AG messages
CSIAG0101E The required parameter [parameterName] is missing or invalid.
Explanation
The specified parameter was not provided, or the value is invalid.
Action
Specify the correct value for the parameter in the error message and resubmit the request.
CSIAG0102E An unexpected response was received from the third-party server. Cannot parse the result. The third-party server response was [parameterName].
Explanation
The third-party server might be undergoing temporary maintenance that caused it to return an unexpected response.
Action
Try again later. If the problem persists, contact your system administrator.
CSIAG0103E Cannot retrieve the resource from the third-party server.
Explanation
The configuration might not be valid, or the third-party server might be experiencing problems.
Action
Try again later. If the problem persists, contact your system administrator.
CSIAG0104E The identity provider did not return the authorization code. The response from the third party server was [parameterName].
Explanation
The login did not complete or the third-party server configuration might be wrong.
Action
Try again later. If the problem persists, contact your system administrator.
CSIAG0105E An error occurred while mapping the user profile information provided by social site to productName.
Explanation
The third-party server might not have all the required information about the user's identity.
Action
At identity provider side, administrator should configure all the user attributes required for the federation. You can try again later. If the problem persists, contact your system administrator.
CSIAG0107E The specified login URL is invalid.
Explanation
The specified login URL is invalid.
Action
Ensure that the login URL is valid.
CSIAG0109E The required property [propertyName] is missing or invalid.
Explanation
The specified property is not provided, or the value is invalid.
Action
Ensure that the specified property is included in the login handler configuration.
CSIAG0111E Cannot process the login request. The required attribute [attributeName] is missing or invalid. The identity must contain the following attributes [attributeList].
Explanation
The rule for mapping the user identity might be wrong.
Action
Configure the mapping rule so it provides all the required user attributes.
CSIAG0112E Cannot process the login request. The user principal is missing or invalid.
Explanation
The rule for mapping the user identity might be wrong.
Action
Configure the mapping rule so it provides a valid user principal.
CSIAG0130E No login methods are configured.
Explanation
No login methods are configured.
Action
Configure the identity sources. Refer to the AuthBroker Management REST APIs.
CSIAG0131E Error retrieving the access token from the identity provider. The response from the third-party server is [parameterName]. The configuration might not be valid, or the third-party server might be experiencing problems.
Explanation
The configuration might not be valid, or the third-party server might be experiencing problems.
Action
Try again later. If the problem persists, contact your system administrator.
CSIAG0132E Cannot process the login request. The login page was idle for too long, or the session is invalid.
Explanation
The session is expired, or the login page was idle for too long.
Action
Restart the login process by using the correct URL.
CSIAG0133E A required parameter is missing or invalid. The request requires either [parameterName] or [parameterName] or [parameterName] is provided.
Explanation
A required parameter was not provided, or the value is invalid.
Action
Specify the correct value for the parameter in the error message and resubmit the request.
CSIAG0136E Unable to process the login request. Selected login method may not be configured correctly.
Explanation
The configuration of selected identity source for login may not be found or it may not be configured correctly.
Action
Ensure that the identity source and its properties are configured correctly. Confirm the configuration using the AuthBroker's Management REST APIs. Retry the login after recreating the misconfigured identity sources.
CSIAG0137E Unable to process the login request. User [parameterName] is not authorized to access this resource.
Explanation
The user attempting to access the service is not authorized.
Action
Ensure that the user has sufficient entitlements to access the resource.
CSIAG0138E Unable to process the login request. Failed to retrieve user [parameterName] from the service registry.
Explanation
The process to retrieve the user to validate access to the service failed.
Action
Try again later. If the problem persists, contact your system administrator.
CSIAG0139E Unable to process the login request. The reason for failure is as follows: [ parameterName ].
Explanation
This error might happens due to multiple reasons. Few of the reasons could be a) invalid state, b) unexpected or inconsistent data, c) non-reachability to other infrastructure elements, etc. Consider the reason provided in the error for more information.
Action
Try again later. If the problem persists, contact your system administrator.
CSIAG0140E Unable to process the login request. Failed to fetch the trigger URL for this identity source.
Explanation
The identity source properties could not be fetched from backend data store.
Action
Do the healthcheck and ensure that backend data stores (DB and Zookeeper) are up and running.
CSIAG0141E Unable to process the login request. Failed to fetch the tenant's state from cache; it might have expired due to inactivity.
Explanation
Session might be idle for long time. The tenant's state cache is short-lived, so it will be removed automatically from the data store after 5 minutes.
Action
Retry the login request.
CSIAG0142E Unable to process the login request. User [parameterName] is not an active user.
Explanation
The user attempting to access the service is not an active user.
Action
Ensure that the user is active and sufficient entitlements are provided to access the resource.
CSIAG0143E Unable to process the login request. Invalid identity source ID [parameterName] included in the request parameter [parameterName].
Explanation
This happens when administrator a. configured the app with disabled or non-existing identity source, or b. disables or removes the identity source configured for the app, later.
Action
Ensure that the identity source configuration for the apps is valid; the identity source must be existing and enabled.
CSIAG0144E Unable to process the login request. Invalid value specified for parameter [parameterName]. Valid values are: [parameterName]
Explanation
The request included a parameter with unsupported value. Only supported values will be accepted.
CSIAG0145E The logout request is invalid. The login provider cannot be determined.
Explanation
For logout processing, it need to know which login provider established the current session. Either the logout request URL should explicitly mention the provider to be logged out or the user session need to provide the provider details. Another possibility could be that it's a repeat request after the user session has already been flushed and invalidated.
Action
Ensure that the logout URL is valid.
CSIAG0146E Invalid logout request. Unsupported provider for this tenant.
Explanation
The logout request mentioned the provider that is not configured by tenant.
Action
Ensure that the logout URL is valid.
CSIAG0147E Administrator has not defined any authentication method to access this application. Contact your administrator.
Explanation
Administrator has disabled the authentication method to access the application.
Action
Ensure that valid authentication method is configured to access the application.
CSIAG0148E Unable to process the login request. The login provider specified by parameter [parameterName] is not allowed.
Explanation
The request included the provider that is allowed only for SP-initiated login flows. Social logins using IdP-initiated flows are not allowed.
CSIAG0149E The system can't process the login request because the identity linking cannot be performed. Either the user is inactive or doesn't exist in the linked identity source.
Explanation
When identity linking is enabled, the user must exist and it must be active; otherwise, the JIT provisioning process cannot perform the identity linking.
CSIAG0150E The social JWT was invalid.
Explanation
A social JWT was not found in the request or the JWT did not contain the required claims.
Action
Retry the request with a correctly formatted JWT.
CSIAG0151E An error occurred while generating an access token for the requested identity.
Explanation
An internal error prevented successful access token configuration.
Action
Try again later. If the problem persists, contact your system administrator.
CSIAG0152E The requested identity provider was not recognized.
Explanation
The value of the plat claim in the social JWT does not match any known identity providers.
Action
Retry the request with a valid identity provider.
CSIAG0153E The requested identity provider is disabled.
Explanation
The requested identity provider is configured, but the administrator has not allowed it to be used for authentication.
Action
Retry the request with a valid identity provider.
CSIAG0154E The requested identity provider is not a social identity provider.
Explanation
Only access tokens from a social identity provider may be exchanged.
Action
Retry the request with a valid identity provider.
CSIAG0155E The provided access token is invalid or expired.
Explanation
The access token could not be verified with the identity provider because it was invalid or expired.
Action
Retry the request with a valid access token.
CSIAG0156E The JWT issuer does not match the issuer configured on the identity source.
Explanation
Only JWTs issued by the required issuer may be exchanged.
Action
Retry the request with a JWT issued by the correct issuer.
CSIAG0157E The JWT is missing the required claim [claimName].
Explanation
All required claims must be included in the JWT.
Action
Retry the request with a JWT containing all of the required claims.
CSIAG0158E An invalid value was specified for the [claimName] claim. Valid claim values include [validValues].
Explanation
All required claims must be included in the JWT.
Action
Retry the request with a JWT containing all of the required claims.
CSIAG0159E The user state for state_id: [state_id] could not be found. The state_id may be invalid or expired.
Explanation
The state_id is invalid or expired
Action
Retry the request with a JWT containing a valid state_id.
CSIAG0160E Unable to retrieve Apple ID verification text. The identity source may not be configured properly, or may not exist.
Explanation
The identity source properties could not be fetched from backend data store.
Action
Run a healthcheck and ensure that the backend stores, DB and Zookeeper, are operating. Verify that the identity provider is configured correctly.
CSIAG0161E Internal service error.
Explanation
The identity source properties could not be fetched from backend data store.
Action
Run a healthcheck and ensure that the backend data stores, DB and Zookeeper, are operating.
CSIAG0162E Internal service error.
Explanation
The identity source properties could not be fetched from backend data store due to an SQL Exception.
Action
Double check that the SQL query is working properly.
CSIAG0163E You must enter a valid phone number.
Explanation
The phone number provided is not valid
Action
Check that the phone number is correct.
CSIAG0164E Enter the one-time password.
Explanation
The one-time password was not provided
Action
Check that the one-time password is correct.
CSIAG0165E An error occurred sending the one-time password. [err]
Explanation
The one-time password could not be sent to the phone number entered
Action
Check that the phone number is correct.
CSIAG0166E An error occurred validating the one-time password. Check that the password is correct.
Explanation
The one-time password may be incorrect.
Action
Check that the one-time password is correct.
CSIAG0167E The certificate used to verify the signed JWT is not set in the identity source configuration.
Explanation
The certificate used to verify the signed JWT is not set in the identity source configuration.
Action
Set the certificate in the identity source configuration.
CSIAG0168E The system cannot process the request because the response body that was returned from the request to MDM Broker was empty.
Explanation
The response body from the MDM Broker request must contain content.
Action
Check the health of the MDM Broker service.
CSIAG0169E The system cannot process the request because it was unable to delete this identity source instance. The device managers with the names and IDs [deviceMgrs] are linked to it. To delete this identity source instance, remove the links with these device managers.
Explanation
All links to a device manager on the MDM Broker service must be removed before an identity source instance can be deleted.
Action
Remove the link to the device manager and retry the operation.
CSIAG0170E The system cannot process the login request. The required user attribute [principalAttr] is missing or invalid. Verify that the user's permissions allow access to this attribute from the identity source.
Explanation
The rule for mapping the user identity might be wrong or the user might not have their prermissions set properly on the identity source.
Action
Verify that the user has their permissions set properly on the identity source. If their settings are correct, configure the mapping rule so that it provides a valid user principal.
CSIAG0171E The system can’t process the login request because a user attribute constraint error occurred. The constraint violation is "constraintViolation".
Explanation
During identity linking to the Cloud Directory identity source, a constraint on the user data that is used for just-in-time provisioning of the user was violated.
CSIAH0601E An internal error occurred in the Authentication Service.
Explanation
Cannot process the current request because of an internal error.
Action
Check the log file for more information about the cause of the problem.
CSIAH0602E The enrolled authentication method with ID [id] does not exist.
Explanation
The authentication method with the specified ID does not exist or was processed.
Action
Specify correct ID.
CSIAH0603E The specified access token cannot access the requested resource.
Explanation
Only the owner of the access token or authorized clients can access the requested resource.
Action
Specify correct access token.
CSIAH0604E The request is invalid: [message]
Explanation
Cannot process the request; the request body contains invalid JSON.
Action
Specify correct JSON.
CSIAH0609E The authentication mechanism with type [type] is not enabled.
Explanation
The authentication mechanism was disabled.
Action
Ensure that correct mechanisms are enabled.
CSIAH0610E Only one TOTP enrollment per user is permitted. Attempt to modify the TOTP enrollment instead of creating a new one.
Explanation
No additional information is available for this message.
Action
No action is available for this message.
CSIAH0611E The access token included in the request was not valid.
Explanation
The access token included in the request is not valid.
Action
Ensure that the correct access token is specified for the request.
CSIAH0612E The request failed because the request body contains improperly structured JSON.
Explanation
The request could not be processed because the request body contains malformed or improperly structured JSON.
Action
Ensure that request body contains the appropriately structured JSON for the requested action.
CSIAH0613E The JSON property [key] received an invalid type. The expected type was [type].
Explanation
The request cannot be processed because the request body contains invalid JSON.
Action
Ensure that request body contains the appropriately structured JSON for the requested action.
CSIAH0614E The required JSON property [key] is missing or invalid.
Explanation
The request cannot be processed because the request body contains invalid JSON.
Action
Ensure that request body contains the appropriately structured JSON for the requested action.
CSIAH0615E The value for the pagination query parameter [param] was either non-numeric, less than 0, or greater than 1000. The query parameter sent in the request for [param] was [value]. Enter a numeric value between 0 and 1000 and try again.
Explanation
No additional information is available for this message.
Action
Consult the Maintenance and Problem Determination Guide for suggestions for assessing system health.
CSIAH0616E Invalid value for the sort query parameter. Each attribute must start with either '+' or '-', and multiple attributes must be comma separated. The query parameter sent in the request was [value]. Enter a value that follows the required format and try again.
Explanation
No additional information is available for this message.
Action
Consult the Maintenance and Problem Determination Guide for suggestions for assessing system health.
CSIAH0617E The service does not exist or is disabled.
Explanation
The tenant does not exist or is disabled.
Action
Ensure that tenant exist and alsed enabled.
CSIAH0618E One or more of the requested patch operations failed.
Explanation
The patch supplied with the request was not completed successfully.
Action
Ensure that all patch objects specified for the request are correct.
CSIAH0619E The authentication attempt for the method [method] failed.
Explanation
The verification request was not completed successfully.
Action
Ensure that all verification attributes specified for the request are correct.
CSIAH0622E Invalid value for the search query parameter. Valid operators for strings are =, !=. Valid operators for booleans are = and !=. Valid operators for numbers are >=, >, <=, <, = and !=. String search values must be double quoted, numbers and booleans must not. The query parameter sent in the request was [value]. Enter a value that matches the required format and try again.
Explanation
No additional information is available for this message.
Action
Consult the Maintenance and Problem Determination Guide for suggestions for assessing system health.
CSIAH0623E Invalid value for the filter query parameter. Valid formats are either inclusive only or exclusive only. Multiple attributes must be comma separated. The query parameter sent in the request was [value]. Enter a value that matches the required format and try again.
Explanation
No additional information is available for this message.
Action
Consult the Maintenance and Problem Determination Guide for suggestions for assessing system health.
CSIAH0624E The request to create the enrollment [value] failed.
Explanation
An internal error occurred.
Action
Check your request to ensure the correct parameters have been supplied.
CSIAH0625E The request to create the transaction [value] failed.
Explanation
An internal error occurred.
Action
Check your request to ensure the correct parameters have been supplied.
CSIAH0626E The transaction [value] cannot be found.
Explanation
The query parameter value passed in the request was not valid.
Action
Check to make sure the transaction id exists in the query string.
CSIAH0627I The OTP was set for the enrollment, but the OTP was not delivered to the user.
Explanation
The OTP was not delivered because the delivery method has been disabled by the administrator.
Action
The request was successful.
CSIAH0628I The OTP was set for the enrollment and successfully sent.
Explanation
The message containing the OTP was successfully sent to the enrolled delivery address.
Action
The request was successful.
CSIAH0629E The delivery attribute value provided was empty or null.
Explanation
The delivery attribute value provided was empty or null.
Action
The request was rejected.
CSIAH0630I Here is your OTP: value-value
Explanation
The OTP delivery text.
Action
The request was successful.
CSIAH0631E The request to create the transaction [value] failed. The enrollment must be validated before transactions can be created.
Explanation
The validation transaction must be completed before normal transaction verification can be used.
Action
Complete the validation step.
CSIAH0632E The request to create the transaction failed. The attempt to deliver the OTP failed.
Explanation
The delivery failed when attempting to send the OTP.
Action
The request was rejected.
CSIAH0633E The request for verification failed. The transaction [value] has exceeded the allowable maximum attempts.
Explanation
Verification failed due to maximum attempts limit.
Action
The request was rejected.
CSIAH0634E The request for verification failed. The transaction [value] has previously been completed.
Explanation
Verification failed due to transaction being previously completed.
Action
The request was rejected.
CSIAH0635E The authentication attempt for the method [method] failed. The provided enrollment is disabled.
Explanation
The verification request was not completed successfully.
Action
Ensure that all verification attributes specified for the request are correct.
CSIAH0636E The resource [value] cannot be found.
Explanation
The requested resource could not be found.
Action
Check to make sure the resource exists.
CSIAH0637E The request either provided no authentication or the authentication was unsuccessful.
Explanation
The authentication provided by the request failed.
Action
Check your request authentication.
CSIAH0638E The authenticated user is not permitted to perform the requested operation.
Explanation
The operation requires elevated permissions.
Action
Check your allocated permissions.
CSIAH0639E The request has been accepted and was successful.
Explanation
Action
CSIAH0640E None of the permitted authentication factors are configured.
Explanation
Users must enroll for least one of the authentication factors that are enabled on the tenant before using second-factor authentication.
Action
Configure at least one authentication factor and try again.
CSIAH0641E The value for the [header] header that is required for this function was missing or invalid.
Explanation
Users must provide all required headers for the function.
Action
Correct or add the value for the header and resubmit the request.
CSIAH0642E The system could not find the tenant that was specified in the request.
Explanation
Either the tenant name that was provided was entered incorrectly or it does not exist.
Action
Ensure that the tenant name was entered correctly or specify a different tenant name and resubmit the request.
CSIAH0643E The system cannot process the request because no access token was found in the request. An access token must be present in either the 'Authorization' HTTP header or in the query parameter 'access_token'.
Explanation
The request must contain an access token.
Action
Ensure that the access token is present in either the 'Authorization' HTTP header or in the query parameter 'access_token'.
CSIAH0644E The system cannot process the request because the redirect_url specified is not allowed.
Explanation
The request parameter redirect_url must must be in the configured list of allowed redirect URLs.
Action
Configure the redirect_url in the list of allowed redirect URLs.
CSIAG0500E The request does not contain syntactically correct JSON.
Explanation
The request must contain syntactically correct JSON before it can be processed.
Action
Provide a valid JSON body. You can validate the JSON using online tools.
CSIAG0501E A tenant with the identifier [id] does not exist.
Explanation
Tenant with the specified identifier does not exist.
Action
Provide a valid tenant ID.
CSIAG0502E Tenant with identifier [id] already exists. Specify a different identifier.
Explanation
Tenant with the specified identifier already exists.
Action
Provide a non-existent tenant ID.
CSIAG0503E The tenant identifier [id] is invalid. Ensure that it is not empty, and contains only characters from the following set [characters].
Explanation
Tenant identifier must contain only the allowed characters.
Action
Specify one or more characters from the character set that is listed in the message.
CSIAG0504E The system cannot load or locate the schema file: [schemaPath]
Explanation
A configuration schema is required. Either the schema does not exist, or is incorrectly specified, or an internal error occurred.
Action
Verify that the schema is configured and called correctly.
CSIAG0505E The value [value] of the property [key] is too long. The limit is [limit].
Explanation
All property values must be within the specified character length limitation.
Action
Provide a property value that is less than or equal to the limit.
CSIAG0506E The mapping of the idsName attribute [idsAttr] to productName attribute [ciAttrId (ciAttr)] is not valid. The valid mapping is the idsTypeName attribute name [correctIdsName] to the productName2 attribute ID [correctCiAttrId (correctCiAttr)].
Explanation
Predefined mappings cannot be changed.
Action
Provide a correct attribute mapping for this identity source type.
CSIAG0507E The attribute mapping Just In Time Provisioning option value [option] is not valid. Valid values are [validvalues].
Explanation
Predefined option values must be used.
Action
Provide a valid jitp option.
CSIAG0508E The productName attribute ID [badId] is not a valid mapping for the idsName1 attribute name [idsName]. The allowed productName2 attribute IDs for this idsName2 attribute name are [id].
Explanation
Predefined attribute IDs must be used.
Action
Provide a valid attribute ID.
CSIAG0509E The property [prop] must be a boolean value of either 'true' or 'false'
Explanation
A boolean value must be specified.
Action
Provide a boolean value.
CSIAG0510E The attribute combination of productName attribute ID [id] and idsName attribute name [idsAttrName] are not valid.
Explanation
A valid attribute ID and Identity source attribute name must be specified.
Action
Provide a valid combination.
CSIAG0600E Creation of database connection failed. Check the database configuration and network connectivity to the database server.
Explanation
The database connection could not be created.
Action
Ensure that the database is configured correctly. Also check that the network connectivity to the database server is available.
CSIAG0601E A database error occurred.
Explanation
An unrecoverable database error occurred.
Action
Do the health check of AuthBroker service to confirm a good database connectivity. More details about the error can be found from logs.
CSIAG0602E The update of the resource [ name ] failed.
Explanation
A database exception occurred during the update operation of the resource.
Action
Ensure that the database is running correctly. More details about the error can be found from logs.
CSIAG0603E The delete of the resource failed.
Explanation
A database exception occurred during the delete operation of the resource.
Action
Ensure that the database is running correctly. More details about the error can be found from logs.
CSIAG0604E The delete failed because the resource cannot be found.
Explanation
The specified resource was not found during the delete operation.
Action
Verify that the resource exist.
CSIAG0605E The retrieval failed because the resource cannot be found.
Explanation
The specified resource was not found during the get operation.
Action
Verify that the resource exists. More details about the error can be found from logs.
CSIAG0606E The retrieval of the [ resourceType ] resources failed.
Explanation
The specified resource type was not found during the retrieval operation.
Action
Verify that correct type of resource has been queried. More details about the error can be found from logs.
CSIAG0607E The creation of the [ resourceType ] resources failed.
Explanation
There was either a key violation or an internal server error during the create operation.
Action
Contact your system administrator regarding the database exception. More details about the error can be found from logs.
CSIAG0608E The generation of an ID from the KEYS table for resource type [ resourceType ] failed.
Explanation
There was an internal server error during the creation of the resource ID.
Action
More details about the error can be found from logs.
CSIAG0609E The value [ constraintValue ] for [ constraintName ] already exists.
Explanation
The creation or update of the resource failed because of unique constraint on the resource. A value within your request, that is required to be unique, already exists.
Action
Specify a different value for the resource constraint.
CSIAG0610E The database connection failed.
Explanation
Unable to establish connection to database. There might be a problem with database configuration.
Action
Verify that the database is configured correctly. Also check the data source configuration and the help information for your database.
CSIAG0611E The value [ value ] for [ propertyName ] is not valid. Valid values are: validValues
Explanation
The specified value is not valid.
Action
Provide a valid property value. Ensure that you are using the allowed values for this property.
CSIAG0612E The action: action failed because the resource [ resource ] was not found.
Explanation
The requested action on the specified resource could not be completed because the resource was not found.
Action
Ensure that the resource and action requested are valid.
CSIAG0613W The update failed because the resource was not found.
Explanation
The requested action on the specified resource could not be completed because the resource was not found.
Action
Ensure that the resource and action requested are valid.
CSIAG0614W You already have a configured identity source type. Only one configured instance is allowed per identity source type except for a SAML Enterprise identity source type, which can have multiple instances.
Explanation
The requested action on the specified resource could not be completed because the specified identity source type is already configured. Only one configured instance is allowed per identity source type except for a SAML Enterprise identity source type.
Action
Ensure that the resource and action requested are valid.
CSIAG0615W The system can't process the request because instance name [] is already used by another identity source.
Explanation
Duplicate instance names are not allowed for identity sources in IBM Cloud Identity.
Action
Select a different name for the identity source and resubmit the request.
CSIAG0616E The file import failed.
Explanation
The file import failed. This can occur if the file does not exist, there are access permissions either at the source or destination, or because there was an I/O error.
Action
Ensure that the file exists, that access permissions are set properly, and that there is sufficient space to import the file. More details about the error can be found from logs.
CSIAG0617E The filter string was empty.
Explanation
The filter query parameter had an empty value.
Action
Provide the valid content for the value of the filter field.
CSIAG0618E The filter format was invalid. Filters should be in the format of supportedValues .
Explanation
An invalid filter syntax was used.
Action
Use supported format for filtering.
CSIAG0619E No matching field name for [ jsonFieldName ] was found.
Explanation
An invalid filter syntax was used.
Action
Use supported format for filtering.
CSIAG0620E The filter function: function was not valid. Supported functions are: supportedFunctions .
Explanation
An invalid filter type was used.
Action
Use supported format for filtering.
CSIAG0623E The value [ uri ] was not a valid URI.
Explanation
The requested value was not a valid URI.
Action
Provide a valid URI.
CSIAG0624E The value [ value ] was not valid.
Explanation
The specified value was not valid.
Action
Provide a valid value.
CSIAG0625E The value [ value ] for [ propertyName ] is not valid.
Explanation
The specified value is not valid.
Action
Provide a valid value.
CSIAG0626E The value for [propertyName] is missing.
Explanation
A required property value is missing.
Action
Provide the required property value.
CSIAG0627E The value [value] for [propertyName] is too long. The name must not exceed [maxLength] characters.
Explanation
The length of the string for the property is too long.
Action
Specify a shorter length string.
CSIAG0628E The value entered for the pagination query parameter [start] was either non-numeric or less than 0. The query parameter sent in the request for 'start' was [start].
Explanation
The query parameter value passed in the request was not valid.
Action
Ensure that the value is a valid integer.
CSIAG0629E The value entered for the pagination query parameter [count] was either non-numeric or less than 0. The query parameter sent in the request for 'count' was [count].
Explanation
The query parameter value passed in the request was not valid.
Action
Provide a valid integer value.
CSIAG0630E No matching field name for [jsonFieldName] was found. Valid filter field values for this resource are [validFields].
Explanation
An invalid filter syntax was used.
Action
Use supported format for filtering and specify a valid filter field.
CSIAG0631E The action: Import Metadata failed because the metadata file or federation role was invalid.
Explanation
The metadata file import failed. This can occur if the file was not a valid import file or federation role was invalid.
Action
Provide a valid metadata file. Ensure that the metadata XML is UTF-8 encoded. More details about the error can be found from logs.
CSIAG0636E Failed to import metadata. The metadata input has a syntax error.
Explanation
Syntax errors and missing required tags in the metadata can cause this failure.
Action
Take the following actions: Provide a valid metadata file. Ensure that the metadata XML is UTF-8 encoded. Check the logs for more information.
CSIAG0637E The action: Import Metadata failed because IDPSSODescriptor is not found in the metadata file.
Explanation
The metadata file import failed. This can occur if there is no IDPSSODescriptor in the metadata file.
Action
Provide a valid metadata file. Ensure that the metadata XML is UTF-8 encoded and a mandatory IDPSSODescriptor tag is included.
CSIAG0638E The action: Import Metadata failed because the metadata file either does not have KeyDescriptor of type signing or signing key value was empty.
Explanation
The metadata file import failed. This can occur if there was no IDPSSO-KeyDescriptor of type signing in the metadata file.
Action
Provide a valid metadata file. Ensure that the metadata XML includes a mandatory signing KeyDescriptor.
CSIAG0640E The identity source with ID id was not updated.
Explanation
An error occurred while the identity source was being updated.
Action
Check the REST API for appropriate identity source specifications.
CSIAG0641E [ value ] is not a valid [ property ].
Explanation
An invalid value was passed in for this property.
Action
Resend the JSON payload with the valid property value.
CSIAG0642E An internal server error occurred.
Explanation
This happens when something is unexpected.
Action
More details about the error can be found from logs.
CSIAG0643E The property [ property ] has a syntax error in the regular expression pattern.
Explanation
A regular expression pattern was entered that was invalid.
Action
Correct the regular expression or use the valid regular expression patterns.
CSIAG0645E The delete identity source operation failed because the SAML partner could not be deleted.
Explanation
An error occurred while deleting the SAML identity provider partner.
Action
Check if SAML service is running and it is reachable. Retry the operation after some time. More details about the error can be found from logs.
CSIAG0650E A realm value is required. It cannot be empty and the value must be unique.
Explanation
Realm is required because it is used to distinguish users from multiple identity sources that have the same user name.
Action
Provide a unique realm value for the SAML identity source.
CSIAG0651E The realm value contains invalid characters. Use only alphanumeric and any of these special characters (separated by space): validValues
Explanation
No additional information is available for this message.
Action
Consult the Maintenance and Problem Determination Guide for suggestions for assessing system health.
CSIAG0652E The realm value is already used by [ validValues ]. Provide a different value. It must be unique across all configured identity sources under your subscription.
Explanation
The realm value must be unique across the identity sources that are configured within the subscription because its purpose is to distinguish users from multiple identity sources that have the same user name.
Action
Provide a different realm value that is not yet assigned to any configured identity source.
CSIAG0653E Unable to establish a trusted communication between Cloud Identity and the application service provider because the service provider metadata cannot be downloaded. This error might be a temporary problem. Exit the UI, log in, and try the procedure later. If the problem persists, the error has no recovery option that you can take. Contact your Support team for assistance.
Explanation
Trust between Cloud Identity and the application service provider is established when the identity provider and the service provider exchange metadata information. Metadata content includes certificates for SSL communication between the two parties involved in federation. There are multiple possible reasons that can cause the download of the service provider metadata to fail. Among these reasons are: • Network issues • DB2 / Zookeeper issues • SAML fully loaded • SAML down • SAML not fully functional because of DB2 / Zookeeper connection issues, etc.
Action
This error might be a temporary problem. Exit the UI, log in, and try the procedure later. If the problem persists, the error has no recovery option that you can take. Contact your Support team for assistance. Ensure that SAML service is up and running. Do the health check for SAML service.
CSIAG0654E Unable to connect and fetch a response data from the SAML REST API because of a connection timeout. This error might be a temporary problem. If the problem persists, the error has no recovery option that you can take. Contact your Support team for assistance.
Explanation
The SAML service might be experiencing a lot of network traffic and as such cannot take more calls. The SAML service memory footprint might have also increased.
Action
This error might be a temporary problem. If the problem persists, the error has no recovery option that you can take. Contact your Support team for assistance.
CSIAG0655E The specified realm value is reserved. It has been used with wrong identity source type. validValues is reserved for Cloud Directory. validValues is reserved for IBMid. Specify a different realm value.
Explanation
The realm value can be any unique name that you assign to an identity source. Certain identity source types have fixed realm values that you cannot use in other types of identity sources.
Action
Specify a different realm value for this identity source.
CSIAG0656E One or more configuration value in the payload is invalid.
Explanation
The configuration provided for the update in payload is invalid.
Action
Send correct configuration in payload.
CSIAG0657E Unable to retrieve configuration or determine default values for configuration.
Explanation
Unable to retrieve the configuration from zookeeper or unable to retrieve default values from database.
Action
Ensure zookeeper and DB are connected.
CSIAG0658E The value [ value ] for [ propertyName ] is not valid. Use only alphanumeric characters and any of these special characters: validValues. The value must also start with an alphabet character.
Explanation
The specified value does not comply with the guidelines.
Action
Follow the guidelines when you provide a new value.
CSIAG0659E The system cannot delete id because it is used as the IBM MaaS360 default identity source. Change the assigned identity source for IBM MaaS360 and try again.
Explanation
The system cannot delete the identity source as it is used as the IBM MaaS360 default identity source.
Action
Change the default identity source before deleting this identity source.
CSIAG0660E The system cannot disable id because it is used as the IBM MaaS360 default identity source. Change the assigned identity source for IBM MaaS360 and try again.
Explanation
The system cannot disable the identity source as it is used as the IBM MaaS360 default identity source.
Action
Change the assigned identity source for IBM MaaS360 and try again.
CSIAG0661E The system cannot disable [id] because it is the only identity source that is enabled for the admin user login. There must be at least one enabled identity source for the admin to sign in. Configure and enable another identity source for the admin before you disable [id].
Explanation
If only one identity source is enabled, it becomes the default sign-in option for the user. There must be at least one identity source that is enabled for the admin to sign in.
Action
Configure and enable another identity source for the admin before you disable this identity source.
CSIAG0662E The system cannot delete [id] because it is the only identity source that is enabled for the admin user login. There must be at least one enabled identity source for the admin to sign in. Configure and enable another identity source for the admin before you delete [id].
Explanation
If only one identity source is enabled, it becomes the default sign-in option for the user. There must be at least one identity source that is enabled for the admin to sign in.
Action
Configure and enable another identity source for the admin before you delete this identity source.
CSIAG0663E Use the reserved realm value for this identity source type. validValue1 is reserved for Cloud Directory. validValue2 is reserved for IBMid.
Explanation
Cloud directory and IBMid identity sources are assigned with reserved realm values that you must use correctly.
Action
Use the reserved realm value for this identity source type.
CSIAG0664E Cloud Directory cannot be deleted because it is a reserved identity source that can be deleted only when the tenant is deleted. You can choose to delete some other identity source instead.
Explanation
Cloud Directory is a reserved identity source that is automatically configured when the tenant is created. You can delete the cloud directory identity source only if you delete the tenant.
Action
Do not attempt to delete a cloud directory. You can choose to delete some other identity source instead.
CSIAG0671E Cannot create an identity source instance of type LDAP Pass-Through because tenant do not have subscription to MDM plan.
Explanation
In order to create an instance of LDAP Pass-Through identity source, first the tenant need to subscribe to MDM plan. LDAP Pass-Through type of identity source is meant only for MaaS customers.
Action
Subscribe to MDM plan and retry again.
CSIAG0673E The system cannot delete id because it is used as a sign-in option for one or more applications. To delete it, the identity source must not be assigned to any application.
Explanation
An identity source cannot be deleted if it is already set as an option for users to sign in to an application because it might cause disruptions to the user's sign-in experience.
Action
Remove the identity source as a sign-in option from the affected applications.
CSIAG0674E The system cannot complete the request because of an internal error. This error might be a temporary problem. Contact your Support team to investigate and fix the error.
Explanation
The request is valid. There is no problem with your browser, device or Internet connection. The server cannot connect to the Application Access microservice because of an undetermined or unconfirmed cause. The server might be low or out of memory, misconfigured, or encountered a database or network issue on its side. This error might be a temporary problem or might require further assistance.
Action
Access Kibana and examine the log entries from the authbrokermgmt_authbroker_mgmt_1 container at the time the request was processed. Use the Health check APIs to verify that the authbroker_mgmt and application_access services are up and running.
CSIAG0675E Invalid value [id] for [id]. Valid type values are id.
Explanation
The request is malformed. Specified value is not a valid identifier for the identity source type.
Action
Specify valid value from the range.
CSIAG0676E The field [inputFieldName] is not valid for sorting. Valid fields are: validFields.
Explanation
An invalid field name was used for sorting.
Action
Specify valid value for the field.
CSIAG0677E The value entered for the pagination query parameter [param] was either non-numeric, less than 0, or greater than 1000. The query parameter sent in the request for [param] was [value].
Explanation
The query parameter value passed in the request was not valid.
Action
Ensure that the value is a valid integer.
CSIAG0678E The value for field [inputFieldName1] cannot be greater than the field [inputFieldName2].
Explanation
The count value must be within the limits of page.
Action
Specify valid value for the field.
CSIAG0679E Unable to retrieve configuration or determine default values for configuration.
Explanation
Unable to retrieve the configuration from database.
Action
Ensure DB is connected.
CSIAG0680E The filter property of [prop] cannot use the comparator [comp] because it is of type [recType]. Valid comparators for this property are [supCompar].
Explanation
The comparator for this property is not valid because of the data type of the property.
Action
Specify a valid comparator for this data type.
CSIAG0681E Unsupported java.sql.Types [type].
Explanation
The database data type passed in is unknown.
Action
Specify a valid, known database data type.
CSIAG0682E Realm [realm] is not allowed for identity linking.
Explanation
The allowed realms for tenant is defined by global endpoint.
Action
Specify a realm from allowedRealms.
CSIAG0683E Realm [realm] is already present in primaryRealms. Duplicate realm is not allowed.
Explanation
The duplicate realm is not allowed.
Action
Specify unique realm values.
CSIAG0684E primayRealms cannot be empty.
Explanation
To configure identity linking, at least one realm should be present.
Action
Specify the available realm.
CSIAG0685E If [identityLinking] is true then [userPrincipalAttr] cannot be empty.
Explanation
To configure identity linking, userPrincipleAttr is required.
Action
Set the identityLinkingPrincipalAttribute with valid value.
CSIAG0686E If [identityLinking] is false then [userPrincipalAttr] should be empty and [enableJit] should be false.
Explanation
To unconfigure identity linking, the value for userPrincipleAttr should be reset and JIT should be false.
Action
Set the identityLinkingPrincipalAttribute to empty string and identityLinkingJitEnabled to false.
CSIAG0687E The system cannot delete id because it is used for the identity linking. Remove the identity source from identity link configuration and try again.
Explanation
The system cannot delete the identity source as it is used as the identity link default.
Action
Change the identity link configuration before deleting the identity source.
CSIAG0688E The identity linking can not be enabled as it is being used as primary identity source for identity linking.
Explanation
The identity link can not link to itself.
Action
Change the identity link configuration before enabling the linking for identity source.
CSIAG0690E The identity source was not created successfully.
Explanation
The identity source was not created successfully.
Action
None
CSIAG0692E The identity source was not updated successfully.
Explanation
The identity source was not updated successfully.
Action
None
CSIAG0694E The identity source was not deleted successfully.
Explanation
The identity source was not deleted successfully.
Action
None
CSIAG0699E An invalid Identity Source property value was entered for the property [property]. Valid values for this property are [validValues].
Explanation
The Identity Source property value was not allowed.
Action
None
CSIAG0700E The Identity Source Linking certificate label [property] was not found for the tenant [tenant].
Explanation
The specified Identity Source Linking certificate was not found for this tenant.
Action
None
CSIAG0701E Invalid Identity Source property keys have been entered for the [ids] provider type. Valid property keys for this provider type are [allowed]. The property keys [unknown] are not allowed for this provider type.
Explanation
The Identity Source property keys are not known.
Action
None
CSIAG0702E The Identity Source Linking certificate label [property] cannot be empty or null.
Explanation
The Identity Source property was empty or null and cannot be.
Action
None
CSIAG0703E The Identity Source Linking required property [property] is missing.
Explanation
The Identity Source Linking property required for this type .
Action
None
CSIAG0704W You already have a configured identity source type. This identity source type does not support multiple instances.
Explanation
The requested action on the specified resource could not be completed because the specified identity source type is already configured and does not support multi-instances.
Action
Ensure that the resource and action requested are valid.
CSIAG0705E The Identity Source required property [property] is missing. The base set of required properties are properties.
Explanation
The Identity Source properties required for this type .
Action
None
CSIAG0706E The Identity Source required property [enabled] is set to 'true'. When enabled, all of the properties properties are required. The property [property] is missing.
Explanation
The Identity Source properties required for this type when the key value is set to true or enabled.
Action
None
CSIAG0707E The certificate label [] was not found for the tenant [].
Explanation
The certificate label must exist on the tenant. It's possible that it got deleted.
Action
None
CSIAG0708E The certificate label [] does not match existing label []. You may only add a new certificate, you may not change an existing certificate label on this Identity Source.
Explanation
The certificate label must match the previously set certificate label on UPDATE, if a new certificate is not being provided.
Action
None
CSIAG0709E The identity source configuration payload contained properties with duplicate key values productName.
Explanation
Duplicate property key values are not allowed.
Action
Provide a valid combination.
CSIAG0710E The auth-broker management service was unable to retrieve existing configuration or determine default values for configuration for this IBM Maas360 instance.
Explanation
Unable to retrieve the configuration from database.
Action
Ensure DB is connected.
CSIAG0711E The identity source property [enabled] is set to 'true'. When enabled, the property properties is required, and must be set to 'true'.
Explanation
The value for identity source property identityLinkingJitEnabled must be set to true.
Action
Set the identity source properties, identityLinkingJitPwdEnabled and identityLinkingJitEnabled, with valid values.
CSIAG0712E The password policy with the ID [pwdPolicyId] does not exist.
Explanation
The value for passwordPolicy must exist.
Action
Set the identity source properties, passwordPolicy to a value of an existing password policy ID.
CSIAG0713E The system cannot create an identity source instance of type MaaS360 Cloud Extender because tenant does not have a subscription to an MDM plan.
Explanation
To create an instance of an MaaS360 Cloud Extender identity source, the tenant must first have an subscription to an MDM plan.
Action
Subscribe to an MDM plan and retry again.
CSIAG0714E The property [inputProperty] is not a valid search option. Valid search properties are [allowedProperties].
Explanation
An unsupported search property was specified.
Action
Set the search property to a value that is supported.
CSIAG0716E The "scopes" property is missing the "openid" value. This value is required for an OIDC flow.
Explanation
The "openid" value must be present in the identity source property.
Action
Add "openid" to the "scopes" identity source property.
CSIAG0717E The format of the identity source property [property] is invalid. The correct format is: validFormat
Explanation
The value of a provided identity source property must be in a valid format.
Action
Fix the format of the identity source property.
CSIAG0718E The identity source property [scopes] is missing one or more required values. The minimum set of required values are [].
Explanation
The string list of scopes must meet the minimum requirement for the login function.
Action
Add in the additional scopes to the [scopes] properties to meet the minimum requirements.
CSIAG0719E The friendly name value [ validValues ] is already in use. Provide a different value. It must be unique across all configured identity sources under your tenant.
Explanation
The friendly name value must be unique across the identity sources that are configured within the tenant because its purpose is to be used in a URL at which a login with a specific configuration can be completed.
Action
Provide a different friendly name value that is not yet assigned to any configured identity source.
CSIAG0720E The privacy profile [] does not exist.
Explanation
The privacy profile specified does not exist in DPCM.
Action
Use a valid privacy profile id.
CSIAG0721E An error occurred while importing the metadata for tenant [tenantId] with identity source name [idsName] and identity source id of [idsId].
Explanation
While parsing the metadata, an error occurred.
Action
Check error for parsing failure.
CSIAG0722E While validating the SAML metadata an error message was returned from the SAML service with no message identifier. The error is "error".
Explanation
While validating the metadata an error has occurred with a message description but no identifier.
CSIAG0723E While validating the SAML metadata an unexpected response was returned from the SAML service.
Explanation
While validating the SAML metadata an unexpected error message format was returned from the SAML service.