SECJ

SECJ0007E: Error during security initialization. The exception is {0}.

Explanation

An unexpected error occurred during security initialization.

Action

This is a general error. Look for previous messages that might be related to the
failure or to a configuration problem. Enabling security debug trace for components
com.ibm.ws.security.* and com.ibm.ejs.security.* might yield additional information.

SECJ0010E: Invalid credential

Explanation

This exception is unexpected. The cause is not immediately known.

Action

If the problem persists, additional information might be available if you search for the message ID on the following Web sites: WebSphere Application Server Support page: https://ibm.biz/BdztgV WebSphere Application Server for z/OS Support page: https://ibm.biz/Bdqd4J .

SECJ0040E: Error occurred while generating new LTPA keys. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0041E: Can"t set Authentication Mechanism to LTPA when LTPAConfig is null

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0045E: Error initializing security/SAS

Explanation

An error occurred while initializing the Secure Association Service, which is part of the ORB security.

Action

Verify that the property file, usually sas.server.props, is present and has read permission.

SECJ0046I: SAS Property:{0} has been updated

Explanation

Informational.

Action

A security configuration change has caused a SAS Property to be updated.

SECJ0047E: Missing or malformed security configuration URL specified by property {0}

Explanation

The URL used to specify Secure Association Service properties is missing or malformed.

Action

The URL is usually specified as a property name when starting WebSphere from the command
line with the -D argument. For example: -Dcom.ibm.CORBA.ConfigURL=file:/C:/wastd/AppServer/properties/sas.server.props.
Verify that the property and URL is specified and refers to a valid file and the file has the read permission.

SECJ0048E: Error updating or loading future security configuration URL specified by property {0}

Explanation

The path or file specified in the property might be not valid or there could be a
file permission problem.

Action

Verify that the path and file specified by the property is valid and the file has read permission.

SECJ0049E: Configuration error encountered while starting the server

Explanation

An unexpected RemoteException, OpException or IOException occurred during server startup.
There could be problems with loading or writing of security configuration URL property files.

Action

Verify that the file associated with security configuration URL property file (typically sas.server.props)
has read permission and is writable.

SECJ0050E: Error encountered while shutting down the server

Explanation

An unexpected RemoteException, OpException or IOException occurred during server shutdown.
There could be problems with loading or writing of security configuration URL property files.

Action

Verify that the file associated with security configuration URL property file (typically sas.server.props)
has read permission and is writable.

SECJ0051E: IOException when determining whether configuration is current with property file {0} or {1}

Explanation

A loadProperties() operation probably failed.

Action

Verify that the file associated with security configuration URL property file (typically sas.server.props)
has read permission and is writable.

SECJ0052E: Authorization failed while invoking ({0}){1} {2} - invalid credentials

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0053E: Authorization failed for {0} while invoking ({1}){2} {3} {4} {5}

Explanation

The user does not have the necessary permission to access the resource.
This failure might be expected if the user should not be granted access.
If this error is unexpected, then there are several possible causes.
The user has not been mapped to one the roles protecting the resource if the user requires access to the protected resource.
The user is not a member of one of the groups that might have been mapped to one of the roles.
If WebSphere security is configured to use LDAP as the user registry, the WebSphere
security LDAP user and group search filter configuration might not match what the LDAP directory expects.

Action

If the authorization failure is unexpected, verify the user, or a group
that the user is a member of, is mapped to the role protecting the resource. Verify that the WebSphere security
LDAP user and group filters configuration match what the LDAP directory expects.
If the authorization decision was made by the user-defined Java Authorization Contract for Containers (JACC) provider,
verify the role mapping configuration through the JACC provider.

SECJ0054E: No own credentials

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0055E: Authentication failed for {0}. The user id or password might have been entered incorrectly or misspelled. The user id might not exist, the account could have expired or disabled. The password might have expired.

Explanation

The user could not be authenticated. The user id or
password might have been entered incorrectly. The user might not exist in the user registry that WebSphere is configured to authenticate to.
If WebSphere security is configured to use LDAP as the user registry, the WebSphere
security LDAP user and group search filter configuration might not match what the LDAP directory expects.

Action

Verify that the user id and password are entered correctly and exist in the user registry. If LDAP is configured as the
security user registry, verify the WebSphere security
LDAP user and group filters configuration match what the LDAP directory expects.
Consult with the administrator of the user registry that WebSphere is configured to use if the problem persist.

SECJ0056E: Authentication failed for reason {0}

Explanation

Authentication failed with the specified reason.

Action

Verify that the user id and password are entered correctly. Consult with
the administrator of the user registry if the problem persist.

SECJ0057E: Invalid authentication data

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0058E: LTPAServer does not exist

Explanation

This is an internal error probably due to LTPAServer initialization problems.

Action

SECJ0059E: Cannot create LTPAServer without a password

Explanation

The wrong constructor was used when trying to create an instance of LTPAServerBean.

Action

SECJ0060E: LTPA configuration not found

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0061E: LTPAConfig creation exception

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0062E: LTPAConfig remove exception

Explanation

This is an internal error. The ejbRemove() operation failed on the LTPAConfigBean.

Action

SECJ0063E: Credential mapping failed due to invalid access ID

Explanation

This is an internal error. Cannot get accessID from credential.

Action

SECJ0064E: Credential mapping failed

Explanation

The credential mapping can fail for a number of reasons: The credential token
is not an instance of a supported CredentialToken type for a mapping. The principal
identified in the credential cannot be mapped to an entry or found in the user registry. A user registry
exception occurs if the user registry has been stopped.

Action

Verify that the user registry is operational. Also verify that the principal exists in the target
user registry if appropriate. The exception reported with this error message might help to diagnose the problem.

SECJ0065E: Unsupported encoding

Explanation

This is an internal error. An UnsupportedEncodingException occurred when the LTPAServer tried to encode the token value.

Action

SECJ0066E: registry impl object has been stopped

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0067E: Cannot map the credential of the given credential token for subject DN {0} into LDAP because of an LDAP filter mapping exception.

Explanation

Action

SECJ0068E: LDAP initialization error. The exception is {0}.

Explanation

An unexpected exception occurred when configuring for LDAP.

Action

Verify that the WebSphere LDAP configuration settings such as the
provider URL are correct in the Security Center GUI. If using SSL, make sure that the SSL configuration is correct.

SECJ0069E: Problem getting Security Name for privilege id: {0}. The exception is {1}.

Explanation

Cannot find a name for the specified SID in the Windows user registry.This can occur if a network time-out prevents the function from finding the name. It also occurs for SIDs that have
no corresponding account name, such as a logon SID that identifies a logon session

Action

WebSphere might still have a reference to the user in the authorization table but, that user
might have been removed from the Windows user registry. If you know the user, remove it from any resource
protection permissions in WebSphere. If the user is still valid, then it needs to be recreated in the Windows
user registry and then reassigned to proper resource permissions in WebSphere.

SECJ0070E: No privilege id configured for: {0}

Explanation

Unable to find a SID for the specified user in the Windows user registry. The user
might not exist in the user registry.

Action

If appropriate create the user in the user registry.

SECJ0071E: Error retrieving registry entries for the given pattern {0}

Explanation

Action

Verify that the pattern is correct and not malformed.

SECJ0072E: Error finding registry for type {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0073E: Error finding registry entry for privilege id {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0074E: Error creation user registry. The exception is {0}

Explanation

An unexpected exception occurred when trying to load or create the user registry.

Action

Verify that the CLASSPATH used to start WebSphere is correct and that the jar files have at least
the read permission and exist.

SECJ0075E: Unsupported entry type {0}

Explanation

This is an internal error. A registry of the specified type could not be looked up.

Action

SECJ0076E: Error creating registry entry home

Explanation

This is an internal error. Unable to create the home for the registry.

Action

SECJ0077E: Registry impl class {0} not found for type {1}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0078E: User registry does not exist

Explanation

Unable to lookup RegistryHome in name space or narrow failed. The class for
the user registry was not registered in the name space correctly or the class file for the
user registry cannot be found.

Action

Verify that the class path is correct and that the required classes exist.

SECJ0079E: User type not supported in the user registry

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0080E: User entry is not found in the registry

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0081E: Registry exception

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0082E: Error during web security initialization

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0083E: Error initializing web cache on admin server

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0084W: Error while initializing security web configuration. The exception is {0}.

Explanation

An error internal occurred while initializing the security attributes of a Web Application.

Action

SECJ0085E: Error initializing admin web cache

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0086E: Configuration error

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0087E: Internal Server Error

Explanation

The HttpServletResponse indicates an Internal Server Error has occurred.

Action

SECJ0088E: Error deleting permission

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0089E: Error obtaining all permissions

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0090E: Error obtaining method group for method {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0091E: Error looking up Application home

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0092E: Application home not found

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0093E: Relation home not found

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0094E: Admin Application does not exist

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0095E: Exception while initializing admin permissions

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0096E: Error creating method group {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0097E: Error finding method groups

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0098E: Error finding method group {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0099E: Error finding method group for id {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0100E: Error storing method group

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0101E: Error removing method group

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0102E: Error creating method group

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0103E: MethodGroupHome does not exist

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0104E: Error creating predefined method groups

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0105E: An unexpected exception occurred when decoding the value [{0}] for password [{1}] in the security configured URL

Explanation

The encoded password cannot be decoded because it is missing or malformed.

Action

Verify that the passwords in the security configuration URL are not corrupted or missing.
Reset the affected password through the WebSphere Admin console if possible. If all else
fails, reset the password to its plain text value in the security configuration URL (which is usually
sas.server.props).

SECJ0106E: An unexpected exception occurred when encoding the value [{0}] for password [{1}] in the security configured URL

Explanation

The password cannot be encoded because it is missing or malformed.

Action

SECJ0107W: The {0} file does not exist

Explanation

This exception is unexpected. The cause is not immediately known.

Action

If this message is from a warning, then it is a temporary problem which is
usually recovered from automatically. If it is not a warning, then check the file permissions
for the file to ensure that they are readable. If the file is missing, restore it.

SECJ0108E: Unexpected exception occurred when getting user registry or registry attributes.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

Verify that the user registry has been configured in WebSphere properly.

SECJ0109W: Recovering ({0}) from ({1})

Explanation

The security configuration URL is being recovered from the future version.
This might happen if the security configuration URL is missing or has been deleted.

Action

None

SECJ0110E: I/O Error occurred when loading property URL {0}

Explanation

A loadProperties() operation probably failed.

Action

Verify that the file permissions associated with security configuration URL property file (typically sas.server.props)
are read and writable.

SECJ0111W: RunAsMap Not defined properly for Application {0}

Explanation

The run-as-bindings size is zero for this application.

Action

Verify that the run-as bindings are specified for the application if necessary.

SECJ0112W: Authorization Table Not defined for Application {0}

Explanation

No security constraints or roles have been defined for this application.

Action

If security is not necessary for this application, ignore this message. Otherwise,
review the security requirements of this application.

SECJ0113E: An unexpected exception occurred in getRequiredRoles for method {0} and resource {1}. The exception is {2}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0114W: Unable to extract the security attributes from the credential

Explanation

The credential might be malformed or corrupted.

Action

SECJ0115W: The credential has a null value for the public name

Explanation

The credential is possibly malformed or corrupted.

Action

SECJ0116W: Unable to extract the credential token from the credential

Explanation

The credential is possibly malformed or corrupted.

Action

SECJ0117E: Form login failed for user {0}

Explanation

The user could not be authenticated by the FormLogin Servlet. The user id or
password might have been entered incorrectly. The user might not exist in the user registry
that WebSphere is configured to authenticate to.

Action

Verify that the user id and password are entered correctly. Consult with
the administrator of the user registry if the problem persists.

SECJ0118E: Authentication error during authentication for user {0}

Explanation

An authentication error occurred during authentication. This could be due to a user name and password that is not valid.

Action

Verify that the user name and password specified are valid.

SECJ0119E: Error getting the web app information for form login. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0120I: Trust Association Init loaded {0} interceptor(s)

Explanation

Reports the number of Trust Association interceptors that have been added.

Action

None, informational only.

SECJ0121I: Trust Association Init class {0} loaded successfully

Explanation

Self Explanatory.

Action

None, informational only.

SECJ0122I: Trust Association Init Interceptor signature: {0}

Explanation

Reports the signature of the Trust Association interceptor.

Action

None, informational only.

SECJ0123E: Trust Association Init Error retrieving class loader. Trust Association cannot be enabled.

Explanation

getClassLoader() operation returned null.

Action

Verify that the appropriate Trust Association classes are installed and the class path is correct.

SECJ0124E: Trust Association Init No interceptor class {0} found

Explanation

The interceptor class file specified in trustedservers.properties cannot be found.

Action

Verify that the appropriate Trust Association classes are installed and the class path is correct.
Also verify that the class specified in the trustedservers.properties file is correct and that the file has at least
read permission.

SECJ0125E: Trust Association Init Unable to load Trust Association class {0}.

Explanation

A ClassNotFoundException occurred when trying to load the subject class.

Action

Verify that the appropriate Trust Association classes are installed and the class path is correct.

SECJ0126E: Trust Association failed during validation. The exception is {0}. Make sure that the setup is correct and that the user credentials are valid.

Explanation

When the appropriate interceptor is found for a given request, that interceptor then
validates its trust with the reverse proxy server. This error message
suggests that the validation has failed and therefore the reverse
proxy cannot be trusted. For example, an incorrect or expired password might
have been provided.

Action

In a production environment, the user might be alerted to check
if there is an intruder in the system. In a development environment
in which testing is underway, verify if the expected inputs from the
reverse proxy server is in fact being passed to the interceptor correctly.
The nature of these inputs really depends on how trust association
is being established. For example, the simplest method would be to
pass a user name/password through the Basic Authentication header.

SECJ0127E: Unable to find a valid user for Trust Association

Explanation

When the WebAuthenticator invoked an interceptor to return the authenticate user name,
no such user name was returned.

Action

Verify that the reverse proxy server is inserting the correct user name in the HTTP request before
it sends the request to WebSphere.

SECJ0128E: An unexpected exception occurred during Trust Association. The exception is {0}.

Explanation

This refers to all other exceptions that can be possibly created by an interceptor, when validating
trust with the reverse proxy server and when getting the authenticated user name, aside from
WebTrustAssociationFailedException and WebTrustAssociationUserException.

Action

Debug the problem from the stack trace that is printed together with this error message.
You can also turn on the debug trace to get more information about the nature of the
exception.

SECJ0129E: Authorization failed for user {0} while invoking {1} on {2}, {3}

Explanation

The user does not have the necessary permission to access the resource.

Action

Contact your WebSphere security administrator if this is unexpected. Your user must be
mapped to one the roles protecting the resource if access to the protected resource is required.
If the authorization decision was made by the user-defined Java Authorization Contract for Containers (JACC) provider,
verify the role mapping configuration through the JACC provider.

SECJ0130E: Unable to get source path from request header "via"

Explanation

When using WebSealTrustAssociationInterceptor, the "via" HTTP header in the HTTP Request object is examined.
This message appears when the value for this header is not valid or corrupted.

Action

Make sure that WebSeal, the HTTP Server or both are properly working.

SECJ0131E: Authentication failed. Unable to get the mapped credential for SecOwnCredentials.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0132I: Java 2 Security is enabled

Explanation

Java 2 Security Manager is installed.

Action

None, informational only.

SECJ0133E: Illegal {0} : {1}

Explanation

An illegal Permission was attempted. Only the main thread can set the security manager.

Action

Verify that the code that is trying to set the security manager is not trying to subvert the
WebSphere security manager.

SECJ0134E: The current Java 2 Security policy does not permit the requested action.{0}Java 2 Security Permission: {1}, denied with exception message: {2}.{3}Violating code: {4}

Explanation

The Java Security Manager checkPermission() threw a SecurityException on the subject Permission.

Action

Verify that the attempted operation is permitted.

SECJ0135W: Illegal System.exit() attempted

Explanation

Only the main thread is allowed to exit the Java VM

Action

Verify that the code attempting the system exit is not trying to subvert the
WebSphere security manager.

SECJ0136I: Custom Registry:{0} has been initialized

Explanation

Reports the Custom User Registry implementation that is being used.

Action

None, informational only.

SECJ0137E: Could not get EnterpriseAppHome

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0138E: Failed to install the admin Application -

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0139E: Error to get initial naming context

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0140E: Failed to initialize Default SSL Settings

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0141E: Error to initialize default SSL configuration

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0145E: An unexpected exception occurred when decoding password in initial_ssl.properties

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0146I: ${WAS_HOME}/properties/initial_ssl.properties was not found

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0147E: Cannot map the credential of the given credential token for certificate subject DN {0} into LDAP because of an LDAP filter mapping exception. The CertificateMapperException is {1}

Explanation

The Certificate mapping filter specified by the user in the global security settings is missing or malformed.

Action

Review the certificate mapping filter configuration in the LDAP Advanced properties
in the Security Center and verify it is present and correct.

SECJ0148E: Cannot create a credential map given credential token certificate subject DN {0} with filter {1} into LDAP because multiple entries match the filter. This ambiguous condition is not supported.

Explanation

More than one user entry in LDAP matched the certificate mapping filter specified
in the global security settings. It is not possible to map a subjectDN in a certificate
to more than one user in an LDAP user registry. The mapping filter results in an ambiguous
condition that cannot be supported.

Action

Specify a certificate mapping filter in the LDAP Advanced properties
in the Security Center.

SECJ0149E: Cannot map the credential of the given credential token for certificate subject DN {0} with filter {1} into LDAP because a NamingException occurred when searching LDAP. The NamingException is {2}

Explanation

A naming exception occurred when searching LDAP.

Action

SECJ0150E: Cannot map the credential of the given credential token for certificate subject DN {0} with filter {1} into LDAP because no entry in LDAP matches the DN or filter

Explanation

No entry in LDAP can be found with the subject DN in the certificate or found with the filter.

Action

This might be the expected result depending on the subject DN in the certificate and filter. If the
response is unexpected, review the certificate mapping filter defined in the LDAP advanced
properties in the Security Center.

SECJ0151E: Cannot create a credential for the mapped credential token into LDAP with subjectDN {0} and mapped name {1} using filter {2}. The exception is {3}

Explanation

The DN in the certificate was successfully mapped to an entry in LDAP but,
an unexpected exception occurred when trying to create a credential for the mapped entry.

Action

SECJ0152W: SecurityLevel was either missing or set to a wrong value (valid values are: high, medium, low); default to high.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0153E: Invalid LDAP user ID

Explanation

Using user ID that is not valid or the user ID is not a directory entry.
The directory administration ID (root DN) is not a directory entry on most LDAP servers.

Action

Verify that the user ID is a valid directory entry.

SECJ0154E: SSO Configuration error. FormLogin is configured for web application {0} but SSO is not enabled in the global security settings. SSO must be enabled to use FormLogin.

Explanation

When LTPA is the authentication mechanism SSO must also be enabled if any
web applications use FORM login.

Action

Enable SSO in the global security settings and restart WebSphere

SECJ0155E: Deployment descriptor configuration error. security-role-ref {0} in ejb-jar.xml is not mapped to any security role in bean {1}, module {2}, application {3}.

Explanation

A security role reference in the specified EJB"s ejb-jar.xml file has not been
mapped to a security role. This is a configuration error.

Action

The security-role-ref in the EJB"s ejb-jar.xml deployment descriptor
should be mapped to a security role.

SECJ0156E: Unable to initialize user registry class {0} for type {1} due to exception: {2}

Explanation

The WebSphere security code couldn"t find, load, or had problems loading the user registry class.

Action

The exception mentioned in the message should provide additional clues including the
class or file that could not be found or loaded. Verify that the mentioned file exists in the correct
directory and PATH.

SECJ0157I: Loaded Vendor AuthorizationTable: {0}

Explanation

The vendor specified Authorization Table is loaded successfully.

Action

SECJ0158I: Problem loading class {0}, using default authorization table provided by WebSphere

Explanation

The Vendor specified Authorization Table could not be loaded successfully. The WebSphere provided authorization table will be used.

Action

Make sure that the vendor"s implementation of Authorization Table is in the CLASSPATH and that it could be loaded.

SECJ0159E: Cannot find class {0}

Explanation

The Vendor specified Authorization Table class could not be found in the CLASSPATH.

Action

Make sure that the vendor"s implementation of Authorization Table as specified in the sas.server.props file is in the CLASSPATH.

SECJ0160E: Can not instantiate class {0}

Explanation

The vendor specified Authorization Table class could not be instantiated.

Action

Make sure that the vendor"s implementation of Authorization Table as specified in the sas.server.props file could be loaded and instantiated.

SECJ0161E: Error returned from Vendor AuthorizationTable. The exception is {0}

Explanation

The vendor specified Authorization Table failed during authorization check.

Action

Refer to the vendor"s specific exception for details. If vendor"s specific exception is not present, contact your service representative with the exception stack trace information present in the error log.

SECJ0162E: Vendor""s specific exception. The exception is {0} .

Explanation

This indicates the vendor"s specific error. Example:- Server not started, Network failure, Server failed.

Action

Depends on the error.

SECJ0163E: Generic Error from Vendor AuthorizationTable

Explanation

Unknown error from Vendor"s authorization table

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ0164E: Error number {0} while calling the operating system API {1}

Explanation

An error was returned by the operating system API

Action

Depending on the API being called, check the operating system specific documentation

SECJ0165W: Expand exception occurred. Skip the permission entry in app.policy file. The exception is {0}.

Explanation

An expand exception occurred while expanding the permission in the application policy file.

Action

Check the permission entry syntax in the application policy file (app.policy or was.policy). To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. The trace.log file will contain the policy name.

SECJ0166W: Expand exception occurred. Skip the grant entry in app.policy file. The exception is {0}.

Explanation

An expand exception occurred while expanding the grant entry in the pplication policy file.

Action

Check the grant entry syntax in your application policy file (app.policy or was.policy). To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. The trace.log file will contain the policy name.

SECJ0167W: Expand exception occurred. Skip the permission entry in filter.policy file. The exception is {0}.

Explanation

While expanding the permission entry in filter.policy file, caught an expand exception

Action

Check the permission entry syntax in filter policy file.

SECJ0168W: Keystore {0} of type {1} is being ignored

Explanation

Keystore of the above type is not supported.

Action

Use the supported type of keystores.

SECJ0169W: Expand exception occurred. Skip the permission entry. The exception is {0}

Explanation

While expanding the permission, caught an expand exception

Action

Check the permission entry syntax in your policy file. To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. The trace.log file will show the policy file name.

SECJ0170W: Expand exception occurred. Skip the grant entry. The exception is {0}.

Explanation

While expanding the grant entry, caught an expand exception

Action

Check the grant entry syntax in your policy file. To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. The trace.log file will show the policy file name.

SECJ0171W: Expand exception occurred. Skip the signedby key entry. The exception is {0}.

Explanation

An expand exception occurred while expanding the signedby entry.

Action

Check the signedby entry syntax in your policy file. To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. The trace.log file will show the policy file name.

SECJ0172E: Error {0} in encoding the FilePath

Explanation

While encoding the FilePath, there was an error.

Action

Check the specified syntax. To identify which policy file has a problem, enable security trace for the component com.ibm.ws.security.policy.*. trace.log will show the policy file name.

SECJ0173W: Grant entry with codebase {0} and signedby {1} is being ignored

Explanation

In the system extension policy files, the grant entries should not specify codebase and signedby values

Action

Remove the codebase and signedby values from the grant entry in the system extension policy file. (spi.policy or library.policy)

SECJ0174W: Permission entry {0} is being ignored

Explanation

In the system extension policy files, the permission entries with signatures are not supported in the current version.

Action

Remove the signature values from the permission entry in the system extension policy file. (spi.policy or library.policy)

SECJ0175E: An exception was caught while retrieving data from the hashmap for the keyword {1}. The exception is {0}.

Explanation

The data stored for the keyword "type" in the hashmap is incorrect

Action

This is an internal error. However, it could be caused by an incorrect xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0176E: An exception was caught while getting the policy template of type {1}. The exception is {0}.

Explanation

Could not retrieve the policy template of the above type.

Action

This is an internal error. However, it could be caused by an incorrect xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0177W: An exception was caught while converting class path {1} to URL. The exception is {0}.

Explanation

Could not convert the above class path to a URL

Action

Check the class path. Usually, this path was picked up from xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0178E: An exception was caught while retrieving the data from the hashmap for the keyword {1}. The exception is {0}.

Explanation

Could not retrieve the resource adaptor policy file from the hashmap passed to setupPolicy().

Action

Check the data stored in the hashmap for the resource adaptor keyword. It could be caused by incorrect xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0179E: An exception was caught while trying to get the Resource adaptor""s absolute file path. The exception is {0}.

Explanation

Could not get the absolute filepath of the resource adaptor policy file.

Action

Check the filepath specified in resource.xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0180E: An exception was caught while trying to get the data from the hashmap using the keyword {1}. The exception is {0}.

Explanation

Could not retrieve the deployed application policy file from the hashmap passed to setupPolicy().

Action

This is an internal error. However, it could be caused by incorrect data in xml file. Check the type of the policy file and the hashmap being passed to setupPolicy(). Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0181W: An exception was caught while trying to get the resource adaptor module {1} absolute filepath. The exception is {0}.

Explanation

Could not get the resource adaptor module"s absolute filepath.

Action

It could be caused by incorrect data in resources.xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0182W: An exception was caught while trying to get the Canonical path for the file {1}. The exception is {0}.

Explanation

Could not get the Canonical path for the specified file

Action

Check the specified file name passed to security. It could be caused by incorrect data in xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0183W: An exception was caught while trying to convert the filepath {1} to URL. The exception is {0}.

Explanation

Could not convert the specified filepath to URL.

Action

Check the specified filepath. It could be caused by incorrect data in xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0184W: An exception was caught while trying to get the absolute path for the resource adaptor {1} in removePolicy(). The exception is {0}.

Explanation

Could not get the absolute path for the resource adaptor in removePolicy().

Action

Check the specified path. It could be caused by incorrect data in xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0185W: An exception was caught while trying to get the absolute path for the module {1} in removePolicy(). The exception is {0}

Explanation

Could not get the absolute path for the module in removePolicy().

Action

Check the specified path. It could be caused by incorrect data in xml file. Enable security trace with com.ibm.ws.security.policy.* to get more detailed information.

SECJ0186E: Caught IOException while creating template for System Extension Policy of type {1} The exception is {0}

Explanation

IOException occurred when creating the system extension template in the hashmap of all the templates.

Action

Check the IOException to see the cause for not being able to create the system extension template in the hashmap.

SECJ0187E: Caught ParserException while creating template for System Extension Policy of type {1} The exception is.{0}

Explanation

ParserException occurred when creating the system extension template in the hashmap of all the templates.

Action

Check the ParserException data. Check the specified policy file.

SECJ0188E: Caught IOException while creating template for Application Policy {0}. The exception is {1}.

Explanation

IOException occurred when creating the application policy template in the hashmap of all the templates.

Action

Check the specified policy file.

SECJ0189E: Caught ParserException while creating template for Application Policy {0}. The exception is {1}.

Explanation

ParserException occurred when creating the application policy template in the hashmap of all the templates.

Action

Check the ParserException data. Check the specified policy file.

SECJ0190E: Caught IOException while creating template for was.policy {0}. The exception is {1}.

Explanation

IOException occurred when putting the was.policy template in the hashmap of all the templates.

Action

Check the specified was.policy file.

SECJ0191E: Caught ParserException while creating template for was.policy {0} . The exception is {1}.

Explanation

ParserException occurred when putting the was.policy template in the hashmap of all the templates.

Action

Check the ParserException data. Check the specified was.policy file.

SECJ0192E: Caught IOException while creating template for resource adaptor(read from WCCM) {1}. The exception is {0}.

Explanation

IOException occurred when creating the resource adaptor template in the hashmap of all the templates.

Action

Check the specified ra.xml file"s permission specification.

SECJ0193E: Caught ParserException while creating template for resource adaptor(read from ra.xml) {0}. The line is [{1}]. The exception is {2}.

Explanation

ParserException occurred when putting the resource adaptor template in the hashmap of all the templates.

Action

Check the ParserException data. Check the ra.xml"s permission specification.

SECJ0194E: Caught IOException while adding permission to the set of filtered permissions. The exception is {0}.

Explanation

IOException occurred when adding permission to the set of filtered permissions.

Action

Check the filter.policy file.

SECJ0195E: Caught ParserException while adding permission to the set of filtered permissions. The exception is {0}.

Explanation

ParserException occurred when adding permission to the set of filtered permissions.

Action

Check the ParserException data.

SECJ0196W: Custom permission {0} is being used in an application policy file {1}

Explanation

Custom permission is being used in an application policy file.

Action

Make sure that it is all right to use a custom permission in an application policy file.

SECJ0197E: Caught Invocation TargetException while constructing the permission object. This exception might be due to syntax error in the policy file. The exception is {0}.

Explanation

Invocation TargetException occurred while constructing the permission object.

Action

Check the exception.

SECJ0198E: An exception was caught while constructing the permission object. The exception is {0}.

Explanation

An Exception occurred while constructing the permission object.

Action

Check the exception.

SECJ0199E: Caught an IOException while adding the grant entry to the policy template of the resource adaptor {1} . The exception is {0}.

Explanation

An IOException occurred while adding the grant entry to the policy template of the resource adaptor.

Action

Check the specified ra.xml file.

SECJ0200E: Caught a ParserException while adding the grant entry {1} to the policy template of the resource adaptor {0}. The exception is {2}.

Explanation

A ParserException occurred while adding the grant entry to the policy template of the resource adaptor.

Action

Check the syntax of permission specification in the specified ra.xml

SECJ0201I: Error number {0} while calling the operating system API {1}

Explanation

The above error number was returned by the above API.

Action

Depending on the API being called, check the operating system documentation for the API.

SECJ0202I: Admin application initialized successfully

Explanation

The Admin application initialized successfully

Action

None. Informational only.

SECJ0203I: Naming application initialized successfully

Explanation

The Naming application initialized successfully

Action

None. Informational only.

SECJ0204I: Rolebased authorizer initialized successfully

Explanation

The Rolebased authorizer initialized successfully

Action

None. Informational only.

SECJ0205I: Security Admin mBean registered successfully

Explanation

The Security Admin mBean registered successfully

Action

None. Informational only.

SECJ0206E: Error creating or registering {0} mBean. The exception is {1}

Explanation

An unexpected exception occurred when trying to create or register an mBean.

Action

There might be a problem with the configuration. The exception might include details.

SECJ0207E: Failed to load {0} resource from cell. The exception is {1}

Explanation

The specified resource could not be loaded due to an exception.

Action

The failure might be related to a configuration problem related to the resource.

SECJ0208E: An unexpected exception occurred when attempting to authenticate the server""s id during security initialization. The exception is {0}.

Explanation

The userId and password specified for the server"s identity when configuring global security could not be used to authenticate the server.

Action

Verify that the userId and password are valid and meet the requirements for the user registry or authentication mechanism.

SECJ0209E: An unexpected exception occurred when attempting to update the JAAS login configuration with WCCM JAAS configuration information. The exception is {0}

Explanation

The WCCM JAAS login configuration information could not be pushed to the JAAS configuration object.

Action

SECJ0210I: Security enabled {0}

Explanation

Reports current security enabled or disabled status.

Action

None. Informational only

SECJ0211E: Failed to lookup or rebind security server with name {0}. The exception is {1}.

Explanation

An unexpected error occurred. It could be that the Cell Manager or Node Agent are not started.

Action

If a remote security server was specified when enabling global security, verify that the Node Agent and Cell Manager are running.

SECJ0212I: WCCM JAAS configuration information successfully pushed to login provider class.

Explanation

The WCCM JAAS login configuration information was pushed to the JAAS configuration object.

Action

None. Informational only.

SECJ0213E: Unexpected JAAS login provider class {0} is currently configured. The expected configured class is {1}. When WebSphere security is enabled, this class is required.

Explanation

WebSphere provides an implementation of javax.security.auth.login.Configuration
and dynamically installs this class at server startup. Either some application code has installed a different login provider class or a problem occurred when WebSphere tried to dynamically install the class.

Action

Check for other server startup warning or error messages.

SECJ0214W: Unexpected JAAS login provider class {0} is currently configured. The expected configured class is {1}. When WebSphere security is enabled, this class is required.

Explanation

Action

Check for other server startup warning or error messages.

SECJ0215I: Successfully set JAAS login provider configuration class to {0}.

Explanation

WebSphere provides an implementation of the javax.security.auth.login.Configuration class. This class was successfully set at server startup.

Action

None. Informational only.

SECJ0216E: An exception occurred when setting JAAS login provider configuration class to {0}. The exception is {1}.

Explanation

WebSphere provides an implementation of the javax.security.auth.login.Configuration class. This class could not be set at server startup.

Action

Configuration.class might not be present. This is an internal error.

SECJ0217W: Detected a duplicate JAAS LoginModule alias name {0} when processing JAAS configuration information.

Explanation

A duplicate JAAS LoginModule alias name exist either in a JAAS login URL or in the security.xml file. The duplicate will be replaced with the last one processed.

Action

Verify no duplicate JAAS LoginModule aliases exist in the login URLs or in the security.xml file.

SECJ0218E: An exception was caught retrieving RoleBasedAuthorizer. The exception is {0}.

Explanation

The Rolebased authorizer could not be retrieved due to an exception.

Action

SECJ0219E: Unable to obtain or use a role-based authorizer because application {0} has not been loaded.

Explanation

The application must be loaded for the role base authorizer can be used to enforce authorization.

Action

SECJ0220W: The role based authorizer for module {0} has already been loaded.

Explanation

The role based authorizer will load only once per module.

Action

None, informational only.

SECJ0221E: An unexpected exception occurred in findMatchingMethod for method {0} and bean {1}, the exception is {2}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0222E: An unexpected exception occurred when trying to create a LoginContext. The LoginModule alias is {0} and the exception is {1}.

Explanation

A JAAS LoginContext could not be created due to the unexpected exception.

Action

The problem could be due to a configuration error.

SECJ0223E: User {0} authenticated successfully but unable to send redirect to the original request page. The {1} cookie is not present.

Explanation

The HTTP cookie that contains the originally requested page was not found.

Action

SECJ0224E: An unexpected exception occurred when trying to configure the security related web attributes for web applications {0}. The exception is {1}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0225W: PD Authentication disabled.

Explanation

PD Authentication disabled.

Action

None, informational only.

SECJ0226E: The LocalOS server ID ({0}) should not be the same value as the LocalOS realm ({1}) in the security.xml.

Explanation

When the LocalOS server ID is equal to the LocalOS realm, the access ID returned by the operating system is the machine ID not the server ID.

Action

Make sure that the server ID is different from the machine ID.

SECJ0227E: An exception occurred when creating class of type {0}. The exception is {1}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0228E: Object of type {0} is null.

Explanation

Object created by reflection is null.

Action

SECJ0229E: Method {0} of object of {1} type is null.

Explanation

Method returned by reflection is null.

Action

SECJ0230E: Invoking reflection method {0} of object type {1} throws exception {2}.

Explanation

Reflection method invocation failed.

Action

SECJ0231I: The Security component""s FFDC Diagnostic Module {0} registered successfully: {1}.

Explanation

Describes whether the Security component"s FFDC Diagnostic module was successfully registered.

Action

None. Informational only.

SECJ0232E: An unexpected exception occurred when trying to get the User Registry from the Security Server. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0233E: An unexpected exception occurred when trying to get users from the User Registry with pattern {0} and limit {1}. The exception is {2}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0234E: An unexpected exception occurred when trying to get groups from the User Registry with pattern {0} and limit {1}. The exception is {2}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0235E: An unexpected exception occurred when trying to export the LTPA Keys from the security mbean. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0236E: An unexpected exception occurred when trying to import the LTPA Keys from the security mbean with properties {0}. The exception is {1}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0237E: One or more vital LTPAServerObject configuration attributes are null or not available. The attributes and values are password : {0}, expiration time {1}, private key {2}, public key {3}, and shared key {4}.

Explanation

LTPA is the configurated authentication mechanism but it has not yet been properly configured. Keys or other LTPA configuration attributes are missing.

Action

Disable WebSphere security, restart the application server and properly configure LTPA authentication.

SECJ0238E: An unexpected exception occurred when trying to create the initial LTPAServerObject. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0239I: Security service initialization started

Explanation

Security service initialization started.

Action

None. Informational only

SECJ0240I: Security service initialization completed successfully

Explanation

Security service initialization started.

Action

None. Informational only

SECJ0241I: Security service initialization completed successfully

Explanation

Security service initialization started.

Action

None. Informational only

SECJ0242I: Security service is starting

Explanation

Security service started.

Action

None. Informational only

SECJ0243I: Security service started successfully

Explanation

Security service started.

Action

None. Informational only

SECJ0244I: Security service failed to start successfully

Explanation

Security service started.

Action

None. Informational only

SECJ0245E: An unexpected exception occurred when the SecurityServerFactory tried to create the SecurityServer. The exception is {0}.

Explanation

An error occurred that prevented the SecurityServer from being created.

Action

The log should contain additional errors that might indicate the cause of the problem.

SECJ0246E: Caught unexpected exception in retrieving ORB SSL settings {0}

Explanation

An unexpected exception occurred retrieving the ORB SSL settings.

Action

Verify that the property file, usually sas.server.props contents. Contact your service representative if the problem persists.

SECJ0247I: ORB SSL Key File or Passwords settings were missing in server-cfg.xml

Explanation

ORB SSL Key File or Passwords settings were missing in server-cfg.xml

Action

Verify that the server-cfg.xml file.

SECJ0248I: Caught unexpected exception in retrieving ORB SSL initialization. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0249E: Failed to cleanup. The exception is {0}.

Explanation

An unexpected exception occurred during the cleanup of the specified repository.

Action

SECJ0250E: Error creating security server. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0251E: Error getting Initial Naming Context. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0252E: Error getting remote security server. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0253E: Generic Exception while getting remote security server. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0254E: Error getting Initial Naming Context. The exception is {0}.

Explanation

javax.naming.NamingException occurred when getting Initial Naming Context.

Action

SECJ0255E: Error creating security server/ The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0256E: Error binding SecurityServer to naming. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0257E: Failed to find security server in name space. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0258E: Cannot find user registry. The exception is {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0259E: IOException from CallbackHandler. The exception is {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0260E: Unsupported {0} callback in CallbackHandler. The exception is {1}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0261E: Something wrong during LoginModule commit. The exception is {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0262E: Exception occurred when removing {0} during cleanup. The exception is {1}

Explanation

Unexpected exception occurred when removing the specified principal during cleanup.

Action

SECJ0263E: Exception occurred when removing WSCredential during cleanup. The exception is {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0264E: fillAccessids: Error getting user registry. The exception is {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0265E: removeAccessIds: Error getting user registry. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0266E: Failed to create a new web attribute.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0267E: Failed to get RoleBasedConfigurator. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0268E: Problem loading class {0}, using default authorization table provided by WebSphere

Explanation

The Vendor specified Authorization Table could not be loaded successfully. Therefore, using WebSphere provided authorization table.

Action

Check to make sure that the Vendor"s implementation of Authorization Table is in the CLASSPATH and could be loaded.

SECJ0269E: Failed to get actual credentials. The exception is {0}.

Explanation

java.lang.reflect.InvocationTargetException occurred when trying to run getActualCredential() method.

Action

SECJ0270E: Failed to get actual credentials. The exception is {0}.

Explanation

Unexpected exception occurred when trying to run getActualCredential() method.

Action

SECJ0271E: Error restoring original credentials.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0272E: Error setting to system credentials.

Explanation

An unexpected exception occurred while restoring the original credentials.

Action

SECJ0273E: Failed to load SecurityServer.xml. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0274E: Error getting Initial Naming Context. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0275E: Error trying to find user registry. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0276E: BasicAuthData credential is already destroyed. The exception is {0}.

Explanation

CredentialDestroyedException occurred while trying to get BasicAuthData. The credential was already destroyed.

Action

SECJ0277E: BasicAuthData credential is already expired. The exception is {0}.

Explanation

javax.security.auth.login.CredentialExpiredException occurred while trying to get BasicAuthData.

Action

refresh the credential.

SECJ0278E: TokenData credential is already destroyed. The exception is {0}.

Explanation

CredentialDestroyedException occurred while trying to get credential token. The credential was already destroyed.

Action

SECJ0279E: TokenData credential is already expired. The exception is {0}.

Explanation

javax.security.auth.login.CredentialExpiredException occurred while trying to get token.

Action

refresh the credential.

SECJ0280E: Error getting realm from registry. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0281E: Error creating user registry object. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0282E: Error getting initial context. The exception is {0}.

Explanation

javax.naming.NamingException occurred while getting the initial naming context.

Action

SECJ0283E: Error binding User Registry. The exception is {0}.

Explanation

javax.naming.NamingException occurred while rebinding the user registry.

Action

SECJ0284E: Error trying to find User Registry. The exception is {0}.

Explanation

javax.naming.NamingException occurred while finding the user registry.

Action

SECJ0285E: Failed to retrieve RoleBasedAuthorizer. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0286W: Error during security initialization.

Explanation

Unexpected exception occurred when initializing security server component.

Action

None. This is warning.

SECJ0287E: Failed to call setupPolicy for {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0288E: Error during security initialization.

Explanation

An unexpected exception occurred when updating the authorization table.

Action

SECJ0289E: Failed to call removePolicy for {0}.

Explanation

A unexpected exception occurred when trying to call the removePolicy() method for the specified type.

Action

SECJ0290W: All subjects assigned to Special role DenyAllRole for application {0} are removed.

Explanation

All subjects assigned to Special role DenyAllRole for the specified application are removed.

Action

None. This is a warning.

SECJ0291E: Failed to retrieve the information of Resource Adapter for provider ( {0} ) to call setupPolicy().

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0292E: Failed to retrieve the information of Resource Adapter of {0} to call setupPolicy().

Explanation

An unexpected exception occurred when trying to retrieve the information of the Resource Adapter to call the setupPolicy() method.

Action

SECJ0293E: No registry.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0294E: Error setting properties to file ({0}). The exception is {1}.

Explanation

An IOException occurred when setting properties to the specified file.

Action

Verify that the property file exists, that it has read permission and is writable.

SECJ0295E: Error getting properties to file ({0}). The exception is {1}.

Explanation

An IOException occurred when getting properties from the specified file.

Action

Verify that the property file exists, and that it has read permission.

SECJ0296E: Error checking password for user :{0}. The exception is {1}.

Explanation

com.ibm.websphere.security.PasswordCheckFailedException occurred when checking the password for specified user.

Action

Verify that the password for the specified user.

SECJ0297E: Error checking password for user :{0}. The exception is {1}.

Explanation

com.ibm.websphere.security.CustomRegitryException exception occurred when checking the password for specified user.

Action

Verify that the password for the specified user.

SECJ0298E: Error checking password for user :{0}. The exception is {1}.

Explanation

Unknown exception occurred when checking the password for specified user.

Action

Verify that the password for the specified user.

SECJ0299E: An exception was caught while decoding the file path: {0}. The exception is {1}.

Explanation

Failed to decode the specified file. The details is shown in the exception.

Action

Verify that the policy files, xml files(resource.xml) to confirm the class path specified in them are correct.

SECJ0300W: The file or directory ( {0} ) does not exist.

Explanation

The specified file or directory does not exist.

Action

Verify that the policy files, xml files(resource.xml) to confirm the class path specified in them are correct.

SECJ0301W: Failed to convert a file path {0} to CodeSource. The exception is {1}

Explanation

MalformedURLException occurred when trying to convert the specified path to URL.

Action

Verify that the policy files, xml files(resource.xml) to confirm the class path specified in them are correct.

SECJ0302W: No alias name for {0}.

Explanation

This configuration does not have any alias name.

Action

No action is required. This is a warning message.

SECJ0303E: Error getting registry""s realm. The exception is {0}

Explanation

Exception occurred when getting registry"s realm.

Action

SECJ0304E: Cannot get user registry. The exception is {0}.

Explanation

Unexpected exception occurred when getting user registry.

Action

SECJ0305I: The role-based authorization check failed for {0} operation {1}:{2}. The user {3} (unique ID: {4}) was not granted any of the following required roles: {5}.

Explanation

The caller does not have the necessary permission, this problem can occur because no
credential is found on the thread, the caller is not authenticated, or the accessId might be null.

Action

If the failure is unexpected, verify that the caller has been granted the required role.

SECJ0306E: No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: access check method {0} on resource {1} and module {2}. The stack trace is {3}.

Explanation

No invocation or received credentials were established on this thread. This
might cause the role based authorization check to fail.

Action

The stack trace is obtained by a local throw catch block that might be useful for debugging the problem.

SECJ0307E: Unexpected exception is caught when trying to determine the code base location. Exception: {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0308I: Java2 security is installed.

Explanation

JAVA2 security is enabled.

Action

None, informational only.

SECJ0309I: Java 2 Security is disabled.

Explanation

Java 2 Security Manager is NOT installed.

Action

None, informational only.

SECJ0310E: Caught a ParserException while adding the grant entry to the policy template {1}. The exception is {0}

Explanation

A ParserException occurred while adding the grant entry to the policy template.

Action

Check the ParserException data. Check the specified policy file.

SECJ0311W: An exception was caught while trying to get the module {1} absolute filepath. The exception is {0}.

Explanation

Could not get the module"s absolute filepath.

Action

Check the filepath given to load the module.

SECJ0312W: {$Application} phrase should not include ${was.module.path} keyword.

Explanation

Syntax error in the policy file. ${Application} phrase should not include ${was.module.path} keyword. This entry is ignored.

Action

Check the application policy file.

SECJ0313I: Java 2 Security Manager debug message flags are initialized: TrDebug: {0}, Access: {1}, Stack: {2}, Failure: {3}, Rethrow {4}

Explanation

This message provides the current value of the java.security.debug property which is used to enable various debug information related to Java 2 Security.

Action

None, this is informational only.

SECJ0314W: Current Java 2 Security policy reported a potential violation of Java 2 Security Permission. Refer to the InfoCenter for further information.{0}Permission:{1}Code:{2}{3}Stack Trace:{4}Code Base Location:{5}

Explanation

The Java Security Manager checkPermission() threw a SecurityException on the subject Permission. A caller on the call stack does not have the required permission. This might not be a problem if the caller properly handles this exception.

Action

Verify that the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions might be required, a doPrivileged API might be needed in some code on the call stack, or
the Security Manager properly prevented access to a resource the caller does not have permission to access.

SECJ0315W: The permission {0} specified in the application policy file:{1} does not exist.

Explanation

The permission class specified in the application policy file(was.policy or app.policy) does not exist.

Action

Fix the specified application policy file.

SECJ0316W: The permission {0} specified in the filter policy file(filter.policy) does not exist.

Explanation

The permission class specified in the filter policy file does not exist.

Action

Fix the filter policy file.

SECJ0317W: The permission {0} specified in the application policy file({1}) is a part of the permission {2} specified in filter.policy.

Explanation

The permission class specified in the application policy is not be removed. However, it is a part of the permission specified in filter.policy.

Action

If the permission should be filtered out, divide the permission specified in the application policy.

SECJ0318I: The permission {0} specified in the application policy file({1}) were filtered out.

Explanation

The permission specified in the application policy was removed because filer.policy has the same entry.

Action

none. This is an informational message.

SECJ0319I: java.security.AllPermission was found in the application policy file {0}.

Explanation

java.securityAllPermission was found in the application.

Action

none. This is an informational message.

SECJ0320E: Error parsing {0}: {1}

Explanation

There is a syntax error in the policy file.

Action

Use ${java.home}/jre/bin/policytool to verify the syntax or edit the policy file and correct the syntax error.

SECJ0321E: Role based authorization is caller in role failed for security name {0}, accessId {1}, and role name {2}.

Explanation

The caller does not have the necessary permission, there was no
credential on the thread, the caller is not authenticated, or the accessId could be null.

Action

If the failure is unexpected, verify the caller has been granted the required role.

SECJ0322W: Missing attribute in Security Configuration.

Explanation

Required attribute CertificateFilter is missing. Certificate Filter is required when CertificateMapMode is CERTIFICATE_FILTER.

Action

Set CertificateFilter in the advanced LDAP settings.

SECJ0323E: Invalid LDAP user/group ID

Explanation

Using invalid user/group ID or the user/group ID is not a directory entry.
The directory administration ID (root DN) is not a directory entry on most LDAP servers.

Action

Verify that the user/group ID is a valid directory entry.

SECJ0324E: Error during Java 2 Security and Dynamic Policy initialization. The exception is {0}.

Explanation

An unexpected error occurred during Java 2 Security and Dynamic Policy initialization.

Action

This is a general error. Look for previous messages that might be related to the
failure or a configuration problem. Enabling security debug trace for security component
com.ibm.ws.security.* might yield additional information.

SECJ0325W: The permission {0} specified in the policy file {1} is unresolved.

Explanation

The permission class specified in the policy file was not loaded.

Action

Confirm that the specified permission in then policy file is correct. If permission class is incorrect, this warning is issued.

SECJ0326E: No received or invocation credential exist on the thread. The Role based authorization check will not have an accessId of the caller to check. The parameters are: role name {0}. The stack trace is {1}.

Explanation

No invocation or received credentials were established on this thread. This
might cause the role based authorization check to fail.

Action

The stack trace is obtained by a local throw catch block that might be useful for debugging the problem.

SECJ0327E: Problem loading the registry properties file. The exception is {0}.

Explanation

Unexpected exception occurred when loading registry properties file.

Action

SECJ0328E: Registry implementation file is missing.

Explanation

Cannot locate the registry implementation file.

Action

If you are using a Custom Registry make sure that your provide the
registry implementation file in the GUI or in the scripting (whichever is being used). If you are using WebSphere Application Server supplied registries
contact your service representative if the problem persists.

SECJ0329E: The registry implementation file {0} is not a instance of the supported user registries.

Explanation

This can happen when using custom registries and if they are not instances of UserRegistry or CustomRegistry.

Action

Make sure you implement the UserRegistry interface for your custom registry.

SECJ0330E: The registry implementation file {0} cannot be loaded because of the following exception {1}

Explanation

This can happen when the specified custom registry cannot be loaded.

Action

The custom registry implementation file should be in the class path as mentioned in the custom user registry section in the information center documentation. If this happens for WebSphere Application Server provided registries contact your service representative if the problem persists.

SECJ0331E: The registry implementation file {0} cannot be initialized because of the following exception {1}

Explanation

The specified custom registry implementation cannot be initialized.

Action

Make sure all of the properties required for the custom registry initialization are passed through the GUI or scripting (whichever is being used). If this happens for WebSphere Application Server provided registries, contact your service representative if the problem persists.

SECJ0332E: The checkPassword method failed for user {0}.

Explanation

The checkPassword method failed to return a user.

Action

If you are using WebSphere Application Server provided registries, this problem should have been preceeded by other authentication related exception(s). Refere to those exceptions to fix the actual authentication problem. If a custom registry is used, make sure to return a valid userId after authentication is successful.

SECJ0333E: The mapCertificate method failed.

Explanation

The mapCertificate method failed to return a user from the certificate chain.

Action

Make sure that the certificate should contain a valid user in the registry. This problem should have preceeded with other exception(s). Looking into them would help in narrowing down the problem. In addition if a custom registry is being used make sure you return a valid userId after successfully mapping the certificate.

SECJ0334E: Cannot create credential for null user.

Explanation

Internal Error. The user name provided to create the credential is null.

Action

SECJ0335E: Authentication failed for user {0}.

Explanation

The registry failed to return a user after authentication.

Action

This would happen if the authentication was not successful and the custom registry did not throw exceptions to indicate this. Make sure you are entering a current userID and password for authentication. This problem might have preceeded by other problems. Looking at those problems might narrow the problem down.

SECJ0336E: Authentication failed for user {0} because of the following exception {1}

Explanation

Authentication failed with the specified reason.

Action

Verify that the user id and password are entered correctly. Consult with
the administrator of the user registry if the problem persist.

SECJ0337E: The mapCertificate method is not supported.

Explanation

Internal Error.

Action

Information purposes only.

SECJ0338E: The following error occurs when getting the display name of the group {0}, {1}.

Explanation

Error getting display name of a group.

Action

Make sure that the group is valid and has a display name.

SECJ0339E: Could not get the display name of the group {0}.

Explanation

Problem getting display name of a group.

Action

Make sure that the group is valid and has a display name.

SECJ0340E: Could not get the uniqueId for the group {0}.

Explanation

Problem getting uniqueId of a group.

Action

Make sure that the group is valid in the registry and if it is a custom registry make sure it also has an uniqueId.

SECJ0341E: Could not get the uniqueId for the group {0} because of the following exception {1}.

Explanation

Problem getting uniqueId of a group.

Action

Make sure that the group is valid in the registry and if it is a custom registry make sure it also has an uniqueId.

SECJ0342E: Could not get the groups matching the pattern {0} because of the following exception {1}.

Explanation

Internal Error.

Action

Make sure that the groups matching the pattern exist in the registry. Contact your service representative if the problem persists.

SECJ0343E: Could not get the groups that the user {0} belongs to.

Explanation

Internal Error.

Action

Make sure that the user is valid. Contact your service representative if the problem persists.

SECJ0344E: Could not get the groups that the user {0} belongs to because of the following exception {1}.

Explanation

Internal Error.

Action

Make sure that the user is valid. Contact your service representative if the problem persists.

SECJ0345E: Could not get the users in the group {0} because of the following exception {1}.

Explanation

Internal Error.

Action

Make sure that the group is valid. Contact your service representative if the problem persists.

SECJ0346E: Could not get the name of the group whose uniqueId is {0} because of the following exception {1}.

Explanation

Internal Error.

Action

Make sure that the group is valid. Contact your service representative if the problem persists.

SECJ0347E: Could not get the name of the group whose uniqueId is {0}.

Explanation

Internal Error.

Action

Make sure that the group is valid. Contact your service representative if the problem persists.

SECJ0348E: Could not get the display name of the user {0}.

Explanation

Internal Error.

Action

Make sure that the user is valid and has a display name. Contact your service representative if the problem persists.

SECJ0349E: Could not get the display name of the user {0} because of the following exception {1}.

Explanation

Internal Error.

Action

Make sure that the user is valid and has a display name. Contact your service representative if the problem persists.

SECJ0350E: Could not get the uniqueId of the user {0}.

Explanation

Internal Error.

Action

Make sure that the user is valid. Contact your service representative if the problem persists.

SECJ0351E: Could not get the uniqueId of the user {0} due to the following exception {1}.

Explanation

Internal Error.

Action

Make sure that the user is valid. Contact your service representative if the problem persists.

SECJ0352E: Could not get the users matching the pattern {0} because of the following exception {1}.

Explanation

Internal Error.

Action

Make sure that the users matching the pattern exist in the registry. Contact your service representative if the problem persists.

SECJ0353E: Could not get the name of the user whose uniqueId is {0}.

Explanation

Internal Error.

Action

Make sure that the user is valid. Contact your service representative if the problem persists.

SECJ0354E: Could not get the name of the user whose uniqueId is {0} because of the following exception {1}.

Explanation

Internal Error.

Action

Make sure that the user is valid. Contact your service representative if the problem persists.

SECJ0355E: Validating the group {0} throws the following exception {1}.

Explanation

Internal Error.

Action

Make sure that the group is valid. Contact your service representative if the problem persists.

SECJ0356E: Could not get the realm for the registry in windows.

Explanation

Not able to get the host name of the Windows machine or the domain controller.

Action

Make sure that the user who is running WebSphere Application Server has administrative and "act as part of operating system" privileges on the Windows machine and is also an administrator in the domain machine. Contact your service representative if the problem persists.

SECJ0357E: The registry initialization failed with the following exception {0}.

Explanation

Registry cannot be initialized. Internal Error.

Action

Make sure that the user who is running WebSphere Application Server has administrative and "act as part of operating system" privileges in the Windows machine and is also an administrator in the domain machine. Contact your service representative if the problem persists.

SECJ0358E: Validating the user {0} throws the following exception {1}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0359E: Could not get the uniqueId for {0} because of the following exception {1}.

Explanation

An exception occurred when getting the uniqueId of a user or group.

Action

Make sure that the user or group is valid in the registry. If the active user registry is a custom registry, make sure a uniqueIds exist for the user or group.

SECJ0360E: Authentication failed for {0} because multiple users matched the user.

Explanation

Authentication failed because multiple users were found in the registry with the same name.

Action

When using LDAP, make sure that the user shortname is unique. For example, if "uid" is used as the shortname, make sure that the uid is unique in the registry.

SECJ0361E: Authentication failed for {0} because user is not found in the registry.

Explanation

Authentication failed because the user does not exist.

Action

Make sure that the user is valid in the registry. Also, when using LDAP, make sure that the user is searchable. The admin id in some LDAP servers might not be searchable.

SECJ0362E: Cannot create credential for the user {0}.

Explanation

A user cannot be found to create the credential.

Action

Make sure that the user is valid in the registry. Contact your service representative if the problem persists.

SECJ0363E: Cannot create credential for the user {0} because of the following exception {1}.

Explanation

Cannot create credential.

Action

Make sure that the user is valid in the registry. If this error is preceeded by other exceptions, check those also. Contact your service representative if the problem persists.

SECJ0364E: Cannot initialize ltpa object because of the following exception {0}.

Explanation

The LTPA server object cannot be initialized.

Action

In most cases, this error occurs because the LTPA keys cannot be decrypted using the LTPA password.
The password that is used to encrypt the keys is not the same password that is saved in the repository.
The server might not come up when this problem occurs. If this happens, disable security, start the server, and then enter a new password for LTPA.
Save the password, generate the keys, and then save again. Finally, turn on security and then stop and restart the server. Contact your service representative if the problem persists.

SECJ0365E: Cannot create security object during initialization.

Explanation

The security object cannot be created from the repository. This is an internal error.

Action

The security.xml might be corrupted or missing. Contact your service representative.

SECJ0366E: Cannot obtain the WebSphere Application Server process type during initialization.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0367W: Warning, LTPA is configured as the authentication mechanism but SSO is disabled. Web applications that use FormBased Login, including the WebSphere web based admin console, might not work correctly.

Explanation

SSO is required for FormBased logon to work in Web applications when LTPA is the authentication mechanism.

Action

If this is the intended configuration then ignore this warning. If this is not the intended configuration, then the enabled attribute of Single Sign-on element in the security.xml must be set to the true value.

SECJ0368E: No such LTPA Algorithm. The exception is {0}.

Explanation

This is an internal error. A NoSuchAlgorithmException occurred when the LTPAServer tried to sign the token.

Action

SECJ0369E: Authentication failed when using LTPA. The exception is {0}.

Explanation

Authentication has failed when using LTPA.

Action

There could be multiple reasons why this might have occurred. Most of the time this should have preceeded with other exceptions that will indicate what the exact problem is. This might occur if the userName, password or both are incorrect, if the setup of the registry is not valid. If problems persist contact your service representative.

SECJ0370E: Validation of the token failed because the token is null.

Explanation

Cannot validate the token since the token is null.

Action

SECJ0371W: Validation of the LTPA token failed because the token expired with the following info: {0}. This warning might indicate expected behavior. Please refer to technote at {1}. To discontinue logging of this message, see property com.ibm.websphere.security.ltpa.disableSECJ0371W description.

Explanation

Cannot validate the token since the token has expired.

Action

Once the token timeout is reached, the token is not validated and you must authenticate again. This is normal. Make sure that all the WebSphere nodes and cell(s) are synchronized with respect to time, date and time zone. You can change the token expiration time if necessary.

SECJ0372E: Validation of the inbound LTPA token failed. The configured LTPA keys are probably not the ones that generated the token signature.

Explanation

The LTPA keys might not be the correct ones needed to verify the signature of the token.

Action

This error occurs if the keys used to encrypt the token are not the same as the keys used to decrypt. If a new set of keys has been generated, this is an expected error. Any tokens signed using the old keys will no longer work. Contact your service representative if the problem persists.

SECJ0373E: Cannot create credential for the user {0} due to failed validation of the LTPA token. The exception is {1}.

Explanation

This is an internal Error. Cannot create a credential after the token is validated.

Action

This error usually occurs due to an expired token or a token created with different LTPA keys.If the token is expired, you might need to increase the LTPA timeout. If the keys are not the same, make sure that one set of LTPA keys are used.

SECJ0374E: The accessID in the token contains the wrong type. It should be either user or group. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0375E: Mismatch of realms during token validation.

Explanation

The realm in the token does not match the current realm.

Action

This error can occur when a token is passed between one cell and another cell, and the realms do not match in these cells. If you are using LDAP, make sure that both cells use the same host name and port number.

SECJ0376E: Error importing LTPA keys. The exception is {0}.

Explanation

Cannot import LTPA keys.

Action

This error occurs when the password used to import the keys does not match the password that encrypted the keys. Make sure that the password is the same. If the problem persists, contact your service representative.

SECJ0377E: Error exporting LTPA keys. The exception is {0}.

Explanation

Cannot export LTPA keys.

Action

SECJ0378E: Cannot get SecurityServer in the security MBean.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0379E: Cannot get LTPAServer in the security MBean.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ0380W: The keystore or truststore type specified is invalid. Adjusting to use the correct type, however, correct the SSL configuration for performance reasons.

Explanation

The keystore or truststore type specified is not valid.

Action

Modify the SSL configuration so that the keystore or truststore type is a valid type. You can check the keystore and truststore types by loading them in WebSphere"s IKeyMan tool.

SECJ0381I: Warning, the com.ibm.websphere.java2secman.norethrow property is true. The WebSphere Java 2 Security Manager is not rethrowing AccessControl exceptions. This debug setting should not be used in a production environment. See the InfoCenter for Java 2 Security debugging features.

Explanation

The com.ibm.websphere.java2secman.norethrow property, when it has a true value, instructs the Java 2 Security Manager to NOT rethrow AccessControl exceptions. This property is intented to assist
developers when they are preparing their applications for Java 2 Security. When this property value is true, the Security Manager reports the AccessControl exception
but does not rethrow or propagate the exception up the call stack. This might permit applications to access resources that would they would otherwise not have access to.
This property should not be specified in a production environment, only in a debug or application development environment.

Action

If this message is unexpected or the application is running in a production environment,
remove the com.ibm.ws.java2secman.norethrow property setting unless you understand the consequences.

SECJ0382I: The alias {0} from the server level security has not been updated to the cell.

Explanation

Informational.

Action

During the server and the cell security object merging, if a same alias name exists in both, the alias is not copied to the cell configuration.
This is as designed. Normally, this should not happen since the alias names are unique.
However, if a removeNode operation has been performed prior to the addNode operation, you might see this message since the removeNode does not remove the existing aliases. Also, if the alias names in the security.xml file were manually changed, then this message appears if the aliases match.

SECJ0383I: Proceeding with merging the server"s security configuration with the cell"s for this Application Server.

Explanation

Informational.

Action

This message appears when the Application Server contains its own security configuration that must be merged with cell level configuration.

SECJ0384E: Trust Association Init Error. The Trust Association interceptor implementation {0} initialization failed. The error status/exception is {1}. If you receive this error message in association with a trust association interceptor that you are not using, you can ignore this message.

Explanation

The initialization of this Trust Association implementation failed.

Action

Verify that the appropriate Trust Association properties required for the initialization are set up correctly. If you are using your own implementation, check your initilization method for any problems.
If a single Trust Association implementation is used, this indicates that the Trust Association is not in effect. However, if multiple TrustAssociation implementations are used, Trust Association can be in effect if one of the implementations is successful.
If you receive this error message in association with a trust association interceptor that you are not using, you can ignore this message.

SECJ0385W: Cannot find and load the FIPS approved IBM JSSE or JCE providers. This can be a problem if your environment must use FIPS approved cryptographic algorithms and you are not using your own FIPS approved providers. The error status/exception is {0}.

Explanation

Cannot find and load the FIPS approved IBM JSSE or JCE providers. This is a problem when the IBM FIPS approved JCE provider is missing. Websphere Application Server depends on it when a FIPS approved provider is required. However, a missing FIPS approved IBM JSSE provider might not be a problem provided that you have configured it to use your own FIPS approved JSSE provider.

Action

Make sure that the missing provider jar, if needed, is in the JDK ext directory.

SECJ0386I: Initializing registry to use Tivoli Access Manager for authentication.

Explanation

Authenticaton will be perfomed using Tivoli Access Manager. This requires that WebSphere is configured to use an external Tivoli Access Manager server.

Action

None, informational only.

SECJ0387E: Error getting the PolicyConfiguration object for the contextID {0}. The exception is {1}.

Explanation

Could not get the JACC provider PolicyConfiguration object. This object is required to propagate the security constraints information to the provider.

Action

Make sure that the JACC provider property javax.security.jacc.PolicyConfigurationFactory.provider is set correctly to the PolicyConfigurationFactory implementation class. The preferred way to set this property is to use the JACC configuration properties panel or wsadmin tool. Also make sure that the provider classes are in the class path of all the servers.

SECJ0388E: Problem getting the PolicyConfiguration inService status. The exception is {1}.

Explanation

The policy configuration object status could not be determined. Access will not be granted to this module.

Action

The module in question might be in the process of being deleted. If the problem persists, contact your service representative.

SECJ0389E: Problem getting the PolicyContext key {0}. The exception is {1}.

Explanation

The policy context key cannot be obtained to make the access decision.

Action

Make sure that the Policy Context Key in question is registered by the container.

SECJ0390E: Error when caling isCallerInRole for role {0}. The exception is {1}.

Explanation

Cannot determine the isCallerInRole because of the exception. Default is to return false. Make sure that the security role-ref information is correct.

Action

SECJ0391E: Error when setting the Policy object to the provider""s policy implementation {0}. The exception is {1}.

Explanation

The provider"s policy implementation cannot be loaded because of the exception.

Action

Make sure that the JACC provider properties are set correctly and the provider classes are in the class path. If problem persists, contact your service representative.

SECJ0392E: Error when checking the dataconstraint requirement for the contextID {0}. The exception is {1}.

Explanation

Could not determine the dataconstraint requirements for this resource. The request will be denied.

Action

Make sure that the dataconstraint requirements are correctly configured in the deployment descriptor.

SECJ0393E: Error when checking the isUserInRole requirement for the contextID {0}. The exception is {1}.

Explanation

Could not determine the isUserInRole requirements for this resource. The default value false will be returned

Action

Make sure that the RoleRef information is correctly configured in the deployment descriptor.

SECJ0394E: Principal exists in Subject returned by TAI.getSubject() but it does not implement java.security.Principal.

Explanation

The Trust Association Interceptor did not have the correct principal in the Subject. The principal must implement java.security.Principal.

Action

Contact the provider of the Trust Association Interceptor to ensure this problem gets resolved.

SECJ0395E: Could not locate the SecurityServer at host/port: {0} to validate the userid and password entered. You might need to specify valid securityServerHost/Port in WAS_INSTALL_ROOT/profiles/profile_name/properties/sas.client.props file.

Explanation

A SecurityServer could not be located for login.

Action

In some cases it is necessary to
specify a valid bootstrap host/port in the com.ibm.CSI.securityServerHost
and com.ibm.CSI.securityServerPort properties in the
${WAS_INSTALL_ROOT}/profiles/profile_name/properties/sas.client.props file.
See sas.client.props for details.

SECJ0396E: Error updating information to the JACC provider for application {0}. The exception is {1}.

Explanation

Cannot provide the security policy information to the JACC provider because of the exception. Without this information the authorization decisions, cannot be made correctly when security is enabled.

Action

Make sure that the JACC provider is properly configured and can be accessed. After the problem is fixed, either re-install the application or run the propagatePolicyToJACCProvider tool to propagate the policy information to the JACC provider. For more information about this tool, search for propagatePolicyToJaccProvider in the information center documentation.

SECJ0397W: Error removing information from the JACC provider for application {0}. The exception is {1}.

Explanation

Cannot delete the security policy information from the JACC provider because of the exception. This problem creates redundant information in the JACC provider.

Action

Make sure that the JACC provider is properly configured and can be accessed. The JACC provider might have tools to remove this information.

SECJ0398E: Error updating information to the JACC provider for application {0}. The exception is {1}.

Explanation

Cannot provide the security policy information to the JACC provider because of the exception. Without this information, the authorization decisions cannot be made correctly when security is enabled.

Action

Make sure that the JACC provider is properly configured and can be accessed. After the problem is fixed, one can either re-install the application or run the propagatePolicyToJACCProvider tool to propagate the policy information to the JACC provider. For more information about this tool, search for propagatePolicyToJaccProvider in the information center documentation. If the modification involved removing any modules, you can delete the information in the JACC provider to avoid redundant data.

SECJ0399E: Error updating deployment.xml information with the appContextIDForSecurity for application {0}. The exception is {1}.

Explanation

The appContextIDForSecurity atribute is required when using JACC as the authorization.

Action

If JACC will not be used for authorization then this should not impact anything. If JACC will be used for authorization, contact your IBM representative if this problem persists.

SECJ0400I: Successfully updated the application {0} with the appContextIDForSecurity information.

Explanation

Information only.

Action

Information only.

SECJ0401E: Error getting the WebModuleMetaData or missing metadata for context root {0}. The exception is {1}.

Explanation

This is an internal error. Without the meta data, the moduleName and applicationName cannot be obtained for access decisions.

Action

SECJ0402E: Error getting the RoleConfiguration object for the contextID {0}. The exception is {1}.

Explanation

Could not get the JACC provider RoleConfiguration object. This object is required to propagate the authorizationTable information to the provider.

Action

If the authorizationTable information is required by the provider, make sure that the JACC provider properties related to the RoleConfigurationFactoryImplClass is set correctly. Also make sure that the implementation classes are in the class path of all the servers.

SECJ0403E: The PolicyConfiguration object for the contextID {0} is null.

Explanation

Could not get the JACC provider PolicyConfiguration object. This object is required to propagate the security constraints information to the provider.

Action

SECJ0404E: The {0} object is null.

Explanation

Could not get the object required for security policy propagation.

Action

Make sure that the JACC provider properties are set correctly in the JACC configuration. Also make sure that all the provider classes are in the class path of all the servers.

SECJ0405E: The {0} object cannot be obtained because of the following error {1}.

Explanation

Could not get the object required for security policy propagation.

Action

Make sure that the JACC provider properties are set correctly in the JACC configuration. Also make sure that all the provider classes are in the class path of all the servers.

SECJ0406E: Cannot obtain the earFile for application {0}.

Explanation

The earFile is required to get the security policy information for the application. The configuration repository might be corrupted.

Action

SECJ0407E: Cannot obtain the application name for propagating the security constraints to the provider.

Explanation

The appname is required to propagate the security policy information to the provider.

Action

SECJ0408E: An exception occurred when removing the security policy information from the provider for application {0} during uninstall. The exception is {1}.

Explanation

Because of an exception, the security policy information might not have been removed completely from the provider during the application uninstallation.

Action

Make sure that the provider is up and running and the JACC configuration is correct. One can use the tools provided by the provider to remove the security policy information manully from the provider"s repository.

SECJ0409E: An exception occurred when propagating the security policy information for application {0} to the JACC provider. The exception is {1}.

Explanation

Because of an exception, the security policy information might not have been propapated to the provider during the application installation.

Action

Make sure that the provider is up and running and the JACC configuration is correct. Once the problem is fixed, one can also use the wsadmin tool to manually propagate the security policy information to the provider instead of reinstalling the application. See the information center documentation for more details on running this tool. If problem persists, contact your service representative.

SECJ0410E: An exception occurred when updating the security policy information for application {0} to the JACC provider. The exception is {1}.

Explanation

Because of an exception, the security policy information might not have been updated to the provider during the application update.

Action

SECJ0411E: An exception occurred when getting the authorization provider object from the configuration. The exception is {1}.

Explanation

Because of an exception, the security policy information might not have been updated to the provider.

Action

SECJ0412E: An Error occured when initializing the initialization class {0} of the JACC provider. The exception or the error code is {1}.

Explanation

The initialization implementation of the provider failed with an exception or a non-zero error code.

Action

Verify that the JACC provider properties are correctly set and that the initialization classes are in the class path. Check the provider implementation for problems. An error code of zero (0) indicates success.

SECJ0413I: The JACC provider is successfully initialized with the following setup. The policy class name is {0}. The PolicyConfigurationFactory class name is {1}. The optional RoleConfigurationFactory call name is {2}. The optional initialization class name is {3}.

Explanation

This message is provided for information purposes only.

Action

No user action is required.

SECJ0414W: FIPS is enabled but the IBMJCEFIPS provider is not active in the java.security file. To ensure FIPS algorithms usage for all WebSphere Application Server process types, uncomment the IBMJCEFIPS provider in the java.security file, ahead of the IBMJCE, and renumber the provider list in sequential order.

Explanation

When the server is running in FIPS mode the IBMJCEFIPS provider should be in the java.security file.

Action

The java.security file needs to be changed to include the IBMJCEFIPS provider in the provider list before the IBMJCE provider.

SECJ0415I: The security policy for application {0} is successfully propagated to the JACC provider.

Explanation

This message is provided for information purposes only.

Action

No user action is required.

SECJ0416I: The security policy for application {0} is successfully removed from the JACC provider.

Explanation

This message is provided for information purposes only.

Action

No user action is required.

SECJ0417I: FIPS is enabled.

Explanation

The server is running in FIPS mode, using the IBMJCEFIPS provider.

Action

No user action is required.

SECJ0418I: Cannot connect to the LDAP server {0}.

Explanation

Security is unable to connect to some target Lightweight Directory Access Protocol (LDAP) servers, which might prevent future failover.

Action

If you need to bring up additional servers for failover, verify that the required LDAP server is running.

SECJ0419I: The user registry is currently connected to the LDAP server {0}.

Explanation

This name refers to the LDAP host name that is currently used by the WebSphere Application Server security registry.

Action

No user action is required.

SECJ0420I: Security run time is unable to update LDAP registry binding information.

Explanation

new bind information might be incorrect.

Action

Verify bind DN and password are correct.

SECJ0421I: Security run time has successfully updated LDAP registry binding information.

Explanation

new LDAP bind information has been pushed to security run time.

Action

No user action is required.

SECJ0422I: During addNode from node "{0}" the default node certificate did not exchange its signer with the cell default truststore. This might cause a handshake failure when the cell tries to communicate with the node. Manual signer exchange might need to occur.

Explanation

It"s likely the TrustStore named CellDefaultTrustStore or KeyStore named NodeDefaultKeyStore does not exist in the configuration.

Action

The node"s signer certificates need to be added to the cell"s truststores.

SECJ0423I: During addNode from node "{0}" the default cell certificate did not exchange its signer with the node default truststore. This might cause a handshake failure when the node agent starts up. Manual signer exchange might need to occur.

Explanation

It"s likely the TrustStore named NodeDefaultTrustStore or KeyStore named CellDefaultKeyStore does not exist in the configuration.

Action

The cell"s signer certificates need to be added to the node"s truststores.

SECJ0424E: During addNode from node "{0}" the default keystore and truststore were not already created. An attempt to create them on the DMGR failed with exception: {1}.

Explanation

The creation of keystore and truststore with self-signed certificate failed.

Action

The node agent did not have certificates created when it was federated into the cell. The attempt to create them during addNode failed.

SECJ0425I: The custom property {0} from the Node security.xml already exists in the Cell security.xml and will not overwrite the Cell value.

Explanation

Informational.

Action

No user action is required. During the server and the cell security object merging, if a custom property with the same name exists in both, the property will not be copied to the cell configuration.
It is normal for the cell to have custom properties that match the server.

SECJ0426E: InternalServerId is used in the current dmgr configuration. Cannot add an older node. Modify the dmgr security configuration to use the serverID/passwd before adding an older version node.

Explanation

An earlier leveled node cannot be added to a dmgr whose configuration is using the internalServerId.

Action

The dmgr configuration needs to be modified to use the serverID/password before an older version node can be added

SECJ0427E: The server password is null or missing in the dmgr configuration. Cannot add an older version node unless the server password is entered.

Explanation

An earlier leveled node cannot be added to a dmgr whose configuration is missing the server password

Action

The dmgr configuration needs to be modified to specify the server password

SECJ0428E: The product cannot locate the HTTPS port value in the list of virtual hosts. Confirm that the port exists in the virtualhosts.xml file for the cell.

Explanation

The product cannot locate the HTTPS port value that is specified in the URL. The port value is not found in the list of virtual hosts.

Action

Check that the HTTPS port value that is specified is in the virtualhosts.xml file for the cell. The virtualhosts.xml file is located in the profile_root/config/cells/cell_name directory.

SECJ0429W: A login has occurred while admin security is disabled. An UNAUTHENTICATED Subject will be returned since most security subsystems are unavailable.

Explanation

When admin security is disabled we do not initialize user registry or other services needed to properly authenticate. Therfore, we will return an UNAUTHENTICATED Subject to ensure the runtime continues to operate.

Action

If an authenticated JAAS Subject is desired, you must enable at least administrative security in the security configuration.

SECJ0430W: The authentication cache currently has {0} entries which has exceeded the maximum size of {1}. The cache cleanup algorithm will remove some entries. Consider increasing the maximum cache size.

Explanation

When the authentication cache maximum size is reached, some entries from the cache are evicted. This will cause some users to go back through the login modules which is a slower process.

Action

To increase the max cache size for the authentication cache, set the following System property (com.ibm.websphere.security.util.authCacheMaxSize) for each process that needs it. The property default is 25000 entries.

SECJ0431E: Authentication had been already established.

Explanation

Authentication had been already established. If you want to login with another user, you need to logout first.

Action

SECJ0432I: Check that the Trusted Applications Profile Facility has been configured properly.

Explanation

Through the use of the FACILITY class and BBO.TRUSTEDAPPS class profile, trusted applications, as a general rule, are
needed when using SAF as the local operating system user registry or when you plan to use SAF authorization.

Action

You must enable the trusted applications by ensuring that the WebSphere Application Server has SAF access of READ to the RACF class of FACILITY and profile of BBO.TRUSTEDAPPS.<cell short name>.<cluster short name>.

SECJ0433I: If the authorization failure is not expected, ensure that the profile for the J2EE role in the EJBROLE class has been configured correctly, as well as the BBO.TRUSTEDAPPS profile in the FACILITY class.

Explanation

The role of the J2EE application must be defined as a profile in the EJBROLE class. Additionally, through
the use of the FACILITY class and BBO.TRUSTEDAPPS class profile, trusted application, as a general rule, are needed when you plan to use SAF authorization.

Action

You must ensure the requesting user or group has READ access to the role in the EJBROLE class. You must enable the
trusted applications by ensuring that the WebSphere Application Server has SAF access of READ to the FACILITY class and profile of BBO.TRUSTEDAPP.<cell short name>.<cluster short name>.

SECJ0434I: The URL provided on the custom logoutExitPage of the Form-Logout service can not be displayed, requestURL={0}, logoutExitPage={1}. Logout was successful and the default Form-Logout page was displayed.

Explanation

The Form-Logout service failed to successfully redirect to the page specfied on the logoutExitPage servlet parameter. The specified URL is either an invalidly formed URL or the hostname is not specified on the com.ibm.websphere.security.logoutExitPageDomainList property.

Action

Correct the URL specified on the logoutExitPage parameter.

SECJ0444W: Mismatching realm names between the security configuration and the federated repository configuration. Realm name in security.xml is {0}. Realm name in wimconfig.xml is {1}.

Explanation

The WIMUserRegistry is currently configured as the active user registry. The realm name defined for the active user registry in the security.xml file is different than the realm name defined in the wimconfig.xml file. This may cause an increase CPU usage on logins, and a higher contention during lookups during authentication.

Action

Validate that the realm name specified for the active user registry in the security.xml file is the same as the realm name specified in the wimconfig.xml file when the WIMUserRegistry is your active user registry.

SECJ0445I: LTPA token expiration messages, SECJ0371W, will not be logged due to security custom property: {0} = {1}.

Explanation

Custom Property com.ibm.ws.security.ltpa.disableSECJ0371W blocks logging of message SECJ0371W. Some administrators found these messages to be a nuisance, cluttering the server logs. Under some cricumstances SECJ0371W may expose unexpected behavior that administrators may need to address.

Action

None. Informational only.

SECJ0446I: An SSL configuration change was found. The SSL configuration is reinitialized: {0}

Explanation

The server refreshes the SSL configuration that is stored in memory.

Action

No action is required.

SECJ0447I: An SSL configuration change was not found: {0}

Explanation

The server did not refresh the SSL configuration that is stored in memory.

Action

No action is required.

SECJ0448W: The {0} SameSite security custom property is set to {1}, which is not a valid value. The SameSite attribute is not set on the single sign-on cookie.

Explanation

The SameSite security custom property cannot be set on the single sign-on cookie without a valid value. Valid SameSite custom property values are Lax, Strict, and None.

Action

Set the SameSite security custom property to Lax, Strict, or None.

SECJ0449E: The LTPA timeout value of {0} specified exceeds the maximum value of 10 years or 5256000 minutes.

Explanation

The maximum value for LTPA timeout cannot exceed 10 years or 5256000 minutes.

Action

Set the LTPA timeout value to a value less than or equal to the maximum supported value of 10 years of 5256000 minutes.

SECJ4000E: JAAS Login Exception occurred at {0}.

Explanation

JAAS Login exception occurred while refreshing the credential.

Action

Confirm user id, password and realm information are correct. If you still see the problem, contact your service representative with exception stack trace information present in the error log.

SECJ4001E: Login failed for {0}/{1} {2}

Explanation

Authentication can fail for many reasons. The user or password might not have been entered correctly, misspelled for instance.
The user account might not exist, might have expired, or be disabled. The password might have expired or require a change at first logon.
If WebSphere security is configured to use LDAP as the user registry, the WebSphere
security LDAP user and group search filter configuration might not match what the LDAP directory expects.

Action

Confirm that the user information (realm name, user name, password) is valid.
Try authenticating the user directly to the configured user registry outside of WebSphere authentication to verify that the
user and password are valid in the user registry. The WebSphere information center documents additional user account
requirements for specific user registries.

SECJ4002E: No CORBA Credentials for {0}/{1}

Explanation

Authentication failure occurred while invoking login() of realm/user since there is no CORBA credential.

Action

Confirm if the user information(realm name, user name password) is valid.

SECJ4003E: Credential token login is not valid for LocalOS

Explanation

JAAS Login failure occurred while invoking login() with token for LocalOS.

Action

LocalOS does not support login with token. Make sure that the application program is valid.

SECJ4004E: Login failed for credential token {0}

Explanation

JAAS Login failure occurred while invoking login() with token.

Action

Check the user authenticate data is correct. Enabling security debug trace will provide the details.(com.ibm.ws.security.auth.* )

SECJ4005E: No CORBA Credentials for credential token

Explanation

JAAS Login returned null credential while invoking login() with token. There is no CORBA Credential.

Action

login returned null Credential. Check the user application how it authenticate. Enabling security debug trace will provide the details.(com.ibm.ws.security.auth.* )

SECJ4006E: Invalid Credential Type {0}

Explanation

Getting the JAAS subject from CORBA credential failed with exception.

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ4007E: Not supposed to construct WSLoginHelperImpl object

Explanation

WSLoginHelperImpl object instance should not be constructed.

Action

Check the user application. WSLoginHelperImpl should not be directly constructed.

SECJ4008E: Missing some of the authentication data

Explanation

Some of the authentication data is missing.

Action

Check the next message. It identifies what is missing.

SECJ4009E: Either user name, realm or password data is missing.

Explanation

User name, realm name or password is missing.

Action

Confirm that the necessary authentication data is passed. Enabling security debug trace for component com.ibm.ws.security.auth.* might yield additional information.

SECJ4010E: Credential Token is null or empty array

Explanation

Credential token is missing.

Action

Confirm that the necessary authentication data is passed.

SECJ4011E: com.ibm.ejs.oa.EJSORB.getORBInstance() returns null

Explanation

com.ibm.ejs.oa.EJSORB.getORBInstance() returns null

Action

Make sure that the ORB is initialized correctly in the user application.

SECJ4012E: Error getting SecurityCurrent from the ORB {0}

Explanation

Getting security current caused an exception.

Action

Make sure that the ORB is initialized correctly in the user application.

SECJ4013E: An unexpected IOexception occurred in Login Module {0} CallbackHandler. The exception is {1}

Explanation

Exception occurred while processing callbacks

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ4014E: Login Module {0} detected unsupported {1} callback in CallbackHandler {2}

Explanation

Unsupported Exception occurred while processing callbacks

Action

Check the application. Contact your service representative with exception stack trace information present in the error log if the problem persists.

SECJ4015E: An unexpected exception occurred during the JAAS login commit action in Login Module {0}. The exception is {1}.

Explanation

Exception occurred while committing LoginModule

Action

Check the application. Contact your service representative with exception stack trace information present in the error log if the problem persists.

SECJ4016E: An unexpected exception occurred in Login Module {0} when removing principal {1} during cleanup. The exception is {2}

Explanation

Exception occurred while removing the principal.

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ4017E: An unexpected exception occurred in Login Module {0} when removing WSCredential during cleanup {1}

Explanation

Exception occurred while removing the credential.

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ4018E: Removing CORBA Credential during cleanup {0}

Explanation

Exception occurred while removing CORBA credential.

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ4019E: Not supposed to construct Util object

Explanation

Util object instance should not be constructed.

Action

Check the user application. Util should not be directly constructed.

SECJ4020E: CORBA: Invalid Attribute Type: {0} {1}

Explanation

CORBA credential has attribute that is not valid.

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ4021E: CORBA: Duplicate Attribute Type: {0} {1}

Explanation

CORBA credential has duplicate attributes.

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ4022E: CORBA: Not suppose to construct CredentialsHelper object

Explanation

CredentialsHelper object instance should not be constructed.

Action

Check the user application. CredentialsHelper should not be directly constructed.

SECJ4023E: Failed to create a Configuration instance.

Explanation

Failed to create a configuration instance

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ4024W: {0} :Warning: getAppConfigurationEntry() was called with no configuration name.

Explanation

getAppConfigurationEntry() was called with null string.

Action

Check the parameter if it is called from user application. If not, Contact your service representative.

SECJ4025E: unable to get system input stream {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ4026W: WSDefaultPrincipalMapping() should not be invoked.

Explanation

WSDefaultPrincipalMapping() should not be invoked.

Action

This is warning. Check the user application. WSDefaultPrincipalMappingshould not be directly constructed.

SECJ4027W: {0} does not exist, use {1} wsj2cdpm.properties

Explanation

Specified file did not exist. Use the default file.

Action

This is a warning. Check the specified file name.

SECJ4028E: Unexpected Exception caught in new URL {0} : Exception is {1}

Explanation

Unexpected exception occurred while creating a new URL.

Action

Check the specified URL. Contact your service representative with exception stack trace information present in the error log.

SECJ4029E: Unexpected Exception caught in openStream URL {0} : Exception is {1}

Explanation

Unexpected Exception occurred while opening an URL.

Action

Check the specified URL. Contact your service representative with exception stack trace information present in the error log.

SECJ4030E: Unrecognizable Callback index = {0} {1}

Explanation

Unrecognizable Callback is passed.

Action

Contact your service representative with information present in the error log.

SECJ4031E: Unexpected IOException caught {0}

Explanation

Unexpected IOException was caught while processing callbacks.

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ4032E: Method {0} detected missing or malformed data when trying to perform conversion. The data item name is {1} and value is {2}.

Explanation

Internal problem related to malformed or corrupted data storage.

Action

Contact your service representative with exception stack trace information present in the error log.

SECJ4033E: The LoginContext does not contain a Subject after authenticating user {0} with LoginModule alias {1}.

Explanation

The LoginModule did not create a Subject. There is a problem with the LoginModule

Action

This problem could be due to a configuration error in security.xml or an internal error.

SECJ4034I: Token Login failed. If the failure is due to an expiring token, verify the system date and time of the WebSphere nodes are synchronized or consider increasing the token timeout value. Authentication mechanism {0} and exception is {1}

Explanation

Token Authentication failure might be caused by an expired token, token that is not valid, or a date or time synchronization problem between WebSphere nodes. Web browsers often cache WebSphere SSO cookies which contain the token to validate. These tokens do expire.

Action

Token validation failures are not always unexpected given that tokens can expire. might consider increasing timeout value or verifying that the system date and time between WebSphere nodes is synchronized.

SECJ4035E: {0} :ERROR: Could not get System property: {1}

Explanation

Failed to get the specified property.

Action

Check if you defined the specified property correctly.

SECJ4036E: {0} : Error: An exception occurred when trying to reflect on or invoke convertMapToString(). The exception is {1}

Explanation

Exception occurred trying to reflect on or invoke convertMapToString().

Action

Investigate the exception. Check class path.

SECJ4037E: {0} :ERROR: Could not open URL: {1}. The exception is {2}

Explanation

MalformedURLException occurred trying to connect the specified URL.

Action

Investigate the exception. Check the specified URL.

SECJ4038E: {0} :ERROR: Could not create URL: {1}. The exception is {2}

Explanation

IOException occurred trying to connect the specified URL.

Action

Investigate the exception. Check the specified URL.

SECJ4039E: {0} :ERROR: A file parser exception occurred with file : {1}. The exception is {2}

Explanation

IOException occurred trying to connect the specified URL.

Action

Investigate the exception. Check the specified URL.

SECJ4040W: {0} :Warning: update() method passed either a null or empty string.

Explanation

null or empty string was passed to update() method.

Action

This is a warning.

SECJ4041E: {0} :ERROR: Could not create or open StringReader: {1}. The exception is {2}.

Explanation

Could not create or open the specified StringReader.

Action

Investigate the exception.

SECJ4042E: {0} :ERROR: A file parser exception occurred with file : {1}. The exception is {2}

Explanation

IOException occurred trying to connect the specified stringreader.

Action

Investigate the exception. Check the specified string.

SECJ4043W: {0} :Warning: An unexpected IOException occurred when closing a stream.

Explanation

Unexpected IOException occurred trying to close a stream.

Action

This is a warning.

SECJ4044E: WCCM jaas objects is not yet load.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ4045E: {0} : Error: An exception occurred when trying to reflect on or invoke convertMapToString(). The exception is {1}

Explanation

Exception occurred trying to reflect on or invoke convertMapToString().

Action

Investigate the exception. Check class path.

SECJ4046E: Duplicate login config name {0}. Will over write.

Explanation

Duplicate login configuration name was specified in the configuration data.

Action

Check the configuration data.

SECJ4047E: IOException occurred during parsing jaas application configuration. The exception is {0}

Explanation

IOException occurred during parsing jaas application configuration.

Action

Check the configuration file. Investigate the exception.

SECJ4048E: ParserException occurred during parsing jaas application configuration. The exception is {0}

Explanation

ParserException occurred during parsing jaas application configuration.

Action

Investigate the exception. It has the information of syntax error in the configuration file.

SECJ4049E: Error creating credential from registry object. The exception is {0}.

Explanation

Unexpected exception occurred while creating and initializing the user registry.

Action

Check the application and the registry set up. Contact your service representative if the problem persist.

SECJ4050E: An unexpected exception is caught: {0}.

Explanation

Unexpected exception occurred while restoring the credential.

Action

SECJ4051E: PrivilegedActionException is caught while serialized Subject is being restored. The exception is {0}.

Explanation

PrivilegedActionException occurred while restoring the credential. This exception is a wrapper of the exception created in doPrivileged block.

Action

Investigate the real source of the exception. Contact your service representative if the problem persist.

SECJ4052E: InvalidCredentialType exception is caught while serialized Subject is being restored. The exception is {0}.

Explanation

InvalidCredentialType exception occurred while restoring the credential.

Action

Investigate the SAS problem. Contact your service representative if the problem persist.

SECJ4053E: InvalidCredential exception is caught while serialized Subject is being restored. The exception is {0}.

Explanation

InvalidCredentialType exception occurred while restoring the credential.

Action

Investigate the SAS problem. Contact your service representative if the problem persist.

SECJ4054E: InvalidCredentialType exception is caught while serialized Subject is being restored. The exception is {0}.

Explanation

InvalidCredentialType exception occurred while restoring the credential.

Action

Investigate the SAS problem. Contact your service representative if the problem persist.

SECJ4055E: InvalidCredential exception is caught while serialized Subject is being restored. The exception is {0}.

Explanation

InvalidCredentialType exception occurred while restoring the credential.

Action

Investigate the SAS problem. Contact your service representative if the problem persist.

SECJ4056E: Error getting initial context. The exception is {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ4057I: WSMappingCallbackHandlerFactory implementation class {0} not defined.

Explanation

WSMappingCallbackHandlerFactory implementation class might be defined in security.xml to customize Mapping CallbackHandler. This is not an error condition. When the implementation class is not defined, a default WebSphere implementation will be used.

Action

No action is required unless one wants to override the WebSphere default WSMappingCallbackHandlerFactory implementation.

SECJ4058E: WSDefaultPrincipalMapping Initialization failed. The exception is {0}.

Explanation

WSDefaultPrincipalMapping initialization failed. The JCA container managed principal/credential mapping most likely will not work properly.

Action

Examine the cause of the exception and correct the problem. The most likely cause for this error is that the WSMappingCallbackHandlerFactory implementation class was not configured properly.

SECJ4059W: WSDefaultPrincipalMapping Initialization failed. Fall back to use WSMappingCallbackHandler.

Explanation

WSDefaultPrincipalMapping initialization failed. The JCA container managed principal/credential mapping most likely will not work properly.

Action

Examine the cause of the exception and correct the problem. The most likely cause for this error is that the WSMappingCallbackHandlerFactory implementation class was not configured properly.

SECJ4060W: Cannot find parameter {0} that might be needed by Mapping LoginModules.

Explanation

Either the custom properties HashMap or the authentication data alias was not defined.

Action

This might not be a problem depending on the particilar mapping LoginModules.

SECJ4061W: Exception {0} was thrown during mapping.

Explanation

An exception was created by the WebSphere default principal/credential mapping function.

Action

This is most likely caused by incorrect authentcaiton data configuration.

SECJ4062W: Cannot find the credential information.

Explanation

WebSphere default principal/credential mapping function could not find the specified credential information.

Action

This is most likely caused by incorrect authentication data configuration.

SECJ4063E: Exception {0} caught in processing callback {1}

Explanation

Unexpected problem occured when processing a WebSphere Application Server V5 mapping callback type.

Action

Contact your service representative with information present in the error log.

SECJ4064E: Trust state information missing in shared state, unable to perform identity assertion.

Explanation

A Custom Login module must be provided and configured prior to this login module in the JAAS Login Configuration and should have provided trust information in shared state.

Action

Check a Custom Login Module is provided and configured prior to this login module in the JAAS Login Configuration and make sure that the shared state information is set correctly based on the requirement.

SECJ4065W: Principal and X509Certificate provided in the trust information, using the principal.

Explanation

Both a principal and X509Certificate are provided in the trust information, the principal has priority and will be used for the login.

Action

If login with the X509Certificate is desired then the principal should not be passed in the trust information.

SECJ4066E: Could not find identity to perform identity assertion.

Explanation

A Custom Login module must provide an identity to perform identity assertion.

Action

Check a Custom Login module to make sure an idenity is provided to the perform identity assertion.

SECJ5000E: The following exception occurred while creating the attribute propagation token: {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ5001E: The following exception occurred while creating the attribute propagation token holder list from the authorization token: {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ5002W: An error occurred while serializing the custom object {0} from the current Subject. This does not cause the request to fail but this custom object will not get propagated.

Explanation

The object mentioned above probably does not implement the java.io.Serializable interface.

Action

Ensure that the object implements the java.io.Serializable interface to ensure it gets propagated downstream.

SECJ5003W: An error occurred while de-serializing a custom object from the inbound authorization token. This does not cause the request to fail but this custom object will not get restored in the inbound Subject.

Explanation

The object failed to de-serialize at the target server. The likely cause is the implementation class is not present on the target server or the Java class version between the sending server and target server is different.

Action

Ensure that the correct java class exists at the target server.

SECJ5004W: Trying to add propagation token name {0} and version {1} that already exists on the thread. The existing PropagationToken is returned and will not be overwritten.

Explanation

Cannot overwrite an existing PropagationToken. The existing one is returned, so use it to set new attributes given the proper permission.

Action

Check the addPropagationToken SPI for the value returned. A null value indicates this is the first time the token is added. A non-null value indicates you are setting the token again which is not allowed. Use the returned value to add new attributes.

SECJ5005E: Cannot create WSCredential without a valid com.ibm.wsspi.security.cred.uniqueId property value.

Explanation

The com.ibm.wsspi.security.cred.uniqueId property has not been found during a properties login attempt.

Action

Ensure that the java.util.Hashtable used for a properties login contains a valid property value for com.ibm.wsspi.security.cred.uniqueId.

SECJ5006E: Cannot create WSCredential without a valid com.ibm.wsspi.security.cred.securityName property value.

Explanation

The com.ibm.wsspi.security.cred.securityName property has not been found during a properties login attempt.

Action

Ensure that the java.util.Hashtable used for a properties login contains a valid property value for com.ibm.wsspi.security.cred.securityName.

SECJ5007E: Cannot create WSCredential without a valid com.ibm.wsspi.security.cred.longSecurityName property value.

Explanation

The com.ibm.wsspi.security.cred.longSecurityName property has not been found during a properties login attempt.

Action

Ensure that the java.util.Hashtable used for a properties login contains a valid property value for com.ibm.wsspi.security.cred.longSecurityName.

SECJ5008W: The realm specified in com.ibm.wsspi.security.cred.realm ({0}) does not match the current realm ({1}). This could cause problems when trying to make a downstream request.

Explanation

The realm specified does not match the current security realm of this server. This could cause problems when trying to go downstream to another server on the same current realm.

Action

If a different realm is desired, set the supportedTargetRealms field to include the new realm you are specifying in order to go outbound to servers in the current realm.

SECJ5009E: Could not create a WSCredential given the information provided during a propagation login. The following exception occurred: {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ5010E: Could not create default AuthenticationToken during propagation login. The following exception occurred: {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ5011E: Could not create default AuthorizationToken during propagation login. The following exception occurred: {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ5012E: Could not create default SingleSignonToken during propagation login. The following exception occurred: {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ5013E: Could not create default SingleSignonToken during propagation login. The following exception occurred: {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ5014E: Could not find the factory class {0} specified for this token. The exception is {1}.

Explanation

The LTPA TokenFactory implementation is likely not present in the class path.

Action

Ensure that the LTPA TokenFactory implementation is located in the WebSphere class path. Typically these implementations are put in the ${WAS_INSTALL_ROOT}/classes directory.

SECJ5015E: The LTPA TokenFactory {0} returned is null.

Explanation

The LTPA TokenFactory implementation is likely not present in the class path or it cannot be initialized.

Action

Ensure that the LTPA TokenFactory implementation is located in the WebSphere class path. Typically these implementations are put in the ${WAS_INSTALL_ROOT}/classes directory.

SECJ5016E: The LTPA TokenFactory {0} could not create a new LTPA token. The exception is {1}.

Explanation

The LTPA TokenFactory implementation had a problem in the createToken method or the keys used to create a token were not present.

Action

Ensure that the LPTA keys are configured properly and check the createToken implementation on the TokenFactory interface.

SECJ5017E: The Lightweight Third Party Authentication (LTPA) token could not be validated because the LTPA services are not available.

Explanation

This error most likely occurs when the Simple WebSphere Authentication Mechanism (SWAM) authentication mechanism is the active authentication mechanism. SWAM is meant for stand-alone servers and is not supported by WebSphere Process Server or by an environment that requires cross server (server-to-server) secure communications.

Action

Ensure that the active authentication mechanism is LTPA.

SECJ6000I: Security Auditing is enabled.

Explanation

This audit message indicates that the WebSphere Application Server Security Auditing service is enabled.

Action

No action is required is this is the desired setting.

SECJ6001I: Security Auditing is required.

Explanation

This audit message indicates that security auditing records are required.

Action

No action is required if this is the desired setting. Note that the intention of this auditing policy is not to commit a business transaction unless the required security auditing records can be saved.

SECJ6002E: Failed to load {0} name {1} and class name {2}.

Explanation

Failed to load the specified class which was defined in the global security custom properties.

Action

Verify that the class name, class path, and class file are configured properly.

SECJ6003I: Successfully loaded {0} name {1} and class name {2}.

Explanation

Indicate that the specified provider class was loaded.

Action

No action is required.

SECJ6004I: Security Auditing is disabled.

Explanation

This audit message indicates that the WebSphere Application Server Security Auditing service is disabled.

Action

No action is required if this is the desired setting.

SECJ6005E: Invalid configuration {0} = name {1} and class name {2}.

Explanation

The provider configuration in global security custom properties was incorrect.

Action

Check the specified properties and in particular the first missing parameter in the error message.

SECJ6006E: Security auditing is REQUIRED but {0} was not defined.

Explanation

At least one AuditEventFactory and an AuditServiceProvider must be defined when the security auditing policy is set to REQUIRED.

Action

Verify that the two properties com.ibm.websphere.security.audit.auditEventFactory and com.ibm.wsspi.security.audit.auditServiceProvider are defined proerly in the global security custom properties.

SECJ6007E: Undefined {0} = {1}.

Explanation

The specified properties was not defined properly in the global security customer properties.

Action

Verified that the specified properties is defined properly in the global security custom properties.

SECJ6008E: Exception caught in AuditService initialization, Exception = {0}.

Explanation

Runtime exception occured most likely due to incorrect class definition, incorrect class path, or missing class files.

Action

Examine the exception for the cause of the problem.

SECJ6009E: AuditEventFactory number {0} getActive() malfunction, Provider Exception = {1}.

Explanation

The getActive method in the spcified AuditEventFactory implementation failed.

Action

Examine the exception for the cause of the problem. If the problem was not related to incorrect configuration, then you need to consult with the vendor of the AuditEventFactory implementation.

SECJ6010W: Extra AuditServiceProvider definition detected and discarded: {0}.

Explanation

Extra AuditServiceProvider was defined and is discarded.

Action

The com.ibm.wsspi.security.audit.auditServiceProvider properties contains extra information than necessary. Any information following the valid AuditServiceProvider definition is discarded.

SECJ6011W: Custom property {0} was not defined.

Explanation

The specified audit service provider was not defined in the global security custom properties.

Action

Define the specified properties if security auditing service is required in your business environment.

SECJ6012I: Security Auditing is optional.

Explanation

This audit message indicates that security auditing records are optional.

Action

No action is required if this is the desired setting. Note that the intention of this auditing policy is not to suspend a business transaction when security auditing records cannot be saved.

SECJ6013E: The configured J2EE AuditEventFactory implementation did not implement the J2EEAuditEventFactory interface.

Explanation

As a convention, an AuditEventFactory implementation that is configured under the J2EE name must implement the J2EEAuditEventFactory interface.

Action

Examine the com.ibm.websphere.security.audit.AuditEventFactory properties in global security custom properties.

SECJ6014I: AuditEventType = {0}, AuditOutcome = {1}, AuditOutcomeReason = {2}, unique Event ID = {3}, Cell Name = {4}, Node Name = {5}, Server Name = {6}, Component Name = {7}, App Name = {8}, Session ID = {9}, Resource Name = {10}, Resource Type = {11}, Method Name = {12}, Provider Name = {13}, Provider Successful = {14}, Exception = {15}.

Explanation

This message is intended to be used by the defaultAuditEventFactoryImpl sendAccessAuditEvent method only.

Action

No action required.

SECJ6015I: AuditEvent = {0}, AuditEventFactory Name = {1}.

Explanation

This message is intended to be used by the defaultAuditServiceProviderImpl sendEvent method only.

Action

No action required.

SECJ6016I: AuditEventType = {0}, AuditOutcome = {1}, AuditOutcomeReason = {2}, unique Event ID = {3}, Cell Name = {4}, Node Name = {5}, Server Name = {6}, Component Name = {7}, App Name = {8}, Session ID = {9}, Resource Name = {10}, Resource Type = {11}, Realm = {12}, Authn Mechanism = {13}, Authn Method = {14}, User Name = {15}, Provider Name = {16}, Provider Successful = {17}, Subject = {18}, Caller List = {19}, Remote Addr = {20}, Remote Host = {21}, Remote Port = {22}, Exception = {23}.

Explanation

This message is intended to be used by the defaultAuditEventFactoryImpl sendAuthnAuditEvent method only.

Action

No action required.

SECJ6017E: Unexpected Exception {0}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ6018I: AuditEventType = {0}, AuditOutcome = {1}, AuditOutcomeReason = {2}, unique Event ID = {3}, Cell Name = {4}, Node Name = {5}, Server Name = {6}, Component Name = {7}, App Name = {8}, Session ID = {9}, Resource Name = {10}, Resource Type = {11}, Method Name = {12}, Provider Name = {13}, Provider Successful = {14}, Subject = {15}, Exception = {16}.

Explanation

This message is intended to be used by the defaultAuditEventFactoryImpl sendAuthzAuditEvent method only.

Action

No action required.

SECJ6019I: AuditEventType = {0}, AuditOutcome = {1}, AuditOutcomeReason = {2}, unique Event ID = {3}, Cell Name = {4}, Node Name = {5}, Server Name = {6}, Component Name = {7}, App Name = {8}, Provider Name = {9}, Provider Successful = {10}, Original Realm = {11}, Original User Name = {12}, Mapped Realm = {13}, Mapped User Name = {14}, Exception = {15}.

Explanation

This message is intended to be used by the defaultAuditEventFactoryImpl sendMappingAuditEvent method only.

Action

No action required.

SECJ6020I: AuditEvent = {0} AuditEventFactory Name = {1}.

Explanation

This message is intended to be used by the defaultAuditServiceProviderImpl sendEvent method only.

Action

No action required.

SECJ6021I: AuditEventType = {0}, AuditOutcome = {1}, AuditOutcomeReason = {2}, unique Event ID = {3}, Cell Name = {4}, Node Name = {5}, Server Name = {6}, Component Name = {7}, App Name = {8}, Session ID = {9}, Realm = {10}, User Name = {11}, Provider Name = {12}, Provider Successful = {13}, Subject = {14}, Caller List = {15}, Remote Addr = {16}, Remote Host = {17}, Remote Port = {18}, Exception = {19}.

Explanation

This message is intended to be used by the defaultAuditEventFactoryImpl sendLogoutAuditEvent method only.

Action

No action required.

SECJ6022E: AuditServiceProvider malfunction when security auditing is required, Provider Exception = {0}.

Explanation

The configured AuditServiceProvider did not run the method in a reasonable time period while security auditing function is required.

Action

Examine the exception for the cause of the problem. Typically the business transactions should have been aborted because no security auditing record can be logged.

SECJ6023E: Auditing is enabled but could not get a handle to the audit context objects.

Explanation

Could not obtain a handle to the Audit context objects in order to be able to populate with event data.

Action

Examine the exception for the cause of the problem.

SECJ6024E: AuditServiceProvider failure logging audit event, Exception = {0}.

Explanation

A failure occurred in the auditing subsystem, preventing the event from being processed/logged.

Action

Examine the exception for the cause of the problem.

SECJ6025E: Failure generated a shared key. Exception = {0}.

Explanation

A failure occurred during shared key generation.

Action

Examine the exception for the cause of the problem.

SECJ6026E: Exception while opening up audit keystore file. Exception = {0}.

Explanation

Could not open the audit keystore.

Action

Examine the exception for the cause of the problem. Ensure that the audit keystore exists.

SECJ6027E: Exception while retrieving the signer information from the audit signer certificate. Exception = {0}.

Explanation

A failure occurred while retrieving the audit signer certificate.

Action

Examine the exception for the cause of the problem. Ensure that the signer certificate exists.

SECJ6028E: Exception retrieving a certificates""s encoded bytes UTF-8 format. Exception = {0}.

Explanation

Certificate encoding error.

Action

Examine the exception for the cause of the problem.

SECJ6029E: Unsupported encoding exception raised. Exception = {0}.

Explanation

Encoding error.

Action

Examine the exception for the cause of the problem.

SECJ6030E: Failure to encrypt the audit record. Exception = {0}.

Explanation

Encryption error generated while trying to encrypt the audit record.

Action

Examine the exception for the cause of the problem.

SECJ6031E: Failure to sign the audit record. Exception = {0}.

Explanation

Signing error generated while trying to sign the audit record.

Action

Examine the exception for the cause of the problem.

SECJ6032E: Failure writing audit record out to the binary log. Exception = {0}.

Explanation

IO error writing the audit record to the binary log.

Action

Verify the log exists. Examine the exception for the cause of the problem.

SECJ6033E: Failure to initialize Audit encryption algorithm. Exception = {0}.

Explanation

Initialization failure of encryption algorithm.

Action

Examine the exception for the cause of the problem.

SECJ6034E: Exception raised trying to create the Audit log. Exception = {0}.

Explanation

Failed to create the output Audit log.

Action

Examine the exception for the cause of the problem.

SECJ6035E: Failure to write to the Audit log.

Explanation

Could not write the audit record to the Audit log.

Action

Verify the log exists. Check the error logs for any possible IO exceptions.

SECJ6036E: AuditService not initialized.

Explanation

Audit service was not initialized, which occurred most likely due to incorrect class definition, incorrect class path, or missing class files.

Action

Examine the exception for the cause of the problem.

SECJ6037E: Configuration error: no audit event factories are defined.

Explanation

No Audit Event Factory implementations are found in the configuration.

Action

Ensure that there is at least one audit event factory configured.

SECJ6038E: Audit keystore not found.

Explanation

Cannot find keystore created by the Auditor.

Action

Ensure that the keystore has been created containing the certificate generated by the Auditor.

SECJ6039E: Configuration error: no audit service providers are defined.

Explanation

No Audit Service Providerimplementations are found in the configuration.

Action

Ensure that there is at least one audit service provider configured.

SECJ6040E: Unexpected exception while creating the audit record object. Exception = {0}.

Explanation

An error occurred while building the auditable record data.

Action

Examine the exception for the cause of the problem.

SECJ6041E: Failure to initialize Audit signing algorithm. Exception = {0}.

Explanation

An error occurred during the initialization of the Audit signing algorithm.

Action

Examine the exception for the cause of the problem.

SECJ6042E: Data that is not valid was passed into the signing algorithm.

Explanation

A data stream that was not valid was passed in to the signing algorithm.

Action

Verify that a non-null byte stream of data is being passed in.

SECJ6043E: Message digest data not valid

Explanation

Message digest is null or not valid.

Action

Verify that the message digest is not null or not valid.

SECJ6044E: Data that is not valid was passed into the encryption algorithm.

Explanation

A data stream that is not valid was passed into the encryption algorithm.

Action

Verify that a non-null byte stream of data is being passed in.

SECJ6045E: Shared key that is not valid has been encountered.

Explanation

A shared key that is not valid was detected.

Action

Verify that a valid key is being used. Check the error logs for further information.

SECJ6046E: Data that is not valid was passed into the decryption algorithm.

Explanation

A data stream that is not valid was passed into the decryption algorithm.

Action

Verify that a non-null byte stream of data is being passed in.

SECJ6047E: Unrecoverable error occurred in the audit subsystem.

Explanation

An unrecoverable error occurred in the audit subsystem. Auditing is discontinued.

Action

Examine the error logs for the cause of the problem.

SECJ6048E: Failure sending audit notification.

Explanation

An error occurred while sending an audit notification.

Action

Examine the error logs for the cause of the problem.

SECJ6049E: Error in the audit notification configuration.

Explanation

Audit system failure policy set to WARN or FATAL, but notification configuration is not properly configured.

Action

Ensure audit notification is configured.

SECJ6050E: Audit Event Factory did not initialize. Exception = {0}.

Explanation

Audit Event Factory was not initialized, which occurred most likely due to incorrect class definition, incorrect class path, or missing class files.

Action

Examine the exception for the cause of the problem.

SECJ6051E: User name specified as the auditor ID does not have auditor privileges.

Explanation

Cannot assign a user who does not have the auditor role as the primary auditor.

Action

Ensure the user specified is given the auditor role or select a user who already has the auditor role.

SECJ6052E: Workspace error occurred attempting to change the primary auditor ID.

Explanation

An error occurred accessing the workspace.

Action

None

SECJ6053E: The audit log wrapping behavior is set to NOWRAP and the maximum number of audit logs has been reached. Quiescing the server.

Explanation

The server is in a quiesced state. The maximum number of audit logs has been reached and the wrapping behavior is set to not wrap the oldest log.

Action

Determine whether the maximum number of audit logs needs to be increased. To get the audit service and server running again, archive all the audit logs to a safe repository, and restart the server.

SECJ6054E: The audit log wrapping behavior is set to SILENT_FAIL and the maximum number of audit logs has been reached. Audit logging will stop.

Explanation

Audit logging stopped: maximum number of audit logs has been reached and the wrapping behavior is set to SILENT_FAIL.

Action

Determine whether the maximum number of audit logs needs to be increased. Archive all the saved audit logs to a safe repository and restart the server to restart the auditing service

SECJ6100I: Invalid URI.

Explanation

A web request is rejected because it contains a URI name that is not valid.

Action

Incorrect URI might be a simple user error or an indication of potential threat where malicious users explore the weakness of web applications. You might perform a correlation analysis of security auditing events.

SECJ6101I: Web access security context not found.

Explanation

A web request is rejected because no web access security context is configured.

Action

The cause might be a simple user error or an indication of potential threat where malicious users explore the weakness of web applications. You might perform a correlation analysis of security auditing events.

SECJ6102I: Access to a web resource is allowed because no access control is required.

Explanation

Access to a web resource does not require access control because there is no servlet mapping.

Action

The URI is not protected. No action is required is this is the desired configuration. Otherwise, proper security constraint should be added to the web application.

SECJ6103I: Access to a web resource is allowed because no access control is required.

Explanation

Access to a web resource does not require access control because there is no security constraint.

Action

The URI is not protected. No action is required is this is the desired configuration. Otherwise, proper security constraint should be added to the web application.

SECJ6104I: Access to a web resource is allowed because the URI is either login page, error page or form login page.

Explanation

Access to login page, error page, and form login page does not require access control.

Action

The URI is not protected. No action is required.

SECJ6105I: Access to a web resource is denied because no security role is defined in the auth constraint.

Explanation

According to Servlet V2.4 Spec, access to a web resource should be precluded if there is an auth constraint in the security constraint but there is no security role defined in the auth constraint.

Action

Modify the security constraint if the current behavior does not fit your needs.

SECJ6106I: The request is redirected to {0} because the requested resource must be accessed via HTTPS.

Explanation

The requested resource has a Data Constraint and requires SSL connection to it.

Action

No action is required.

SECJ6107I: The request is denied because the {0} login method was not supported.

Explanation

WebSphee Application Server does not support the configured login method.

Action

Modify the deployment descriptor to choose a supported login method. You might explore the Trust Association Interface and the UserRegistry interface and plug in your custom implementation to support the DIGEST login method.

SECJ6108I: Access to a web resource is allowed because there is no auth constraint.

Explanation

According to Servlet V2.4 Spec, access to a web resource should be permitted if there is no auth constraint in the security constraint.

Action

Modify the security constraint if the current behavior does not fit your needs.

SECJ6109I: Access to a web resource is allowed because either the EVERYONE Special Subject was mapped to at least one of the required security role or if there is no auth constraint.

Explanation

Access to a web resource is granted to any user without requiring authentication when the Everyone Special Subject was mapped to at least one of the required security role.

Action

Modify the security constraint if the current behavior does not fit your needs.

SECJ6110I: SSO token {0} was validated successfully.

Explanation

Authentication was successful.

Action

No action is required.

SECJ6111I: SSO token {0} failed validation with an Exception.

Explanation

Authentication failed due to internal failure.

Action

Examine the cause of the exception and correct the problem. If the problem persists, contact your service representative.

SECJ6112I: SSO token {0} is expired and failed validation.

Explanation

Authentication failed because the SSO token has expired.

Action

No action is required.

SECJ6113I: SSO token {0} is invalid and failed validation.

Explanation

Authentication failed because the SSO token was not valid.

Action

No action is required.

SECJ6114I: Trust Accosication Interceptor challenges the web client for authentication information. Status code = {0}.

Explanation

A Trust Association Interceptor engages in the authentication protocol and needs authentication information from the web client.

Action

No action is required.

SECJ6115I: Authentication successful with Trust Accosication Interceptor.

Explanation

The authentication via the specified Trust Association Interceptor was successful.

Action

No action is required.

SECJ6116I: Authentication failed becasue Trust Accosication Interceptor user name cannot be mapped to WebSphere Application Server user.

Explanation

The authentication via the specified Trust Association Interceptor failed because the asserted user name cannot be mapped to a valid WebSphere Application Server user.

Action

If this problem persists, the mapping problem is likely to be caused either by incorrect TAI configuration or by TAI implementation.

SECJ6117I: Authentication failed due to missing or incorrect user name and/or password. Redirect to {0}.

Explanation

Form based Authentication failed due to missing or incorrect user id or password. Typically a web user will be redirect to a login page to retry.

Action

No action is required.

SECJ6118I: Authentication failed becasue Trust the client certificate cannot be mapped to WebSphere Application Server user.

Explanation

The authentication based on the X509 client certificate failed because the certificate user name cannot be mapped to a valid WebSphere Application Server user.

Action

No action is required.

SECJ6119I: Authentication failed becasue the client certicate user name cannot be mapped to WebSphere Application Server user.

Explanation

The authentication failed because the client certificate user name cannot be mapped to a valid WebSphere Application Server user.

Action

The user might not be defined in the registry. Otherwise, verify the registry and mapping configuration.

SECJ6120I: Authentication failed becasue the user registry was not defined.

Explanation

The authentication failed because there is no active user registry defined to map the client certificate user name to a valid WebSphere Application Server user.

Action

Verify that the registry and mapping configuration.

SECJ6121I: Client certificate Authentication failed due to internal error.

Explanation

The authentication failed due to an unexpected runtime exception.

Action

Report the problem to IBM.

SECJ6122I: Client certificate Authentication failed due to internal error. Will try Basec authentication which is permitted by the web application configuration.

Explanation

The authentication failed due to an unexpected runtime exception. The web application configuration allows authentication using user id and password. Will try to see if there is user id and password information in the HTTP header.

Action

No action is required.

SECJ6123I: HTTP authorization header is missing. Send out 401 challenge.

Explanation

The authentication failed because there is no authorization header in the HTTP header. WebSphere Application Server will send a 401 challenge to the web client.

Action

No action is required.

SECJ6124I: Basic authentication data is missing. Send out 401 challenge.

Explanation

The authentication failed because there is no user id and password information in the HTTP header. WebSphere Application Server will send a 401 challenge to the web client.

Action

No action is required.

SECJ6125I: Basic authentication failed due to incorrect user id and/or password Will send a 401 challenge.

Explanation

The authentication failed because there the user id and password information in the HTTP header was incorrect. WebSphere Application Server will send a 401 challenge to the web client.

Action

No action is required.

SECJ6126I: Basic authentication was successful.

Explanation

Authentication using the user id and password in the HTTP header was successful.

Action

No action is required.

SECJ6127I: Basic authentication failed due to internal error.

Explanation

Basic Authentication failed and a runtime exception was caught.

Action

Report this problem to IBM.

SECJ6128I: Authentication failed due to internal error.

Explanation

Authentication failed and a runtime exception was caught.

Action

Report this problem to IBM.

SECJ6129I: Access is allowed because security is disabled.

Explanation

Access to the resource is allowed because WebSphere Application Server global security eas not enabled.

Action

No action required if this is the configured behavior.

SECJ6130I: Access is allowed.

Explanation

Access to the resource is allowed because the user or the groups the user is in have the required security role.

Action

No action required if this is the desired behavior.

SECJ6131I: Access is denied.

Explanation

Access to the resource is denied because the user or the groups the user is in does not have any of the required security role.

Action

No action required if this is the desired behavior.

SECJ6132I: Access is denied, Reason: {0}.

Explanation

Access to the resource is denied because the user or the groups the user is in does not have any of the required security role.

Action

No action required if this is the desired behavior.

SECJ6133I: Parsing client certificate failed.

Explanation

Access to the resource is denied because the user or the groups the user is in does not have any of the required security role.

Action

No action required.

SECJ6134I: Session does not exist on server.

Explanation

The client context id (= 0) in a MessageInContext message is not valid.

Action

No action required.

SECJ6135I: Session does not exist on server.

Explanation

The client context id is inconsistent with session state.

Action

This problem should be analyzed to determine whether it was due to program or operational error or due to spoofing attempt.

SECJ6136I: Session or token expired.

Explanation

The security token in the security context has expired.

Action

Typically token has a finite expiration time and this condition might be normal.

SECJ6137I: ASSOC_ACCEPT message is illegal at the target. The client might not be using correct configuration.

Explanation

The message type ASSOC_ACCEPT should not be received at the target server. This might occur due to an exception that occurred on the client which caused a mixup.

Action

Check the client configuration to ensure that there"s nothing out of the ordinary that might be causing an exception to occur.

SECJ6138I: Security context setup successfully.

Explanation

The client security context was re-established successfully using the client session context identifier. The message type ASSOC_ACCEPT should not be received at the target server.

Action

No action is required.

SECJ6139I: The authorization token is invalid.

Explanation

Parsing the client authorization token failed.

Action

Need to determine if this is caused by programming error.

SECJ6140I: Invalid GSS security token format.

Explanation

GSS security context token contains OID number that is not valid or authentication mechanism that is not valid.

Action

No action required.

SECJ6141I: Authentication failed due to internal error.

Explanation

Authentication failed due to internal error.

Action

No action required.

SECJ6142I: Cannot obtain the identity of the ITTPrincipalName.

Explanation

The Identity token is not valid.

Action

No action is required.

SECJ6143I: Authentication failed.

Explanation

Could not validate Client Authentication Token or Client Certificates during Identity Assertion.

Action

No action is required.

SECJ6144I: Authentication failed.

Explanation

Failed to convert the client certificate.

Action

No action is required.

SECJ6145I: Authenticate to unauthenticated credentials.

Explanation

Setting the credentials to unauthenticated because there is no valid identity token.

Action

No action is required.

SECJ6146I: Message type was not supported.

Explanation

Message type is not EstablishContext and stateful=false.

Action

No action is required.

SECJ6147I: Authentication failed.

Explanation

Examine the exception for reason of failure.

Action

No action is required.

SECJ6148I: Authentication succeeded.

Explanation

The authentication was successful.

Action

No action is required.

SECJ6149I: Principal/Credential mapping succeeded.

Explanation

The J2EE Connection principal/credential mapping was successful.

Action

No action is required.

SECJ6150I: The user has the required roles {0}.

Explanation

The user has been granted to one or more of the required roles.

Action

No action is required.

SECJ6151I: The user does not have the required roles {0}.

Explanation

The user has not been granted any one of the required roles.

Action

No action is required.

SECJ6152I: Form Logout.

Explanation

The HTTP session is cleaned up after form logout.

Action

No action is required.

SECJ6153I: Redirect to form based login page {0} to prompt for web client authentication data.

Explanation

The web resource requires Form based authentication. Typically a web user will be redirected to a login page to enter user id and password.

Action

No action is required.

SECJ6154I: Form based authentication was successful.

Explanation

Form based authentication was successful.

Action

No action is required.

SECJ6205W: The current Java 2 Security policy reported a potential violation of a Java 2 Security Permission. Refer to the InfoCenter for further information.{0}Permission:{1}Code:{2}Code Base Location:{3}

Explanation

Action

Verify that the attempted operation is permitted by examining all Java 2 security policy files and application code. Additional permissions might be required, an AccessController.doPrivileged call might be needed in some code on the call stack, or the Security Manager has properly prevented access to a resource that a caller does not have permission to access.

SECJ6206W: The current Java 2 Security policy report a potential violation of a Java 2 Security Permission. Stack Trace:{0}

Explanation

The Java Security Manager checkPermission() threw a SecurityException. A caller on the call stack does not have the required permission.

Action

Verify that the attempted operation is permitted by examining all Java 2 security files and application code. Additional permissions might be required.

SECJ6207I: Authorized credential management is enabled.

Explanation

Applications running in this server are considered "trusted". When applications are trusted, the security infrastructure will allow the creation of MVS credentials without a password, passticket, or certificate as an authenticator. Trusted applications must be enabled in order to use the LTPA authentication mechanism, identity assertion, or a Trust Association Interceptor with a "Local OS" user registry on z/OS. Trusted applications must also be enabled to use SAF authorization.

Action

No user action is required.

SECJ6208I: Authorized credential management is disabled.

Explanation

Applications running in this server are not considered "trusted". Since applications are not trusted, the security infrastructure has disallowed the creation of MVS credentials without a password, passticket, or certificate as an authenticator. Trusted applications must be enabled in order to use the LTPA authentication mechanism, identity assertion, or a Trust Association Interceptor with a "Local OS" user registry on z/OS. Trusted applications must also be enabled to use SAF authorization.

Action

No user action is required.

SECJ6209I: Application thread identity synchronization is enabled.

Explanation

The server has been configured to perform J2EE and operating system thread identity synchronization for applications that request it.

Action

No user action is required.

SECJ6210W: Application thread identity synchronization has been disabled by the z/OS security product.

Explanation

The server has been configured to perform J2EE and operating system thread identity synchronization for applications that request it but the security product has not authorized the use of this support.

Action

Contact your security product administrator to request authorization to use thread identity synchronization.

SECJ6211I: Connection management thread identity synchronization is enabled.

Explanation

The server has been configured to perform J2EE and operating system thread identity synchronization for connectors that are able to exploit it.

Action

No user action is required.

SECJ6212W: Connection management thread identity synchronization has been disabled by the z/OS security product.

Explanation

The server has been configured to perform J2EE and operating system thread identity synchronization for connectors that are able to exploit it but the security product has not authorized the use of this support.

Action

Contact your security product administrator to request authorization to use thread identity synchronization.

SECJ6213I: Thread identity synchronization will not subject to SURROGAT authorization.

Explanation

WebSphere will not perform SURROGAT class authorization checks prior to creating native security environments.

Action

No user action is required.

SECJ6214I: SAF authorization is enabled.

Explanation

WebSphere for z/OS has been configured to use the z/OS security product for authorization. The authorization policies for WebSphere must be defined in the EJBROLE class of the z/OS security product. Authorization policies embedded in the applications will be ignored.

Action

No user action is required.

SECJ6215E: The SAF credential token {0} has been finalized but the underlying native credential has not been destroyed.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ6216I: SAF delegation is enabled.

Explanation

The APPLDATA associated with the profile representing the J2EE role will be used to determine the id of a user that is in the role. An invocation Subject will be built with a credential for that user.

Action

No user action is required.

SECJ6217E: Unable to create a SAF delegation credential for the SAF profile named "{0}" in application "{1}". The native service results information are: {2}.

Explanation

The security service was unable to create a delegation credential. This failure is usually due to incorrect or missing APPLDATA associated with the EJBROLE profile associated with the application role.

Action

Verify that the EJBROLE profile exists and is defined correctly. If the profile is correct, use the information about the SAF service, and SAF service return codes to determine the cause of the failure. If the problem persists, contact the IBM support center.

SECJ6218W: The SAF delegation implementation was unable to create a subject in the role named "{0}" in application "{1}" for role delegation. The current subject will be used.

Explanation

An earlier error prevented WebSphere from creating a subject that was in the required role. The target method will be dispatched without a change the current security environment. This might result in authorization errors as the caller might not be in the required role.

Action

Examine the previous messages to determine the initial cause of th error.

SECJ6219I: Basic authentication failed for user "{0}". The native service results related to the authentication failure are: {1}.

Explanation

WebSphere was unable to authenticate the user with the password that was presented. It is likely that the user ID or password were not valid.

Action

Verify that the user ID is valid. If the user is valid, use the provided SAF serivce information to get more information about the cause of the failure.

SECJ6220I: Certificate authentication failed for certificate with SubjectDN="{0}" and IssuerDN="{1}". The native service results related to the authentication failure are: {2}.

Explanation

WebSphere was unable to map the certificate that was presented to a valid user. It is likely that the issuer of the certificate is not trusted or that the mapping rules do not account for issuer and subject distinguished names.

Action

Verify that the certificate chain is trusted. If the chain is valid and trusted, use the provided SAF service information to get more information about the cause of the failure.

SECJ6221E: A native credential for user "{0}" cannot be recreated. The native service results related to this failure are: {1}.

Explanation

An authorized service used to create a native z/OS credential has failed. The credential cannot be used by the caller.

Action

Use the provided SAF service information to determine the cause of the failure. If the problem persists, contact the IBM support center.

SECJ6222I: Thread identity synchronization of user "{0}" was not authorized by the z/OS security product.

Explanation

The z/OS security product did not authorize the creation of a security environment for the specified user. The security environment associated with the current address space will be used.

Action

Contact your security product administrator to authorize the creation of a security environment for the specified user if required by your application.

SECJ6223E: Thread identity synchronization of user "{0}" failed. The native service results related to this failure are: {1}.

Explanation

An authorized service used to perform thread identity synchronization has failed. The thread security environment might not have been associated with the current thread of execution.

Action

User the provided SAF service information to determine the cause of the failure. If the problem persists, contact the IBM support center.

SECJ6224I: The custom SAF role to profile mapper "{0}" has been initialized.

Explanation

A custom SAF role to profile mapper has been configured, loaded, and initialized.

Action

No user action is required.

SECJ6225E: Unable to load the custom SAF role to profile mapper "{0}" due to the following exception: {1}

Explanation

WebSphere was unable to load and and instantiate the configured class. This is generally due to an incorrect class name.

Action

Verify that the specified class name is correct and that it can be loaded by the WebSphere class loader.

SECJ6226W: Thread identity synchronization of user "{0}" is not allowed on the "initial pthread task."

Explanation

The BPX1TLS service does cannot be called from the initial pthread task (IPT). If this service is called on the IPT, future calls to perform connection management or application thread identity synchronization will fail.

Action

No action is required.

SECJ6227W: Authentication failed for kerberos principal {0}. The native service results related to the authentication failure are: {1}.

Explanation

WebSphere was unable to map the kerberos prinicpal that was presented to a valid RACF user.

Action

Verify that the kerberos principal is set to the KERBNAME value in the KERB segment of a valid RACF user.

SECJ6228E: The distributed user name is null and will not be mapped not a SAF user.

Explanation

The distributed user name is null and will not be mapped not a SAF user.

Action

Specify a valid distributed user name.

SECJ6229E: The distributed realm name is null.

Explanation

The distributed realm name is null and will not be mapped not a SAF user.

Action

Specify a valid distributed realm name.

SECJ6230E: The distributed user name exceeds the maximum length of {1}. The distributed user, {0}, will not be mapped to a SAF user.

Explanation

The distributed user name exceeds the maximum allowable length.

Action

Specify a valid distributed user name.

SECJ6231E: The distributed realm name exceeds the maximum length of {1}. The distributed realm name is {0}. The distributed user will not be mapped to a SAF user.

Explanation

The distributed realm name exceeds the maximum allowable length.

Action

Specify a valid distributed realm name.

SECJ6232E: The distributed user could not be mapped to a SAF user, most likely because there was no match in the SAF database filters. The distributed user name is: {0}. The distributed realm name is: {1}.

Explanation

The distributed user could not be mapped to a SAF user, most likely because there was no match for the distributed user name and realm name in the RACMAP profiles of the SAF database.

Action

Verify that a RACMAP profile exists in the SAF database for the distributed user name and realm name.

SECJ6233I: The version number of the SAF product is: {0}.

Explanation

The version of the SAF product is displayed.

Action

No user action is required.

SECJ6234I: The SAF feature for distributed identity mapping is in effect.

Explanation

The SAF feature for distributed identity mapping is in effect. Distributed users will be mapped to SAF users using the filters defined in the SAF RACMAP profiles.

Action

No user action is required.

SECJ6235I: The SAF feature for distributed identity mapping is not in effect.

Explanation

The SAF feature for distributed identity mapping is not in effect.

Action

No user action is required.

SECJ6236E: Authorization failed; the exception is {0}.

Explanation

Authorization failed for the user. The exception has information on why the authorization failed.

Action

Examine the message in the exception for more information.

SECJ6237E: Authorization failed. The SAF user {0} does not have {1} access to any of the following SAF profiles in the EJBROLE class: {2}.

Explanation

Authorization failed for the user.

Action

Consult with the SAF administrator for granting the necessary access in the SAF database.

SECJ7000I: Security Configuration Name

Explanation

None

Action

None

SECJ7001I: Value

Explanation

None

Action

None

SECJ7002I: Security Settings

Explanation

None

Action

None

SECJ7003I: Active authentication mechanism

Explanation

None

Action

None

SECJ7004I: Active RMI/IIOP authentication protocol

Explanation

None

Action

None

SECJ7005I: User account repository

Explanation

None

Action

None

SECJ7006I: Authentication cache timeout

Explanation

None

Action

None

SECJ7007I: Default SSL settings

Explanation

None

Action

None

SECJ7008I: Administrative security

Explanation

None

Action

None

SECJ7009I: Restrict access to resource authentication data

Explanation

None

Action

None

SECJ7010I: Java 2 security

Explanation

None

Action

None

SECJ7011I: Warn if applications are granted custom permissions

Explanation

None

Action

None

SECJ7012I: Use realm-qualified user names

Explanation

None

Action

None

SECJ7013I: Use the local security server

Explanation

None

Action

None

SECJ7014I: Authentication mechanisms and expiration

Explanation

None

Action

None

SECJ7015I: Authentication configuration

Explanation

None

Action

None

SECJ7016I: Authentication context implementation class

Explanation

None

Action

None

SECJ7017I: Authentication validation config

Explanation

None

Action

None

SECJ7018I: Password

Explanation

None

Action

None

SECJ7019I: Simple authentication config

Explanation

None

Action

None

SECJ7020I: Timeout of authentication data forwarded between servers

Explanation

None

Action

None

SECJ7021I: Enable trust association

Explanation

None

Action

None

SECJ7022I: Interceptors

Explanation

None

Action

None

SECJ7023I: Interceptor class name

Explanation

None

Action

None

SECJ7024I: Single signon (SSO)

Explanation

None

Action

None

SECJ7025I: Domain name

Explanation

None

Action

None

SECJ7026I: Requires SSL

Explanation

None

Action

None

SECJ7027I: User Registry

Explanation

None

Action

None

SECJ7028I: Realm

Explanation

None

Action

None

SECJ7029I: Server user ID

Explanation

None

Action

None

SECJ7030I: Server user password

Explanation

None

Action

None

SECJ7031I: Authorization configuration

Explanation

None

Action

None

SECJ7032I: External authorization using a JACC provider

Explanation

None

Action

None

SECJ7033I: Authorization providers

Explanation

None

Action

None

SECJ7034I: Provider initialization class name

Explanation

None

Action

None

SECJ7035I: J2EE Policy implementation class name

Explanation

None

Action

None

SECJ7036I: Name

Explanation

None

Action

None

SECJ7037I: Policy configuration factory class name

Explanation

None

Action

None

SECJ7038I: Requires the EJB arguments policy context handler for access decisions

Explanation

None

Action

None

SECJ7039I: Role configuration factory class name

Explanation

None

Action

None

SECJ7040I: Supports dynamic module updates

Explanation

None

Action

None

SECJ7041I: Application login configuration

Explanation

None

Action

None

SECJ7042I: Entries

Explanation

None

Action

None

SECJ7043I: Alias

Explanation

None

Action

None

SECJ7044I: JAAS login modules

Explanation

None

Action

None

SECJ7045I: Authentication strategy

Explanation

None

Action

None

SECJ7046I: Module class name

Explanation

None

Action

None

SECJ7047I: Custom properties

Explanation

None

Action

None

SECJ7048I: Value

Explanation

None

Action

None

SECJ7049I: CSI

Explanation

None

Action

None

SECJ7050I: Claims

Explanation

None

Action

None

SECJ7051I: Stateful sessions

Explanation

None

Action

None

SECJ7052I: Layers

Explanation

None

Action

None

SECJ7053I: Supported ciphers

Explanation

None

Action

None

SECJ7054I: Enable

Explanation

None

Action

None

SECJ7055I: Establish trust in client

Explanation

None

Action

None

SECJ7056I: Required Quality of protection (QoP) settings

Explanation

None

Action

None

SECJ7057I: Confidentiality

Explanation

None

Action

None

SECJ7058I: Enable Protection

Explanation

None

Action

None

SECJ7059I: Integrity

Explanation

None

Action

None

SECJ7060I: Server Authentication

Explanation

None

Action

None

SECJ7061I: SSL configurations

Explanation

None

Action

None

SECJ7062I: performs

Explanation

None

Action

None

SECJ7063I: Session GC Idle Time

Explanation

None

Action

None

SECJ7064I: Session GC Interval

Explanation

None

Action

None

SECJ7065I: Authentication Layer Retry Count

Explanation

None

Action

None

SECJ7066I: SAS

Explanation

None

Action

None

SECJ7067I: SSL configuration repertoires

Explanation

None

Action

None

SECJ7068I: SSL settings

Explanation

None

Action

None

SECJ7069I: Client authentication

Explanation

None

Action

None

SECJ7070I: Cryptographic token

Explanation

None

Action

None

SECJ7071I: Key file format

Explanation

None

Action

None

SECJ7072I: Key file name

Explanation

None

Action

None

SECJ7073I: Key file password

Explanation

None

Action

None

SECJ7074I: Security level

Explanation

None

Action

None

SECJ7075I: Trust file format

Explanation

None

Action

None

SECJ7076I: Trust file name

Explanation

None

Action

None

SECJ7077I: Trust file password

Explanation

None

Action

None

SECJ7078I: Cryptographic token

Explanation

None

Action

None

SECJ7079I: Library file

Explanation

None

Action

None

SECJ7080I: Token Type

Explanation

None

Action

None

SECJ7081I: Custom properties

Explanation

None

Action

None

SECJ7082I: System login configuration

Explanation

None

Action

None

SECJ7083I: Properties

Explanation

None

Action

None

SECJ7084I: Enable pluggable authentication

Explanation

None

Action

None

SECJ7085I: Required

Explanation

None

Action

None

SECJ7086I: Global security

Explanation

None

Action

None

SECJ7088I: Security

Explanation

None

Action

None

SECJ7089I: Console Name

Explanation

None

Action

None

SECJ7090I: Console Path Name

Explanation

None

Action

None

SECJ7091I: Name

Explanation

None

Action

None

SECJ7092I: Java Authentication and Authorization Service

Explanation

None

Action

None

SECJ7093I: System logins

Explanation

None

Action

None

SECJ7094I: Application logins

Explanation

None

Action

None

SECJ7095I: Administrative users and groups

Explanation

None

Action

None

SECJ7096I: Administrative Role Name

Explanation

None

Action

None

SECJ7097I: Administrative Role Value

Explanation

None

Action

None

SECJ7098I: Administrator User

Explanation

None

Action

None

SECJ7099I: No Administrator User

Explanation

None

Action

None

SECJ7100I: Operator User

Explanation

None

Action

None

SECJ7101I: No Operator user or group

Explanation

None

Action

None

SECJ7102I: Moderator User

Explanation

None

Action

None

SECJ7103I: No Moderator user or group

Explanation

None

Action

None

SECJ7104I: Configurator User

Explanation

None

Action

None

SECJ7105I: No Configurator user or group

Explanation

None

Action

None

SECJ7106I: Administrative User Roles

Explanation

None

Action

None

SECJ7107I: Administrative Group Roles

Explanation

None

Action

None

SECJ7108I: Administrator Group

Explanation

None

Action

None

SECJ7109I: Operator Group

Explanation

None

Action

None

SECJ7110I: Moderator Group

Explanation

None

Action

None

SECJ7111I: Configurator Group

Explanation

None

Action

None

SECJ7112I: CORBA Naming Console Name

Explanation

None

Action

None

SECJ7113I: CORBA Naming Role Name

Explanation

None

Action

None

SECJ7114I: CORBA Naming Role Value

Explanation

None

Action

None

SECJ7115I: CORBA Naming Console Path

Explanation

None

Action

None

SECJ7116I: Read

Explanation

None

Action

None

SECJ7117I: Everyone

Explanation

None

Action

None

SECJ7118I: ServerId

Explanation

None

Action

None

SECJ7119I: All Authenticated Users and Groups

Explanation

None

Action

None

SECJ7120I: Specific User Ids

Explanation

None

Action

None

SECJ7121I: No roles defined

Explanation

None

Action

None

SECJ7122I: CORBA Naming Service Groups

Explanation

None

Action

None

SECJ7123I: Write

Explanation

None

Action

None

SECJ7124I: Create

Explanation

None

Action

None

SECJ7125I: Delete

Explanation

None

Action

None

SECJ7126I: Environment

Explanation

None

Action

None

SECJ7127I: Naming

Explanation

None

Action

None

SECJ7128I: SSL certificate and key management

Explanation

None

Action

None

SECJ7129I: Console Name for Certificate Management

Explanation

None

Action

None

SECJ7130I: Console Path for Certificate Management

Explanation

None

Action

None

SECJ7131I: Certificate Alias

Explanation

None

Action

None

SECJ7132I: Certificate Expiry

Explanation

None

Action

None

SECJ7133I: Certificate Management

Explanation

None

Action

None

SECJ7134I: RMI/IIOP security

Explanation

None

Action

None

SECJ7135I: Authentication mechanisms and expiration

Explanation

None

Action

None

SECJ7136I: Authentication expiration

Explanation

None

Action

None

SECJ7137I: Application security

Explanation

None

Action

None

SECJ7138I: External authorization providers

Explanation

None

Action

None

SECJ7139I: Manage endpoint security configurations

Explanation

None

Action

None

SECJ7140I: Web security

Explanation

None

Action

None

SECJ7141I: Trust association

Explanation

None

Action

None

SECJ7142I: Interceptors

Explanation

None

Action

None

SECJ7143I: Single signon (SSO)

Explanation

None

Action

None

SECJ7144I: Key stores

Explanation

None

Action

None

SECJ7145I: Trust managers

Explanation

None

Action

None

SECJ7146I: Key managers

Explanation

None

Action

None

SECJ7147I: Management scope

Explanation

None

Action

None

SECJ7148I: Key set groups

Explanation

None

Action

None

SECJ7149I: Key sets

Explanation

None

Action

None

SECJ7150I: Schedules

Explanation

None

Action

None

SECJ7151I: Notifications

Explanation

None

Action

None

SECJ7152I: Manage certificate expiration

Explanation

None

Action

None

SECJ7153I: Web Authentication

Explanation

None

Action

None

SECJ7154I: Internal server ID

Explanation

None

Action

None

SECJ7155I: Use the registry server id instead of the internal server id

Explanation

None

Action

None

SECJ7156I: Trusted identity

Explanation

None

Action

None

SECJ7157I: Password

Explanation

None

Action

None

SECJ7158I: Client Authentication Supported

Explanation

None

Action

None

SECJ7159I: Enabled Ciphers

Explanation

None

Action

None

SECJ7160I: JSSE Provider

Explanation

None

Action

None

SECJ7161I: Trust store

Explanation

None

Action

None

SECJ7162I: SSL Protocol

Explanation

None

Action

None

SECJ7163I: File-based key store

Explanation

None

Action

None

SECJ7164I: Host list

Explanation

None

Action

None

SECJ7165I: Initialize at startup

Explanation

None

Action

None

SECJ7166I: Path

Explanation

None

Action

None

SECJ7167I: Provider

Explanation

None

Action

None

SECJ7168I: Type

Explanation

None

Action

None

SECJ7169I: milliseconds

Explanation

None

Action

None

SECJ7170I: seconds

Explanation

None

Action

None

SECJ7171I: minutes

Explanation

None

Action

None

SECJ7172I: Dynamically update run time when SSL configuration changes occur

Explanation

None

Action

None

SECJ7173I: Ignore case for authorization

Explanation

None

Action

None

SECJ7174I: Custom registry class name

Explanation

None

Action

None

SECJ7175I: Default client certificate alias

Explanation

None

Action

None

SECJ7176I: Default server certificate alias

Explanation

None

Action

None

SECJ7177I: Algorithm

Explanation

None

Action

None

SECJ7178I: Class name

Explanation

None

Action

None

SECJ7179I: Additional Trust Manager attributes

Explanation

None

Action

None

SECJ7180I: Key file name

Explanation

None

Action

None

SECJ7181I: Class name

Explanation

None

Action

None

SECJ7182I: Hover help key

Explanation

None

Action

None

SECJ7183I: Inclusive

Explanation

None

Action

None

SECJ7184I: NLS Range Key

Explanation

None

Action

None

SECJ7185I: Range

Explanation

None

Action

None

SECJ7186I: Class name

Explanation

None

Action

None

SECJ7187I: Certificate alias

Explanation

None

Action

None

SECJ7188I: Direction

Explanation

None

Action

None

SECJ7189I: Scope Name

Explanation

None

Action

None

SECJ7190I: Scope Type

Explanation

None

Action

None

SECJ7191I: Automatically generate keys

Explanation

None

Action

None

SECJ7192I: Key set

Explanation

None

Action

None

SECJ7193I: Minute

Explanation

None

Action

None

SECJ7194I: Key alias prefix name

Explanation

None

Action

None

SECJ7195I: Delete key references that are beyond the maximum number of keys

Explanation

None

Action

None

SECJ7196I: Specifies a key pair instead of a key

Explanation

None

Action

None

SECJ7197I: Key generation class

Explanation

None

Action

None

SECJ7198I: Maximum key references

Explanation

None

Action

None

SECJ7199I: Key reference

Explanation

None

Action

None

SECJ7200I: Key Alias

Explanation

None

Action

None

SECJ7201I: Version

Explanation

None

Action

None

SECJ7202I: Day of week

Explanation

None

Action

None

SECJ7203I: Frequency

Explanation

None

Action

None

SECJ7204I: Hour

Explanation

None

Action

None

SECJ7205I: Next start date

Explanation

None

Action

None

SECJ7206I: List of e-mail addresses

Explanation

None

Action

None

SECJ7207I: Log to SystemOut

Explanation

None

Action

None

SECJ7208I: Automatically replace expiring self-signed certificates

Explanation

None

Action

None

SECJ7209I: Expiration notification threshold

Explanation

None

Action

None

SECJ7210I: Delete old certificate after replacement

Explanation

None

Action

None

SECJ7211I: Enable checking

Explanation

None

Action

None

SECJ7212I: Schedules

Explanation

None

Action

None

SECJ7213I: Notifications

Explanation

None

Action

None

SECJ7214I: days

Explanation

None

Action

None

SECJ7215I: messages

Explanation

None

Action

None

SECJ7216I: Primary administrative user name

Explanation

None

Action

None

SECJ7217I: General settings

Explanation

None

Action

None

SECJ7218I: CORBA Naming Service Users

Explanation

None

Action

None

SECJ7219I: Base distinguished name

Explanation

None

Action

None

SECJ7220I: Bind distinguished name

Explanation

None

Action

None

SECJ7221I: Bind password

Explanation

None

Action

None

SECJ7222I: Reuse connection

Explanation

None

Action

None

SECJ7223I: Search timeout

Explanation

None

Action

None

SECJ7224I: SSL enabled

Explanation

None

Action

None

SECJ7225I: Custom registry class name

Explanation

None

Action

None

SECJ7226I: Use the United States Federal Information Processing Standard (FIPS) algorithms

Explanation

None

Action

None

SECJ7227I: Deployer User

Explanation

None

Action

None

SECJ7228I: No Deployer user or group

Explanation

None

Action

None

SECJ7229I: Moderator Group

Explanation

None

Action

None

SECJ7230I: AdminSecurityManager User

Explanation

None

Action

None

SECJ7231I: No AdminSecurityManager user or group

Explanation

None

Action

None

SECJ7232I: AdminSecurityManager Group

Explanation

None

Action

None

SECJ7233I: Primary Authentication Method for Administrative Actions

Explanation

None

Action

None

SECJ7234I: Allow basic authentication

Explanation

None

Action

None

SECJ7235I: Allow fallback to LTPA

Explanation

None

Action

None

SECJ7236I: Kerberos configuration file

Explanation

None

Action

None

SECJ7237I: Kerberos keytab file

Explanation

None

Action

None

SECJ7238I: Kerberos realm name

Explanation

None

Action

None

SECJ7239I: Kerberos service name

Explanation

None

Action

None

SECJ7240I: Kerberos service name password

Explanation

None

Action

None

SECJ7241I: Trim Kerberos realm from principal name

Explanation

None

Action

None

SECJ7242I: Personal certificate for encryption

Explanation

None

Action

None

SECJ7243I: Trusted signers keystore

Explanation

None

Action

None

SECJ7244I: Nonce cache timeout

Explanation

None

Action

None

SECJ7245I: Token timeout

Explanation

None

Action

None

SECJ7246I: Automatically reload SPNEGO Configuration

Explanation

None

Action

None

SECJ7247I: SPNEGO Configuration reload timeout

Explanation

None

Action

None

SECJ7248I: SPNEGO Filters

Explanation

None

Action

None

SECJ7249I: Enable delegation of Kerberos credentials

Explanation

None

Action

None

SECJ7250I: SPNEGO Filter class

Explanation

None

Action

None

SECJ7251I: SPNEGO Filter criteria

Explanation

None

Action

None

SECJ7252I: Host name

Explanation

None

Action

None

SECJ7253I: NTLM token received page URL

Explanation

None

Action

None

SECJ7254I: SPNEGO not supported page URL

Explanation

None

Action

None

SECJ7255I: Description

Explanation

None

Action

None

SECJ7256I: Usage

Explanation

None

Action

None

SECJ7257I: Supported message layer authentication mechanisms

Explanation

None

Action

None

SECJ7258I: Security domains

Explanation

None

Action

None

SECJ7259I: Application and Java 2 Security

Explanation

None

Action

None

SECJ7260I: LTPA Timeout

Explanation

None

Action

None

SECJ7261I: User Realm

Explanation

None

Action

None

SECJ7262I: Authorization Provider

Explanation

None

Action

None

SECJ7263I: JAAS Application Logins

Explanation

None

Action

None

SECJ7264I: JAAS System Logins

Explanation

None

Action

None

SECJ7265I: RMI/IIOP Security

Explanation

None

Action

None

SECJ7266I: Trust Association

Explanation

None

Action

None

SECJ7267I: Is Credential Forwardable

Explanation

None

Action

None

SECJ7268I: Limit

Explanation

None

Action

None

SECJ7269I: Use native authorization

Explanation

None

Action

None

SECJ7270I: Use claim

Explanation

None

Action

None

SECJ7271I: Stateful sessions

Explanation

None

Action

None

SECJ7272I: Enable out of sequence detection

Explanation

None

Action

None

SECJ7273I: Enable replay detection

Explanation

None

Action

None

SECJ7274I: External

Explanation

None

Action

None

SECJ7275I: Cookie Protection

Explanation

None

Action

None

SECJ7276I: Session Security

Explanation

None

Action

None

SECJ7277I: HttpOnly custom property

Explanation

None

Action

None

SECJ7278I: Servers

Explanation

None

Action

None

SECJ7279I: Application servers

Explanation

None

Action

None

SECJ7280I: Session management

Explanation

None

Action

None

SECJ7281I: Single signon requires SSL

Explanation

None

Action

None

SECJ7282I: LDAPUserRegistry configured with Kerberos credential cache (ccache) filename {0} and keytab filename {1}, using Kerberos credential cache (ccache) for Kerberos bind authentication to LDAP server

Explanation

In order to use keytab, the keytab filename must be specified and the Kerberos credential cache (ccache) filename must not be specified.

Action

None

SECJ7300E: Failed in attempt to add administrative user to virtual member manager

Explanation

Admin user id could not be added to virtual member manager file-based registry

Action

Validate virtual member manager has been configured

SECJ7305E: Found other virtual member manager repository configurations. Only the built-in virtual member manager file-based repository is supported through the wizard

Explanation

Found other virtual member manager repository configurations but only file-based is supported in the wizard

Action

None

SECJ7310E: Workspace exception while adding user to admin-authz.xml

Explanation

An error occuring accessing the Workspace

Action

None

SECJ7311E: Failed to add user to admin-authz.xml

Explanation

Error occurred updating the admin-authz.xml file with the new admin user

Action

None

SECJ7312E: Failed to get to Security workspace

Explanation

Exception raised when accessing the Security object in the workspace

Action

None

SECJ7320E: Invalid user registry type

Explanation

Valid user registry types are: LDAPUserRegistry, LocalOSUserRegistry, CustomUserRegistry, WIMUserRegistry

Action

Ensure user registry type is a valid type

SECJ7321E: Invalid LDAP user registry type

Explanation

LDAP registry type was not a valid type

Action

Ensure user registry type is a valid type

SECJ7330E: Failed to verify admin user would not be locked out of console

Explanation

Exception raised while verifying at least one admin id in the admin-authz.xml exists in the user registry

Action

None

SECJ7331E: Failed to auto-generate the LTPA password

Explanation

Could not auto-generate an LTPA password

Action

None

SECJ7332E: Failed to auto-generate the Server Id

Explanation

Could not auto-generate a Server Id

Action

None

SECJ7333E: Could not find admin name in the specified user registry

Explanation

Admin name does not exist in the specified user registry

Action

Ensure that the admin name exists in the user registry prior to executing command

SECJ7334E: Exception raised while applying wizard security settings

Explanation

Caught exception while applying wizard security settings

Action

None

SECJ7335E: Exception raised while getting wizard security settings

Explanation

Caught exception while getting wizard security settings

Action

None

SECJ7336E: Exception raised while getting Application Security setting

Explanation

Caught exception while getting Application Security setting

Action

None

SECJ7337E: Exception raised while getting Global Security setting

Explanation

Caught exception while getting Global Security setting

Action

None

SECJ7338E: Exception raised while setting Global Security setting

Explanation

Caught exception while setting Global Security setting

Action

None

SECJ7339E: Exception raised while validating admin name

Explanation

Caught exception while validating admin name

Action

None

SECJ7340E: Exception raised trying to connect to LDAP server

Explanation

Exception raised connecting to the LDAP server

Action

Verify input parameters are correct

SECJ7341E: Exception raised while setting useRegistryServerId

Explanation

Exception raised while setting useRegistryServerId in the user registry object

Action

None

SECJ7342E: Failed to validate user/password

Explanation

Failed to validate user password in federated respositories

Action

None

SECJ7350E: Exception raised while adding adminId to user registry

Explanation

Exception raised while adding adminId to user registry

Action

None

SECJ7355E: Failed to add the adminID to the user registry object

Explanation

Failed to add the adminID to the user registry object

Action

None

SECJ7356E: Unsupported audit system failure action type

Explanation

The audit system failure action type provided is not supported. Supported types are: WARN, NOWARN, and FATAL

Action

Verify the audit system failure action type is correctly specified

SECJ7357E: Configuration error detected in the audit configuration

Explanation

Error detected in the audit configuration

Action

Verify that the audit configuration is correctly specified in the audit.xml

SECJ7358E: Non valid or no value specified for auditor identity.

Explanation

The auditor identity is a required field.

Action

Verify that a value has been specified for the auditor identity

SECJ7359E: Non valid or no value specified for auditor password.

Explanation

The auditor password is a required field.

Action

Verify that a value has been specified for the auditor password

SECJ7360E: Non valid or no reference specified for the keystore.

Explanation

The keystore reference is a required field.

Action

Verify that a valid reference has been specified for the keystore

SECJ7361E: Non valid or no reference specified to uniquely identify this implementation.

Explanation

The uniqueName reference is a required field.

Action

Verify that a valid reference has been specified for the uniqueName

SECJ7362E: Non valid or no reference specified for the class name of this implementation.

Explanation

The className reference is a required field.

Action

Verify that a valid reference has been specified for the className

SECJ7363E: Non valid or no reference specified for the event formatter class name.

Explanation

The eventFormatterClassName reference is a required field.

Action

Verify that a valid reference has been specified for the eventFormatterClassName

SECJ7364E: Non valid or no reference specified for the location of the binary audit file.

Explanation

The fileLocation reference is a required field.

Action

Verify that a valid reference has been specified for the fileLocation

SECJ7365E: Non valid or no reference specified for the audit filters.

Explanation

The auditFilters reference is a required field.

Action

Verify that a valid reference has been specified for the auditFilters

SECJ7366E: Failed to create object.

Explanation

Failure occurred trying to create a configuration object.

Action

None

SECJ7367E: Non valid or no reference specified for the event type.

Explanation

The eventType field is required.

Action

Verify that a valid reference has been specified for the event type

SECJ7368E: Non valid or no reference specified for the audit outcome.

Explanation

The outcome field is required.

Action

Verify that a valid reference has been specified for the audit outcome

SECJ7369E: Non valid or no reference specified for the audit service provider.

Explanation

The provider field is required.

Action

Verify that a valid reference has been specified for the audit service provider

SECJ7370E: Non valid or no value specified for the audit specification reference.

Explanation

The audit specification reference field is required.

Action

Verify that a valid value has been specified for the audit specification reference

SECJ7371E: Non valid or no reference specified for the audit event factory implementation.

Explanation

The eventFactory field is required.

Action

Verify that a valid reference has been specified for the audit event factory implementation

SECJ7372E: Failure to retrieve the audit specifications.

Explanation

Failure while retrieving the audit specifications.

Action

None

SECJ7373E: Non valid reference to Binary File audit service provider implementation.

Explanation

Reference must be to a Binary File audit service provider implementation.

Action

Verify that a valid reference has been specified to a Binary File implementation

SECJ7374E: Audit Notification Monitor already configured.

Explanation

Audit Notification Monitor has already been configured.

Action

None

SECJ7375E: Non valid name for Audit Notification Monitor.

Explanation

Non valid name for audit notification monitor specified.

Action

Verify that a valid name has been specified for the audit notification monitor

SECJ7376E: Non valid reference for Audit Notification.

Explanation

Non valid reference for audit notification specified.

Action

Verify that a valid reference has been specified for the audit notification

SECJ7377E: Unsupported operation: cannot delete a subset of a multi-set defined filter.

Explanation

Admin task does not support deletion of a subset of a multi-set defined filter.

Action

None

SECJ7378E: No attributes specified on the modify command.

Explanation

No attributes were specified on the modify command.

Action

Supply attribute(s) to modify on the audit object

SECJ7379E: No attributes specified on the delete command.

Explanation

No attributes were specified on the delete command.

Action

Supply attribute(s) to delete the specified object

SECJ7380E: Unable to delete audit service provider: provider in use

Explanation

Audit service provider is in use by an audit event factory implementation and cannot be deleted.

Action

None

SECJ7381E: Audit Notification Monitor is not configured.

Explanation

Audit Notification Monitor is not configured.

Action

None

SECJ7382E: Non valid reference for Audit Notification Monitor.

Explanation

Non valid reference for audit notification monitor specified.

Action

Verify that a valid reference has been specified for the audit notification monitor

SECJ7383E: Non valid name for Audit Notification.

Explanation

Non valid name for audit notification specified.

Action

Verify that a valid name has been specified for the audit notification

SECJ7384E: Must enter an email list when send email is true.

Explanation

Must enter an email list when send email is true.

Action

Supply an email list

SECJ7385E: Non valid email format specified.

Explanation

Must either specify "html" or "text".

Action

Supply a valid email format

SECJ7386E: Audit notification already configured.

Explanation

Audit notification already exists.

Action

None

SECJ7387E: Audit notification is in use.

Explanation

Audit notification is in use and cannot be deleted.

Action

None

SECJ7388E: Non valid value specified for the audit policy.

Explanation

Valid values are WARN, NOWARN, and FATAL.

Action

Specify a valid audit policy value

SECJ7389E: An audit event factory implementation with this unique name is already configured.

Explanation

Cannot configure an audit event factory with the same unique name as one that is already configured.

Action

Specify a unique name for the new audit event factory

SECJ7390E: An audit service provider implementation with this unique name is already configured.

Explanation

Cannot configure an audit service provider implementation with the same unique name as one that is already configured.

Action

Specify a unique name for the new audit service provider implementation

SECJ7391E: The custom properties have been invalidly specified.

Explanation

Custom properties must be specified as name-value pairs, separated by a comma, semicolon or space.

Action

Enter a valid syntax for the custom properties

SECJ7392E: The audit service provider referenced is not an IBM Binary service provider implementation.

Explanation

The referenced service provider is not the default IBM Binary service provider implementation.

Action

Enter a valid reference to a IBM Binary service provider implementation

SECJ7393E: Audit specification not configured.

Explanation

The referenced audit specification does not exist in the audit.xml.

Action

None

SECJ7394E: Non valid email list specified.

Explanation

The email list specified is not valid, null or empty.

Action

Supply a valid email list

SECJ7395E: Non valid value for maximum number of audit logs was specified.

Explanation

The maximum number of audit logs needs to a number greater than 0.

Action

Supply a valid value for maximum number of audit logs

SECJ7396E: Non valid value for maximum size of each audit log was specified.

Explanation

The maximum size of and audit log needs to a value greater than 0.

Action

Supply a valid value for maximum number of audit logs

SECJ7397E: Exception validating existance of audit log filepath.

Explanation

An exception occurred validating or creating the file path location for the audit logs.

Action

None

SECJ7398E: Missing password for the audit encryption key store.

Explanation

No password was supplied for the audit encryption key store.

Action

Supply a password for the audit encryption key store

SECJ7399E: Audit encryption key store password does not match verify password.

Explanation

Encryption key store password and the confirm password values do not match.

Action

Confirm the audit encryption key store password

SECJ7400E: Key store file did not verify, make sure the file exists, check key store type and password.

Explanation

When creating a key store object with an existing key store file the file must exist and a valid password and key store type must be supplied.

Action

Make sure the key store file exists with a valid password and key store type. Then rerun the command.

SECJ7401E: Creating a read only key store object. File should already exist.

Explanation

When creating a hardware key store object the file in the path specified should already exist.

Action

Rerun the command with a specifying a file that already exists.

SECJ7402E: Encryption key file object already exists.

Explanation

The specified object already exists. Unable to create another one.

Action

Create the object with a unique name

SECJ7403E: Must specify only one option for either autogenerating or importing a certificate.

Explanation

The values for auto-generating a certificate and importing a certificate matched. Must specify true for one or the other.

Action

Specify either auto-generating a certificate or importing a certificate.

SECJ7404E: Missing value for new certificate alias name.

Explanation

No value was specified for the new certificate alias name.

Action

Supply a value for the certificate alias name.

SECJ7405E: No value was specified for the key file name for the certificate to import

Explanation

When selecting to import an existing certificate, a key file name for the certificate must be entered.

Action

Supply a key file name for the certificate to import

SECJ7406E: No value was specified for the key file path for the certificate to import

Explanation

When selecting to import an existing certificate, a key file path for the certificate must be entered.

Action

Supply a key file path for the certificate to import

SECJ7407E: No value was specified for the key file type for the certificate to import

Explanation

When selecting to import an existing certificate, a key file type for the certificate must be entered.

Action

Supply a key file type for the certificate to import

SECJ7408E: No value was specified for the key file password for the certificate to import

Explanation

When selecting to import an existing certificate, a key file password for the certificate must be entered.

Action

Supply a key file password for the certificate to import

SECJ7409E: No name was specified for the certificate alias to import

Explanation

When selecting to import an existing certificate, a certificate aliase for the certificate must be entered.

Action

Supply a certificate alias name for the certificate to import

SECJ7410E: No name was specified for the audit key store.

Explanation

Must specify a name for the audit key store

Action

Supply a name for the audit key store

SECJ7411E: No key store location was specified for the audit key store.

Explanation

Must specify a key store location for the audit key store

Action

Supply a key store location for the audit key store

SECJ7412E: No key store type was specified for the audit key store.

Explanation

Must specify a key store type for the audit key store

Action

Supply a key store type for the audit key store

SECJ7413E: No key store password was specified for the audit key store.

Explanation

Must specify a key store password for the audit key store

Action

Supply a key store password for the audit key store

SECJ7414E: No key store confirmation password was specified for the audit key store.

Explanation

Must specify a confirmation key store password to for the audit key store

Action

Supply a confirmation key store password for the audit key store

SECJ7415E: Failure creating the audit keystore object

Explanation

Failed to create the audit keystore ObjectName

Action

None

SECJ7416E: Failure creating the audit keystore

Explanation

Failed to create the audit keystore

Action

None

SECJ7417E: Failure creating the self signed certificate for audit encryption

Explanation

Failed to create the self signed certificate for audit encryption

Action

None

SECJ7418E: Failure importing the self signed certificate for audit encryption

Explanation

Failed to import the self signed certificate for audit encryption

Action

None

SECJ7419E: Found certificate with the same alias in the keystore.

Explanation

A certificate with the same alias name already exists in the keystore. Cannot add.

Action

None

SECJ7420E: Alias is not a personal certificate in key store.

Explanation

The alias is either not in the key store or it is not a personal certificate in the key store.

Action

Rerun the command with a personal certificate that is located in the key store.

SECJ7421E: Options to select certificate to use for signing are mutually exclusive.

Explanation

Cannot select reusing encryption certificate for signing with autogenerating or importing. Options are mutually exclusive.

Action

Select only one option: to reuse the certificate used for encrypting audit records, autogenerating a certificate to use to sign the audit records, or import a certificate.

SECJ7422E: Cannot use the encryption certificate as the signer certificate: No encryption keystore found.

Explanation

No encryption keystore found: unable to reuse the same certificate for signing audit records.

Action

None

SECJ7423E: No keystore found matching the supplied unique name or reference id.

Explanation

Cannot find a keystore with the supplied unique name or reference id.

Action

None

SECJ7424E: Audit.xml is not found.

Explanation

No audit.xml was found for this profile. Auditing is not configured.

Action

Ensure auditing is configured properly.

SECJ7425E: Cannot specify keystore for encryption: encryption not enabled.

Explanation

When encryption is not enabled, cannot configure the encryption keystore.

Action

Enable encryption before setting the encryption keystore.

SECJ7426E: No reference id was specified for the audit key store.

Explanation

Must specify a valid reference id for the audit key store

Action

Supply a reference id for the audit key store

SECJ7427E: Failed to list the certificate aliases.

Explanation

Could not list the certificate aliases in the referenced keystore.

Action

Verify that at least one certificate alias exists in the keystore.

SECJ7428E: Could not find certificate alias in the referenced keystore.

Explanation

Certificate alias does not exist in the referenced keystore.

Action

Make sure to specify a certificate alias that does exist in the referenced keystore.

SECJ7429E: Missing unique name for audit specification.

Explanation

A unique name was not specified for the audit specification.

Action

Specify a unique name for the audit specification.

SECJ7430E: Cannot configure encryption when enable value is false.

Explanation

Encryption for audit cannot be configured when the enable value is false. Either use true for enable or, if the intention is to disable/delete encryption, use the appropriate disable/delete tasks.

Action

Specify true as the enable value if the intention is to configure encryption for audit.

SECJ7431E: Cannot configure signing when enable value is false.

Explanation

Signing for audit cannot be configured when the enable value is false. Either use true for enable or, if the intention is to disable/delete signing, use the appropriate disable/delete tasks.

Action

Specify true as the enable value if the intention is to configure signing for audit.

SECJ7432E: Cannot change the default audit event factory implementation classname.

Explanation

The classname specified does not match the default audit event factory implementation classname.

Action

Ensure that when specifying class name on the modify command and the implementation is the default audit event factory implementation, that it matches the default classname.

SECJ7433E: Cannot change the default audit service provider implementation classname.

Explanation

The classname specified does not match the default audit service provider implementation classname.

Action

Ensure that when specifying class name on the modify command and the implementation is the default audit service provider implementation, that it matches the default classname.

SECJ7434E: The audit service provider referenced is not a third party provider implementation.

Explanation

The referenced service provider is not a third party service provider implementation.

Action

Enter a valid reference to a third party service provider implementation

SECJ7435E: Empty value specified for auditorId. Cannot delete the auditorId when auditing is enabled.

Explanation

Auditing is enabled and requires an auditorId and auditorPwd.

Action

Disable auditing before deleting the auditorId

SECJ7436E: Empty value specified for auditorPwd. Cannot delete the auditorPwd when auditing is enabled.

Explanation

Auditing is enabled and requires an auditorId and auditorPwd.

Action

Disable auditing before deleting the auditorPwd

SECJ7437E: Empty value specified for keystore. Cannot delete the encryption keystore when encryption is enabled or being enabled.

Explanation

Encryption is enabled or is being enabled. The encryption keystore is in use and cannot be deleted

Action

Disable encryption before deleting the encryption keystore.

SECJ7438E: Empty value specified for notification reference. Cannot delete the audit notification when audit notification is enabled or is being enabled.

Explanation

Audit notification is enabled or is being enabled. The notification reference may be in use and cannot be deleted.

Action

Disable audit notification before deleteing the audit notification reference.

SECJ7439E: Empty value specified for the certAlias. Cannot delete the certificate alias when audit encryption is enabled or is being enabled.

Explanation

Audit encryption is enabled or is being enabled. The certificate alias is in use and cannot be deleted.

Action

Disable audit encryption before deleteing the certificate alias.

SECJ7440E: Empty value specified for keystore. Cannot delete the signing keystore when signing is enabled or being enabled.

Explanation

Signing is enabled or is being enabled. The signing keystore is in use and cannot be deleted

Action

Disable encryption before deleting the signing keystore.

SECJ7441E: Empty or non valid value specified for scope name.

Explanation

Non valid value was specified for the scope name. An empty value is not valid.

Action

Specify a valid value for the scope name

SECJ7442E: Empty value specified for encryption certificate reference. Cannot delete the encryption certificate when encryption is enabled or being enabled.

Explanation

Encryption is enabled or is being enabled. The encryption certificate is in use and cannot be deleted

Action

Disable encryption before deleting the encryption certificate.

SECJ7443E: Non valid or no value specified for the audit encryption certificate reference.

Explanation

The reference ID for the audit encryption certificate has not been specified correctly

Action

Specify a valid value for the audit encryption certificate reference.

SECJ7444I: Record Number

Explanation

None

Action

None

SECJ7445I: Event Type

Explanation

None

Action

None

SECJ7446I: Outcome

Explanation

None

Action

None

SECJ7447E: Failure while reading the specified Binary Audit Log. Either a pathname that is not valid was specified or the file is corrupted.

Explanation

Could not open or read the Binary Audit Log.

Action

Check the pathname specified for the location of the Binary Audit Log.

SECJ7448E: Non valid or no value specified for the fully qualified path of the Binary Audit Log.

Explanation

The expected fully qualified filename for the Binary Audit Log was specified incorrectly.

Action

Check the pathname specified for the location of the Binary Audit Log.

SECJ7449E: Non valid or empty value specified for the report mode. Valid values are basic, complete or custom. The default mode is basic.

Explanation

A non valid value was specified for the report mode.

Action

Specify a non-empty or valid value for the report mode.

SECJ7450E: Non valid sequence set specified. Either a single sequence record number can be specified or a group of sequence records may be specified as begin:end.

Explanation

A non valid value was specified for the sequence set of audit records to report

Action

Specify a non-empty or valid value for the sequence set.

SECJ7451E: Non valid or no value specified for the fully qualified path for the location of the output html report.

Explanation

The expected fully qualified file location for the output html report was specified incorrectly.

Action

Specify a non-empty valid name for the file location of the output html report.

SECJ7452E: Non valid sequence set specified: the beginning sequence number is greater than the ending sequence number.

Explanation

A non valid value was specified for the sequence set of audit records to report

Action

Make sure that the starting sequence number is less than the ending sequence number.

SECJ7453E: The report mode chosen is custom but no data points were specified.

Explanation

When specifying a report mode of custom, one or more data points must be specified.

Action

Specify one or more data points when electing to generate a custom report.

SECJ7454E: The specified data points for the custom report contain one or more of the following: event type, sequence number or outcome type. These cannot be specified as values for this parameter. They will always be provided by default.

Explanation

Event type, sequence number, and outcome may not be specified under the -dataPoints parameter. All three of these pieces of data will always be reported.

Action

Do not specify event type, sequence number and outcome as values for the -dataPoints parameter.

SECJ7455I: The Binary Audit Log specified is not encrypted.

Explanation

The Binary Audit Log specified has not been encrypted.

Action

none

SECJ7456E: Non valid timestamp range specified. Either a single timestamp can be specified or a group of timestamp records may be specified as begin:end.

Explanation

A non valid value was specified for the timestamp set of audit records to report

Action

Specify a non-empty or valid value for the timestap set.

SECJ7457E: Non valid timestamp range specified: the beginning timestamp is greater than the ending timestamp.

Explanation

A non valid value was specified for the timestamps of audit records to report

Action

Make sure that the starting timestamp is less than the ending timestamp.

SECJ7458E: Non valid timestamp specified. Timestamp must be in "MMddhhmmyyyy" format.

Explanation

A non valid value was specified for timestamp of audit records to report

Action

Specify a non-empty or valid value for the timestamp.

SECJ7459E: Non valid sequence number specified. Sequence numbers begin at 0 and have integer values.

Explanation

A non valid value was specified for the sequence number associated with an audit records to report

Action

Specify a non-empty or valid value for the sequence number.

SECJ7460E: The output file location specified is not an HTML file. The output log for the read audit records must be in HTML format.

Explanation

The output file specified was not in HTML format.

Action

Specify an HTML file as the output file location.

SECJ7461E: Failed to get the host name of the machine on which the Audit Reader is running.

Explanation

An exception was raised while attempting to obtain the host name of the machine on which the Audit Reader is running.

Action

none

SECJ7462E: Exception was raised while trying to get an instance of the keystore with the specified keystore type and provider type.

Explanation

An instance of the keystore could not be obtained.

Action

Verify that the encryption keystore does exist.

SECJ7463E: Exception was raised while trying to get an instance of the keystore with the specified provider. No such provider exists.

Explanation

No such provider exists for this keystore.

Action

Verify that the provider is valid and that the keystore does exist.

SECJ7464E: Exception was raised while trying to open the keystore. The keystore location is malformed.

Explanation

The keystore location url is malformed.

Action

Verify that the keystore location is valid and that the keystore does exist.

SECJ7465E: A certificate exception was raised while trying to load the keystore.

Explanation

The keystore could not be loaded due to a certificate exception.

Action

none

SECJ7466E: Exception was raised while loading the keystore. A particular crypto algorithm was requested by is not available.

Explanation

The crypto algorithm associated with this keystore is not available.

Action

Ensure the crypto algorithm is available.

SECJ7467E: The named file "{0}" does not exist.

Explanation

Could not open or read the file.

Action

Specify a valid filename.

SECJ7468E: Error loading the keystore. The password may have been incorrectly specified.

Explanation

Could not open the keystore.

Action

Verify that the password was correctly specified and verify the keystore exists.

SECJ7469E: The user has not been included in the required role of "{0}".

Explanation

The user must be included in all the required roles needed to run the task.

Action

Ensure the acting user has been given the proper role(s).

SECJ7470E: An invalid value has been specified for the binary audit log wrapping behavior.

Explanation

An invalid value was specified for the binary audit log wrapping behavior. Valid values are: WRAP, NOWRAP or SILENT_FAIL.

Action

Specify a valid value for the binary audit log wrapping behavior.

SECJ7471W: Warning: automatic repository checkpoints is not enabled. To capture changes to the configuration repository and emit the corresponding audit records, you must enable automatic repository checkpoints of the extended repository service.

Explanation

Admin repository save changes will not be audited if checkpointing is not enabled.

Action

Verify that checkpointing is enabled.

SECJ7472E: LDAP bind password could not be encoded.

Explanation

An invalid value was specified for the LDAP bind password or an invalid cryptographic algorithm was used.

Action

If you are using a WebSphere Application Server assigned algorithm, ensure that your password does not contain a bracket character. The bracket character conflicts with the cryptographic algorithm WebSphere Application Server assigns. If you are using custom password encryption, verify you have assigned a valid algorithm.

SECJ7473E: Error checking federated repositories for unsupported hashing algorithms: {0}

Explanation

An unexpected error was encountered while checking the federated repositories for unsupported hashing algorithms.

Action

Examine the associated exception to determine the cause

SECJ7474E: The {0} repositories in the "{1}" security domain use the PBKDF2WithHmacSHA1 hashing algorithm, but the algorithm is not supported on the following nodes: {2}

Explanation

The requested action cannot be completed because it prevents the identified nodes from authenticating users from the specified repositories and security domain.

Action

Upgrade the specified node(s) to a WebSphere Application Server version that supports the configured hashing algorithm or configure the repositories to use a different hashing algorithm and try again.

SECJ7501I: Administrative Security is not being used, therefore this option is not being used

Explanation

Administrative Security is not being used, therefore this option is not being used

Action

None

SECJ7502E: An exception occured while parsing the XML file "{0}". Detailed message: {1}

Explanation

An exception occured while parsing a configuration document.

Action

Check the error logs for more information into the failure.

SECJ7503E: Unable access file or directory "{0}". The file or directory might be missing or corrupted.

Explanation

Unable to fine the specified file or directory.

Action

Ensure that the file or directory reported exists and is not corrupted before continuing.

SECJ7504E: The security ConfigChecker class "{0}" could not be loaded due to the following exception: {1}

Explanation

The class could not be loaded. Check exception message for details

Action

Check that the class name exists and the class has been added to the plugin.xml. Check the exception message for details

SECJ7505E: The security check, {0}, threw the following exception: {1}

Explanation

A security check threw an unexpected exception

Action

Examine the associated exception to determine the cause

SECJ7520I: Multiple Administrative user IDs are configured. When WebSphere Application Server security is enabled, a single security ID under the Administrator role is initially configured as the Security Server ID. Configuring multiple administrative user ids as Administrator can protect this server ID and enable more effective audit logging

Explanation

Multiple Administrative user IDs are configured. When WebSphere Application Server security is enabled, a single security ID under the Administrator role is initially configured as the Security Server ID. Configuring multiple administrative user ids as Administrator can protect this server ID and enable more effective audit logging

Action

None

SECJ7521W: Multiple Administrative user IDs are not configured. When WebSphere Application Server security is enabled, a single security ID the Administrator role is initially configured as the Security Server ID. Configuring multiple administrative user ids as Administrator can protect this server ID and enable more effective audit logging

Explanation

Multiple Administrative user IDs are not configured. When WebSphere Application Server security is enabled, a single security ID the Administrator role is initially configured as the Security Server ID. Configuring multiple administrative user ids as Administrator can protect this server ID and enable more effective audit logging

Action

None

SECJ7522I: Multiple Administrative User Roles are configured. A number of administrative roles are defined to provide degrees of authority that are needed to perform certain administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled.

Explanation

Multiple Administrative User Roles are configured. A number of administrative roles are defined to provide degrees of authority that are needed to perform certain administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled.

Action

None

SECJ7523W: Multiple Administrative User Roles are not configured. A number of administrative roles are defined to provide degrees of authority that are needed to perform certain administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled.

Explanation

Multiple Administrative User Roles are not configured. A number of administrative roles are defined to provide degrees of authority that are needed to perform certain administrative functions from either the Web-based administrative console or the system management scripting interface. The authorization policy is only enforced when administrative security is enabled.

Action

None

SECJ7524I: Administrative Security is enabled. Only users with specific rights can use the WebSphere Application Server administrative tools to perform any administrative operation

Explanation

This message is for informational purposes only.

Action

None

SECJ7525W: Administrative Security is disabled. Only users with specific rights can use the WebSphere Application Server administrative tools to perform any administrative operation. Note that other important security features listed might be reported as enabled, but they will not take effect until administrative security is activated. The settings include the authentication of users, the use of Secure Sockets Layer (SSL), and the choice of user account repository. In particular, application security, including authentication and role-based authorization, is not enforced unless administrative security is active.

Explanation

Administrative Security is disabled. Note that other important security features listed might be reported as enabled, but they will not take effect until administrative security is activated. The settings include the authentication of users, the use of Secure Sockets Layer (SSL),
and the choice of user account repository. In particular, application security, including authentication and role-based authorization, is not enforced unless administrative security is active.

Action

None

SECJ7526I: Application security is enabled. Application security enables security for the applications in your environment. This type of security provides application isolation and requirements for authenticating application users.

Explanation

Application security is enabled. Application security enables security for the applications in your environment. This type of security provides application isolation and requirements for authenticating application users.

Action

None

SECJ7527W: Application security is disabled. Application security enables security for the applications in your environment. This type of security provides application isolation and requirements for authenticating application users.

Explanation

Application security is disabled. Application security enables security for the applications in your environment. This type of security provides application isolation and requirements for authenticating application users.

Action

Enable application security if applicable.

SECJ7528I: CORBA Naming roles are configured

Explanation

CORBA Naming roles are configured

Action

None

SECJ7529W: The CORBA Namespace can be modified by All Authenticated users. Any authenticated user can alter the JNDI namespace. The default naming security policy is to grant all users read access to the CosNaming space and to grant any authenticated user the privilege to modify the contents of the CosNaming space. You can restrict user access to the CosNaming space.

Explanation

The CORBA Namespace can be modified by All Authenticated users. Any authenticated user can alter the JNDI namespace. The default naming security policy is to grant all users read access to the CosNaming space and to grant any authenticated user the privilege to modify the contents of the CosNaming space. You can restrict user access to the CosNaming space.

Action

Restrict user access to the CosNaming space if applicable.

SECJ7530W: The CORBA Namespace can be modified by Everyone. Anyone can alter the JNDI namespace. The default naming security policy is to grant all users read access to the CosNaming space and to grant any authenticated user the privilege to modify the contents of the CosNaming space. You can restrict user access to the CosNaming space.

Explanation

The CORBA Namespace can be modified by Everyone. Anyone can alter the JNDI namespace. The default naming security policy is to grant all users read access to the CosNaming space and to grant any authenticated user the privilege to modify the contents of the CosNaming space. You can restrict user access to the CosNaming space.

Action

Restrict user access to the CosNaming space if applicable.

SECJ7531I: Encryption is enabled on Distributed Replication Service(DRS). This ensures that the data shared among WebSphere Application servers is encrypted.

Explanation

Encryption is enabled on Distributed Replication Service(DRS). This ensures that the data shared among WebSphere Application servers is encrypted.

Action

None

SECJ7532I: Data Replication Service(DRS) is not being used to exchange data among WebSphere Application servers

Explanation

Data Replication Service(DRS) is not being used to exchange data among WebSphere Application servers

Action

None

SECJ7533W: Encryption is disabled on Distributed Replication Service(DRS). The data shared among WebSphere Application servers is not encrypted.

Explanation

Encryption is disabled on Distributed Replication Service(DRS). The data shared among WebSphere Application servers is not encrypted.

Action

Enable Distributed Replication Service encryption if needed.

SECJ7534I: Java 2 security is enabled. Java 2 security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 security guards access to system resources such as file I/O, sockets, and properties.

Explanation

Java 2 security is enabled. Java 2 security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 security guards access to system resources such as file I/O, sockets, and properties.

Action

None

SECJ7535W: Java 2 security is disabled. Java 2 security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 security guards access to system resources such as file I/O, sockets, and properties.

Explanation

Java 2 security is disabled. Java 2 security provides a policy-based, fine-grain access control mechanism that increases overall system integrity by checking for permissions before allowing access to certain protected system resources. Java 2 security guards access to system resources such as file I/O, sockets, and properties.

Action

Enable Java 2 security if applicable.

SECJ7536I: User Registry is LDAP. SSL between WebSphere Application Server and LDAP is enabled. This ensures that the communication between WebSphere Application Server and LDAP is encrypted

Explanation

User Registry is LDAP. SSL between WebSphere Application Server and LDAP is enabled. This ensures that the communication between WebSphere Application Server and LDAP is encrypted

Action

None

SECJ7537I: User registry being used is not LDAP

Explanation

User registry being used is not LDAP

Action

None

SECJ7538W: User Registry is LDAP. SSL between WebSphere Application Server and LDAP is disabled. The communication between WebSphere Application Server and LDAP is not encrypted

Explanation

User Registry is LDAP. SSL between WebSphere Application Server and LDAP server is disabled. The communication between WebSphere Application Server and LDAP is not encrypted

Action

Enable SSL between the WebSphere Application Server and LDAP server if needed.

SECJ7539I: WebSphere Application Server Sample Applications are not installed. WebSphere Application Server ships with examples to demonstrate various parts of WebSphere Application Server. These samples might be installed by default and are not intended for use in a production environment. Some of these samples can provide an intruder with information about your system.

Explanation

WebSphere Application Server Sample Applications are not installed. WebSphere Application Server ships with examples to demonstrate various parts of WebSphere Application Server. These samples might be installed by default and are not intended for use in a production environment. Some of these samples can provide an intruder with information about your system.

Action

None

SECJ7540W: WebSphere Application Server Sample Applications are installed. WebSphere Application Server ships with examples to demonstrate various parts of WebSphere Application Server. These samples might be installed by default and are not intended for use in a production environment. Some of these samples can provide an intruder with information about your system.

Explanation

WebSphere Application Server Sample Applications are installed. WebSphere Application Server ships with examples to demonstrate various parts of WebSphere Application Server. These samples might be installed by default and are not intended for use in a production environment. Some of these samples can provide an intruder with information about your system.

Action

Un-install sample application if not needed.

SECJ7541W: Special subject "{0}" is configured for the Administrator role. It is not recommended to have Everyone and AllAuthenticatedUsers specified for the Administrator role.

Explanation

A special subject is configured for the Administrator role. It is not recommended to have Everyone and AllAuthenticatedUsers specified for the Administrator role.

Action

refer to the infoCenter to determine if a more secure configuration is more suitable.

SECJ7542W: Special subject "{0}" is configured for one of the administrative roles. It is not recommended to have Everyone specified for any of the administrative user roles.

Explanation

A special subject is configured for one of the administrative roles. It is not recommended to have Everyone specified for any of the administrative user roles.

Action

Remove the Everyone subject from any of the administrative user roles if applicable.

SECJ7543W: Special subject "{0}" is configured for one of the administrative roles. It is not recommended to have AllAuthenticatedUsers specified for any of the administrative user roles.

Explanation

A special subject is configured for one of the administrative roles. It is not recommended to have AllAuthenticatedUsers specified for any of the administrative user roles.

Action

Remove the AllAuthenticatedUsers subject from any of the administrative user roles if applicable.

SECJ7544I: Output is logged in the following location: {0}

Explanation

None

Action

None

SECJ7545W: The {0} file does not exist

Explanation

This exception is unexpected. The cause is not immediately known.

Action

Check the file permissions for the file to ensure that they are readable. If the file is missing, create or restore it.

SECJ7546E: The service name {0} is not valid. It contains a slash character (/).

Explanation

This exception is unexpected. The cause is not immediately known.

Action

The service name contains the slash character. The service name is the first component of the Kerberos service principal name.

SECJ7547E: Authentication mechanism type is not valid

Explanation

Valid authentication mechanism types are: KRB5, LTPA

Action

Ensure user authentication mechanism type is a valid type

SECJ7548E: Bind authentication mechanism type {0} is not valid. Valid types are simple or GSSAPI.

Explanation

Valid bind authentication mechanism types are: simple, GSSAPI.

Action

Change the bind authentication mechanism to a valid type.

SECJ7549E: The {0} is missing in the LDAP user registry object.

Explanation

The parameter is required for configuring LDAP.

Action

Add the parameter to configure LDAP.

SECJ7550E: Kerberos login failed using Kerberos principal {0} and Kerberos credential cache (ccache) {1}.

Explanation

Either the specified Kerberos principal is invalid, or the Kerberos credential cache (ccache) is invalid or expired.

Action

Ensure a valid Kerberos principal is specified and the Kerberos credential cache (ccache) has not expired.

SECJ7551E: Kerberos login failed using Kerberos principal {0} and Kerberos keytab {1}.

Explanation

Either the specified Kerberos principal is invalid, or the Kerberos keytab is invalid.

Action

Ensure a valid Kerberos principal is specified and a valid Kerberos keytab containing the Kerberos principal.

SECJ7552E: Kerberos login failed using Kerberos principal {0} and the default Kerberos credential cache (ccache).

Explanation

Either the specified Kerberos principal is invalid, or the default Kerberos credential cache (ccache) is invalid or expired.

Action

Ensure a valid Kerberos principal is specified and the default Kerberos credential cache (ccache) has not expired.

SECJ7553E: Kerberos login failed using Kerberos principal {0} and the default Kerberos keytab.

Explanation

Either the specified Kerberos principal is invalid, or the default Kerberos keytab is invalid.

Action

Ensure a valid Kerberos principal is specified and the default Kerberos keytab is valid.

SECJ7554E: The {0} repository in the {1} security domain uses the {2} bind authentication mechanism that is not supported by the node being added.

Explanation

The node cannot be added because it cannot authenticate users from the specified repository and security domain.

Action

Upgrade the node to a WebSphere Application Server version that supports the bind authentication mechanism, or configure the repository to use a supported authentication mechanism, and try again.

SECJ7555E: The following nodes do not support the use of the {0} bind authentication mechanism: {1}

Explanation

The specified action cannot be completed because it prevents the specified nodes from authenticating users from the targeted repository.

Action

Upgrade the nodes to a WebSphere Application Server version that supports the bind authentication mechanism, or configure the repositories to use a supported authentication mechanism.

SECJ7702E: Security domain {0} does not exist.

Explanation

The security configuration does not exist.

Action

Run the command with a pre-existing security configuration.

SECJ7703E: {0} already exists in the {1} security configuration.

Explanation

A scope can only be mapped in one security configuration at time.

Action

Rerun the command using a scope that is not already mapped to a security configuration.

SECJ7704E: User registry does not exist in the security configuration.

Explanation

The user registry specified does not exist in the configuration.

Action

Rerun the command using a user registry that exist in the configuration.

SECJ7705E: Login module type is not valid.

Explanation

Valid login module types are: system, application.

Action

Ensure that the login module type is a valid type.

SECJ7706E: Authentication strategy type is not valid.

Explanation

Valid authentication strategy types are: REQUIRED, REQUISITE, SUFFICIENT, OTPIONAL.

Action

Ensure that the authentication strategy type is a valid type.

SECJ7707E: The number of authentication startegies in the list must match the number of login modules in the list.

Explanation

Each login module provided must have a corresponding authentication strategy.

Action

Ensure that there is an authenticatino startegy type for each login module.

SECJ7708E: The {0} does not exist.

Explanation

The login module specified does not exist.

Action

Ensure that the login module exists.

SECJ7709E: Authentication level is not valid.

Explanation

Valid authentication levels are: Never, Supported, Required.

Action

Ensure that the authentication level is valid.

SECJ7710E: Authentication mechanism is not valid.

Explanation

Valid authentication mechanisms are: KRB5, LTPA, Custom, BasicAuth.

Action

Ensure that the authentication mechanisms is valid.

SECJ7711E: SSL configuration is not valid.

Explanation

Valid ssl configuration not supplied.

Action

Ensure that the ssl configuration is exists.

SECJ7712E: Either use the server identity or specify a trusted identity not both.

Explanation

If user server identity is enabled a trusted identity and password should not be specified.

Action

Specify either a trusted identity or enable user server identity.

SECJ7713E: Password and server id must be provided at the same time.

Explanation

When a server id is proviced then a password must be specified as well.

Action

Ensure a server id and password are provided.

SECJ7714E: When automatic generation of the server identity is enabled then server id and password should not be specified.

Explanation

When automatic generation of the server id is enable then no server id and password should be provided.

Action

Ensure no server id and password is provided when automatic generation of server id is enabled.

SECJ7715E: Unknown user name or bad password.

Explanation

User name or password are unable to authenticate to the user registry.

Action

Ensure a valid user name and password are specified.

SECJ7716E: Primary administrative user Id does not exist in the registry.

Explanation

The primary administrative id specified was not found the user registry.

Action

Ensure a primary administrative id is provided.

SECJ7717E: One or more resources are still mapped to the security configuration. Not able to delete the security configuration at this time.

Explanation

At least one resource is still mapped to the security configuration. The security configuration cannot be removed until there are no scopes mapped to it.

Action

Ensure that there no now scopes mapped to the security configuration before deleting it.

SECJ7718E: {0} is not a valid resource name.

Explanation

The resource name provided is not valid.

Action

Ensure a valid resource name is provided.

SECJ7719E: {0} is not mapped to the {1} security configuration.

Explanation

The scope is not mapped to the security configuration.

Action

Rerun the command using a scope that is mapped to the security configuration.

SECJ7720E: Unable to enable security when there is no active user registry.

Explanation

There is an attempt to enable global security when there is no active user registry defined.

Action

Ensure an user registry is defined when enabling global security.

SECJ7721E: The authentication mechanism is not valid.

Explanation

The authentication mechanism type is not valid it should be LTPA or KRB5.

Action

Ensure the authentication mechanism type is valid.

SECJ7722E: The authentication mechanism is not configured.

Explanation

Unable to find the authentication mechanism in the user registry.

Action

Ensure a authentication mechanism is configured.

SECJ7723E: {0} is not configured unable to set it to the active user registry.

Explanation

Unable to set the active user registry because the user registry provide is not configured.

Action

Ensure the user registry is configured before setting it to the active user registry.

SECJ7724E: Error in the user registry configuration unable to verify access to the user registry.

Explanation

An error occurred trying to access the user registry. Unable to verify the registry is configured properly.

Action

Ensure the user registry is configured correctly.

SECJ7725E: The user registry has no realm name defined.

Explanation

Unable to make this user registry the active user registry because it does not have realm name defined.

Action

Ensure the user registry has a realm name.

SECJ7726E: {0} is the active user registry unable to unconfigure.

Explanation

A user registy cannot be unconfigured if it is the active user registry.

Action

Change the active user registry in the global security setting then unconfigure the user registry.

SECJ7727E: Unable to unset the activeUserRegistry attribute when global security is enabled.

Explanation

The activeUserRegistry attribute must point to a user registry object when global security is enabled.

Action

Ensure global security is not enables when changing unsetting the activeUserRegistry.

SECJ7728E: No singleSignon attribute was found.

Explanation

The LTPA authMechanism must contain a singleSignon attribute.

Action

Ensure that the security.xml file contains an LTPA authMechanism with a singleSignon attribute.

SECJ7729E: No LTPA auth mechanism was found.

Explanation

An LTPA auth mechanism must be defined.

Action

Ensure that an LTPA auth mechanism is defined.

SECJ7730E: No trust association was found.

Explanation

An LTPA auth mechanism must contain a trust association.

Action

Ensure that an LTPA auth mechanism contains a trust association.

SECJ7731E: The specified interceptor does not exist.

Explanation

The specified interceptor does not exist.

Action

Either create the interceptor, or specify a different interceptor class name.

SECJ7732E: The specified auth data entry does not exist.

Explanation

The specified auth data entry does not exist.

Action

Either create the auth data entry, or specify a different auth data entry which does exist.

SECJ7733E: Realm {0} does not exist.

Explanation

The specified realm does not exist.

Action

Run the command with a realm that exists.

SECJ7734E: Certificate mode type is not valid.

Explanation

Valid certificate mode types are: EXACT_DN or CERTIFICATE_FILTER.

Action

Ensure that the certificate mode type is a valid type.

SECJ7735E: The login object does not exist.

Explanation

The login object does not exist in the configuration.

Action

Ensure that the login object exists.

SECJ7736E: The JAAS login entry {0} does not exist.

Explanation

The JAAS login entry does not exist in the configuration.

Action

Ensure that the JAAS login entry exists.

SECJ7737E: Cannot remove {0}.

Explanation

The specified login module cannot be removed. Certian login module cannot be removed.

Action

Run the command with a login module that can be removed.

SECJ7738E: The CSI object does not exist.

Explanation

The CSI object does not exist in the configuration.

Action

Ensure that the CSI object exists.

SECJ7739E: Filter object already exists.

Explanation

The specified object already exists. Unable to create another one.

Action

Create the object with a unique name.

SECJ7740E: The URLs specified is malformed.

Explanation

A MalformedURLException was encountered parsing one of the specified URLs.

Action

Verify the URL syntax is correct.

SECJ7741E: Filter is malformed, verify syntax of the specified filter rules.

Explanation

The specified filter rules are not valid.

Action

Verify the filter rules conform to the syntax supported by the default HTTPHeaderFilter class.

SECJ7742E: InternalServerId cannot be used with Kerberos authentication mechanism. Modify the dmgr security configuration to use the serverID/passwd before configure Kerberos authentication mechanism.

Explanation

Modify the dmgr security configuration to use the serverID/password with Kerberos authentication mechanism.

Action

The Kerberos authentication cannot be configured with InternalServerId.

SECJ7743E: When useServerIdentity is false then a trusted identity should be provided.

Explanation

When a user specifies useServerIdentity is false then a trusted identity should be provided.

Action

Run the command specifying a trusted id.

SECJ7744E: A custom registry class name must be provided.

Explanation

When configuring a custom user registry a class name must be provided.

Action

Run the command providing custom registry class name.

SECJ7745E: A certificate alias must be provided when a key store is provided.

Explanation

When a key store object is provided a certificate alias must be provided.

Action

Run the command providing a certificate alias.

SECJ7746E: The nonce cache timeout value must be greater than the token timeout value.

Explanation

If the nonce cache timeout is less than the token timeout, then the token could be used multiple times since the nonce value would have expired prior to the token becoming not valid.

Action

Run the command specifying a nonce value greater than the token expiration.

SECJ7747E: {0} is not a RSA token key store.

Explanation

A RSA key store must be used on a RSA authorization mechanism.

Action

Run the command specifying a RSA key store.

SECJ7748E: {0} is not a RSA token trust store.

Explanation

A RSA trust store must be used on a RSA authorization mechanism.

Action

Run the command specifying a RSA trust store.

SECJ7749E: A key store must be specified when a certificate alias is specified.

Explanation

When a certificate alias is specified a key store object must be specified.

Action

Run the command providing a key store.

SECJ7750E: Certificate {0} is not in key store {1}.

Explanation

The certificate alias provided is not in the key store.

Action

Run the command providing a certificate alias that is in the key store.

SECJ7751E: The RSAToken authentication mechanism is missing from the security.xml configuration which may cause problems with administrative security.

Explanation

A security configuration does not have the required RSAToken authentication mechanism configured.

Action

This may be a problem with a migrated configuration that needs correction.

SECJ7752E: Communication type is not valid, specify inbound or outbound.

Explanation

The communication type specified is not valid. Either inbound or outbound needs to be specified.

Action

Run the command specifying the correct communication type.

SECJ7753E: No realms provided to add to the trusted realm list.

Explanation

No realm name were provided to add the the trusted realm list.

Action

Ensure a realm or realm list is provided when the command is run.

SECJ7754E: {0} does not exist.

Explanation

The realm name or resource name provided does not exist.

Action

Ensure the realm name or resource name being used exists.

SECJ7755E: The trusted realm object does not exist.

Explanation

The trusted realm object does not exist.

Action

Run the command on a security domain that has the trusted realm object defined.

SECJ7756E: The {0} value must be greater then 0.

Explanation

The number of elements return by the task needs to be greater then 0.

Action

Ensure the number is greater then 0.

SECJ7757E: There are no trusted realms in {0}.

Explanation

There are no trusted realms for the realm, resource, or domain provided.

Action

Run the command on realm, resourse, or domain that has trusted realms.

SECJ7758E: The following users or groups or special subjects {0} cannot be added to role {1}.

Explanation

The users or groups are already assigned to this role.

Action

Run the command by correcting the user, group or specialSubject list.

SECJ7759E: The following users or groups or special subjects {0} cannot be removed from role {1}.

Explanation

The users or groups are not assigned to this role and hence cannot be removed.

Action

Run the command by correcting the user, group or specialSubject list.

SECJ7760E: The role name {0} does not exist.

Explanation

The role name is not a valid role.

Action

Use a valid role.

SECJ7761E: Only specify one parameter, securityDomainName, resourceName, or securityRealmName.

Explanation

Only one parameter can be used at time either securityDomainName, resourceName, or securityRealmName.

Action

Run the command and specify either securityDomainName, resourceName, or securityRealmName,

SECJ7762E: Unable to find the registry object.

Explanation

The registry object matching the domain, resource, or realm provide does not exist.

Action

Run the command with a domain, resource, or realm that has a user registry associated with it.

SECJ7763E: A filter must be specified when certificateMapMode is set to CERTIFICATE_FILTER.

Explanation

When the certificateMapMode is set to CERTIFICATE_FILTER a filter must be provided.

Action

Ensure a filter is provided when certificateMapMode is set to CERTIFICATE_FILTER.

SECJ7764E: The authorization configuration object does not exist.

Explanation

The authorization configuration object does not exist in the configuration.

Action

Ensure an authorization configuration object exists.

SECJ7765E: The timeout value must have a minimum value of {0}.

Explanation

The value should be the minimum value specified.

Action

Ensure the timeout value has the minimum value specified.

SECJ7766E: The authentication mechanism is not configured.

Explanation

The specified authentication mechanism needs to be configured before it can be used.

Action

Ensure that an authentication mechanism is configured.

SECJ7767E: serverSpn {0} is malformed, it must be in the format of <service>/<host name> or <service>/<host name>@KerberosRealm.

Explanation

The Kerberos service principal name format is malformed.

Action

Verify the Kerberos service principal name (SPN)

SECJ7768E: Mismatch Kerberos realm name. The krb5Realm is {0} but the default Kerberos realm in the {1} is {2}

Explanation

The Kerberos realm name is not the same with default Kerberos realm in the Kerberos configuration file (krb5.ini/krb5.conf).

Action

Verify the Kerberos realm name against the default Kerberos default realm in the Kerberos configuration file.

SECJ7769E: The Kerberos realm name is null.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ7770E: The {0} is missing in the active user registry object.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ7771E: The {0} is missing in the Kerberos authentication mechanism object.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ7772E: The {0} is missing in the Kerberos configuration file {1}.

Explanation

The entry is not found in the Kerberos configuration file.

Action

Add the entry to the Kerberos configuration file.

SECJ7773E: Custom property string {0} is not formatted correctly.

Explanation

The custom property string is not formatted correctly. The format needs to be a comma separated string of attribute=value pairs, each pair should be in quotes.

Action

Ensure the custom property string is formatted correctly.

SECJ7774E: Login module cannot be created using the name of the login module proxy class {0}.

Explanation

The login module proxy class name cannot be used when creating a new login module.

Action

Ensure the login module proxy class is not used when creating a login module.

SECJ7775E: Resource {0} cannot be part of any security domain becuase, its product version is not 7.0 or greater. Check the corresponding node""s product version.

Explanation

The server must be running a 7.0 or greater version to be mapped to a domain.

Action

Ensure that servers are at the correct level.

SECJ7776E: The cluster has one or more members that is not version 7.0 or greater. One of the members is {0} in node {1} that is not version 7.0 or greater.

Explanation

The server must be running a 7.0 or greater version to be mapped to a domain.

Action

Ensure that servers are at the correct level.

SECJ7777I: Password check for {0} in {1} succeeded.

Explanation

A test to check the users password on a particular realm was sucessful.

Action

none.

SECJ7778I: Password check for {0} in {1} failed.

Explanation

A test to check the users password on a particular realm was failed.

Action

none.

SECJ7779E: Mismatch Kerberos configuration file (krb5.ini/krb5.conf). The krb5.ini/krb5.conf file for Kerberos authentication mechanism is {0} but the krb5.ini/krb5.conf file for SPNEGO Web authentication is {1}

Explanation

The Kerberos configuration file (krb5.ini/krb5.conf) for Kerberos authentication mechanism is not the same with the SPNEGO Web authentication.

Action

Verify the krb5.ini/krb5.conf file for Kerberos authentication and SPNEGO Web authentication are the same one.

SECJ7780E: Mismatch Kerberos keytab file. The keytab file for Kerberos authentication mechanism is {0} but the keytab file for SPNEGO Web authentication is {1}

Explanation

The Kerberos keytab for Kerberos authentication mechanism is not the same with the SPNEGO Web authentication.

Action

Verify the Kerberos keytab file for Kerberos authentication and SPNEGO Web authentication are the same one.

SECJ7781E: Cannot enable SPNEGO Web authentication without defining any SPNEGO Web authentication filters.

Explanation

Cannot enable SPNEGO Web authentication without defined any SPNEGO Web authentication filter.

Action

Create at least one SPNEGO Web authentication filter before enabled the SPENGO Web Authentication.

SECJ7782E: You cannot install an application across multiple security domains. Make sure that all the deployment targets belong to the same security domain.

Explanation

Application cannot be installed accross multiple security domains.

Action

Verify that user is not installing this application accorss multiple security domains.

SECJ7783W: The application is being installed across deployment targets that use different security domains. Depending on the security attributes defined in the security domains this can cause security problems.

Explanation

The application is being installed across deployment targets that use different security domains. Depending on the security attributes defined in the security domains this can cause security problems.

Action

Refer to the information center documentation for more information before you proceed with this installation to make sure that you would not run into any security related issues.

SECJ7784W: The security custom properties security.zOS.domainName and security.zOS.domainType are specified in the security configuration, but these properties are deprecated. For backwards compatibilty, these values will override the one specified in the new custom property com.ibm.security.SAF.profilePrefix.

Explanation

The security custom properties security.zOS.domainName and security.zOS.domainType are deprecated, but they are currently specified in the security configuration. For backwards compatibilty, the values of these old properties will override whatever is specified in the the new custom property com.ibm.security.SAF.profilePrefix.

Action

The deprecated properties should be deleted from the security configuration, unless the configuration is part of a mixed-version cell that has a member at 6.1 or previous.

SECJ7785E: The {0} is missing in the Kerberos configuration file {1} and the Kerberos authentication mechanism object.

Explanation

The entry is not found in the Kerberos configuration file and the Kerberos authentication object.

Action

Add the entry in the Kerberos configuration file or specify this entry.

SECJ7786E: The {0} member cannot be added to the {1} cluster since the cluster is associated with a security domain.

Explanation

A server from previous releases cannot be added to a cluster when the cluster is associated with a security domain either directly or indirectly.

Action

Mixed clusters are not supported with security domains.

SECJ7787I: The {0} member is being associated with the global security configuration.

Explanation

This message is for informational purposes only.

Action

No action is required.

SECJ7788E: The {0} resource cannot be mapped to a domain since a server level security configuration is associated with the resource either directly or indirectly.

Explanation

A server that contains server lever security configuration is being associated with a domain. The server level security configuration is deprecated.

Action

The offending server or a cluster member should not contain the server level security configuration if it needs to be mapped to a domain.

SECJ7789E: Can not convert the server level security configuration to a domain configuration since the {0} server does not have a server level security configured.

Explanation

A server should contain the server level security configuration to be converted to a security domain.

Action

Make sure that the server name is correct and it has a server level security configuration associated with it.

SECJ7790I: In addition to global security, this server process is associated with a domain security configuration. The domain name of this server is: {0}.

Explanation

This message is for informational purposes only.

Action

No action is required.

SECJ7791I: Inbound trusted foreign realms are defined. The following is the list of such realms {0}.

Explanation

This message is for informational purposes only.

Action

No action is required.

SECJ7792I: Outbound trusted foreign realms are defined. The following is a the list of such realms {0}.

Explanation

This message is for informational purposes only.

Action

No action is required.

SECJ7793I: A User registry of type {0} is defined at the domain level for the server. This will override use of the global security registry.

Explanation

This message is for informational purposes only.

Action

No action is required.

SECJ7794I: No User registry is defined at the domain level of the server. The global security registry will be used.

Explanation

This message is for informational purposes only.

Action

No action is required.

SECJ7795E: The global security realm {0} can not be removed from the list of trusted realms.

Explanation

The global security configuration realm is always trusted and can not be removed form the list of trusted realms.

Action

Ensure the realm being removed is not the global security realm.

SECJ7796E: The security domain default realm {0} can not be removed form the list of trusted realms.

Explanation

The security domain default realm is always trusted and can not be removed form the list of trusted realms.

Action

Ensure the realm being removed is not domain default realm.

SECJ7797E: The resource must be a single server resource in order for it to be converted to a security domain.

Explanation

The resource provided is not a single server resource.

Action

Ensure the resource provided is a single server resource.

SECJ7798E: Can not delete the last SPNEGO filter because SPNEGO Web authentication is enabled.

Explanation

The SPNEGO Web authentication is enabled, it requires at least one SPNEGO filter.

Action

Disable SPNEGO Web authentication before delete the last SPNEGO filter.

SECJ7799E: Can not delete all SPNEGO filters because SPNEGO Web authentication is enabled.

Explanation

The SPNEGO Web authentication is enabled, it requires at least one SPNEGO filter.

Action

Disable SPNEGO Web authentication before delete all SPNEGO filters.

SECJ7800I: The following login configurations {0} are available for security domain {1}.

Explanation

This message is for informational purposes only.

Action

No action is required.

SECJ7801I: Java 2 security is enabled in security domain {0}.

Explanation

This message is for informational purposes only.

Action

No action is required.

SECJ7802I: Application security is enabled in security domain {0}.

Explanation

This message is for informational purposes only.

Action

No action is required.

SECJ7803I: Application security is disabled in security domain {0}.

Explanation

This message is for informational purposes only.

Action

No action is required.

SECJ7804I: The following security configuration {0} is configured at the security domain {1}.

Explanation

This message is for informational purposes only. It will list some of the security properties that are configured at the security domain level.

Action

No action is required.

SECJ7805I: The resource is not being accessed using secure HTTPS protocol.

Explanation

This message is for informational purposes only. It indicates that the security HTTPS protocol is not used when accessing the resource.

Action

If the resource is implemented to be accessed using the non-secure HTTP protocol, no action is required. If this resource should only be accessed using HTTPS change the deployment descriptor to add appropriate data-constraints.

SECJ7806E: The LTPA token validation fails because the current realm {0} does not match or trust the realm in the token {1}.

Explanation

LTPA validation checks to make sure that the current realm matches the realm in the token for validation to work.

Action

For successful validation make sure that the realm in the token is configured in the trusted inbound realms list for the current realm.

SECJ7807W: The cell resource {0} is specified in the domain-security-map.xml file during addNode. This resource is converted to the server resource {1}.

Explanation

If a federated node contains a domain associated with the cell scope, it will be changed to the server scope for that node during the addNode operation so that current cell configuration is not impacted.

Action

If the cell scope needs to be configured in the domain-security-map.xml file, you need to associate the cell resource after the node has been federated.

SECJ7808I: The domain {0} has been created because a cell wide domain exists in a mixed version setup.

Explanation

This special domain is created to associate previous version servers, clusters and SIBuses to this domain.

Action

If any of the old servers, clusters and SIBuses need to use the cell wide domain instead of the special domain, they need to be removed from this special domain. This might impact the security configuration of the resources deployed in these processes based on the cell wide domain security configuration.

SECJ7809E: The {0} domain can not be delete because a the cell is a mixed version setup.

Explanation

The cell is in mixed version setup. The special security domain can not be removed.

Action

This operation can not be performed in the current configuration.

SECJ7810E: The {0} command can not be run on the {1} security domain.

Explanation

Security configuration operation can not be run on the special security domain.

Action

This operation can not be performed on the security domain.

SECJ7811E: Can not create a security domain named {0}. The name is reserved for a special case security domain.

Explanation

The security domain name being used is reserved for a special case securty domain and can not be created with the command.

Action

Endure another security domain name is used when running the command.

SECJ7812E: AccessId is not formatted correctly. It should bin the form: user:<RealmName>/<uniqueId> or group:<RealmName>/<uniqueId>.

Explanation

The AccessId of needs to be in the form of user: or group: followed by the realm name slash uniqueId.

Action

Endure the AccessId is in the correct format.

SECJ7813E: A duplicate alias name exists. You must use a unique alias name.

Explanation

A duplicate alias name in the format alias or nodeName/alias already exists.

Action

Input a unique alias name

SECJ7814E: This command is not supported in local mode

Explanation

This command is not supported in local mode

Action

This command is not supported in local mode

SECJ7815E: The parameter values entered do not match the values at the global security configuration (security.xml) for this registry. Make sure the values match since this registry configuration should be consistent in all security configurations in the cell.

Explanation

The Federated Repository registry configuration should be consistent across all the security domains and should match the values at the global security configuration (security.xml).

Action

Make sure that the parameter values for this task match the values at the global security configuration for this registry.

SECJ7816I: The parameter values entered do not match the values at the global security configuration (security.xml) for this registry. These values have been ignored and replaced with the values from the global security configuration (security.xml) for this registry.

Explanation

Since the registry configuration should be consistent across all security configurations the values from the global security configuration are copied to the configuration.

Action

No action is required.

SECJ7817I: The parameter values entered do not match the values at the global security configuration (security.xml) for this registry. These values have been ignored and replaced with the values {0}, {1}, {2} from the global security configuration (security.xml) for this registry.

Explanation

Since the registry configuration should be consistent across all security configurations the values from the global security configuration are copied to the configuration.

Action

No action is required.

SECJ7818I: The resource {0} has been removed from the security domain {1} since the resource no longer exists.

Explanation

Once a resource is removed from the system, its association with any domain will also be removed.

Action

No action is required.

SECJ7819E: Unknown host name {0}

Explanation

The host name is unknown.

Action

Ensure that a valid host name is specified.

SECJ7821E: The object {0} does not exist in the security.xml file.

Explanation

The security configuration does not have this object.

Action

Run the command with a pre-existing security configuration.

SECJ7822E: The certificate with the {0} alias cannot be used because it is not connected to both the servant and control region key rings.

Explanation

To use the certificate, it must be connected to both the servant and control region key rings.

Action

Ensure that the certificate is connected to both the servant and control region key rings.

SECJ7823E: A security domain name must be specified when not in an AdminAgent process

Explanation

To obtain the pathname of a security domain belonging to a non-AdminAgent process, a security domain name must be specified.

Action

Ensure a security domain name has been specified if the process is not an AdminAgent.

SECJ7824E: The {0} cluster is mapped to the {1} security domain. The cluster member being added to the {2} cluster must be on a node that is version 7.0 or higher if the cluster is mapped to a security domain.

Explanation

When a cluster is mapped to a security domain all members of that cluster have to be running on a version 7.0 or higner.

Action

Ensure the node of the cluster member is version 7.0 or higher.

SECJ7825E: The number of LDAP hosts in the ldapHost parameter needs to equal the number of port numbers in the ldapPort parameter.

Explanation

When configuring multiple LDAP hosts there needs to be a port number provided for each hostname in the list of LDAP hosts.

Action

Ensure there is a port for each LDAP host in the list of LDAP hosts.

SECJ7826E: Cannot change the user registry at the global security domain to be a non-federated repository. The following application security domains are configured to use the global federated repository option: {0}.

Explanation

The global security domain was originally configured to use a federated repository as the user registry and one or more application security domains were configured to use the global federated repository. The user registry at the global security domain cannot be changed when application security domains are using the global federated repository option.

Action

Before changing the user registry configuration for the global security domain to not use a federated repository, the following needs to be done: The application security domains which are using the global federated repository will have to be configured to use a different user registry.

SECJ7827E: Cannot configure an application security domain to use the global federated repository option when the global security domain does not have a federated repository as the active user registry.

Explanation

The global security domain must be configured with a federated repository as the active user registry in order for any application security domain to be configured with the global federated repository option.

Action

SECJ7828W: Altering the existing federated repository configured at the global security domain may affect any application security domains configured to use the global federated repository option.

Explanation

Changing the federated repository configuration at the global security domain may affect any application security domain configured with the global federated repository option.

Action

Ensure that changing the existing federated repository configuration at the global security domain does not affect an application security domain configured to use the global federated repository option.

SECJ7829E: Cannot set the user registry of an application security domain to use the federated repository when the global federated repository option is enabled and the global security domain is not using the federated repository.

Explanation

The global federated repository option has been enabled in the application security domain. The global security domain must be configured with a federated repository as the active user registry in order to make the federated repository the active repository of the application security domain.

Action

Either the global security domain should be configured with a federated repository as the active user registry or the application security domain should elect not to use the global federated repository option. This should be done before attempting to set the active user registry to use the federated repository in the application security domain.

SECJ8000E: Authentication provider {0} is already defined in the cell.

Explanation

The name of each authentication provider must be unique.

Action

Specify a unique name for the authentication provider.

SECJ8002E: Authentication provider {0} is not defined in the cell.

Explanation

An authentication provider with the specified name does not exist in the security configuration.

Action

Specify the name of an existing authentication provider. Use the displayJaspiProviderNames command to list the names of defined authentication providers.

SECJ8005E: The command result object type is not valid: {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ8008E: The {0} class name is not valid: {1}. Specify a valid class name.

Explanation

The class name of an authentication provider or module must not be empty.

Action

Specify a non-empty class name for the authentication provider or module.

SECJ8009E: Authentication provider {0} is already defined in domain {1}.

Explanation

The name of each authentication provider must be unique.

Action

Specify a unique name for the authentication provider.

SECJ8010E: Authentication provider {0} is not defined in domain {1}.

Explanation

An authentication provider with the specified name does not exist in the security configuration.

Action

Specify the name of an existing authentication provider. Use the displayJaspiProviderNames command to list the names of defined authentication providers.

SECJ8021E: Security domain {0} is not defined. The existing domains include: {1}.

Explanation

A security domain with the specified name does not exist.

Action

Specify the name of an existing security domain.

SECJ8022E: Authentication cache timoue value invalid. Timeout must be less than or equal to the LTPA token timeout value.

Explanation

The authentication cache timeout value must be less than or equal to the LTPA token timeout value.

Action

Specify a timeout value that is less than or equal to the LTPA token timeout value.

SECJ8023E: An unexpected exception occurred processing Jaspi bindings during application deployment. Failed command: {0}, exception: {1}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ8024E: An error occurred processing Jaspi bindings during application deployment. {0}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ8026W: JASPI authentication can only be enabled on version 8 and higher nodes.

Explanation

JASPI authentication only functions on version 8 and higher nodes.

Action

Only use JASPI authentication on version 8 and higher nodes.

SECJ8027E: The path and name of file where JASPI persistent registrations are stored must be specified using property {0}.

Explanation

The named property must specify path and name of file where JASPI persistent registrations are stored.

Action

Specify the path and name of a file where JASPI persistent registrations are stored.

SECJ8028E: AuthConfigFactory is null, JASPI bindings cannot be registered.

Explanation

JASPI bindings cannot be registered because a JASPI factory implementation is not defined.

Action

Verify the fully qualified class name of the default JASPI factory implementation class is defined using the property authconfigprovider.factory in java.security.

SECJ8029E: The provider name in the application"s or web module"s bindings is null or is empty.

Explanation

The web module"s JASPI binding cannot be registered in AuthConfigFactory because the provider name is null.

Action

Verify the provider name in the application"s or web module"s bindings is defined in the security configuration.

SECJ8030E: Applications with JASPI bindings can be deployed only on nodes at version 8 and higher.

Explanation

An application to be deployed contains JASPI bindings in ibm-application-bnd or in ibm-web-bnd files.

Action

JASPI authentication is supported on version 8 and higher nodes. Verify JASPI bindings are not defined in the application"s bindings.

SECJ8031I: JASPI binding has been registered: Application={0}, Web Module={1}, Registration ID={2}[{3}], Provider Class={4}.

Explanation

The named JASPI provider will perform authentication of web requests for the named application and web module.

Action

none.

SECJ8032W: AuthConfigFactory implementation is not defined, using the default JASPI factory implementation class: {0}.

Explanation

The JASPI factory implementation is not defined. The default JASPI factory implementation has been set in the server runtime. However, JASPI may not function for a client.

Action

Set the fully qualified class name of the default JASPI factory implementation class as the value for the property authconfigprovider.factory in java.security.

SECJ8033I: The AuthConfigFactory instance is {0}.

Explanation

The JASPI factory implementation defined is not the default JASPI factory implementation provided by WebSphere Application Server.

Action

none.

SECJ8040E: {0} {1} is already defined in the SAML TAI configuration.

Explanation

The given parameter value has been defined in the SAML TAI configuration.

Action

Verify the SAML TAI properties and specify a value that is not already used. If you do not use this option, a value is automatically selected.

SECJ8041E: {0} {1} is not defined in the SAML TAI configuration.

Explanation

The given parameter value is not defined in the SAML TAI configuration.

Action

Verify the SAML TAI properties and specify a value that exists.

SECJ8042E: {0} {1} is not valid, specify a non-negative value.

Explanation

The parameter value must be non-negative.

Action

Specify a non-negative value for the given parameter.

SECJ8043E: {0} already exists in the SAML TAI IdP security configuration.

Explanation

An element can only be added in one security configuration.

Action

Rerun the command using an element that is not already defined in a SAML TAI configuration.

SECJ8044E: SAML TAI configuration is not found.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ8045W: {0} is missing from IdP metadata file {1}.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ8047E: {0} is null.

Explanation

Specify the given parameter.

Action

Specify a valid parameter value.

SECJ8048E: More than one SSO entry. You must specify the ssoId parameter.

Explanation

You must specify the ssoId because the SAML TAI attributes have more than one SSO entry.

Action

Specify a ssoId number that exists.

SECJ8049E: You must configure a service provider (SP) for {0} before adding an IdP partner.

Explanation

The SSO entry has no SP information.

Action

Configure a service provider for this SSO before adding an IdP partner.

SECJ8050W: The {0} key format has the wrong format for SAML TAI custom property key. The key format should be sso_<ID>.idp_<ID>.* or sso_<ID>.sp.* .

Explanation

The SAML TAI custom property key format is invalid.

Action

Verify the SAML TAI custom property key format.

SECJ8051W: You cannot remove the certificate from the trust store because more than one IdP or SP reference this certificate in the SAML TAI.

Explanation

The certificate is used by other IdP or SP.

Action

Verify the certificate is not used by any other IdP or SP.

SECJ8052I: The existing alias name {0} is used because the certificate already exists in the trust store.

Explanation

The certificate already exists in the trust store. You cannot assign a new alias to this certificate. The existing alias name is used.

Action

Use the same alias for the same certificate that is already in the trust store.

SECJ8053E: The SAML TAI version in the IdP partner metadata file is not supported. It supports SAML version 2.0 only.

Explanation

The SAML TAI version in the IdP partner metadata file is not supported.

Action

Use SAML version 2.0 in the IdP partner metadata file.

SECJ8055E: You must specify a fully qualified path for the {0} file.

Explanation

The given parameter file name is not a fully qualified pathname or null.

Action

Specify a fully qualified pathname for the file in the given parameter.

SECJ8056E: No service provider (SP) custom properties found for {0}.

Explanation

There are no SP custom properties found for the given SSO in the SAML TAI.

Action

Configure the SP custom properties for the given SAML TAI SSO before you export it.

SECJ8057W: SAML TAI should be configured at the security domain level instead of global security.

Explanation

There is a security domain, but SAML TAI is configured at the global level.

Action

Configure the SAML TAI at the domain level.

SECJ8058E: Invalid SAML idMap value {0}. The valid value are idAssertion, localRealm, or localRealmThenIdAssertion.

Explanation

The value of idMap is invalid.

Action

Specify a valid idMap value.

SECJ8059E: There is no {0} custom property.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

SECJ8060W: There is no signing certificate in the IdP metadata file {0}.

Explanation

The signing certificate is missing from the IdP metadata file.

Action

Verify the IdP metadata file.

SECJ8061W: There is no entityID in the IdP metadata file {0}.

Explanation

The entityID is missing from the IdP metadata file.

Action

Verify the IdP metadata file.

SECJ8062W: There is not a SingleSignOnService binding for HTTP POST in the IdP metadata file {0}.

Explanation

The SingleSignOnService binding for HTTP POST is missing from the IdP metadata file.

Action

Verify the IdP metadata file.

SECJ8063I: For URL {0} in application {1}, the following HTTP methods are uncovered, and not accessible: {2}

Explanation

The deny-uncovered-http-methods element is specified in the web.xml file for the servlet, and there are HTTP methods for a URL pattern that are unprotected. These unprotected methods will not be accessible.

Action

Ensure that all HTTP methods at all constrained URL patterns have the intended security protections.

SECJ8064I: For URL {0} in application {1}, no methods are uncovered and, hence, all are protected

Explanation

The deny-uncovered-http-methods element is specified in the web.xml file for the servlet, but all HTTP methods for a URL pattern are protected.

Action

No action needed as all HTTP methods are protected.

SECJ8065I: For URL {0} in application {1}, the following HTTP methods are uncovered, and accessible: {2}

Explanation

The deny-uncovered-http-methods element is not specified in the web.xml file for the servlet, and there are HTTP methods for a URL pattern that are unprotected. These unprotected methods will be accessible.

Action

Ensure that all HTTP methods at all constrained URL patterns have the intended security protections.

SECJ8066I: For URL {0} in application {1}, the following merged HTTP methods are uncovered, and not accessible: {2}

Explanation

Action

Ensure that all HTTP methods at all constrained URL patterns have the intended security protections.

SECJ8067I: For URL {0} in application {1}, the following merged HTTP methods are uncovered, and accessible: {2}

Explanation

Action

Ensure that all HTTP methods at all constrained URL patterns have the intended security protections.

SECJ8068E: Cannot process the {0} method because the S4U2self constrained delegation is not enabled.

Explanation

Cannot process the method because the S4U2self constrained delegation is not enabled.

Action

Ensure that the com.ibm.websphere.security.krb.s4U2selfEnabled custom property is set to true.

SECJ8069E: Cannot process the {0} method because the S4U2proxy constrained delegation is not enabled.

Explanation

Cannot process the method because the S4U2proxy constrained delegation is not enabled.

Action

Ensure that the com.ibm.websphere.security.krb.s4U2proxyEnabled security custom property is set to true.

SECJ8070E: The {0} constrained delegation feature requires Java 8 or later.

Explanation

The constrained delegation feature, either S4U2self or S4U2proxy, requires Java 8 or later.

Action

Ensure that Java 8 or later is used.

SECJ8071E: Cannot impersonate the {0} user to get the user GSSCredential for self when using the delegate service principal name {1} due to the exception {2}.

Explanation

Cannot impersonate the user due to the unexpected exception.

Action

Ensure the delegate service principal name (SPN) is enabled for the delegate and review the server logs for more information.

SECJ8072E: Cannot impersonate the {0} user to get the GSSCredential for the back end service when using the delegate service principal name {1} due to the exception {2}.

Explanation

Cannot impersonate the user due to the unexpected exception.

Action

Ensure that the com.ibm.websphere.security.krb.s4U2proxyEnabled security custom property is set to true, the delegate service SPN is enabled for the delegate in the Key Distribution Center (KDC), the client service ticket has a forwardable flag set to true, and the delegate service tickets have a forwardable flag set to true. Review the server logs for more information.

SECJ9200E: No Kerberos credential found in subject credential set.

Explanation

No kerberos credential was found in the JAAS Subject private credential set.

Action

None.

SECJ9201W: Multiple Kerberos credentials found in subject private credential set; using first credential in set.

Explanation

There are multiple Kerberos credentials in the credential set of the subject. Authentication will continue using the first credential in the set.

Action

None.

SECJ9202E: Copy operation on GSS credential failed. GSS Exception: {0}

Explanation

A GSS exception occurred while making a copy of a GSSCredential.

Action

None.

SECJ9203E: Credential in invalid state.

Explanation

Access to a destroyed credential has been attempted.

Action

None.

SECJ9204E: Credential in invalid state.

Explanation

Access to an expired credential has been attempted.

Action

None.

SECJ9205E: User registry error: {0}

Explanation

An error was encountered accessing the user registry.

Action

Check user registry configuration.

SECJ9206W: No GSS delegated credentials were found for user: {0}

Explanation

No GSS delegated credentials found after validate the Kerberos request.

Action

Make sure client have a forwardable Kerberos ticket (TGT) and server is trusted for delegation.

SECJ9207E: GSS user name is null, {0}

Explanation

GSS user name is null.

Action

None.

SECJ9300E: Principal map file ""{0}"" not found or inaccessible.

Explanation

The specified principal map file was not found or is inaccessible.

Action

Ensure that the file exists and is accessible.

SECJ9301E: Error in principal map file ""{0}"" at line {1}: {2}

Explanation

An error was encountered while reading the principal map file.

Action

Correct the error in principal map file.

SECJ9302E: Duplicate default catch-all rule found in map file ""{0}"" at line {1}.

Explanation

A duplicate default catch-all rule was found in the principal map file.

Action

Correct the error in principal map file.

SECJ9303E: IOException caught reading principal map file ""{0}"".

Explanation

An input/output exception was encountered while reading the principal map file.

Action

Make sure the file exists and is readable.

SECJ9304E: No default rule found in map file ""{0}"".

Explanation

The required default catch-all rule was not found in the principal map file.

Action

Ensure that there is a default catch-all rule in the map file.

SECJ9305E: Errors were encountered processing map file ""{0}"".

Explanation

Errors were encountered processing map file.

Action

Correct the error in principal map file.

SECJ9306E: Principal map rule missing required colon character (":").

Explanation

Each map rule must contain a colon character.

Action

Correct the rule in the map file.

SECJ9307E: Principal map rule missing left-hand-side principal and realm.

Explanation

Map rule must specify a principal and realm on the left-hand-side of the colon character.

Action

Correct the rule in the map file.

SECJ9308E: Principal map rule missing right-hand-side principal.

Explanation

Map rule must specify a principal on the right-hand-side of the colon character.

Action

Correct the rule in the map file.

SECJ9309E: Error in left-hand-side of principal map rule.

Explanation

Left-hand-side of principal map rule must be one of: "principal@realm", "*@realm", or "*".

Action

Correct the rule in the map file.

SECJ9310E: Principal map rule missing left-hand-side principal.

Explanation

Map rule must specify a principal on the left-hand-side of the colon character.

Action

Correct the rule in the map file.

SECJ9311E: Principal map rule missing left-hand-side realm.

Explanation

Map rule must specify a realm on the left-hand-side of the colon character.

Action

Correct the rule in the map file.

SECJ9312E: System property "server.root" not set.

Explanation

The system property "server.root" is not set.

Action

None.

SECJ9313W: The Kerberos realm name specified in the callback handler, {0}, does not match the Kerberos realm name specified in the Kerberos configuration: {1} or the default realm: {2}. The login will proceed since both WebSphere and the Tivoli login modules do not check the realm names.

Explanation

The Kerberos realm name specified in the callback handler does not match the Kerberos realm name or the default realm name, but the login will proceed anyway.

Action

None.

SECJ9314E: An unexpected exception occurred when trying to run {0} method : GSSException: {1}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

Examine the associated exception to determine the cause.

SECJ9315E: Unexpected exception occurred when trying to run {0} method : Exception: {1}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

Examine the associated exception to determine the cause.

SECJ9316E: An unexpected GSSexception occurred when trying to run {0} method : GSSException: {1}

Explanation

This exception is unexpected. The cause is not immediately known.

Action

Examine the associated exception to determine the cause

SECJ9317E: The credential is invalid.

Explanation

This exception is unexpected. The cause is not immediately known.

Action

None.

SECJ9319E: Login failed for user {0}; the exception is {1}

Explanation

A login failed for the user.

Action

None.

SECJ9320E: Validation of the Kerberos token threw the following exception: {0}

Explanation

Validation of the Kerberos token threw an unexpected exception

Action

Examine the associated exception to determine the cause.

SECJ9321E: doPrivileged method threw the following exception: {0}

Explanation

doPrivileged method threw an unexpected exception.

Action

Examine the associated exception to determine the cause.

SECJ9322E: Remove principal from subject threw the following exception: {0}

Explanation

Remove principal from subject threw an unexpected exception.

Action

Examine the associated exception to determine the cause.

SECJ9323E: Remove public credential from subject threw the following exception: {0}

Explanation

Remove public credential from subject threw an unexpected exception.

Action

Examine the associated exception to determine the cause.

SECJ9324E: Destroy credential from subject threw the following exception: {0}

Explanation

Destroy credential from subject threw an unexpected exception.

Action

Examine the associated exception to determine the cause.

SECJ9325E: Create credential threw the following exception: {0}

Explanation

Create credential threw an unexpected exception.

Action

Examine the associated exception to determine the cause.

SECJ9326E: Security context is not established for GSSContext {0}

Explanation

Security context is not established.

Action

Examine SystemErr.log to determine the cause.

SECJ9329E: Credential {0}, is not forwardable for target GSS service name {1} in the realm {2}

Explanation

Credential is not fowardable.

Action

None.

SECJ9330E: Credential is null for target GSS service name {0} in the realm {1}

Explanation

Credential is null

Action

None.

SECJ9331E: The constructor for the class {0} does not allow null {1}

Explanation

The token is null.

Action

Examine the associated exception to determine the cause.

SECJ9332E: The complete initSecContext() method is not called {0}

Explanation

The complete initSecContext method is not called.

Action

Examine the associated exception to determine the cause.

SECJ9333W: Can not reset a system property KRB5_KTNAME (Kerberos keytab file) to {0} because it already set for {1}. The runtime still use the Kerberos keytab file {2}

Explanation

The system property for KRB5_KTNAME (Kerberos keytab file) does not allow to re-set.

Action

none.

SECJ9400W: The kerberos Service Principal Name cannot be determined when running on the client. A null value will be returned.

Explanation

When this method is invoked on the client side, it is not possible to determine the Kerberos Service Principal Name, and therefore a null value is returned.

Action

Do not invoke this method on the client side.