Authenticate and changePassword in IBM Security Verify Access for Web

Authenticate and changePassword

For the RgyUser.authenticate() and RgyUser.changePassword(), the Registry Direct Java™ API generates errors that closely match the existing azn_util_password_authenticate and azn_util_password_change AZN API errors. The following table maps the error codes and the API errors:

RgyException AZN API Error AZN status code AZN API Message

ServerDownRgyException AZN_S_FAILURE, ivacl_s_registry_server_down ivacl_s_registry_server_down HPDAC0779E The LDAP registry server is down.

N/A AZN_S_FAILURE, ivacl_s_registry_client_memory_error ivacl_s_registry_client_memory_error HPDAC0777E LDAP Registry client returned a memory error.

MultipleDnFoundRgyException InvalidParametersRgyException AZN_S_FAILURE, ivacl_s_registry_client_bad_ldap_dn ivacl_s_registry_client_bad_ldap_dn HPDAC0772E The LDAP user registry client returned an error status for the specified DN.

N/A AZN_S_FAILURE, ivacl_s_registry_client_unavailable ivacl_s_registry_client_unavailable HPDAC0771E The user registry client is unavailable.

(null returned) AZN_S_FAILURE, ivauthn_invalid_username vauthn_invalid_username HPDIA0202W An unknown user name was provided to Security Verify Access.

PasswordSetInvalidRgy Exception AZN_S_U_PASSWORD_EXPIRED, 0 ivacl_s_azn_s_u_password_expired HPDAC1354E aznAPI User password expired.

AccountSetInvalidRgy Exception AZN_S_U_ACCOUNT_DISABLED, 0 ivacl_s_azn_s_u_account_disabled HPDAC1364E aznAPI Account Login is disabled.

ErrPolicyTodAccessDeniedRgyException AZN_S_U_TOD_ACCESS_DENIED, ivauthn_tod_denied ivauthn_tod_denied HPDIA0218W Authentication by user denied at this time of the day.

ErrPolicyAcctLockedOutRgyException AZN_S_U_ACCOUNT_LOCKEDOUT, 0 ivacl_s_azn_s_u_account_ lockedout HPDAC1366E aznAPI The user account is locked out.

ErrPolicyPwdTooShortRgy Exception AZN_S_U_PASSWORD_TOO_SHORT, 0 ivacl_s_azn_s_u_password_too_short HPDAC1367E aznAPI New password is too short.

ErrPolicyPwdHasSpacesRgyException AZN_S_U_PASSWORD_HAS_SPACES, 0 ivacl_s_azn_s_u_password_has_spaces HPDAC1368E aznAPI New password has illegal spaces.

ErrPolicyPwdTooManyRepeatedRgyException AZN_S_U_PASSWORD_TOO _MANY_REPEATED, 0 ivacl_s_azn_s_u_password_too_ many_repeated HPDAC1369E aznAPI New password has too many repeated characters.

ErrPolicyPwdTooFewAlphaRgyException AZN_S_U_PASSWORD_TOO _FEW_ALPHA, 0 ivacl_s_azn_s_u_password_ too_few_alpha HPDAC1370E aznAPI New password has too few alphabetic characters.

ErrPolicyPwdTooFewNonalpha RgyException AZN_S_U_PASSWORD_TOO _FEW_NONALPHA, 0 ivacl_s_azn_s_u_password_too_few_non_alpha HPDAC1371E aznAPI New password has too few non-alphabetic characters.

InsufficientAccessRgy Exception AZN_S_U_INSUFFICIENT _ACCESS, 0 ivacl_s_azn_s_u_insufficient_access HPDAC1372E aznAPI Caller does not have the permission to perform requested operation.

ErrPolicyAcctDisabledRgy Exception AZN_S_U_PASSWORD_ACCT _DISABLED, 0 ivacl_s_azn_s_u_password_tacct_disabled HPDAC1374W aznAPI This account is disabled due to too many failed login attempts.

ErrPolicyAcctLockedOutRgy Exception AZN_S_U_AUTHEN_FAILED _ACCT_LOCKEDOUT, 0 ivacl_s_azn_s_u_authen_failed_ acct_lockedout HPDAC1376E aznAPI User registry authentication failed; the user account has been locked due to too many failed login attempts.

ErrPolicyInvalidAcctDisabled RgyException AZN_S_U_AUTHEN_FAILED _ACCT_DISABLED, 0 ivacl_s_azn_s_u_authen_failed_ acct_disabled HPDAC1377E aznAPI User registry authentication failed; the user account has been disabled due to too many failed login attempts.

N/A AZN_S_FAILURE, rgy_s_ira_server_in_config_only_mode rgy_s_ira_server_in_config_ only_mode HPDRG0207W The LDAP server is an IBM Security Directory Server in configuration only mode. Security Verify Access cannot operate normally with the LDAP server in this mode.

NativePasswordExpiredRgyException (when ldap.enhanced-pwd-policy=true) AZN_S_FAILURE, ivauthn_ldap_password_expired (when [ldap] enhanced-pwd-policy = yes) ivauthn_ldap_password_expired HPDIA0237W Authentication failed. The account cannot be logged in because the password expired.

NativePasswordNoModRgyException (when ldap.enhanced-pwd-policy=true) AZN_S_FAILURE, ivauthn_ldap_password_no_mod (when [ldap] enhanced-pwd-policy = yes) ivauthn_ldap_password_no_mod HPDIA0318W The user does not have permission to modify their password.

NativePasswordTooYoungRgyException (when ldap.enhanced-pwd-policy=true) AZN_S_FAILURE, ivauthn_ldap_password_ too_young (when [ldap] enhanced-pwd-policy = yes) ivauthn_ldap_password_too_young HPDIA0320W The user cannot change their password until time period elapses after the previous change.

NativePassword InHistoryRgyException (when ldap.enhanced-pwd-policy=true) AZN_S_FAILURE, ivauthn_ldap_password_ in_history (when [ldap] enhanced-pwd-policy = yes) ivauthn_ldap_password_in_history HPDIA0322W The user is not permitted to use the new password as it was used recently.

NativeAccountLocked RgyException (when ldap.enhanced-pwd-policy=true) AZN_S_FAILURE, ivauthn_ldap_account_locked ivauthn_ldap_account_locked HPDIA0239W Authentication failed. The account is locked.

NativeAccountInactivated RgyException (when ldap.enhanced-pwd-policy=true) AZN_S_FAILURE, ivauthn_ldap_account_inactivated (when [ldap] enhanced-pwd-policy = yes) ivauthn_ldap_account_inactivated HPDIA0241W Authentication failed. The account is deactivated.

UnhandledRgyException and other RgyExceptions AZN_S_AZN_S_FAILURE, ivacl_s_registry_client_error ivacl_s_registry_client_error HPDAC0773E The LDAP user registry client returned an unexpected failure status.

WarningPassword ExpiresSoonRgy Exception (when ldap.enhanced-pwd-policy=true) N/A N/A N/A

Parent topic: Old and new API errors

RgyException	AZN API Error	AZN status code	AZN API Message
ServerDownRgyException	AZN_S_FAILURE, ivacl_s_registry_server_down	ivacl_s_registry_server_down	HPDAC0779E The LDAP registry server is down.
N/A	AZN_S_FAILURE, ivacl_s_registry_client_memory_error	ivacl_s_registry_client_memory_error	HPDAC0777E LDAP Registry client returned a memory error.
MultipleDnFoundRgyException InvalidParametersRgyException	AZN_S_FAILURE, ivacl_s_registry_client_bad_ldap_dn	ivacl_s_registry_client_bad_ldap_dn	HPDAC0772E The LDAP user registry client returned an error status for the specified DN.
N/A	AZN_S_FAILURE, ivacl_s_registry_client_unavailable	ivacl_s_registry_client_unavailable	HPDAC0771E The user registry client is unavailable.
(null returned)	AZN_S_FAILURE, ivauthn_invalid_username	vauthn_invalid_username	HPDIA0202W An unknown user name was provided to Security Verify Access.
PasswordSetInvalidRgy Exception	AZN_S_U_PASSWORD_EXPIRED, 0	ivacl_s_azn_s_u_password_expired	HPDAC1354E aznAPI User password expired.
AccountSetInvalidRgy Exception	AZN_S_U_ACCOUNT_DISABLED, 0	ivacl_s_azn_s_u_account_disabled	HPDAC1364E aznAPI Account Login is disabled.
ErrPolicyTodAccessDeniedRgyException	AZN_S_U_TOD_ACCESS_DENIED, ivauthn_tod_denied	ivauthn_tod_denied	HPDIA0218W Authentication by user denied at this time of the day.
ErrPolicyAcctLockedOutRgyException	AZN_S_U_ACCOUNT_LOCKEDOUT, 0	ivacl_s_azn_s_u_account_ lockedout	HPDAC1366E aznAPI The user account is locked out.
ErrPolicyPwdTooShortRgy Exception	AZN_S_U_PASSWORD_TOO_SHORT, 0	ivacl_s_azn_s_u_password_too_short	HPDAC1367E aznAPI New password is too short.
ErrPolicyPwdHasSpacesRgyException	AZN_S_U_PASSWORD_HAS_SPACES, 0	ivacl_s_azn_s_u_password_has_spaces	HPDAC1368E aznAPI New password has illegal spaces.
ErrPolicyPwdTooManyRepeatedRgyException	AZN_S_U_PASSWORD_TOO _MANY_REPEATED, 0	ivacl_s_azn_s_u_password_too_ many_repeated	HPDAC1369E aznAPI New password has too many repeated characters.
ErrPolicyPwdTooFewAlphaRgyException	AZN_S_U_PASSWORD_TOO _FEW_ALPHA, 0	ivacl_s_azn_s_u_password_ too_few_alpha	HPDAC1370E aznAPI New password has too few alphabetic characters.
ErrPolicyPwdTooFewNonalpha RgyException	AZN_S_U_PASSWORD_TOO _FEW_NONALPHA, 0	ivacl_s_azn_s_u_password_too_few_non_alpha	HPDAC1371E aznAPI New password has too few non-alphabetic characters.
InsufficientAccessRgy Exception	AZN_S_U_INSUFFICIENT _ACCESS, 0	ivacl_s_azn_s_u_insufficient_access	HPDAC1372E aznAPI Caller does not have the permission to perform requested operation.
ErrPolicyAcctDisabledRgy Exception	AZN_S_U_PASSWORD_ACCT _DISABLED, 0	ivacl_s_azn_s_u_password_tacct_disabled	HPDAC1374W aznAPI This account is disabled due to too many failed login attempts.
ErrPolicyAcctLockedOutRgy Exception	AZN_S_U_AUTHEN_FAILED _ACCT_LOCKEDOUT, 0	ivacl_s_azn_s_u_authen_failed_ acct_lockedout	HPDAC1376E aznAPI User registry authentication failed; the user account has been locked due to too many failed login attempts.
ErrPolicyInvalidAcctDisabled RgyException	AZN_S_U_AUTHEN_FAILED _ACCT_DISABLED, 0	ivacl_s_azn_s_u_authen_failed_ acct_disabled	HPDAC1377E aznAPI User registry authentication failed; the user account has been disabled due to too many failed login attempts.
N/A	AZN_S_FAILURE, rgy_s_ira_server_in_config_only_mode	rgy_s_ira_server_in_config_ only_mode	HPDRG0207W The LDAP server is an IBM Security Directory Server in configuration only mode. Security Verify Access cannot operate normally with the LDAP server in this mode.
NativePasswordExpiredRgyException (when ldap.enhanced-pwd-policy=true)	AZN_S_FAILURE, ivauthn_ldap_password_expired (when [ldap] enhanced-pwd-policy = yes)	ivauthn_ldap_password_expired	HPDIA0237W Authentication failed. The account cannot be logged in because the password expired.
NativePasswordNoModRgyException (when ldap.enhanced-pwd-policy=true)	AZN_S_FAILURE, ivauthn_ldap_password_no_mod (when [ldap] enhanced-pwd-policy = yes)	ivauthn_ldap_password_no_mod	HPDIA0318W The user does not have permission to modify their password.
NativePasswordTooYoungRgyException (when ldap.enhanced-pwd-policy=true)	AZN_S_FAILURE, ivauthn_ldap_password_ too_young (when [ldap] enhanced-pwd-policy = yes)	ivauthn_ldap_password_too_young	HPDIA0320W The user cannot change their password until time period elapses after the previous change.
NativePassword InHistoryRgyException (when ldap.enhanced-pwd-policy=true)	AZN_S_FAILURE, ivauthn_ldap_password_ in_history (when [ldap] enhanced-pwd-policy = yes)	ivauthn_ldap_password_in_history	HPDIA0322W The user is not permitted to use the new password as it was used recently.
NativeAccountLocked RgyException (when ldap.enhanced-pwd-policy=true)	AZN_S_FAILURE, ivauthn_ldap_account_locked	ivauthn_ldap_account_locked	HPDIA0239W Authentication failed. The account is locked.
NativeAccountInactivated RgyException (when ldap.enhanced-pwd-policy=true)	AZN_S_FAILURE, ivauthn_ldap_account_inactivated (when [ldap] enhanced-pwd-policy = yes)	ivauthn_ldap_account_inactivated	HPDIA0241W Authentication failed. The account is deactivated.
UnhandledRgyException and other RgyExceptions	AZN_S_AZN_S_FAILURE, ivacl_s_registry_client_error	ivacl_s_registry_client_error	HPDAC0773E The LDAP user registry client returned an unexpected failure status.
WarningPassword ExpiresSoonRgy Exception (when ldap.enhanced-pwd-policy=true)	N/A	N/A	N/A