following exception occurred on the server, sending context error back to client: {1}
Explanation
This logs any system exception which occurs on the server by the security interceptor or any other interceptor called after the security interceptor.
User Response:
Sometimes the exception is normal, such as NO_PERMISSION due to invalid userid/password, other times the exception needs to be reported to customer support.
JSAS1476W: [{0}] The following exception was received from the server: {1}
Explanation
This logs any system exception which occurs on the server by the security request interceptor or any other request interceptor called after the security request interceptor.
User Response:
Sometimes the exception is normal, such as NO_PERMISSION due to invalid userid/password, other times the exception needs to be reported to customer support.
JSAS1477W: SECURITY CLIENT/SERVER CONFIG MISMATCH: The client security configuration (sas.client.props or outbound settings in GUI) does not support the server security configuration for the following reasons:
Explanation
The configuration on the client is not consistent with the configuration on the server for specific reasons.
User Response:
The reasons reported should determine how to resolve the problem.
JSAS1478W: Security cannot be enabled because the ConfigURL property cannot be processed!
Explanation
The property specified in setupCmdLine.bat or on the Java command line, com.ibm.CORBA.ConfigURL is invalid.
User Response:
Check to ensure the file pointed to exists.
JSAS2020W: [{0}] Unable to get credentials. Verify the userid/password supplied is correct. Try restarting the client program to resolve the problem. Increasing the credential timeout value could reduce the likelihood of this error occurring.
Explanation
The credentials supplied are either invalid or null. An attempt is made to login as unauthenticated. If the resource is unprotected, the invocation should succeed.
User Response:
Verify the userid/password supplied is correct. Try restarting the client program to resolve the problem. Increasing the credential timeout value could reduce the likelihood of this error occurring.
JSAS2030W: [{0}] Trying unauthenticated login. Verify the userid/password supplied is correct. Try restarting the client program to resolve the problem. Increasing the credential timeout value could reduce the likelihood of this error occurring.
Explanation
The credentials supplied are either invalid or null. An attempt is made to login as unauthenticated. If the resource is unprotected, the invocation should succeed.
User Response:
Verify the userid/password supplied is correct. Try restarting the client program to resolve the problem. Increasing the credential timeout value could reduce the likelihood of this error occurring.
JSAS2040W: [{0}] No ConnectionData object attached to RequestHolder. Verify the classpath on the client and server both contain the same SAS.JAR and the same SAS e-fixes.
Explanation
The type of connection data object is not valid. There may be a problem with the classes which loaded from the classpath.
User Response:
Verify the classpath on the client and server both contain the same SAS.JAR and the same SAS e-fixes.
JSAS2070W: [{0}] Session entry already exists. Try to login again.
Explanation
This indicates that the session trying to be added has already been added.
User Response:
Try to login again.
JSAS2100W: [{0}] Null Credentials list. If an unauthenticated request is not desired, check the client login userid/password to verify correctness. Review the login source property in the sas.client.props.
Explanation
The credentials list passed into init_security_context are null. An unauthenticated request will be attempted.
User Response:
If an unauthenticated request is not desired, check the client login userid/password to verify correctness. Review the login source property in the sas.client.props.
JSAS2120W: [{0}] Security enabled, but EstablishTrustInClient is not set in IOR. If mutual authentication is desired, check the standardPerformQOPModels property so that it is set to authenticity, integrity, or confidentiality.
Explanation
The standardPerformQOPModels property in the sas.client.props may not be set for mutual authentication.
User Response:
If mutual authentication is desired, check the standardPerformQOPModels property so that it is set to authenticity, integrity, or confidentiality.
JSAS2403W: [{0}] DCE Security Tag not found in IOR. Verify that the client program is attempting the access the correct object. This message could be benign if the object method does not require security to be invoked.
Explanation
The IOR does not contain a DCE security tag. This tag contains the target security name, mechanism and required quality of protection (QOP).
User Response:
Verify that the client program is attempting the access the correct object. This message could be benign if the object method does not require security to be invoked.
JSAS2404W: [{0}] SSL Security Tag not found in IOR. Verify that the client program is attempting the access the correct object. This message could be benign if the object method does not require security to be invoked.
Explanation
The IOR does not contain an SSL security tag. This tag contains the port, required quality of protection (QOP) and supported QOP.
User Response:
Verify that the client program is attempting the access the correct object. This message could be benign if the object method does not require security to be invoked.
JSAS2405W: [{0}] Unable to get client security name from credentials. Restart the client so that new credentials will be created. Check with your user registry administrator to ensure the user data is valid.
Explanation
This indicates that the attributes stored in the credential cannot be retrieved due to a java runtime exception.
User Response:
Restart the client so that new credentials will be created. Check with your user registry administrator to ensure the user data is valid.
JSAS2406W: [{0}] SSL Security Compound Tag not found in IOR. Verify that the client program is attempting the access the correct object. This message could be benign if the object method does not require security to be invoked.
Explanation
The IOR does not contain an SSL security compound tag. This tag contains the port, required quality of protection (QOP) and supported QOP, target's client authentication type, realm name and full security name.
User Response:
Verify that the client program is attempting the access the correct object. This message could be benign if the object method does not require security to be invoked.