Error Message Reference - IBM · About this publication IBM ®Tivoli Federated Identity Manager Version 6.2.2 implements solutions for federated single sign-on, Web services security

IBM® Tivoli® Federated Identity ManagerVersion 6.2.2.7

Error Message Reference

GC32-2289-05

��

IBM® Tivoli® Federated Identity ManagerVersion 6.2.2.7

Error Message Reference

GC32-2289-05

��

NoteBefore using this information and the product it supports, read the information in “Notices” on page 211.

Edition notice

Note: This edition applies to version 6, release 2, modification 2.7 of IBM Tivoli Federated Identity Manager(product number 5724-L73) and to all subsequent releases and modifications until otherwise indicated in neweditions.

© Copyright IBM Corporation 2006, 2013.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Figures . . . . . . . . . . . . . . . v

About this publication . . . . . . . . viiIntended audience . . . . . . . . . . . . viiAccess to publications and terminology . . . . . vii

IBM Tivoli Federated Identity Manager library viiiPrerequisite publications . . . . . . . . . ixRelated publications . . . . . . . . . . ixAccessing terminology online . . . . . . . ixAccessing publications online . . . . . . . ixOrdering publications . . . . . . . . . . x

Accessibility . . . . . . . . . . . . . . xTivoli technical training. . . . . . . . . . . xSupport information . . . . . . . . . . . . xStatement of Good Security Practices . . . . . . xiConventions used in this book . . . . . . . . xi

Typeface conventions . . . . . . . . . . xiOperating system-dependent variables and paths xii

Chapter 1. Message overview . . . . . 1Message types . . . . . . . . . . . . . . 1Message format . . . . . . . . . . . . . 1

Chapter 2. Tivoli Federated IdentityManager Messages . . . . . . . . . . 5

Chapter 3. Common Auditing andReporting Service messages. . . . . 183

Notices . . . . . . . . . . . . . . 211

© Copyright IBM Corp. 2006, 2013 iii

iv IBM® Tivoli® Federated Identity Manager Version 6.2.2.7: Error Message Reference

Figures

1. Message ID format . . . . . . . . . . 2

© Copyright IBM Corp. 2006, 2013 v

vi IBM® Tivoli® Federated Identity Manager Version 6.2.2.7: Error Message Reference

About this publication

IBM® Tivoli® Federated Identity Manager Version 6.2.2 implements solutions forfederated single sign-on, Web services security management, and provisioning thatare based on open standards. IBM Tivoli Federated Identity Manager extends theauthentication and authorization solutions provided by IBM Tivoli Access Managerto simplify the integration of multiple existing Web solutions.

This guide describes the error messages for IBM Tivoli Federated Identity Manager.

Intended audienceThe target audience for this book includes network security architects, systemadministrators, network administrators, and system integrators. Readers of thisbook should have working knowledge of networking security issues, encryptiontechnology, keys, and certificates. Readers should also be familiar with theimplementation of authentication and authorization policies in a distributedenvironment.

This book describes an implementation of a Web services solution that supportsmultiple Web services standards. Readers should have knowledge of specific Webservices standards, as obtained from the documentation produced by the standardsbody for each respective standard.

Readers should be familiar with the development and deployment of applicationsfor use in a Web services environment. This includes experience with deployingapplications into an IBM WebSphere® Application Server environment.

Access to publications and terminologyThis section provides:v A list of publications in the IBM Tivoli Federated Identity Manager library.v Links to “Online publications” on page viii.v A link to the “IBM Terminology website” on page viii.

IBM Tivoli Federated Identity Manager library

The following documents are available in the IBM Tivoli Federated IdentityManager library:v IBM Tivoli Federated Identity Manager Quick Start Guide

v IBM Tivoli Federated Identity Manager Installation Guide, GC27-2718-01v IBM Tivoli Federated Identity Manager Configuration Guide, GC27-2719-02v IBM Tivoli Federated Identity Manager Installing, configuring, and administering

risk-based access, SC27-4445-02v IBM Tivoli Federated Identity Manager Configuring web services security,

GC32-0169-04v IBM Tivoli Federated Identity Manager Administration Guide, SC23-6191-02v IBM Tivoli Federated Identity Manager Auditing Guide, GC32-2287-05v IBM Tivoli Federated Identity Manager Troubleshooting Guide, GC27-2715-01v IBM Tivoli Federated Identity Manager Error Message Reference, GC32-2289-04

© Copyright IBM Corp. 2006, 2013 vii

Online publications

IBM posts product publications when the product is released and when thepublications are updated at the following locations:

IBM Tivoli Federated Identity Manager Information CenterThe http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.tspm.doc_7.1/welcome.html site displays the information centerwelcome page for this product.

IBM Security Systems Documentation Central and Welcome pageIBM Security Systems Documentation Central provides an alphabetical listof all IBM Security Systems product documentation and links to theproduct information center for specific versions of each product.

Welcome to IBM Security Systems Information Centers provides andintroduction to, links to, and general information about IBM SecuritySystems information centers.

IBM Publications CenterThe http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss site offers customized search functions to help you find all the IBMpublications you need.

IBM Terminology website

The IBM Terminology website consolidates terminology for product libraries in onelocation. You can access the Terminology website at http://www.ibm.com/software/globalization/terminology.

IBM Tivoli Federated Identity Manager libraryThe publications in the IBM Tivoli Federated Identity Manager library are:v IBM Tivoli Federated Identity Manager Quick Start Guide

Provides instructions for getting started with IBM Tivoli Federated IdentityManager.

v IBM Tivoli Federated Identity Manager Installation Guide

Provides instructions for installing IBM Tivoli Federated Identity Manager.v IBM Tivoli Federated Identity Manager Configuration Guide

Provides instructions for configuring IBM Tivoli Federated Identity Manager.v IBM Tivoli Federated Identity Manager Administration Guide

Provides instructions for completing administration tasks that are required forall deployments.

v IBM Tivoli Federated Identity Manager Web Services Security Management Guide

Provides instructions for completing configuration tasks for Web servicessecurity management.

v IBM Tivoli Federated Identity Manager Auditing Guide

Provides instructions for auditing IBM Tivoli Federated Identity Manager events.v IBM Tivoli Federated Identity Manager Error Message Reference

Provides explanations of the IBM Tivoli Federated Identity Manager errormessages.

v IBM Tivoli Federated Identity Manager Troubleshooting Guide

Provides troubleshooting information and instructions for problem solving.

viii IBM® Tivoli® Federated Identity Manager Version 6.2.2.7: Error Message Reference

http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.tivoli.fim.doc_6226/ic/ic-homepage.html

http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.tivoli.fim.doc_6226/ic/ic-homepage.html

https://www.ibm.com/developerworks/mydeveloperworks/wikis/home?lang=en#/wiki/IBM%20Security%20Systems%20Documentation%20Central/page/Welcome

http://pic.dhe.ibm.com/infocenter/tivihelp/v2r1/index.jsp

http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss

http://www-05.ibm.com/e-business/linkweb/publications/servlet/pbi.wss

http://www.ibm.com/software/globalization/terminology


You can obtain the publications from the IBM Tivoli Federated Identity ManagerInformation Center:

http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.tivoli.fim.doc_6.2.2/ic/ic-homepage.html

Prerequisite publicationsTo use the information in this book effectively, you should have some knowledgeabout related software products, which you can obtain from the following sources:v Tivoli Access Manager Information Center:

http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?toc=/com.ibm.itame.doc/toc.xml

v IBM WebSphere Application Server Version 8.0 Information Center:http://publib.boulder.ibm.com/infocenter/wasinfo/v8r0/index.jspYou can obtain PDF versions of the IBM WebSphere Application Serverdocumentation at:http://www.ibm.com/software/webservers/appserv/was/library/

Related publicationsYou can obtain related publications from the IBM Web sites:v Enterprise Security Architecture Using IBM Tivoli Security Solutions. This book is

available in PDF (Portable Document Format) at http://www.redbooks.ibm.com/redbooks/pdfs/sg246014.pdf or in HTML (HypertextMarkup Language) at http://www.redbooks.ibm.com/redbooks/SG246014/

v Federated Identity Management and Web Services Security with IBM Tivoli SecuritySolutions (SG24-6394-01). This book is available in PDF at http://www.redbooks.ibm.com/redbooks/pdfs/sg246394.pdf or in HTML athttp://www.redbooks.ibm.com/redbooks/SG246394/

v The Tivoli Software Library provides a variety of Tivoli publications such aswhite papers, datasheets, demonstrations, redbooks, and announcement letters.The Tivoli Software Library is available on the Web at: http://publib.boulder.ibm.com/tividd/td/tdprodlist.html

v The Tivoli Software Glossary includes definitions for many of the technical termsrelated to Tivoli software. The Tivoli Software Glossary is available athttp://publib.boulder.ibm.com/tividd/td/tdprodlist.html

Accessing terminology onlineThe IBM Terminology Web site consolidates the terminology from IBM productlibraries in one convenient location. You can access the Terminology Web site athttp://www.ibm.com/software/globalization/terminology

Accessing publications onlineIBM posts publications for this and all other Tivoli products, as they becomeavailable and whenever they are updated, to the Tivoli Information Center Website at http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp.

Note: If you print PDF documents on other than letter-sized paper, set the optionin the File → Print window that allows Adobe Reader to print letter-sized pages onyour local paper.

About this publication ix





http://publib.boulder.ibm.com/infocenter/wasinfo/v8r0/index.jsp

http://www.ibm.com/software/webservers/appserv/was/library/

http://www.redbooks.ibm.com/redbooks/pdfs/sg246014.pdf


http://www.redbooks.ibm.com/redbooks/SG246014/



http://www.redbooks.ibm.com/redbooks/SG246394/

http://publib.boulder.ibm.com/tividd/td/tdprodlist.html




http://publib.boulder.ibm.com/infocenter/tivihelp/v3r1/index.jsp

Ordering publicationsYou can order hard copies of some publications.

Many countries provide an online ordering service.Follow these steps to access this service:1. Go to http://www-947.ibm.com/support/entry/portal/Documentation2. Select IBM Publications Center from Getting Started.3. Select your country from Select a country/region/language to begin

and click the arrow icon.4. Follow the instructions for how to order hard copy publications on

Welcome to the IBM Publications Center.

If your country does not provide an online ordering service, contact yoursoftware account representative to order publications.

Follow these steps to find your local contact:1. Go to http://www.ibm.com/planetwide/2. Click your country name to display a list of contacts.

AccessibilityAccessibility features help a user who has a physical disability, such as restrictedmobility or limited vision, to use software products successfully. With this product,you can use assistive technologies to hear and navigate the interface. You also canuse the keyboard instead of the mouse to operate all features of the graphical userinterface.

For additional information, see the "Accessibility" topic in the information center athttp://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.tivoli.fim.doc_6.2.2/ic/ic-homepage.html.

Tivoli technical trainingFor Tivoli technical training information, refer to the following IBM TivoliEducation Web site at http://www.ibm.com/software/tivoli/education.

Support informationIf you have a problem with your IBM software, you want to resolve it quickly. IBMprovides the following ways for you to obtain the support you need:

OnlineGo to the IBM Software Support site at http://www.ibm.com/software/support/probsub.html and follow the instructions.

IBM Support AssistantThe IBM Support Assistant (ISA) is a free local software serviceabilityworkbench that helps you resolve questions and problems with IBMsoftware products. The ISA provides quick access to support-relatedinformation and serviceability tools for problem determination. To installthe ISA software, see the IBM Tivoli Federated Identity Manager InstallationGuide. Also see: http://www.ibm.com/software/support/isa.

Troubleshooting GuideFor more information about resolving problems, see the IBM TivoliFederated Identity Manager Troubleshooting Guide.

x IBM® Tivoli® Federated Identity Manager Version 6.2.2.7: Error Message Reference

http://www-947.ibm.com/support/entry/portal/Documentation

http://www.ibm.com/planetwide/



http://www.ibm.com/software/tivoli/education

http://www.ibm.com/software/support/probsub.html

http://www.ibm.com/software/support/probsub.html

http://www.ibm.com/software/support/isa

Statement of Good Security PracticesIT system security involves protecting systems and information throughprevention, detection and response to improper access from within and outsideyour enterprise. Improper access can result in information being altered, destroyed,misappropriated or misused or can result in damage to or misuse of your systems,including for use in attacks on others. No IT system or product should beconsidered completely secure and no single product, service or security measurecan be completely effective in preventing improper use or access. IBM systems,products and services are designed to be part of a comprehensive securityapproach, which will necessarily involve additional operational procedures, andmay require other systems, products or services to be most effective. IBM DOESNOT WARRANT THAT ANY SYSTEMS, PRODUCTS OR SERVICES AREIMMUNE FROM, OR WILL MAKE YOUR ENTERPRISE IMMUNE FROM, THEMALICIOUS OR ILLEGAL CONDUCT OF ANY PARTY.

Conventions used in this bookThis reference uses several conventions for special terms and actions and foroperating system-dependent commands and paths.

Typeface conventionsThis publication uses the following typeface conventions:

Bold

v Lowercase commands and mixed case commands that are otherwisedifficult to distinguish from surrounding text

v Interface controls (check boxes, push buttons, radio buttons, spinbuttons, fields, folders, icons, list boxes, items inside list boxes,multicolumn lists, containers, menu choices, menu names, tabs, propertysheets), labels (such as Tip:, and Operating system considerations:)

v Keywords and parameters in text

Italic

v Citations (examples: titles of publications, diskettes, and CDsv Words defined in text (example: a nonswitched line is called a

point-to-point line)v Emphasis of words and letters (words as words example: "Use the word

that to introduce a restrictive clause."; letters as letters example: "TheLUN address must start with the letter L.")

v New terms in text (except in a definition list): a view is a frame in aworkspace that contains data.

v Variables and values you must provide: ... where myname represents....

Monospace

v Examples and code examplesv File names, programming keywords, and other elements that are difficult

to distinguish from surrounding textv Message text and prompts addressed to the userv Text that the user must typev Values for arguments or command options

About this publication xi

Operating system-dependent variables and pathsThis publication uses the UNIX convention for specifying environment variablesand for directory notation.

When using the Windows command line, replace $variable with % variable% forenvironment variables and replace each forward slash (/) with a backslash (\) indirectory paths. The names of environment variables are not always the same inthe Windows and UNIX environments. For example, %TEMP% in Windowsenvironments is equivalent to $TMPDIR in UNIX environments.

Note: If you are using the bash shell on a Windows system, you can use the UNIXconventions.

xii IBM® Tivoli® Federated Identity Manager Version 6.2.2.7: Error Message Reference

Chapter 1. Message overview

Messages indicate events that occur during the operation of the system.

Depending on their purpose, messages might be displayed on the screen. Bydefault, all informational, warning, and error messages are written to the messagelogs. The logs can be reviewed later to determine what events occurred, to seewhat corrective actions were taken, and to audit all the actions performed. Formore information about message logs, refer to the IBM Tivoli Federated IdentityManager Problem Determination Guide.

Message typesTivoli Federated Identity Manager uses messages of specific types.

The following types of messages are used:

Informational messagesIndicate conditions that are worthy of noting but that do not require you totake any precautions or perform an action.

Warning messagesIndicate that a condition has been detected that you should be aware of,but does not necessarily require that you take any action.

Error messagesIndicates that a condition has occurred that requires you to take action.

Message formatMessages logged by Tivoli Federated Identity Manager adhere to the TivoliMessage Standard. Each message consists of a message identifier (ID) andaccompanying message text.

Message ID format

A message ID consists of 10 alphanumeric characters that uniquely identify themessage.

A message ID in Tivoli Federated Identity Manager is composed of:v three-character product identifier (FBT for Tivoli Federated Identity Manager

and CBA and CFG for Common Auditing and Reporting Service)v two-character or three-character component or subsystem identifierv three-digit or four-digit serial or message numberv one-character type code indicating the severity of the message

The figure that follows shows a graphical representation of a possible message IDand identifies its different parts. (Some messages might use 2 characters for thecomponent ID and 4 digits for the serial number.)

© Copyright IBM Corp. 2006, 2013 1

IBM product prefix (3 characters)

Component or subsystem identifier (3 characters)

Message number (3 digits)

FBT RTE 033

IWE

---

InformationalWarningError

Severity

I

Component identifiers

The component identifier indicates which component or subsystem produced themessage.

ADM Administration commands

AUD Audit

CC Common Auditing and Reporting Service disk cache

CDS InfoCard messages

CE Common Auditing and Reporting Service emitter

CFG Configuration properties

CLI Command-line interface

CO Common Audit Service Configuration Console

CON Tivoli Federated Identity Manager console

FMS Management service

IDS Identity service

IN Common Auditing and Reporting Service installation

ISJ Alias service JDBC component

ISL Alias service LDAP component

IVT Installation verification test

KES Key service keystore management

KJK Key service keystore management

LIB Liberty single sign-on protocol

LOG Logging

MB Common Audit Service Configuration MBean

MGT Management

MET Metadata handling

MOD Module

OID OpenID messages

PWD Password handling

Figure 1. Message ID format

2 IBM® Tivoli® Federated Identity Manager Version 6.2.2.7: Error Message Reference

RPT Report messages

RTE Runtime environment component configuration

SML SAML single sign-on protocol

SOC SOAP client

SPS Single sign-on protocol service

STM Secure token service

STS Secure token service modules

STZ RACF® PassTicket tokens

SU Common Audit Staging Utility

TAC Tivoli Access Manager configuration as point-of-contact server

TRC Trust client

USC User self care

WS Common Auditing and Reporting Service Web service

WSF WS-Federation single sign-on protocol

WSP Provisioning service

WSS Web services security management

XS Common Audit Service XML data store

XU Common Audit Service XML store utilities

Severity

Associated with each message is a severity level that indicates whether correctiveaction must be taken.

Table 1. Severity level

Severity Description

I (Informational) Provides information or feedback about normal events that occur. Ingeneral, no action needs to be performed in response to aninformational message.

FBTRTE033I The domain default was successfully created.FBTSTM066I The Trust Service has been disabled.

W (Warning) Indicates that a potentially undesirable condition has occurred, butprocessing can continue. Intervention or corrective action might benecessary in response to a warning message.

FBTLOG002W An integer was expected.FBTTRC004W The returned RequestSecurityTokenResponsedid not have a wsu:Id

Chapter 1. Message overview 3

Table 1. Severity level (continued)

Severity Description

E (Error) Indicates that a problem has occurred that requires intervention orcorrection before processing can continue. An error message might beaccompanied by one or more warning or informational messages thatprovide additional details about the problem.

FBTCON013E The federation with ID insert could not beretrieved from the single sign-on protocol service.Explanation:This error can occur if the console is unable tocommunicate with the single sign-on protocol service.

FBTSML260E The binding value value for attribute attris not valid for profile profile.

Message text

The text of the message, in the system locale, also is recorded in the log file. If themessage text is not available in the desired language, the English language text isused.


Chapter 2. Tivoli Federated Identity Manager Messages

These messages are provided by Tivoli Federated Identity Manager.

FBTADM002E The invoked command failed.

Explanation: The executed command did not completesuccessfully.

System action: Command execution halted.

Administrator response: Check the log files orexamine any returned exceptions.

FBTADM004E There are no SAML Artifact Servicesconfigured.

Explanation: See message.


Administrator response: No response required.

FBTADM005E There are no SAML Artifact Servicesconfigured with the given configurationidentifier.




FBTADM006E The given name for the creation ofthe new Tivoli Federated IdentityManager domain already exists. Supplya different domain name or remove theexisting domain first.




FBTADM007E A Tivoli Federated Identity Managerdomain name is required for thisoperation to complete.



Administrator response: Specify the domain nameusing the parameter fimDomainName

FBTADM008E A WebSphere cluster or server nameis required for this operation. If thetarget environment is on a cluster, enterthe clustername. If the targetenvironment is not a cluster, provide thename of the application server (typicallyserver1). To find the name of the clusteror the server use the Application Serverspanel on the WebSphere administrativeconsole.




FBTADM009E One or more parameters have to beprovided for this operation.



Administrator response: View the usage and pass therequired parameters to the command.

FBTADM010E The Tivoli Federated IdentityManager domain specified for thisoperation does not exist.



Administrator response: Run the list operation of thecommand manageItfimDomain to view the domainname.

FBTADM011E The Tivoli Federated IdentityManager runtime is not currentlydeployed into the selected domain. Todeploy the runtime use the deployoperation of this command.



Administrator response: Run the deploy operation ofthe command manageItfimDomain to deploy theruntime.

FBTADM013E A file name to read from or write toneeds to be provided for this command.




Administrator response: Specify a file name for thiscommand.

FBTADM014E Required Tivoli Access Managerparameters were not passed to thisoperation. When a Tivoli FederatedIdentity Manager domain uses TivoliAccess Manager the followingparameters are required, tamAdminId,tamtamPolicyServer, tamAuthzServers,tamAuthzPorts.



Administrator response: Check the documentation orview the command help for usage.

FBTADM017E The following error ocurred whilereloading the Tivoli Federated IdentityManager Management Service.

Explanation: Errors from the Tivoli Federated IdentityManager Management Service is returned as a result ofexecuting the reloadItfimManagementServicecommand.


Administrator response: Check the log files on theTivoli Federated Identity Manager Management Servicemachine for the exception details.

FBTADM018E One of the parameters passed needsto be an integer but it is not.




FBTADM019E One or more parameters passed arein an incorrect format.




FBTADM020E The configuration type passed to thecommand is in an unrecognized format.Acceptable values are ldap or jdbc.




FBTADM021E This operation requires that theconfiguration type for the alias serviceis set to ldap but the currentconfiguration is jdbc. Run the configureoperation to change the configuration toldap.



Administrator response: Run the configure operationof the manageItfimNameIdSvc command.

FBTADM022E The provided server, hostname andport, already exists in the configuration.If you need to modify the parametersuse the modifyHost operation.



Administrator response: Run the modifyHostoperation of the manageItfimNameIdSvc command.

FBTADM023E The provided server, hostname andport, is not defined in the configuration.Create this server entry using theaddHost operation.



Administrator response: Run the addHost operationof the manageItfimNameIdSvc command.

FBTADM024E The parameter insert is required forthis operation.




FBTADM025E The partner insert associated tofederation insert was not found. Checkthat both partner and federation namesare correct. You can use the listoperation of the manageItfimPartnercommands to get a list of existingpartners and federations.



Administrator response: Run the list operation of themanageItfimPartner command.

FBTADM014E • FBTADM025E


FBTADM026E The property insert is required forthis operation.



Administrator response: Check the documentation forresponse file property requirements for this operation.

FBTADM028E The parameter insert is required forthis operation but it was not given.

Explanation: The command requires parameters thatwere not passed in.



FBTADM029E The Tivoli Federated IdentityManager domain name, server name,server port, and report name are notspecified.




FBTADM030E The Tivoli Federated IdentityManager domain name, server name,and server port are not specified.




FBTADM031E No runnable reports were found.


System action: No action taken.


FBTADM032E The Report Engine could not bestarted. Check the log files or examineany returned exceptions.




FBTADM033E The Report Engine could not be shutdown. Check the log files or examineany returned exceptions.




FBTADM034E No reports are currently running.








FBTADM036E No archived reports were found.








FBTADM038E A report design is required for thisoperation to complete.



Administrator response: Specify the report designusing the reportDesign parameter.

FBTADM039E A hostname is required for thisoperation to complete.




Chapter 2. Tivoli Federated Identity Manager Messages 7

Administrator response: Specify the host name usingthe hostName parameter.

FBTADM040E A port is required for this operationto complete.



Administrator response: Specify the port using thehostPort parameter.

FBTADM041E A render type is required for thisoperation to complete.



Administrator response: Specify the render type usingthe renderType parameter.

FBTADM042E The supplied keystore was not foundin the domain. Verify that the kesytorename is correct and that it does exist.




FBTADM043E No keys are defined inside thesupplied Key Store.




FBTADM044E The domain supplied does not haveany keystores defined.




FBTADM045E The supplied response file does notcontain a valid federation name to becreated.



Administrator response: Add the FedName propertyto the response file.

FBTADM046E The federation insert already exists.Specify a different name in the responsefile.




FBTADM047E Unable to create partner responsefile. Verify that the parameters suppliedwere correct and verify the logs.



Administrator response: Check the log files on theTivoli Federated Identity Manager Management Servicemachine for errors.

FBTADM048E The file insert specified in propertyinsert does not exist.



Administrator response: Check the path to the file.

FBTADM049E This operation requires the TivoliAccess Manager administrator passwordin order to complete. Provide thispassword by specifying the-tamAdminPwd option.




FBTADM050E Unable to create federation responsefile. Verify that the parameters suppliedwere correct and verify the logs.




FBTADM051E A Tivoli Federated Identity Managerdomain already exists in the targetcluster or server insert. Remove thatdomain before attempting to create anew one.






FBTADM052E The federation insert is not anidentity provider. A query requesterpartner can only be added to an identityprovider federation.




FBTADM053E Unable to import the key insert intokeystore insert. Make sure that thekeystore name and supplied passwordare correct.




FBTADM054E The export operation failed to writethe domain to the supplied file. Checkthe name and path of the supplied fileand that its location can be written.




FBTADM055E Unable to undeploy runtime from:insert.




FBTADM056E This operation is not supported forthe specified Single Sign-On protocol.




FBTADM057E The callback id: insert is not defined.Publish the Point of Contact callbackplug-ins to the runtime node if creatinga custom point of contact or check theexisting callback names using thelistCallbacks operation.




FBTADM058E The callback property: insert forcallback insert is not defined. Check theavailable properties for a callback usingthe listCallbacks operation.




FBTADM059E The specified Point of Contactprofile: insert was not found.




FBTADM060E The specified Chain RequestMapping with uuid: insert was notfound.




FBTADM061E The module instance with uuid: insertwas not found.




FBTADM062E The module type with uuid: insertwas not found.




FBTADM063E The module chain with uuid: insertwas not found.




FBTADM064E The number of instances provideddoes not match the number of modesprovided. These two numbers mustmatch.






FBTADM065E The mode: insert for module instance:insert is not supported.




FBTADM066E The chain mapping for chain: insertwas not found.




FBTADM067E The custom properties cannot beloaded into the specified domain.

Explanation: The custom properties cannot beimported.



FBTADM068E The given name for the TivoliFederated Identity Manager domaindoes not exist. Supply a differentdomain name.

Explanation: The specified domain name does notexist.



FBTADM069E A Tivoli Federated Identity Managerfederation name is required for thisoperation to complete.

Explanation: This operation requires the name of anexisting federation.


Administrator response: Specify the federation nameusing the parameter federationName

FBTADM070E The federation insert does not exist.Specify a different name.

Explanation: The specified federation name does notexist.



FBTADM071E The operation operation is unknownfor the current command.

Explanation: An operation was specified that is notimplemented for the current command.


Administrator response: Please enter a validoperation for this command.

FBTADM072E A key with alias 'key alias' was notfound in the keystore 'keystore'.

Explanation: An alias was specified for a signing orencryption key, but no key with that alias was found inthe specified keystore.


Administrator response: Please enter a valid alias.

FBTADM073E The partner role value insert specifiedon parameter insert is not supported forthis operation.

Explanation: The partner role specified is notsupported by the federation.



FBTADM074E The migration type is required forthis operation to complete.

Explanation: This operation requires the migrationtype to be performed.


Administrator response: Specify the migration typeusing the parameter migrationType

FBTADM075E The migration type value insertspecified on parameter insert is notsupported by the runtime.

Explanation: The migration type specified is notsupported by the runtime.


Administrator response: List the supported migrationtypes for the runtime.

FBTADM076E The migration type insert does notsupport the use of a response file.

Explanation: The migration type specified does notsupport the use of a response file.


Administrator response: Execute the operation



without using a response file.

FBTADM077E The federation name can containonly characters from the set 'a-z', 'A-Z'and '0-9'. Specify a different name in theresponse file using only the validcharacters.




FBTADM078E A module chain with the displayname name already exists.

Explanation: A module chain with the specified namealready exists. Module chain display names must beunique.


Administrator response: Specify a different name forthe new module chain.

FBTADM079E A module instance with the namename already exists.

Explanation: A module instance with the specifiedname already exists. Module instance names must beunique.


Administrator response: Specify a different name forthe new module instance.

FBTADM080E The module instance instance isprotected and cannot be deleted.

Explanation: The specified module instance cannot bedeleted because it is a protected instance.



FBTADM081E The module instance instance cannotbe deleted because it is currently usedin one or more module chains.

Explanation: The specified module instance cannot bedeleted because it is used in one or more modulechains.


Administrator response: If the module instance mustbe deleted, remove it from the module chains that useit, or delete those module chains.

FBTADM082E The module type for module instanceinstance cannot be changed from oldtypeto newtype.

Explanation: The module type for a module instancecannot be changed.


Administrator response: Create a new moduleinstance with the required type, then reconfigure anymodule chains using the existing module instance touse the new one. If the existing module instance is nolonger required, it may then be deleted.

FBTADM083E The name of module instance instancecannot be changed from oldname tonewname.

Explanation: The name of a module instance cannotbe changed.


Administrator response: Create a new moduleinstance with the specified name. If the existing moduleinstance is no longer required, delete it.

FBTADM084E The minimum length for clientidentifier is <number> characters.

Explanation: The length of the client identifier in theresponse file does not meet the required length.


Administrator response: Ensure the client identifiermeets the minimum length requirement.

FBTADM085E The client identifier can contain onlycharacters from the set 'a-z', 'A-Z' and'0-9'. Specify a different client identifierusing the valid characters.

Explanation: The client identifier in the response filecontains a character that is not valid.


Administrator response: Provide the valid clientidentifier in the response file.

FBTADM086E An error occurred when verifying theclient identifier. A client with thespecified client identifier already exists.

Explanation: The client identifier in the response fileis not valid because it is already in use.


Administrator response: Ensure the client identifierspecified is unique for this federation.



FBTADM087E The minimum length for the clientshared-secret is <number> characters.

Explanation: The length of the client shared-secret inthe response file does not meet the required length.


Administrator response: Ensure that the clientshared-secret meets the minimum length requirement.

FBTADM089E The client callback URI is not valid.Specify a valid client callback URI. Ifthis is not applicable, specify 'oob'.

Explanation: The client callback URI in the responsefile is not valid.


Administrator response: Provide the valid clientcallback URI in the response file.

FBTADM090E The client identifier cannot bemodified.

Explanation: The client identifier in the response fileis different from the registered one.


Administrator response: Provide the registered clientidentifier in the response file.

FBTADM091E The minimum length for clientidentifier is <number> characters.

Explanation: The length of the client identifier in theresponse file does not meet the required length.



FBTADM092E The client identifier can contain onlycharacters from the set 'a-z', 'A-Z' and'0-9'. Specify a different client identifierusing the valid characters.

Explanation: The client identifier in the response filecontains a character that is not valid.


Administrator response: Provide a valid clientidentifier in the response file.

FBTADM093E An error occurred when verifying theclient identifier. A client with thespecified client identifier already exists.

Explanation: The client identifier in the response fileis not valid because it is already in use.



FBTADM094E The minimum length for the clientshared-secret is <number> characters.

Explanation: The length of the client shared-secret inthe response file does not meet the required length.


Administrator response: Ensure that the clientshared-secret meets the minimum length requirement.

FBTADM096E The client redirection URI is notvalid. Specify a valid client redirectionURI.

Explanation: The client redirection URI in theresponse file is not valid.


Administrator response: Provide a valid clientredirection URI in the response file.

FBTADM097E The client identifier cannot bemodified.

Explanation: The client identifier in the response fileis different from the registered one.


Administrator response: Provide the registered clientidentifier in the response file.

FBTADM098E An OAuth partner cannot be createdfor the federation insert.

Explanation: An external client provider was selectedfor the federation. IBM Tivoli Federated IdentityManager internal partners are not allowed when anexternal client provider is selected.


Administrator response: Add clients externally basedon your implementation, or change the OAuth clientprovider configuration to add partners to IBM TivoliFederated Identity Manager.

FBTADM099E The partner insert that is associated tofederation insert cannot be deleted.

Explanation: Global entity partners are used in anOAuth 2.0 flow. You must not delete any of the globalentity partners. Note that if an OAuth 2.0 federation isdeleted, its associated global entity partners are alsodeleted.


Administrator response: No action taken.



FBTADM100E The partner insert that is associated tofederation insert cannot be deleted.

Explanation: Global entity partner is used in anOAuth 1.0 flow. You must not delete the global entitypartner. Note that if an OAuth 1.0 federation is deleted,its associated global entity partner is also deleted.


Administrator response: No action taken.

FBTADM101E The XML file format is not valid forinsert.

Explanation: The XML file that you provided is notformatted correctly.


Administrator response: Check your XML file forsyntax errors, and fix the errors.

FBTAUD001E Check the audit configuration toensure that it is correct.

Explanation: The audit configuration settings mightcontain errors or ommissions.

System action: System will not audit.

Administrator response: Check the audit properties ortry restarting the server.

FBTAUD002E The passed-in audit provider is notsupported.

Explanation: This error occurs due to problems in theaudit configuration.


Administrator response: Check the audit properties ortry restarting the server.

FBTAUD003E The audit configuration propertyinsert is not defined or is incorrect.



Administrator response: Correctly specify theproperty and restart the server.

FBTAUD004E An error was encountered whileinitializing the file logger.



Administrator response: Check the file logger

properties and the encapsulated exception to solve theproblem.

FBTAUD005E An error was encountered whileinitializing context to the CommonAudit Serivice server. Check the JNDIconnection property and emitter profilefor possible errors.



Administrator response: Check the propertiesmentioned in the error and the encapsulated exceptionto solve the problem.

FBTAUD006E An error was encountered whilesending the audit event to the CommonAudit Service server.

Explanation: This error occurs because of problems inthe audit configuration, or because of connectivityproblems with the Common Audit Service server.

System action: System will not audit this particularevent.

Administrator response: Ensure that the CommonAudit Service server is running and check theencapsulated exception to solve the problem.

FBTAUD007E An error was encountered whileinitializing the audit component.

Explanation: This error occurs because of problems inthe audit configuration, or because of connectivityproblems with the Common Audit Service server.

System action: System will not audit this particularevent.

Administrator response: Ensure that the CommonAudit Service server is running and check the previousexceptions in the log to determine the cause of theproblem.

FBTAUD008E An event completion exception wasencountered because all of the eventdata is not filled in correctly.

Explanation: This error occurs if any of the requiredelements in the event are not set.

System action: System will not audit this particularevent and will log an exception.

Administrator response: Check the encapsulatedexception to solve the problem.

FBTADM100E • FBTAUD008E


FBTAUD009E System could not audit a call becausea required parameter to the API is notavailable.


System action: System will not audit this particularevent and will log an exception.

Administrator response: Check the parameter that isnot being passed correctly.

FBTAUD010E An event validation exception wasencountered because all of the eventdata is not correctly filled in.


System action: System will not audit this particularevent and log an exception.

Administrator response: Check the encapsulatedexception to solve the problem.

FBTCDS001E The received request is missing therequired parameter: parameter

Explanation: The current request is not valid.

System action: The request will be halted.

Administrator response: Validate the incomingmessage.

FBTCDS002E Token exchange failed.

Explanation: The current request could not becompleted because the token exchange failed.


Administrator response: Validate the incomingmessage and the trust service configuration. Inaddition, examine the trace logs to see why the tokenexchange failed.

FBTCDS003E The security token could not bedecrypted.

Explanation: The encrypted security token could notbe decrypted.

Administrator response: Ensure that the decryptionkeys and decryption parameters are configuredproperly for the provider that sent the message.

FBTCDS004E The security token signature could notbe validated.

Explanation: The security token signature could notbe validated.

Administrator response: Ensure that the validation

keys are configured properly for the provider that sentthe message.

FBTCDS005E The request was missing the TARGETparameter.

Explanation: The login page must contain a TARGETparameter either in the Query string or in a hiddeninput field.

System action: The operation will be halted.

Administrator response: Modify the login page tocontain a TARGET parameter, which should point tothe target SSO URL.

FBTCDS006E While processing action: action thefollowing configuration parameter wasdetermined to be missing or incorrect:param

Explanation: The current request could not becompleted because the configuration is not valid.


Administrator response: Validate that the system isconfigured correctly.

FBTCDS007E The current user making the requestis not authenticated.




FBTCDS008E The Security Token Service wasunable to generate a token for thisrequest.



Administrator response: Validate the incomingmessage, and the system configuration.

FBTCDS009E The card used for authentication tothe STS mapped to the alias: action andcould not be mapped to a local useraccount.

Explanation: The alias service could not resolve thealias generated from the token presented forauthentication to a local user account. This may bebecause the alias was not written correctly when thecard was created, or that the alias has been deletedfrom the alias service.


Administrator response: Validate that the alias server

FBTAUD009E • FBTCDS009E


is configured and working, and that the alias for theuser exists.

FBTCDS010E The incoming request to the InfoCardSTS has an AppliesTo address whichdoes not contain the identityinformation of the relying party:appliesTo

Explanation: The AppliesTo element from the clientshould either not contain an AppliesTo element, or if itdoes, it must contain the identity information(including the X509 certificate) of the relying party. Thiscan be caused if the metadata policy response toInfoCard does not contain the<wsaw:UsingAddressing/> directive.


Administrator response: Validate that the configuredmetadata policy contains <wsaw:UsingAddressing/>

FBTCDS011E The incoming request to the InfoCardSTS does not contain a validauthentication token for this federation.

Explanation: The incoming request may contain noauthentication token, or it may contain anauthentication token which does not match theauthentication mechanism supported by this federation.


Administrator response: Validate that the incomingrequest contains the correct authentication token.

FBTCDS012E The incoming metadata exchangerequest contains an invalid 'action'header in the SOAP request: action

Explanation: The incoming request contained an'action' header other than: http://schemas.xmlsoap.org/ws/2004/09/transfer/Get


Administrator response: Validate that the client issending a valid metadata exchange request.

FBTCDS013E The incoming metadata exchangerequest contains an invalid 'to' header inthe SOAP request: to. We were expectingour metadata exchange endpoint:mexEndpoint

Explanation: The incoming request contained a 'to'header which did not match our metadata exchangeendpoint.


Administrator response: Validate that the client issending a valid metadata exchange request.

FBTCDS014E The request for a card contained asupport claim parameter in an invalidformat: sClaim

Explanation: The incoming request contained asupported claim in an invalid format.


Administrator response: Validate that the getcardHTML template has supported claims in the correctformat.

FBTCDS015E The supplied card alias, ppid, isalready in-use by another user.

Explanation: The user supplied a self-issued card thatis already associated with another user's account.


Administrator response: No administrative responseis necessary.

FBTCFG001E An error occurred while reading aconfiguration document.

Explanation: An attempt to read a configurationstream has failed.

System action: The configuration request will behalted.

Administrator response: Validate the Tivoli FederatedIdentity Manager configuration.

FBTCFG002E The expected root for this document,type documentroottype was not found inthe document.

Explanation: The expected document root was missingbecause the parsed configuration file does not containthe correct configuration document.



FBTCFG003E The configuration for the componentcomponent was not found in thisdocument.

Explanation: The expected document root was missingbecause the parsed configuration file does not containthe correct configuration document.



FBTCDS010E • FBTCFG003E


FBTCFG004E An error occurred while saving aconfiguration document.

Explanation: An attempt to save a configurationstream has failed.


Administrator response: Validate the Tivoli FederatedIdentity Manager environment configuration.

FBTCFG005E An error occurred while readingconfiguration information from file:filename.




FBTCFG006E The configuration file parser hasencountered an unexpected exception:exception text.




FBTCLI001E The configuration entry entry is notcorrect or not supported.

Explanation: The configuration entry is either notcorrect or not supported.

System action: The processing has been halted.

Administrator response: Check the documentationand ensure that the specified configuration entry iscorrect and supported.

FBTCLI002E The configuration entry entry is requiredand was not given.

Explanation: The required configuration entry was notgiven.


Administrator response: Check the documentationand ensure that all required configuration entries aregiven.

FBTCLI003E The entry entry and entry entry are notcorrect.

Explanation: The specified configuration entries arenot correct.


Administrator response: Check the documentationand ensure that all required configuration entries aregiven correctly.

FBTCLI005E The properties file [filename] was notfound.

Explanation: A required properties file was not given.


Administrator response: Ensure that the path given tothe properties file is correct.

FBTCLI008E The upgrade finished with errors.Enable a more detailed trace todetermine the problem.

Explanation: The upgrade of the configuration filesfailed.


Administrator response: To determine the problem,enable finer tracing and re-execute the upgrade tool.

FBTCLI010E The given source JAR is not theexpected version.

Explanation: The given JAR file was not exportedfrom the expected product version.


Administrator response: Ensure that the source JAR isfrom the expected product version.

FBTCLI026E Unable to create domain (domain)

Explanation: An error occurred creating the domain.



FBTCLI032E Federation(fed) does not exist




FBTCFG004E • FBTCLI032E


FBTCLI033E Unable to create file (file)



Administrator response: Check the name and path ofthe supplied file and make sure it can be written to.

FBTCLI034E File (file) not found



Administrator response: Verify the file exists.

FBTCLI036E Partner (partner) does not exist infederation (fed)




FBTCLI043E The property you are trying to set,(prop), is not appropriate for role=(fed)and protocol=(fed) federation.




FBTCLI051E Unable to parse property (lhs=rhs) in file(fed)



Administrator response: Verify the file exists.

FBTCLI054E Unable to import federation (fed)




FBTCLI055E Unable to import partner (part) intofederation (fed) in domain domain)




FBTCLI056E Unable to get federation (fed)




FBTCLI058E Unable to delete federation (fed) indomain (domain)




FBTCLI059E No federations exist in domain (domain)




FBTCLI060E No partners exist for federation (fed) indomain (domain)




FBTCLI062E Federation (fed) does not exist in domain(domain)




FBTCLI065E Unable to delete partner (partner) infederation (fed)




FBTCLI066E Unable to delete all partners infederation (fed)



Administrator response: Check the log files on the

FBTCLI033E • FBTCLI066E


Tivoli Federated Identity Manager Management Servicemachine for errors.

FBTCLI068E Domain (domain) already exists




FBTCLI069E No domains exist



Administrator response: Cerate a domain to proceed.

FBTCLI070E EAR File [EAR File] does not exist. Theinstallation failed.

Explanation: The given EAR file did not exist, theinstallation could not continue.


Administrator response: Ensure that the EAR file islocated at the expected location.

FBTCLI071W The IVT application failed to install,attempting to recover by removing anyexisting IVT applications.

FBTCLI074E Installation of IVT application failed.

Explanation: An error occurred while installing theIVT application and the installation did not complete.


Administrator response: Check the log for the causeof the error. If the error was not logged, enable debugtracing to determine the cause of the problem.

FBTCLI075E Usage: java -jar itfimbgha.jar -action<mode> [options] The itfimbgha toolhas two modes of operation. Each modeuses different command line options.-action export: Used to gatheringrequired configuration from theexported federation configurationarchive. This option is used whenrunning the tool on the node beingreplicated, to gather the required files.Options: -inputfile <file> (Required):The jar file created by federationconfiguration export. -outputfile <file>(Optional): The resultant archivecontaining the files needed to create areplica node. If it is not specified theoutput file will be ./bg_ha_files.jar.-action import: Used to import theconfiguration files from the archive fileto the replica node. This option is usedwhen running the tool on the replicanode to put the required configurationfiles into place. Options: -inputfile<file> (Required): The jar filecontaining the output from running thetool in export mode. -wasprofiledir<directory> (Required): The absolutefilepath to the WebSphere profiledirectory that Federated IdentityManager is running in.

Explanation: The options provided to the HA toolwere not valid.

System action: The tool will exit without updatingany configuration files.

Administrator response: Specify valid options to thespokeHA tool.

FBTCLI076E Directory (directory) does not exist




FBTCLI077E An unexpected error occurred: (exception)

Explanation: An unexpected error occurred. Check thelogs for any errors.



FBTCLI078E Could not delete: (file)



FBTCLI068E • FBTCLI078E


Administrator response: Verify the file exists and canbe deleted.

FBTCLI081E The input jar file (file) was not createdby the Federated Identity Managerexport function.

Explanation: The input jar file was not determined tohave been created by the export feature in theFederated Identity Manager console.

System action: The Federated Identity Manager highavailability tool will not continue.

Administrator response: Re-export the FederatedIdentity Manager configuration jar and run the highavailability tool again.

FBTCLI082E The output jar file (file) could not becreated by the high availability tool.

Explanation: An error occurred which prevented thehigh availability tool from completing successfully.


Administrator response: Check the log file for moredetails.

FBTCLI083E Failed to backup the Federated IdentityManager configuration files.

Explanation: An error occurred which prevented thehigh availability tool from backing up the currentconfiguration.



FBTCLI088E The domain (domain) does not exist.




FBTCON001E An error occurred while modifyingcomponent host names and ports.

Explanation: This error occurs due to a problemwriting to the console properties file.

System action: The system will leave the propertiesfile unchanged.

Administrator response: Check the file consoleproperties or try restarting the server.

FBTCON002E An error occurred retrieving the ISClaunch service.

Explanation: The ISC launch service could not beretrieved.

System action: The system might have problemslaunching some pages and portlets.

Administrator response: See the exception stack trace.

FBTCON003E An error occurred while loadingcomponent host names and ports fromthe properties file.

Explanation: This error occurs due to a problemloading the console properties file.

System action: The console will be unable tocommunicate with the various components.

Administrator response: Check that the consoleproperties file is in your classpath.

FBTCON004E The ISC launch service could not findthe following page: insert

Explanation: An error occurred while launching apage using the ISC launch service.



FBTCON005E An error occurred while setting thetrust service endpoint.

Explanation: This error can occur if the protocol ismissing from the trust service endpoint (for examplehttp://) or if your management context wasinvalidated.

System action: Trust service endpoint is leftunchanged. The system rolls back the session to try tocreate a valid context.

Administrator response: Make sure the trust serviceendpoint is correctly formatted and includes theprotocol (for example http://).

FBTCON006E An error occurred setting the identityservice endpoint.

Explanation: This error can occur if the identityservice endpoint is incorrectly formatted.

System action: The identity service endpoint is leftunchanged

Administrator response: Make sure the identityservice endpoint is correct.

FBTCLI081E • FBTCON006E


FBTCON007E Error setting the Key Serviceendpoint

Explanation: This error can occur if the key serviceendpoint is incorrectly formatted.

System action: The key service endpoint is leftunchanged.

Administrator response: Make sure that the keyservice endpoint is correct.

FBTCON008E An error occurred retrieving thecomponent endpoint.

Explanation: This error occurs if there is a problemretrieving the trust service, identity service, or keyservice endpoint from the single sign-on protocolservice.

System action: The console is unable to display theendpoint.


FBTCON009E An error occurred while creating afederation.

Explanation: A single sign-on protocol serviceencountered a problem creating a federation.



FBTCON010E An error occurred while committingthe session in the single sign-onprotocol service.

Explanation: The configuration changes could not besaved to the single sign-on protocol service.



FBTCON011E The token list could not be retrievedfrom the trust service.

Explanation: This error can occur if the console isunable to communicate with the trust service.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the trust service. Check that thetrust service is running.

FBTCON012E The partner list could not beretrieved from the single sign-onprotocol service.

Explanation: This error can occur if the console is

unable to communicate with the single sign-on protocolservice.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the single sign-on protocol service.Check that the single sign-on protocol service isrunning.

FBTCON013E The federation with ID insert couldnot be retrieved from the single sign-onprotocol service.

Explanation: This error can occur if the console isunable to communicate with the single sign-on protocolservice.



FBTCON014E The list of identity mappings couldnot be retrieved from the trust service.




FBTCON015E The partner configurations could notbe applied.




FBTCON016E The federation partners table couldnot be refreshed.



Administrator response: Check the service

FBTCON007E • FBTCON016E


configurations to ensure that you have the correct hostname and port for the single sign-on protocol service.Check that the single sign-on protocol service isrunning.

FBTCON017E The token table could not be filtered.




FBTCON018E An error occurred while creating afederation partner.

Explanation: The single sign-on protocol serviceencountered a problem while creating a federationpartner.



FBTCON019E An error occurred while getting a listof federations from the single sign-onprotocol service.




FBTCON020E An error occurred while deleting afederation: insert.

Explanation: The single sign-on protocol service wasunable to delete this federation.



FBTCON021E The list of token types could not beretrieved from the trust service.




FBTCON022E The identity mapping with ID insertcould not be retrieved from the trustservice.




FBTCON023E An error occurred while committing asession in the trust service.

Explanation: The configuration changes could not besaved to the trust service.


Administrator response: Check the exception stacktrace.

FBTCON024E An error occurred while creating anidentity mapping.

Explanation: The trust service encountered a problemwhile creating an identity mapping.



FBTCON025E The XSLT is not valid. The rule couldnot be applied.

Explanation: This error occurs if there was a problemparsing the XSLT.


Administrator response: Check that your rule iscorrectly formatted XSL.

FBTCON026E The token with ID insert could not beretrieved from the trust service.






FBTCON027E The token configurations could notbe applied.




FBTCON028E The token configuration could not belaid out.

Explanation: This error occurs when the console isunable to retrieve the configuration XML from the trustservice.



FBTCON029E The type of the token could not beretrieved.

Explanation: An error occurred while trying toretrieve the type of this token from the trust service.



FBTCON030E The federation configurations couldnot be applied.




FBTCON031E The identity mapping configurationscould not be applied.




FBTCON032E An error occurred while deletingidentity mapping: insert.

Explanation: This error can occur if the identitymapping is being used in a module chain for afederation.


Administrator response: Check that this identitymapping is not being used in any federations beforedeleting it.

FBTCON033E An error occurred while deletingtoken: insert.

Explanation: This error can occur if the token is beingused in a module chain for a federation.


Administrator response: Check that this token is notbeing used in any federations before deleting it.

FBTCON034E An error occurred while creating atoken.

Explanation: A trust service encountered a problemwhile trying to create a token.



FBTCON035E An error occurred while rendering thetoken configuration layout.

Explanation: This error occurs when there is aproblem parsing the token configuration XML that wasretrieved from the trust service.



FBTCON036E The token type with id insert couldnot be retrieved from the trust service.

Explanation: This error can occur if the console isunable to communicate with the trust service or if themodule type is not in the config repository.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the trust service. Check that thetrust service is running. Publish all module plugins tothe config repository.



FBTCON037E The token type configurations couldnot be applied.




FBTCON038E An error occurred while deletingtoken type: insert.

Explanation: This error can occur if the token type isbeing used as the type for existing tokens.

System action: No action taken

Administrator response: Check that there are noexisting tokens of this token type before deleting.

FBTCON039E An error occurred while creating atoken type.

Explanation: This error can occur if the classname forthe token module is not valid.


Administrator response: Make sure that yourclassname specifies the full package name and class.

FBTCON040E You must enter a name for thisfederation.

Explanation: You cannot create a federation without adisplay name.


Administrator response: Enter a display name for thefederation in the appropriate text entry.

FBTCON041E You must select your role.

Explanation: You cannot select a federation withoutspecifying your role (Identity Provider or ServiceProvider).


Administrator response: Select the radio buttoncorresponding to your role in the federation.

FBTCON042E You must select at least onefederation service.

Explanation: You cannot create a federation withoutselecting at least one federation service (Web SingleSign-On, Provisioning, or SOAP Security, or acombination of these services).


Administrator response: Select the check boxescorresponding to your desired federation services.

FBTCON043E You must select Single Sign-Onprotocol.

Explanation: You cannot configure this federationwithout selecting the Single Sign-On protocol (Liberty,WS-Federation, or SAML).


Administrator response: Select the radio buttoncorresponding to the protocol that you want to use forthis federation.

FBTCON044E You must select a Liberty SingleSign-On profile.

Explanation: You cannot configure this federationwithout selecting a Liberty Single Sign-On profile(Browser Post, Browser Artifact).


Administrator response: Select the liberty profiles thatyou want to use for this federation.

FBTCON045E You must select the federation towhich you want to add a new partner.

Explanation: You cannot create a partner withoutselecting an existing federation.


Administrator response: Select the federation towhich you want to add a partner from the table. If nofederations exist, you must create one before creating apartner.

FBTCON046E Must enter the name of your partnercompany

Explanation: The company name you enter is used asa display name for this partner, and is thus a requiredfield.


Administrator response: Enter the name of yourpartner company in the appropriate text entry field.

FBTCON047E You must select an identity mappinginstance for this federation.

Explanation: The identity mapping is required to mapyour source token to the federated token.


Administrator response: Select an existing identitymapping instance from the table or create a new one.



FBTCON048E You must enter the WS-FederationRealm.

Explanation: The WS-Federation realm is a requiredfield.


Administrator response: Enter the WS-Federationrealm in the appropriate text entry field.

FBTCON049E You must enter the WS-FederationEndpoint.

Explanation: The WS-Federation endpoint is arequired field.


Administrator response: Enter the WS-Federationendpoint in the appropriate text entry field.

FBTCON050E You must enter the Provider ID.

Explanation: The Provider ID is required for theLiberty protocol.


Administrator response: Enter the Provider ID in theappropriate text entry field.

FBTCON051E You must enter the SOAP Endpoint.

Explanation: The SOAP Endpoint is required for theLiberty profile you selected.


Administrator response: Enter the SOAP Endpoint inthe appropriate text entry field.

FBTCON052E You must enter the Single Sign-OnService URI.

Explanation: The Single Sign-On Service URI isrequired for the Liberty protocol.


Administrator response: Enter the Single Sign-OnService URI in the appropriate text entry field.

FBTCON053E You must enter the Register NameIdentifier Service URI.

Explanation: The Register Name Identifier Service URIis required for the Liberty protocol.


Administrator response: Enter the Register NameIdentifier Service URI in the appropriate text entryfield.

FBTCON054E You must enter the Single LogoutService URI.

Explanation: The Single Logout Service URI isrequired for the Liberty protocol.


Administrator response: Enter the Single LogoutService URI in the appropriate text entry field.

FBTCON055E You must enter the Single LogoutService Return URI.

Explanation: The Single Logout Service Return URI isrequired for the Liberty protocol.


Administrator response: Enter the Single LogoutService Return URI in the appropriate text entry field.

FBTCON056E You must enter the AssertionConsumer URI.

Explanation: The Assertion Consumer URI is requiredfor the Liberty protocol.


Administrator response: Enter the AssertionConsumer URI in the appropriate text entry field.

FBTCON057E You must select a token for thisfederation.

Explanation: A token instance is required.


Administrator response: Select an existing tokeninstance from the table or create a new one.

FBTCON058E You must enter a name for thisidentity mapping.

Explanation: A display name for the mapping instanceis required.


Administrator response: Enter a name for the identitymapping in the appropriate text entry field.

FBTCON059E You must select the token type forthis token instance.

Explanation: The token type is required forconfiguration.


Administrator response: Select a token type from thetable.



FBTCON060E You must enter a name for this token.

Explanation: A display name for the token is required.


Administrator response: Enter a name for this tokenin the appropriate text entry field.

FBTCON061E You must enter a name for this tokentype.

Explanation: A display name for the token type isrequired.


Administrator response: Enter a name for this tokentype in the appropriate text entry field.

FBTCON062E You must enter the classname for themodule.

Explanation: The full classname including packagename must be specified.


Administrator response: Enter the classname in theappropriate text entry field.

FBTCON063E Class not found: insert

Explanation: The trust service was unable to find theclass that you specified for this module.


Administrator response: Check that you have enteredthe full and correct classname, including package name.Check that this class exists at the trust service.

FBTCON064E An error occurred while deletingpartner: insert.

Explanation: The single sign-on protocol service wasunable to delete this partner.



FBTCON065E You must enter a name for thismapping rule.

Explanation: A display name for the mapping rule isrequired.


Administrator response: Enter a name for the XSLTrule in the appropriate text entry field.

FBTCON066E The service manager cannotdetermine whether trace is enabled forcomponent insert.

Explanation: An exception was thrown when trying toget trace information from the service manager.


Administrator response: Make sure that theserviceability management EAR is deployed on thisserver.

FBTCON067E The maximum trace file size for thisserver cannot be retrieved.

Explanation: An exception was thrown when trying toget the maximum trace file size from the servicemanager.



FBTCON068E The maximum message file size forthis server cannot be retrieved.

Explanation: An exception was thrown when trying toget the maximum message file size from the servicemanager.



FBTCON069E The trace level for this server cannotbe retrieved.

Explanation: An exception was thrown when trying toget the trace level from the service manager.



FBTCON070E The message level for this servercannot be retrieved.

Explanation: An exception was thrown when trying toget the message type from the service manager.


Administrator response: Make sure the serviceabilitymanagement EAR is deployed on this server.



FBTCON071E An error occurred when trying toapply logging configurations.

Explanation: An exception was thrown by the servicemanager when trying to apply logging configurations.



FBTCON072E The maximum audit file size for thisserver cannot be retrieved.

Explanation: An exception was thrown when trying toget the maximum audit file size from the servicemanager.



FBTCON073E The audit level for this server cannotbe retrieved.

Explanation: An exception was thrown when trying toget the audit level from the service manager.



FBTCON074E An error occurred when trying toapply auditing configurations.

Explanation: An exception was thrown by the servicemanager when trying to apply auditing configurations.



FBTCON075E The ISC launch service could not findthe following portlet: insert

Explanation: An error occurred launching a portletusing the ISC launch service.



FBTCON076E The trace configuration forcomponent insert cannot be applied.

Explanation: An exception was thrown by the servicemanager when trying to set trace information.



FBTCON077E You must select the metadata inputoption.

Explanation: You cannot proceed without selecting themetadata input option.


Administrator response: Select the appropriate button.

FBTCON078E You must enter LECP Provider Name.

Explanation: The LECP Provider Name is required forthe Liberty protocol.


Administrator response: Enter the LECP ProviderName in the appropriate text entry field.

FBTCON079E You must enter the RNI Return URL.

Explanation: The RNI Return URL is required for theLiberty protocol.


Administrator response: Enter the RNI Return URL inthe appropriate text entry field.

FBTCON080E You must enter the RNI Service URL.

Explanation: The RNI Service URL is required for theLiberty protocol.


Administrator response: Enter the RNI Service URL inthe appropriate text entry field.

FBTCON081E You must enter the FTN Return URL.

Explanation: The FTN Return URL is required for theLiberty protocol.


Administrator response: Enter the FTN Return URLin the appropriate text entry field.

FBTCON082E You must enter the FTN Service URL.

Explanation: The FTN Service URL is required for theLiberty protocol.


Administrator response: Enter the FTN Service URLin the appropriate text entry field.

FBTCON083E You must enter SLO Return URL.

Explanation: The SLO Return URL is required for theLiberty protocol.




Administrator response: Enter the SLO Return URL inthe appropriate text entry field.

FBTCON084E You must enter SLO Service URL.

Explanation: The SLO Service URL is required for theLiberty protocol.


Administrator response: Enter the SLO Service URLin the appropriate text entry field.

FBTCON085E You must enter IPI Service URL.

Explanation: The IPI Service URL is required for theLiberty protocol.


Administrator response: Enter the IPI Service URL inthe appropriate text entry field.

FBTCON086E You must enter the Common DNSDomain.

Explanation: The Common DNS Domain is requiredfor the Liberty protocol.


Administrator response: Enter the Common DNSDomain in the appropriate text entry field.

FBTCON087E You must enter the name of yourcompany.

Explanation: The company name you enter is used asa display name, and is therefore a required field.


Administrator response: Enter the name of yourcompany in the appropriate text entry field.

FBTCON088E You must enter a base URL for yourprotocol endpoints.

Explanation: A common base URL is required for allprotocol endpoints.


Administrator response: Enter your base URL in theappropriate text entry field.

FBTCON089E You must enter a Signing KeyIdentifier.

Explanation: An identifier for your signing key isrequired.


Administrator response: Enter your Signing KeyIdentifier in the appropriate text entry field.

FBTCON090E An error occurred when trying toretrieve SAML properties.

Explanation: An exception was encountered whentrying to retrieve SAML properties. This error could becaused by improperly formatted endpoint URLs.



FBTCON091E An error occurred while importingthe Liberty metadata file. Check that thefile contains correctly formatted Libertymetadata.

Explanation: The specified metadata file could not beimported. This error could be the result of malformedmetadata.


Administrator response: Check that your metadatafile conforms to the Liberty 1.1 metadata schema. Seethe exception stack trace for more details.

FBTCON092E An error occurred while exporting theLiberty metadata file.

Explanation: An exception was encountered whentrying to export this federation to a Liberty metadatafile.



FBTCON093E You must specify the metadata file toimport.

Explanation: No metadata file was specified toimport. Enter the file location in the file chooser.



FBTCON094E The partner's status could not beupdated.






FBTCON095E You must enter Provider ID.

Explanation: The provider ID is required for theLiberty protocol.



FBTCON096E All endpoints must begin with baseURL: insert.

Explanation: Every protocol endpoint must beprefixed with the base URL defined on the previousscreen.


Administrator response: Make sure all endpointsbegin with the same base URL defined on the previousscreen.

FBTCON097E The Liberty Message Lifetime mustbe at least 60 seconds.

Explanation: The Liberty Protocols and SchemaSpecification defines a minimum Liberty MessageLifetime of 60 seconds.


Administrator response: Enter a value of 60 secondsor greater for the Liberty Message Lifetime.

FBTCON098E Liberty Artifact Lifetime must be atleast 120 seconds.

Explanation: The Liberty Protocols and SchemaSpecification defines a minimum Liberty ArtifactLifetime of 120 seconds.


Administrator response: Enter a value of 120 secondsor greater for the Liberty Artifact Lifetime.

FBTCON099E The SOAP Client Authentication KeyPassword and Re-enter SOAP ClientAuthentication Key Password fieldsmust match.

Explanation: The SOAP Client Authentication KeyPassword must be entered twice for accuracy. The twopassword fields contain different values.


Administrator response: Re-enter your SOAP ClientAuthentication Key Password in both password fields.

FBTCON100E The New SOAP ClientAuthentication Key Password andRe-enter New SOAP ClientAuthentication Key Password fieldsmust match.

Explanation: The New SOAP Client AuthenticationKey Password must be entered twice for accuracy. Thetwo password fields contain different values.


Administrator response: Re-enter your New SOAPClient Authentication Key Password in both passwordfields.

FBTCON101E The New SOAP ClientAuthentication Key Password fieldcannot be blank.

Explanation: You must enter a value for the NewSOAP Client Authentication Key Password.


Administrator response: Enter your New SOAP ClientAuthentication Key Password in both password fieldsor click 'Cancel' if you do not want to change thepassword.

FBTCON102E The Signing Key Password andRe-enter Signing Key Password fieldsmust match.

Explanation: The Signing Key Password must beentered twice for accuracy. The two password fieldscontain different values.


Administrator response: Re-enter your Signing KeyPassword in both password fields.

FBTCON103E An error occurred while setting theSOAP Client Authentication KeyPassword.

Explanation: An exception was encountered whentrying to set the SOAP Client Authentication KeyPassword.



FBTCON104E An error occurred while deleting amodule chain: insert.

Explanation: This error can occur if the module chainis being used in a federation.


Administrator response: Check that this module chainis not being used in any federation before deleting.



FBTCON105E The chain mapping list could not beretrieved from the trust service.




FBTCON106E The New Signing Key Password andRe-enter New Signing Key Passwordfields must match.

Explanation: The New Signing Key Password must beentered twice for accuracy. The two password fieldscontain different values.


Administrator response: Re-enter your New SigningKey Password in both password fields.

FBTCON107E The New Signing Key Password fieldcannot be blank.

Explanation: You must enter a value for the NewSigning Key Password.


Administrator response: Enter your New Signing KeyPassword in both password fields or click 'Cancel' ifyou do not want to change the password.

FBTCON108E An error occurred while setting theSigning Key Password.

Explanation: An exception was encountered whentrying to set the Signing Key Password.



FBTCON109E You must enter a Verification KeyIdentifier.

Explanation: An identifier for the key that will beused to verify your partner's signature is required.


Administrator response: Enter the Verification KeyIdentifier in the appropriate text entry field.

FBTCON110E You must enter the Common DomainCookie Service URL.

Explanation: The Common Domain Cookie ServiceURL is required for the Liberty protocol.


Administrator response: Enter the Common DomainCookie Service URL in the appropriate text entry field.

FBTCON111E The Common Domain Cookie ServiceURL must use the Common DNSDomain.

Explanation: The Common Domain Cookie ServiceURL must include the Common DNS Domain.


Administrator response: Modify the CommonDomain Cookie Service URL, or Common DNSDomain, or both so that the Common Domain CookieService URL includes with the Common DNS Domain.

FBTCON112E Error deleting key: insert.

Explanation: This error can occur if the key is beingused in a federation.


Administrator response: Check that this key is notbeing used in any federations before deleting.

FBTCON113E Error committing session in KeyEncryption Signature Service

Explanation: Could not save the configurationchanges to the Key Encryption Signature Service



FBTCON114E Error deleting keystore: insert.

Explanation: This error can occur if the keys in thiskeystore are being used in a federation.


Administrator response: Check that there are no keysin this keystore that are being used in any federationsbefore deleting.

FBTCON115E Must enter a name for this modulechain.

Explanation: A display name for the module chain isrequired.


Administrator response: Enter a name for this modulechain in the appropriate text entry field.

FBTCON116E Must enter at least one of thefollowing: Applies To URI, Issuer URI

Explanation: Either an Applies To URI or an IssuerURI is required.




Administrator response: Enter an Applies To URI, anIssuer URI, or both in the appropriate text entry fields.

FBTCON117E Could not get chain mapping requesttype list from the Trust Service

Explanation: This error can occur if the console isunable to communicate with the Trust Service


Administrator response: Check the ServiceConfigurations to ensure that you have the correcthostname and port for the Trust Service. Check that theTrust Service is running.

FBTCON118E Error adding module chain

Explanation: Trust Service encountered a problemadding module chain.



FBTCON119E Could not get chain mapping with idinsert from the Trust Service




FBTCON120E Error occurred when trying to retrievethe Module Chain properties.

Explanation: An exception was encountered whentrying to retrieve the Module Chain properties.



FBTCON121E Could not apply module chainproperties




FBTCON122E Could not upload file

Explanation: Encountered a FileUploadException



FBTCON123E Error creating a WSSM Partner

Explanation: Encountered a problem creating a WSSMpartner



FBTCON124E Error getting list of Web ServicesSecurity partners from the ManagementService

Explanation: This error can occur if the console isunable to communicate with the Management Service



FBTCON125E Error rolling back session

Explanation: Could not save the configurationchanges to the Management Service



FBTCON127W In order to change the currentdomain, all open Management pagesmust be closed. Continue?

Explanation: If all open pages are closed, unsavedchanged may be lost.

System action: The system will close any openManagement pages and change the currentmanagement domain to the selected domain.

Administrator response: Press OK to proceed, orCancel to leave all Management pages open and notchange the current management domain.

FBTCON128E No management domains are defined.You must define and activate a domainin order to proceed.

Explanation: There are no management domainsdefined. In order to manage a domain, a domain mustbe defined and activated.


Administrator response: Press the Change Domainbutton to define and activate a domain.



FBTCON129E No domain is currently active. Youmust activate a domain in order toproceed.

Explanation: There are defined domains, but none arecurrently active. In order to manage a domain, adomain must be activated.


Administrator response: Press the Change Domainbutton to activate a domain.

FBTCON130E Error loading the partner properties.

Explanation: Exception encountered while loading thepartner properties.



FBTCON131E Error loading the federationproperties.

Explanation: Exception encountered while loading thefederation properties.



FBTCON137E An error occurred during the deployoperation.

Explanation: The Runtime could not be deployed toall nodes in the domain.


Administrator response: Check the exception stacktrace in the logs.

FBTCON138E An error occurred during theconfigure operation. If the domain isusing Tivoli Access Manager check thatthe policy server is reachable and thatyou have provided the correct usernameand password.

Explanation: The configure operation failed whileconfiguring one of the specified nodes.



FBTCON139E An error occured during the enableoperation.

Explanation: The configure operation failed whileenabling one of the specified nodes.



FBTCON140E An error occured during the removeoperation.

Explanation: The Runtime could not be removed fromall nodes in the domain.



FBTCON141E An error occured during theunconfigure operation.

Explanation: The configure operation failed whileunconfiguring one of the specified nodes.



FBTCON142E An error occured during the disableoperation.

Explanation: The configure operation failed whiledisabling one of the specified nodes.



FBTCON143E Could not get the list of Web ServicesSecurity Applications

Explanation: Unable to retrieve the property sets forthe WSSM applications.



FBTCON144E Error exporting key

Explanation: Management Service encountered anexception exporting the key.





FBTCON145E Error importing key. Please make surethat the correct file format wasprovided.

Explanation: Management Service encountered anexception importing the key.



FBTCON146E Error listing keys

Explanation: Management Service encountered anexception listing keys.



FBTCON147E Error listing keystores

Explanation: Management Service encountered anexception listing keystores.



FBTCON148W Remove domain insert from server?

Explanation: Deleting a domain from the server willdelete configuration files on the domain. You have theoption to remove the domain from the console withoutdeleting the domain configuration from the server.


Administrator response: Choose the appropriateaction from the message box.

FBTCON149E One or more nodes in domain insertare configured or have the Runtimedeployed. Unconfigure all nodes andremove the Runtime before deleting thisdomain.

Explanation: A domain cannot be removed withoutensuring that all nodes are unconfigured and theRuntime is removed from the nodes.


Administrator response: Go to the Runtime NodeManagement task and ensure all nodes areunconfigured and the Runtime is removed from thedomain.

FBTCON150E Error committing session changes

Explanation: Could not save the configurationchanges to the Management Service



FBTCON151E The field insert requires a value

Explanation: The field specified in the message isempty and requires a value. Please enter an appropriatevalue.


Administrator response: Enter the appropriate valuefor the field marked invalid.

FBTCON152E The port number specified for fieldinsert must be between 0 and 65536

Explanation: The value entered for a port is outside ofthe legal values for port numbers. The port must bebetween 0 and 65536.


Administrator response: Enter the appropriate portnumber.

FBTCON153E A Domain cannot be named default.Please choose another name.

Explanation: While creating a domain, the namedefault is reserved for system use. Please choose adifferent domain name.


Administrator response: Choose a domain name otherthan default

FBTCON154E Please select the type of WebSphereenvironment.

Explanation: You must choose either a clustered orsingle server environment for the Domain. The choicemust match the environment where the ManagementService is deployed.


Administrator response: Choose the appropriateenvironment type.

FBTCON155E The server insert listening on portinsert cannot be contacted. Check theserver settings and try again.

Explanation: Cannot open a socket to the server andport specified. This indicates ether incorrect serversettings or the server is unreachable.




Administrator response: Check the server settings andtry again.

FBTCON156E An error occured while importing thedomain configuration archive. Check theserver logs for more information.

Explanation: An unknown error occured whileimporting the domain configuration archive. An errorwill be logged in the server logs.


Administrator response: Check the logs on theconsole and server for an exception.

FBTCON159E A federation with display name insertalready exists.

Explanation: An existing federation uses the displayname that you entered. Each federation must have aunique display name.


Administrator response: Please enter a differentdisplay name for this federation.

FBTCON160E Error occurred when verifying thedisplay name.

Explanation: An exception was encountered whenchecking the uniqueness of the display name youentered.



FBTCON161E Error occurred when creating domaininsert.

Explanation: An exception was encountered whencreating the specified domain.



FBTCON162E The Assertion Consumer Service URLinsert is already being used.

Explanation: An existing Trust Service Chain Mappingcontains an AppliesTo field that matches the AssertionConsumer Service URL you entered. This field must beunique in order for the Trust Service to invoke thecorrect module chain.


Administrator response: Please enter a differentAssertion Consumer Service URL.

FBTCON163E The WS-Federation Realm insert isalready being used.

Explanation: An existing Trust Service Chain Mappingcontains an Issuer field that matches the WS-FederationRealm you entered. This field must be unique in orderfor the Trust Service to invoke the correct modulechain.


Administrator response: Please enter a differentWS-Federation Realm.

FBTCON164E The WS-Federation Endpoint insert isalready being used.

Explanation: An existing Trust Service Chain Mappingcontains an AppliesTo field that matches theWS-Federation Endpoint you entered. This field mustbe unique in order for the Trust Service to invoke thecorrect module chain.


Administrator response: Please enter a differentWS-Federation Endpoint.

FBTCON165E The Provider ID insert is alreadybeing used.

Explanation: An existing Trust Service Chain Mappingcontains an Issuer field that matches the Provider IDyou entered. This field must be unique in order for theTrust Service to invoke the correct module chain.


Administrator response: Please enter a differentProvider ID.

FBTCON166E An error was encountered whileretrieving environment settings. Checkthe environment settings and try again.

Explanation: There was an error communicating withthe management service endpoint while attempting tolist the clusters or servers in the environment. Thiserror can be caused by: 1) Incorrect WebSphere GlobalSecurity settings. Check the WebSphere Global Securitysettings (if applicable) and try again. 2) An unstableWebSphere environment. Restart the WebSphereenvironment and try again.


Administrator response: Ensure all settings are correctand try again. If this message reappears, restart theWebSphere environment and try again.



FBTCON167E One or more nodes in this domainare configured. Unconfigure all nodesbefore undeploying the Runtime.

Explanation: The Runtime cannot be undeployedwithout ensuring that all nodes are unconfigured.


Administrator response: Ensure all nodes areunconfigured before attempting to remove the Runtime.

FBTCON168E The Issuer address insert is alreadybeing used.

Explanation: An existing Trust Service Chain Mappingcontains an Issuer field that matches the issuer youentered. This field must be unique in order for theTrust Service to invoke the correct module chain.


Administrator response: Please enter a different Issueraddress.

FBTCON169E The Applies To address insert isalready being used.

Explanation: An existing Trust Service Chain Mappingcontains an AppliesTo field that matches the Applies Toyou entered. This field must be unique in order for theTrust Service to invoke the correct module chain.


Administrator response: Please enter a differentWS-Federation Endpoint.

FBTCON170E Must select a file format

Explanation: Must select a format (PEM or PKCS#12)for the keystore file you want to import.


Administrator response: Make the appropriate radiobutton selection for the format of the file you want toimport.

FBTCON171E Must select a keystore for yourpartner's key.

Explanation: The liberty metadata that you importedfor your partner contains KeyInfo that must be savedin a keystore. Please choose the keystore where youwould like to store it.


Administrator response: Select a keystore from thetable.

FBTCON172E Must enter a keystore password.

Explanation: A password for the keystore must besupplied in order to perform operations on thiskeystore.


Administrator response: Enter the keystore passwordin the appropriate text entry field.

FBTCON173E Must supply a label for your partner'skey.

Explanation: Your partner's key will be stored in thekeystore you select under the label that you give it.Please enter the label that you would like to give toyour partner's key.


Administrator response: Enter a label for yourpartner's key in the appropriate text entry field.

FBTCON174E More than one key alias exists in thisfile. Please restart the wizard and selectthe Contains multiple key pairscheckbox.

Explanation: If your file contains multiple key aliases,the wizard does not know which alias to import.Checking the appropriate checkbox to indicate thatmultiple aliases exist allows the wizard to prompt youfor the specific alias that you would like to import.


Administrator response: Restart the wizard and selectthe Contains multiple key pairs checkbox.

FBTCON175E Must enter a New Key Label.

Explanation: The key you are importing must bestored under a key label. You can choose any label youlike for this key.


Administrator response: Enter a label for this key inthe appropriate text entry field.

FBTCON176E Must enter the name of the key thatyou want to import.

Explanation: You selected the Contains multiple keypairs checkbox, which means that you must specify thekey pair you want to import by providing the keylabel. If there are no key labels in the file, you shouldrestart the wizard and unselect the Contains multiplekey pairs checkbox.


Administrator response: Enter the name of the key



that you want to import in the appropriate text entryfield.

FBTCON177E Key label does not exist in this file.

Explanation: The key label that you specified does notexist in the keystore file you provided, so the KeyService is unable to import this key.


Administrator response: Verify that you have thecorrect key label. If there are no key aliases in the file,leave the field blank.

FBTCON178E Must provide a valid keystore file toupload.

Explanation: You entered an empty keystore file toupload or the keystore file could not be found. Pleaseverify the location and contents of the keystore file youwant to upload and try again.


Administrator response: Browse to a valid keystorefile on your local system to upload.

FBTCON179E Incorrect keystore password.

Explanation: The password you supplied for thekeystore is incorrect. Please try again.


Administrator response: Enter the correct keystorepassword in the appropriate text entry field.

FBTCON180E Must enter a Module Name.

Explanation: You must enter the name a of a pluginmodule that exists in the configuration repository forthe current domain.


Administrator response: Please enter a Module Namein the appropriate text entry field.

FBTCON181E Must enter a Module Version.

Explanation: You must enter the version number ofthe module.


Administrator response: Please enter a ModuleVersion in the appropriate text entry field.

FBTCON182E Error creating keystore.

Explanation: The system encountered an error whiletrying to create a new keystore.


Administrator response: Please check the console andManagement Service logs for more information.

FBTCON183E Keystore import failed. The keystoreis invalid or the password is incorrect.

Explanation: The system encountered an error whiletrying to import the keystore.


Administrator response: Please check the console andManagement Service logs for more information.

FBTCON184W Was not able to import all the keysin the keystore because the keystorepassword does not match the passwordfor all contained keys.

Explanation: The Key Service only supports keystoreswith a single password. All keys in the keystore musthave the same password as the keystore itself.


Administrator response: Please view the keys in thenewly imported keystore to verify the contents.

FBTCON185E Must enter an Exposed Class ID.

Explanation: You must enter the Exposed Class IDthat is used to identify this module in module.xml.


Administrator response: Please enter an ExposedClass ID in the appropriate text entry field.

FBTCON186E insert is not a valid key identifier.Please use the Key Service managementpage to view all existing keys.

Explanation: You have entered a key identifier for akey does not exist in the Key Service. Use the KeyService management to find an existing key.


Administrator response: Please enter a valid keyidentifier in the appropriate text entry field.

FBTCON187E Must fill in all required values.

Explanation: You have left a required field blank onthe token configuration screen. Please fill in all requiredfields.


Administrator response: Please fill in all requiredfields



FBTCON188E Must select a signing key. Select akey from the table after using the ListKeys button to display the keyscontained in a keystore.

Explanation: You have not selected any key in thetable. You must first choose a keystore and enter thekeystore password to display the keys for this keystorein the table. Then, you must select a key from the table.


Administrator response: Please use the key selectionlayout to select a signing key.

FBTCON189E Must select a key for SOAP ServerCertificate Validation. Select a key fromthe table after using the List Keysbutton to display the keys contained ina keystore.



Administrator response: Please use the key selectionlayout to select a key for validating your partner'sserver certificate.

FBTCON190E Must select a client certificate forSOAP. Select a key from the table afterusing the List Keys button to displaythe keys contained in a keystore.

Explanation: You selected the checkbox for ClientCertificate Authentication, which means that you arerequired to choose a client certificate. You have notselected any key in the table. You must first choose akeystore and enter the keystore password to display thekeys for this keystore in the table. Then, you mustselect a key from the table.


Administrator response: Please use the key selectionlayout to select a key for client certificateauthentication.

FBTCON191E Must enter a username for ClientBasic Authentication.

Explanation: You have selected the checkbox forClient Basic Authentication, which requires a usernameand password. You must enter input values for both ofthese fields.


Administrator response: Please enter the usernamefor Client Basic Authentication in the appropriate textentry field.

FBTCON192E Must enter a password for ClientBasic Authentication.

Explanation: You have selected the checkbox forClient Basic Authentication, which requires a usernameand password. You must enter input values for both ofthese fields.


Administrator response: Please enter the password forClient Basic Authentication in the appropriate textentry field.

FBTCON193E Must enter a keystore name.

Explanation: You must give a name to the keystoreyou are importing.


Administrator response: Enter a name for thekeystore in the appropriate text entry field.

FBTCON194E Must select a keystore type.

Explanation: Must specify what this keystore will beused for. It can be designated for eitherSigning/Encryption Keys or CA Certificates.


Administrator response: Make a radio buttonselection for the keystore type.

FBTCON195E Must select a key for validating yourpartner's signature. Select a key fromthe table after using the List Keysbutton to display the keys contained ina keystore.



Administrator response: Please use the key selectionlayout to select a key for validating your partner'ssignature.

FBTCON196E insert field cannot contain whitespace.

Explanation: You have entered whitespace in a fieldthat should not contain whitespace characters.


Administrator response: Please remove all whitespacefrom this field.



FBTCON197W Recent configuration changes needto be reloaded to the Tivoli FederatedIdentity Manager runtime. Allconfiguration changes will not takeeffect until the reload completes.

Explanation: In order for the configuration changesmade to take effect, you must restart WebSphere.


Administrator response: Please select whether torestart WebSphere now, or dismiss this message. If youdismiss this message, you will not be reminded again.If you have deployed FIM in a cluster, your cluster willbe ripple started; single servers will be restartedindividually. See the Runtime Node Management pagefor node status.

FBTCON198E An error ocurred when modifying thedomain properties on the server.

Explanation: An attempt to modify domain propertieson the server failed. Check that the ManagementService is running and try again.


Administrator response: Check the server logs formore information about the error.

FBTCON199E A chain mapping with the givenAppliesTo and Issuer values alreadyexists.

Explanation: A chain mapping with the givenAppliesTo-Issuer pairing already exists. Remove theexisting mapping or choose a different pairing.


Administrator response: Determine if the new chainmapping is different from the one that already exists.Resolve the error by either removing the currentmapping or using the current mapping.

FBTCON200W Warning: This domain is currentlybeing managed by multiple users.

Explanation: When multiple users are working on thesame domain, this may cause undesireable results. Forexample, someone could restart the domain while youare working on it. Make sure when you are finishedworking to log out of the console so this message iscleared immediately for other people.


Administrator response: Make sure you coordinatewith the other console users so you don't clobber eachothers work.

FBTCON201E You must enter the ArtifactResolution Service URL.

Explanation: The Artifact Resolution Service URL isrequired for the SAML profile you selected.


Administrator response: Enter the Artifact ResolutionService URL in the appropriate text entry field.

FBTCON202E You must enter the Artifact CacheLifetime.

Explanation: The Artifact Cache Lifetime is requiredfor the SAML profile you selected.


Administrator response: Enter the Artifact CacheLifetime in the appropriate text entry field.

FBTCON203E You must enter the Intersite TransferService URL.

Explanation: The Intersite Transfer Service URL isrequired for the SAML profile you selected.


Administrator response: Enter the Intersite TransferService URL in the appropriate text entry field.

FBTCON204E You must enter the Source ID.

Explanation: The Source ID is required for the SAMLprofile you selected.


Administrator response: Enter the Source ID in theappropriate text entry field.

FBTCON205E You must enter the AssertionConsumer Service URL.

Explanation: The Assertion Consumer Service URL isrequired for the SAML profile you selected.


Administrator response: Enter the AssertionConsumer Service URL in the appropriate text entryfield.

FBTCON206E You must enter the SOAP ServerValidation Certificate.

Explanation: The SOAP Server Validation Certificate isrequired for the SAML profile you selected.


Administrator response: Enter the SOAP ServerValidation Certificate in the appropriate text entry field.

FBTCON197W • FBTCON206E


FBTCON207E You must enter the SOAP ClientCertificate for Authentication.

Explanation: You have selected the checkbox forClient Certificate Authentication, which requires aSOAP Client Certificate for Authentication name. Youmust enter a value.


Administrator response: Enter the SOAP ClientCertificate for Authentication in the appropriate textentry field.

FBTCON208E An error occurred while exporting theSAML metadata file.

Explanation: An exception was encountered whentrying to export this federation to a SAML metadatafile.



FBTCON209E An error occurred while importingthe SAML metadata file. Check that thefile contains correctly formatted SAMLmetadata.

Explanation: The specified metadata file could not beimported. This error could be the result of malformedmetadata.


Administrator response: Check that your metadatafile conforms to the SAML 2.0 metadata schema. Seethe exception stack trace for more details.

FBTCON211E Failed to upload the mapping rule.

Explanation: Encountered a problem when uploadingthe mapping rule.



FBTCON212E Failed to build the FederationSummary panel.

Explanation: Encountered a problem when buildingthe summary panel.


Administrator response: See the exception stack traceand try to build the federation again.

FBTCON213E A partner with the AppliesTo, insert,and Issuer, insert, already exists.

Explanation: A partner with the givenAppliesTo-Issuer pairing already exists. Remove theexisting partner or choose a different pairing.


Administrator response: Determine if the new partneris different from the one that already exists. Resolve theerror by either removing the current partner orensuring that your partner's configuration is correct.

FBTCON214E The Source ID does not meet therequirements for a SAML Source ID.

Explanation: The Source ID must be a valid Base64encoded value, 28 characters long.


Administrator response: Ensure that the string is ofthe correct format and try again.

FBTCON215E Must select at least one SingleSign-On Binding (Browser Artifact,Browser POST, Browser Redirect,Enhanced Client Proxy)

Explanation: No binding was selected for SingleSign-On.


Administrator response: Select one or more bindingsfor Single Sign-On.

FBTCON216E Must select at least one NameIdentifier Management Binding (HTTPRedirect, HTTP POST, Artifact, SOAP)

Explanation: The checkbox to enable Name IdentifierManagement was checked, but no binding wasselected.


Administrator response: Select one or more bindingsfor Name Identifier Management or uncheck the NameIdentifier Management enablement checkbox if you donot want to support this profile.

FBTCON217E Must select at least one Single LogoutBinding (HTTP Redirect, HTTP POST,Artifact, SOAP)

Explanation: The checkbox to enable Single Logoutwas checked, but no binding was selected.


Administrator response: Select one or more bindingsfor Single Logout or uncheck the Single Logout



enablement checkbox if you do not want to supportthis profile.

FBTCON218E Must enter a value for CommonDomain Name

Explanation: No value was entered for CommonDomain Name.


Administrator response: Enter a value for CommonDomain Name.

FBTCON219E Must enter a value for CommonDomain Service Host

Explanation: No value was entered for CommonDomain Service Host.


Administrator response: Enter a value for CommonDomain Service Host.

FBTCON220E Must enter a value for CommonDomain Cookie Lifetime

Explanation: No value was entered for CommonDomain Cookie Lifetime.


Administrator response: Enter a value for CommonDomain Cookie Lifetime.

FBTCON221E Must enter an integer value forCommon Domain Cookie Lifetime

Explanation: The value entered for Common DomainCookie Lifetime is not an integer.


Administrator response: Enter an integer value forCommon Domain Cookie Lifetime.

FBTCON222E Must enter a value for MessageLifetime

Explanation: No value was entered for MessageLifetime.


Administrator response: Enter a value for MessageLifetime.

FBTCON223E Must enter a value for ArtifactLifetime

Explanation: No value was entered for ArtifactLifetime.


Administrator response: Enter a value for ArtifactLifetime.

FBTCON224E Must enter a value for SessionTimeout

Explanation: No value was entered for SessionTimeout.


Administrator response: Enter a value for SessionTimeout.

FBTCON225E Must enter an integer value forMessage Lifetime

Explanation: The value entered for Message Lifetimeis not an integer.


Administrator response: Enter an integer value forMessage Lifetime.

FBTCON226E Must enter an integer value forArtifact Lifetime

Explanation: The value entered for Artifact Lifetime isnot an integer.


Administrator response: Enter an integer value forArtifact Lifetime.

FBTCON227E Must enter an integer value forSession Timeout

Explanation: The value entered for Session Timeout isnot an integer.


Administrator response: Enter an integer value forSession Timeout.

FBTCON228E Must enter a value for SOAPEndpoint URL

Explanation: SOAP Endpoint URL is a required value.


Administrator response: Enter a value for SOAPEndpoint URL.

FBTCON229E Must select a keystore for yourpartner's key.

Explanation: The metadata that you imported for yourpartner contains KeyInfo that must be saved in akeystore. Please choose the keystore where you wouldlike to store it.





FBTCON230E Must enter a value for DefaultPost-Authentication Target URL

Explanation: Default Post-Authentication Target URLis a required value.


Administrator response: Enter a value for DefaultPost-Authentication Target URL.

FBTCON231E One of appliesTo address, issueraddress or token type field must have avalue.

Explanation: The appliesTo address or issuer addressmust have a value if the token type is not specified.


Administrator response: Enter a value for theappropriate fields.

FBTCON232E The table cannot be reordered. Theorder entry insert is not a number.

Explanation: The text field for ordering the table mustbe a number.


Administrator response: Enter a number for theappropriate fields.

FBTCON233W The module chain you haveassembled does not meet therecommended Trust Service modulechain structure. It is recommended thateither one of the following 2 conditionsbe met: 1.The chain consists of only onemodule and the mode on that module iseither Issue or Validate. 2.The chainconsists of modules matching thefollowing mode sequence:Validate-Map-...-MapN-Issue

Explanation: Press continue to go to the next wizardstep or press cancel to change the module chainstructure to meet the specifications.


Administrator response: Enter a number for theappropriate fields.

FBTCON234E Error modifying the module chain

Explanation: Trust Service encountered a problemmodifying the module chain.



FBTCON235W This chain was automaticallygenerated by TFIM. Modifying thischain could break the associatedfunctionality. Review TFIMdocumentation for typical Trust Servicechain structures and examples.

Explanation: Modify chains automatically generatedby TFIM at your own risk.

System action: No action take

Administrator response: Review TFIM documentationfor typical Trust Service chain structures and examples.

FBTCON236E Must select a keystore for yourpartner's encryption key.

Explanation: The liberty metadata that you importedfor your partner contains encryption KeyInfo that mustbe saved in a keystore. Please choose the keystorewhere you would like to store it.



FBTCON237E The web service URL is not properlyformatted.

Explanation: The web service URL you entered is thewrong format.


Administrator response: Enter the URL in the properformat, [protocol]://[host]:[port]/[path].

FBTCON238E Must select a module instance.

Explanation: Select a module instance to continue oruse the default XSL transformation map module.


Administrator response: Select a module instancefrom the table.

FBTCON239E You must enter the Single Sign-OnService URL.

Explanation: The Single Sign-On Service URL isrequired for the protocol.


Administrator response: Enter the Single Sign-OnService URL in the appropriate text entry field.



FBTCON240E You must enter the Name IdentifierManagement Service URL.

Explanation: The Name Identifier ManagementService URL is required for the bindings you haveselected.


Administrator response: Enter the Name IdentifierManagement Service URL in the appropriate text entryfield.

FBTCON241E You must enter the Single LogoutService URL.

Explanation: The Single Logout Service URL isrequired for the bindings you have selected.


Administrator response: Enter the Single LogoutService URL in the appropriate text entry field.

FBTCON242E You must specify the mapping rulefile to import.

Explanation: No mapping rule file was specified toimport. Enter the file location in the file chooser.



FBTCON244E Must select an encryption key. Selecta key from the table after using the ListKeys button to display the keyscontained in a keystore.



Administrator response: Please use the key selectionlayout to select an encryption key.

FBTCON245E Must enter a value for Number ofseconds before the issue date that anassertion is considered valid

Explanation: Missing value from a required field.


Administrator response: Enter a value for Number ofseconds before the issue date that an assertion isconsidered valid in the appropriate text entry field

FBTCON246E Must enter a value for Amount oftime the assertion is valid after beingissued

Explanation: Missing value from a required field.


Administrator response: Enter a value for Amount oftime the assertion is valid after being issued in theappropriate text entry field

FBTCON247E Must enter an integer value for insert

Explanation: The value entered is not an integer.


Administrator response: Enter an integer value.

FBTCON248E The web service URL is using https.You must select a signing key for SSLSettings.

Explanation: When using https you must select asigning key for SSL.


Administrator response: Select a signing key in thetable.

FBTCON249E You must select a signing key forclient certification authentication.

Explanation: A signing key is required when usingclient certificate authentication.


Administrator response: Select a signing key in thetable.

FBTCON250E A number greater than 0 is requiredfor insert.

Explanation: A number must be entered greater than 0


Administrator response: Enter a number greater than0

FBTCON251E The web service URL is using http.Certificate authentication is not valid.Select basic authentication or none forthe authentication type.

Explanation: Certificate authentication is not valid forhttp.


Administrator response: Use basic authentication ornone.



FBTCON252E The web service URL is using http.SSL Settings are not supported. Unselectthe signing key for SSL.

Explanation: SSL is not valid for http.


Administrator response: None

FBTCON253E The Common Domain Cookie ServiceURL must be a valid URL that beginswith http:// or https://.

Explanation: The Common Domain Cookie ServiceURL must be a valid URL that begins with http:// orhttps://.


Administrator response: Modify the CommonDomain Cookie Service URL so that it is a valid URLthat begins with http:// or https://.

FBTCON254E Metadata for Identity Providerpartner must contain anIDPSSODescriptor element

Explanation: The specified metadata file could not beused to create an Identity Provider partner.


Administrator response: Check that you are importingthe correct metadata file and that it conforms to theSAML 2.0 metadata schema.

FBTCON255E Metadata for Service Provider partnermust contain an SPSSODescriptorelement

Explanation: The specified metadata file could not beused to create an Service Provider partner.


Administrator response: Check that you are importingthe correct metadata file and that it conforms to theSAML 2.0 metadata schema.

FBTCON256E Partner metadataprotocolSupportEnumeration attributedoes not specify SAML insert protocol

Explanation: The specified metadata file is notcompatible with the SAML protocol for this federation.


Administrator response: Check that you are importingthe correct metadata file and that theprotocolSupportEnumeration attribute value is correct.

FBTCON257E An error occurred communicatingwith the Management Service. Checkthe server log files for moreinformation.

Explanation: An error occurred while the console wascommunicating with the domain. Check the server logfiles for the specific exception.


Administrator response: Check the server log files forthe specific exception. Check that the server is running.

FBTCON258E The portlet page could not bedisplayed. Check the server log files formore information.

Explanation: An error occurred while creating theportlet page. Check the server log files for the specificexception.


Administrator response: Check the server log files forthe specific exception.

FBTCON259E Failed to upload the keytab file. Thekeytab file format is invalid.

Explanation: An error occurred uploading the keytabfile. The keytab file is generated with the ktpasscommand, which is part of the Windows Support Toolsshipped on the Windows 2003 Server CD.


Administrator response: Generate a valid keytab fileusing the ktpass command and import the file. See theTivoli Federated Identity Manager documentation formore details.

FBTCON260E You must specify the keytab file toimport.

Explanation: No keytab file was specified to import.Enter the file location in the file chooser.


Administrator response: None.

FBTCON261E There are no federations created. Youmust create a federation before creatinga partner.

Explanation: You cannot create a partner withoutselecting an existing federation





FBTCON262E No clusters or servers are availablefor use with Federated IdentityManager.

Explanation: You must create a cluster or serverbefore trying to create a Federated Identity ManagerDomain.


Administrator response: Bring up the WebSphereAdministrator Console and create cluster or server.

FBTCON263E An error occurred when connecting todomain insert.

Explanation: An exception was encountered whenconnecting to the specified domain.



FBTCON264E The Tivoli Federated IdentityManager Business Gateway domaininsert was not found.

Explanation: You can only connect to an existingTivoli Federated Identity Manager Business Gatewaydomain.


Administrator response: Change the host and/or portto point to an existing Tivoli Federated IdentityManager Business Gateway Management Service.

FBTCON265E No management domains are defined.Click Domain Properties to connect toan existing domain or click Domains tocreate a new domain.

Explanation: There are no management domainsdefined. In order to manage a domain, a domain mustbe defined and activated. Use the Domain Propertiespanel to connect to an existing domain, or create a newdomain.


Administrator response: Click Domain Properties toconnect to an existing domain.

FBTCON266E Tivoli Federated Identity Managerwas not found on the target WebSphere.The FIM Management Service could bedown or may not be installed.

Explanation: You need to install the FIM ManagementService on the target WebSphere


Administrator response: Install the FIM ManagementService

FBTCON267E The domain name insert alreadyexists. Specify another domain name.

Explanation: The console will not allow you to createa domain with the same name as an existing domainthe console is currently managing. You need to specifya different name for the domain.


Administrator response: Specify a different domainname.

FBTCON268E The contact information cannotcontain a comma.

Explanation: The console will not allow you to entercontact information with a comma. Change the contactinformation to not use any commas.


Administrator response: Change the contactinformation.

FBTCON269E The keystore does not contain anyprivate keys. Try another keystore or usethe Key Service to import a private key.

Explanation: The console is looking in the keystore fora private key to sign or encrypt with and the keystoreselected does not contain one. Use the Key Service toadd a private key to the keystore or try anotherkeystore.


Administrator response: Select another keystore.

FBTCON270E The keystore does not contain anypublic keys. Try another keystore or usethe Key Service to import a public key.

Explanation: The console is looking in the keystore fora public key to validate with and the keystore selecteddoes not contain one. Use the Key Service to add apublic key to the keystore or try another keystore.


Administrator response: Select another keystore.

FBTCON273E An error occurred publishing to thedomain.

Explanation: An error occurred publishing files to thedomain.

System action: No action




FBTCON274E An error occurred applying the aliasservice configuration

Explanation: An error occurred applying the aliasservice configuration. The configuration type is storedin the idservice.xml for the domain.

System action: No action


FBTCON275E The insert is required. Select from thetable after using the List Keys button todisplay the keys contained in akeystore.



Administrator response: Please use the key selectionlayout to select a key.

FBTCON276E The point of contact profiles couldnot be retrieved from the single sign-onprotocol service.




FBTCON277E An error occurred while deleting apoint of contact profile: insert.

Explanation: This error will occur if the point ofcontact profile is readonly or the current active profile.It can also occur if the profile does not exist.


Administrator response: Check that this profile is notthe current active profile and not readonly.

FBTCON278E An error occurred activating the pointof contact profile: insert.

Explanation: Check to make sure the profile exists andis configured correctly. This error can also occur if theconsole is unable to communicate with the singlesign-on protocol service.


Administrator response: Check to make sure theprofile contains at least a Sign In and Local ID callback.Check the status of management service.

FBTCON279E An error occurred retrieving theproperties for the point of contactprofile: insert.

Explanation: Check to make sure the profile exists.Close the portlet page and try again. This error canoccur if the console is unable to communicate with thesingle sign-on protocol service.



FBTCON280E An error occurred modifying theproperties for the point of contactprofile: insert.

Explanation: Check to make sure the profile exists.Close the portlet page and try again. This error canoccur if the console is unable to communicate with thesingle sign-on protocol service.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the single sign-on protocol service.Check that the single sign-on protocol service isrunning. See the exception stack trace.

FBTCON281E The list of available point of contactcallbacks could not be retrieved fromthe single sign-on protocol service.

Explanation: Close the portlet page and try again.This error can occur if the console is unable tocommunicate with the single sign-on protocol service.



FBTCON282E An error occurred while creating apoint of contact profile.

Explanation: A single sign-on protocol serviceencountered a problem creating a point of contactprofile.





FBTCON283E An error occurred retrieving theproperties of the point of contact profilewith id: insert.

Explanation: A single sign-on protocol serviceencountered a problem creating a point of contactprofile.



FBTCON284E A decryption key must be selected.Select the Point-of-Contact SSL keyfrom the table after using the List Keysbutton to display the keys contained ina keystore.



Administrator response: Please use the key selectionlayout to select a decryption key.

FBTCON285E You must select one of the choicespresented on this dialog.

Explanation: You cannot configure this federationwithout selecting whether or not to add a standardpartner.


Administrator response: Select the radio buttoncorresponding to your choice.

FBTCON286E You must enter the URL for the issuerof the Security token.

Explanation: The URL identifier of the IdentityProvider is required for the Information Card protocol.



FBTCON287E You must enter an integer value forthe clock skew.

Explanation: The value entered for clock skew is notan integer.


Administrator response: Enter an integer value for theclock skew.

FBTCON288E A new password for the keystoremust be entered.

Explanation: In order to change the keystorepassword a new password needs to be entered.


Administrator response: Enter a non empty newpassword.

FBTCON289E New password mismatch. Pleaseconfirm the new password.

Explanation: In order to change the keystorepassword a new password needs to be entered andproperly confirmed.


Administrator response: Make sure the new passwordand its confirmation matches.

FBTCON290E The new password is the same as theoriginal.

Explanation: In order to change the keystorepassword a new password different than the originalpassword must be entered .


Administrator response: Make sure the new passwordis different than the original.

FBTCON291E An error occurred discovering theTivoli Directory Integrator configurationsettings.

Explanation: An error occurred discovering the TDIconfiguration settings. Check the host name and portand make sure host is allowed to access the TDI server.


Administrator response: Enter the correct host nameand port and if using SSL, ensure the SSL settings areconfigured correctly.

FBTCON292E You must enter a Server Hostnameand Server Port to discover the TivoliDirectory Integrator configurationsettings.

Explanation: Enter a host name and port and makesure host is allowed to access the TDI server.


Administrator response: Enter the correct host nameand port and if using SSL, ensure the SSL settings areconfigured correctly.



FBTCON293E An error occurred retrieving thehardware cryptographic device settings.

Explanation: This error can occur if the console isunable to communicate with the kess service.


Administrator response: Check the system stack tracefor more information.

FBTCON294E An error occurred applying thehardware cryptographic device settings.

Explanation: This error can occur if the console isunable to communicate with the kess service.



FBTCON295E The event insert requires a valid filename for the HTML page that isdisplayed.

Explanation: The specified field requires a valid filename.


Administrator response: Enter the appropriate valuefor the specified field.

FBTCON296E The page locale cannot be empty.Specify the page locale and page rootdirectory.

Explanation: The page locale and page root directoryvalues are required to continue.


Administrator response: Enter the required values inthe table.

FBTCON297E The event pages cannot be displayedbecause the page factory configurationis missing the default page identifiermappings.

Explanation: The event pages are retrieved from thedefault page identifier mappings in the sps.xml file.


Administrator response: Ensure that the sps.xml file isconfigured with the appropriate page identifiermappings. Refer to the Tivoli Federated IdentityManager Configuration Guide for information onconfiguring these settings.

FBTCON298E An error occurred while modifyingthe event pages configuration. Checkthe system stack trace for moreinformation.

Explanation: The specified changes to the event pagesconfiguration were not applied.



FBTCON300W Warning: the module chain is sharedwith other trust chain mappings.Modifications to the chain identificationor chain structure affects other trustchain mappings that use this chain.

Explanation: The chain is shared. Modifications to thechain affect other trust chain mappings that use thischain.


Administrator response: Ensure that the effects of thespecified changes on all of the trust chain mappings aredesired before you enact the changes.

FBTCON301W Warning: keystore keys or certificatesin this keystore have expired or willexpire in less than 30 days.

Explanation: The validity period of a key or certificatein the specified keystore will expire or has expiredalready.


Administrator response: An expired key or certificatecannot be used, and will generate a message during thevalidation process.

FBTCON302E The self-signed certificate could notbe created.

Explanation: An error occurred while attempting tocreate the self-signed certificate.


Administrator response: Check the console andManagement Service logs to determine the source ofthe error.

FBTCON303E The certificate signature request(CSR) could not be created.

Explanation: An error occurred on the managementserver side while attempting to create the CSR.


Administrator response: Check the console and



Management Service logs to determine the source ofthe error.

FBTCON304E A valid host name is required toestablish an SSL connection.

Explanation: You must specify a host name toestablish an SSL connection.


Administrator response: Specify a host name.

FBTCON305E A valid port value is required toestablish an SSL connection.

Explanation: You must specify a valid port value toestablish an SSL connection.


Administrator response: Specify a port value.

FBTCON306E An alias is required to store thecertificate in the keystore.

Explanation: You must specify an alias to store thecertificate in the keystore.


Administrator response: Specify an alias.

FBTCON307E An error occurred while attempting toestablish an SSL connection to retrievethe certificate. Ensure that the hostnameand port are correct and that the targetSSL server is active.

Explanation: A connection could not be establishedwith the specified parameters. Either the specifiedvalues for the host and port are incorrect, or the targetSSL server is not actively monitoring for incomingrequests.


Administrator response: Ensure that the hostnameand port are correct and that an SSL server ismonitoring for requests.

FBTCON308E A common name is required to createa certificate.

Explanation: You must specify a common name tocreate a certificate.


Administrator response: Specify a common name.

FBTCON309E A validity period (in days) is requiredto create a certificate.

Explanation: You must specify a validity period tocreate a certificate.


Administrator response: Specify a validity period.

FBTCON310E An organization is required to createa certificate.

Explanation: You must specify an organization tocreate a certificate.


Administrator response: Specify an organization.

FBTCON311E A value is required for LogoutRequest Lifetime.

Explanation: You must enter a value for LogoutRequest Lifetime.


Administrator response: Enter a value for LogoutRequest Lifetime.

FBTCON312E The specified value for LogoutRequest Timeout must be a positiveinteger.

Explanation: The value entered for Logout RequestTimeout is not an integer.


Administrator response: Enter an integer value forLogout Request Timeout.

FBTCON313E An error occurred while invoking theITFIM Management Service. TheManagement Service may beunavailable.

Explanation: An mbean registered by the ITFIMManagement Service could not be contacted throughthe WebSphere AdminClient. This is likely due to theITFIM Managent Service not running on specifiedapplication server.


Administrator response: Make sure theITFIMManagementService EAR is installed and runningon the WebSphere Application Server. In a clusterdeployment, the ITFIMManagementService is onlyinstalled on the deployment manager.



FBTCON314E While contacting the ITFIMManagement Service, a WebSphereAdminClient connector could not becreated to the Management Service'sapplication server with the given hostand port.

Explanation: An AdminClient connector can not becreated to the server if the remote server is down. Thismay also occur if host or port are erroneous.


Administrator response: Make sure the host isrunning an application server with ITFIM installed.Make sure the port is set to the SOAP port configuredfor the application server, and that the port is listening.

FBTCON315E While contacting the ITFIMManagement Service, the WebSphereAdminClient connector was unable toauthenticate to the ManagementService's application server. Make surethe WebSphere administrator credentialsare correct.

Explanation: An AdminClient connector failed toauthenticate to the application server due to incorrectWebSphere administrator credentials. This may occur ifinvalid administrator username and password arespecified.


Administrator response: Make sure a validadministrative username and password are specifiedthat can authenticate with the application server.

FBTCON316E An invalid connector type is specifiedfor connecting to the ITFIMManagement Service.

Explanation: An invalid connector type is specifiedwhen trying to create an WebSphere AdminClient tothe ITFIM Management Service. The connector type ofSOAP should always be used to contact the ITFIMManagement Service.


Administrator response: When configuring theAdminClient connector, set the connector type toAdminClient.CONNECTOR_TYPE_SOAP.

FBTCON318E The passwords you entered do notmatch. Please enter the passwords again.

Explanation: The password re-entered does not matchthe originally entered password. This password will notbe set unless its entered twice for validation.


Administrator response: Enter the passwords again.

FBTCON319E An error occurred while retrieving theattribute filter for the partner with idinsert.

Explanation: An attempt was made to retrieve theattributes for the attribute filter.



FBTCON320E You must select an SSL Endpoint KeyIdentifier.

Explanation: The key is required


Administrator response: Select a key

FBTCON321E You must use the https protocol withinsert.

Explanation: The HTTPS protocol is required.



FBTCON322E You cannot create a Information CardRelying Party partner for the federationinsert. A global partner was added whenyou created the federation.

Explanation: The Information Card Identity Providerfederation has the concept of a global partner andadditional partners are not allowed.



FBTCON323E The entered cache size value isinvalid. It must be a postive integerranging from 0 to 32767.

Explanation: An invalid value was entered for thecache size. It must be a postive integer ranging from 0to 32767.


Administrator response: Enter another value for thecache size.



FBTCON325E Errors occurred while saving the webplug-in configuration changes to themanagement service. Check the consoleand Management Service logs todetermine the source of the error.

Explanation: Errors occurred while saving the webplug-in configuration changes to the managementservice. Check the console and Management Servicelogs to determine the source of the error.



FBTCON326W Recent configuration changes requirethat WebSphere be restarted. Allconfiguration changes will not takeeffect until the restart completes.

Explanation: In order for the configuration changesmade to take effect, you must restart WebSphere.


Administrator response: Please select whether torestart WebSphere now, or dismiss this message. If youdismiss this message, you will not be reminded again.If you have deployed FIM in a cluster, your cluster willbe ripple started; single servers will be restartedindividually. See the Runtime Node Management pagefor node status.

FBTCON327E The Identity URL Pattern mustcontain the string @ID@.

Explanation: The Identity URL Pattern is a regularexpression and must contain the string @ID@. Forexample, https://webseald.example.com/@ID@


Administrator response: Enter a url with the string@ID@.

FBTCON328E The value entered for insert containsan improperly formatted URL.

Explanation: Enter a valid URL format.



FBTCON329E The format of the received certificateseems to be invalid for this operation.Either use a DER encoded certificate ora Base64 encoded one.

Explanation: This operation required that thecertificate is encoded either using binary DER or asciiBase64. The Certificate Authority should be able to

provide this format or import the certificate intoWebSphere (using the security menus) and export it inthe appropriate format.



FBTCON330E The CA signed certificate was notimported to the Keystore. The problemseems to be that there is no matchingcertificate that holds the same publickey. The CA certificate would replacethe temporary certificate that wascreated when the Certificate SignatureRequest was created. Please verify thatthe certificate is correct and that you areusing the appropriate keystore.

Explanation: The public key in the certificate receivedfrom the CA and the temporary one needs to match.Check that you are using the correct certificate and thecorrect keystore by trying to look at the subject of theCA certificate and the subjects in the keystore



FBTCON331E The value entered for insert cannotcontain a comma. Each value should beinput on a separate line.

Explanation: The text area used for input does notallow comma separated values. Enter each value on aseparate line.


Administrator response: Enter values on separatelines.

FBTCON332E You cannot create an OpenID partnerfor the federation insert. A globalpartner was added when you created thefederation.

Explanation: OpenID federations have the concept ofa global partner and additional partners are notallowed.



FBTCON333E The field insert requires a protocol tobe selected.

Explanation: The checkboxes represent the set ofallowed protocols for those OpenID servers that theuser agent will permit connection to.




Administrator response: Select at least one of thecheckboxes. It is recommended to only allow https.

FBTCON334E In order to modify the Tivoli AccessManager properties for this domain, allthe nodes need to be unconfigured.Unconfigure the domain by using theRuntime Node Management panel.

Explanation: The Tivoli Access Manager propertiescannot be modified when the domain is configured.After unconfiguring the domain, modify the propertiesand then reconfigure.


Administrator response: Unconfigure the domain,modify the Tivoli Access Manager properties and thenreconfigure.

FBTCON335E You must select an Information CardSigning Key Identifier

Explanation: The key is required


Administrator response: Select a key

FBTCON336E An error occurred retrieving theproperties for the WSSM partner withid: insert.

Explanation: Close the portlet page and try again.This error can occur if the console is unable tocommunicate with the single sign-on protocol service.



FBTCON337E The entered keystore name containsthe invalid character insert. Pleasecorrect the name and try again.

Explanation: Certain characters cannot be used forkeystore names.


Administrator response: Enter a valid name for thekeystore in the appropriate text entry field.

FBTCON339E A point of contact profile with nameinsert already exists.

Explanation: An existing point of contact profile usesthe display name that you entered. Each point ofcontact profile must have a unique display name.


Administrator response: Please enter a differentdisplay name for this point of contact profile.

FBTCON340E The given keystore or key could notbe read. Please verify that the file existsin the filesytem, that it is not corrupted,that the correct password was suppliedor that your Java CryptographyExtension setup is appropriate for thetype of keystore/key you are trying touse. Detailed information about thisfailure can be found in the log file.

Explanation: A keystore or key could not be read.This is a problem seen when the password to thekeystore is incorrect, the file is corrupted or when theJava Cryptography Extension is not properly setup forthe use of strong keys.


Administrator response: Check the exception stacktrace and/or the logs.

FBTCON341E Error displaying report parameters.Check system logs for more details.

Explanation: A problem occurred while attempting todisplay report parameters to display in console. Checksystem logs for more details.



FBTCON342E Error building layout for reportparameters. Check system logs for moredetails.

Explanation: A problem occurred while attempting tobuild report parameters layout. Check system logs formore details.



FBTCON343E Error executing report. Check systemlogs for more details.

Explanation: A problem occurred while attempting toexecute report. Check system logs for more details.





FBTCON344E Error determining report render type.Check system logs for more details.

Explanation: A problem occurred while attempting todetermine report render type. Check system logs formore details.



FBTCON345E Error building layout for reports.Check system logs for more details.

Explanation: A problem occurred while attempting tobuild reports layout. Check system logs for moredetails.



FBTCON347E Error downloading report. Checksystem logs for more details.

Explanation: A problem occurred while attempting todownload report. Check system logs for more details.



FBTCON348E Error deleting report. Check systemlogs for more details.

Explanation: A problem occurred while attempting todelete report. Check system logs for more details.



FBTCON350E An error occurred importing fileinsert. The file is not a valid LTPA keyfile.

Explanation: Either the file is not a valid LTPA key fileor an unexpected error occurred.



FBTCON351E An authorization server host-port pairis repeated. Please ensure that differentauthorization servers are supplied.

Explanation: The same host and port has been givenfor an authorization server.


Administrator response: Check the pairs of host-portsgiven

FBTCON352W A request to deploy the TivoliFederated Identity Manager Runtime isin progress. New deployment requestswill be ignored until the previousrequest is complete.

Explanation: A request to deploy the Tivoli FederatedIdentity Manager runtime as an application into theWebSphere Application Server environment has beenstarted. Another request to deploy the Tivoli FederatedIdentity Manager runtime cannot be started until theprevious one is complete.

System action: The Deploy Runtime button is notactive.

Administrator response: If you want to deploy theTivoli Federated Identity Manager runtime again, waitfor the current deployment to complete. This may takeup to 10 minutes. If you want to check if a deploymentis complete, click the Deploying Tivoli FederatedIdentity Manager Runtime text or refresh the page ofthe console. Click the Deploy Runtime button when itis activated.

FBTCON353E An error occurred while reloading theconfigurations. Check the server log forerror details.

Explanation: An error occurred while reloading theconfigurations.

System action: None of the configuration updateswere completed.

Administrator response: Check the server log formore information about the error, make the updates tothe configuration, and try reloading the configurationagain.

FBTCON356W Some of the keys within thesupplied keystore could not be read.Make sure that the keystore file haskeys and that those keys are notprotected by a different password thanthe keystore itself.

Explanation: Some of the keys in the suppliedkeystore could not be read. This happens when thekeys have a different password than the keystore itselfor when the file itself is damaged.


Administrator response: No action taken

FBTCON344E • FBTCON356W


FBTCON358E You must specify the Subject DNexpression for the allowable X.509certificates.

Explanation: You have not specified the Subject DN.


Administrator response: Please use the entry field tospecify the required DN expression.

FBTCON359E The artifact resolution service indexentry insert must be 0 or a positiveinteger.

Explanation: The text field for the artifact resolutionservice index must be 0 or a positive number.


Administrator response: Enter 0 or a positive integerfor the artifact resolution service index field.

FBTCON360E The artifact resolution service indexesmust be unique.

Explanation: The artifact resolution service indexesmust be unique.


Administrator response: Enter 0 or a positive integerfor the artifact resolution service index field.

FBTCON361E Only one artifact resolution serviceendpoint is allowed to be the defaultendpoint.

Explanation: You have specified more than onedefault artifact resolution service endpoint.


Administrator response: Select only one artifactresolution service endpoint to be the default endpoint.

FBTCON362E The OP Generated Claimed IdentifierPattern must contain the string @ID@.

Explanation: The OP Generated Claimed IdentifierPattern must contain the string @ID@. For example,https://webseald.example.com/@ID@


Administrator response: Enter a URL with the string@ID@.

FBTCON363E The maximum authentication agemust be 0, a positive integer, or -1 todisable.

Explanation: The maximum authentication age mustbe in the correct range. An age of 0 forcesauthentication.


Administrator response: Enter -1, 0, or a positiveinteger.

FBTCON364E An unknown error was encounteredwhen processing the specified mappingrule.

Explanation: The mapping rule validator cannotdetermine the exact error when processing the specifiedmapping rule.


Administrator response: Check the log file to see ifthere is an exception that indicates the errorencountered.

FBTCON365E An XSL syntax error was encounteredwhen processing the specified mappingrule. The specific error in the log file is[[loggederror]].

Explanation: The mapping rule validator encounteredan XSLT syntax error when it attempted to process theXSLT file.


Administrator response: Check the log file to see ifthere is an exception that indicates the error.

FBTCON366E A JavaScript syntax error wasencountered when processing thespecified mapping rule. The specificerror in the log file is [[loggederror]].

Explanation: The mapping rule validator encountereda JavaScript syntax error when it attempted to processthe JavaScript file.


Administrator response: Check the log file to see ifthere is an exception logged that might indicate theerror encountered.

FBTCON367E The mapping rule type cannot bedetermined. Ensure that the mappingrule file has a known file extension andthat there are no syntax errors in thegiven rule.

Explanation: The mapping rule validator cannotdetermine the mapping rule type.


Administrator response: Check the log file to see ifthere is an exception that indicates the error.



FBTCON368E The audit client profiles could not beretrieved from the management service.

Explanation: This error can occur if the console cannotcommunicate with the management service.


Administrator response: Check the serviceconfigurations to ensure that you have the correct hostname and port for the management service. Check thatthe management service is running.

FBTCON369E An error occurred while deleting anaudit client profile: insert.

Explanation: This error occurs if the audit clientprofile is the current active profile. It can also occur ifthe profile does not exist.


Administrator response: Check that this profile is notthe current active profile.

FBTCON370E An error occurred activating the auditclient profile: insert.

Explanation: Ensure that the profile exists and isconfigured correctly. This error can also occur if theconsole cannot communicate with the single sign-onprotocol service.


Administrator response: Check the status ofmanagement service.

FBTCON371E The audit events list could not beretrieved from the management service.




FBTCON372E The audit events list could not beupdated.




FBTCON373E An error occurred while creating anaudit client profile.

Explanation: A single sign-on protocol serviceencountered a problem creating an audit client profile.



FBTCON374E An error occurred retrieving theproperties of the audit client profilewith ID: insert.

Explanation: A single sign-on protocol serviceencountered a problem creating an audit client profile.



FBTCON375E An audit client profile with nameinsert exists.

Explanation: An existing audit client profile uses thedisplay name that you entered. Each audit client profilemust have a unique display name.


Administrator response: Enter a different displayname for this audit client profile.

FBTCON376E The list of available audit eventhandlers could not be retrieved from thesingle sign-on protocol service.

Explanation: Close the portlet page and try again.This error can occur if the console cannot communicatewith the single sign-on protocol service.



FBTCON377E The field names for the audit eventhandler could not be retrieved from themanagement service.






FBTCON378E An error occurred modifying theproperties for the audit client profile:insert.

Explanation: This error can occur if the console cannotcommunicate with the single sign-on protocol service.


Administrator response: Ensure that the profile exists.Close the portlet page and try again. Check the serviceconfigurations to ensure that you have the correct hostname and port for the single sign-on protocol service.Check that the single sign-on protocol service isrunning. See the exception stack trace.

FBTCON379E The key alias alias is already used byanother key in this keystore.

Explanation: Keys must have unique aliases in thekeystore.


Administrator response: Please enter a uniquekeystore alias.

FBTCON380E The field insert contains an invalidregular expression.

Explanation: You have entered an invalid regularexpression. Modify the regular expression so that it isvalid.


Administrator response: Please enter a valid regularexpression in the appropriate text entry field.

FBTCON381E The artifact resolution service indexentry insert is too large for an integer.The maximum value is insert.

Explanation: The text field for the artifact resolutionservice index must be 0 and the maximum value.


Administrator response: Enter a number between 0and the maximum for the artifact resolution serviceindex field.

FBTCON382E The event handler properties couldnot be retrieved from the managementservice.




FBTCON383E The federation display name cancontain only characters from the set set'a-z', 'A-Z' and '0-9'. Specify a differentname using only the valid characters.

Explanation: The federation display name that youentered contains an invalid character.


Administrator response: Please enter a differentdisplay name for this federation.

FBTCON384E No suitable signature algorithms arefound for the insert signing key type.

Explanation: There is no suitable signature algorithmfound for the selected federation signing key type.


Administrator response: Select a different signing keyfor the federation.

FBTCON385E Temporary credentials andverification code lifetime is not valid.

Explanation: The temporary credentials andverification code lifetime must be a positive integervalue.


Administrator response: Enter the valid temporarycredentials and verification code lifetime.

FBTCON386E The maximum OAuth tokencredentials lifetime is not valid.

Explanation: The maximum OAuth token credentialslifetime must be a positive integer value.


Administrator response: Enter the valid maximumOAuth token credentials lifetime.

FBTCON387E The skew time between OAuth serverand client is not valid.

Explanation: The skew time between OAuth serverand client must be a positive integer value.


Administrator response: Enter the valid skew timebetween OAuth server and client.

FBTCON388E Error occurred when verifying theclient identifier.

Explanation: An exception was encountered whenchecking the uniqueness of the client identifier youentered.





FBTCON389E The minimum length of clientidentifier is <number> characters.

Explanation: An exception was encountered whenchecking the length of the client identifier you entered.



FBTCON390E The client identifier can contain onlycharacters from the set 'a-z', 'A-Z' and'0-9'. Specify a different client identifierusing the valid characters.

Explanation: The client identifier that you enteredcontains a character that is not valid.


Administrator response: Please enter the valid clientidentifier.

FBTCON391E The minimum length of clientshared-secret is <number> characters.

Explanation: An exception was encountered whenchecking the length of the client shared-secret youentered.


Administrator response: Ensure the clientshared-secret meets the minimum length requirement.

FBTCON393E The client callback URI is not valid.Enter 'oob' if it is not applicable.

Explanation: The client callback URI that you enteredis not valid.


Administrator response: Enter the valid client callbackURI.

FBTCON394E An OAuth partner cannot be createdfor the federation insert.




FBTCON395E An error occurred when verifying theclient identifier. A client with thespecified client identifier already exists.

Explanation: An exception was encountered whenchecking the uniqueness of the client identifier youentered.



FBTCON396E The minimum length of clientidentifier is <number> characters.

Explanation: An exception was encountered whenchecking the length of the client identifier you entered.



FBTCON397E The client identifier can contain onlycharacters from the set 'a-z', 'A-Z' and'0-9'. Specify a different client identifierusing the valid characters.

Explanation: The client identifier that you enteredcontains a character that is not valid.


Administrator response: Enter the valid clientidentifier.

FBTCON398E The minimum length of clientshared-secret is <number> characters.

Explanation: An exception was encountered whenchecking the length of the client shared-secret youentered.


Administrator response: Ensure the clientshared-secret meets the minimum length requirement.

FBTCON400E The client redirection URI is notvalid.

Explanation: The syntax of the client redirection URIthat you entered is not valid.


Administrator response: Enter a valid clientredirection URI.



FBTCON401E The client provider is not valid.

Explanation: You have not selected a client provideroption.


Administrator response: Select the option thatcorresponds to your client provider for the federation.

FBTCON402E The external client providerimplementation is not specified.

Explanation: You have not published the externalclient provider plugin, selected an external clientprovider implementation or did not specify the externalclient provider implementation module ID.


Administrator response: Publish the external clientprovider plugin, select an external client providerimplementation for the federation or specify theexternal client provider implementation module ID inyour plugin.

FBTCON403E The configuration settings for themodule id could not be retrieved from themanagement service.

Explanation: One possible reason for this error is thatthe console cannot communicate with the managementservice.



FBTCON404W The external client providerimplementation for module id cannot beloaded.

Explanation: Make sure the external client providerplugin is published.


Administrator response: Publish the external clientprovider plugin.

FBTCON405E You must select at least oneauthorization grant type (AuthorizationCode, Implicit Grant, Client Credentials,or Resource Owner PasswordCredentials).



Administrator response: Ensure that you select the

authorization grant you want to support in yourfederation.

FBTCON406E The authorization code lifetime is notvalid.

Explanation: The authorization code lifetime must bea positive integer value.


Administrator response: Enter a valid authorizationcode lifetime.

FBTCON407E The maximum authorization grantlifetime is not valid.

Explanation: The maximum authorization grantlifetime must be a positive integer value and greaterthan the authorization code and access token lifetime.


Administrator response: Enter a valid maximumauthorization grant lifetime.

FBTCON408E The access token lifetime is not valid.

Explanation: The access token lifetime must be apositive integer value.


Administrator response: Enter a valid access tokenlifetime.

FBTCON413W There are no available access tokentypes.

Explanation: The extension manager could not loadany of the access token type modules.


Administrator response: Verify that the access tokentype module is included in the published plug-ins.

FBTCON414W The access token typeimplementation for module id cannot beloaded.

Explanation: The extension manager could not loadthe specified access token type module.


Administrator response: Verify that the extension forthe specified module ID is included in the publishedplug-ins.

FBTCON401E • FBTCON414W


FBTCON415E You must select an access token type.

Explanation: The OAuth client requires an accesstoken type to make protected resource requests.


Administrator response: Ensure that you select anaccess token type for this federation.

FBTCON415W There are no available token cacheimplementations.

Explanation: The extension manager could not loadany of the token cache modules.


Administrator response: Verify that the token cachemodule is included in the published plug-ins.

FBTCON416E You must select a token cacheimplementation.

Explanation: You must specify the method used tocache OAuth tokens.


Administrator response: Ensure that you select atoken cache implementation for this federation.

FBTCON416W The token cache implementation formodule id cannot be loaded.

Explanation: The extension manager could not loadthe specified token cache module.



FBTCON417E The specified URL value is not a validURL.

Explanation: The syntax of the URL that you haveentered is not correct.


Administrator response: Verify that the URL is correctand try again.

FBTCON418E A HTTPS URL is expected. Thespecified URL value is not a HTTPSURL.

Explanation: The URL that you have entered is not aHTTPS URL.


Administrator response: Verify that the URL beginswith https://.

FBTCON419E The specified URI value is not a validURI.

Explanation: The syntax of the URI that you haveentered is not correct.


Administrator response: Verify that the URI is correctand try again.

FBTCON420W There are no available trusted clientsmanager implementations.

Explanation: The extension manager could not loadany of the trusted clients manager modules.


Administrator response: Verify that the trusted clientsmanager module is included in the published plug-ins.

FBTCON421W The trusted clients managerimplementation for module id cannot beloaded.

Explanation: The extension manager could not loadthe specified trusted clients manager module.



FBTCON422E You must select a trusted clientsmanager implementation.

Explanation: You must specify the method used tomanage trusted client information.


Administrator response: Ensure that you select atrusted clients manager for this federation.

FBTCON424E The token cache implementationmodule ID is not specified.

Explanation: The token cache implementation moduleID is required.


Administrator response: Specify the token cacheimplementation module ID in your plugin.

FBTCON425E The trusted clients managerimplementation module ID is notspecified.

Explanation: The trusted clients managerimplementation module ID is required.




Administrator response: Specify the trusted clientsmanager implementation module ID in your plugin.

FBTCON426E An OAuth 1.0 partner cannot becreated for the federation insert.




FBTFIR001E You have entered an invalid WebSphereApplication Server administrator username or password.

Explanation: Error results from either entering anon-administrator user name, corresponding wrongpassword, an incorrect spelling of the administratorname or password.


Administrator response: Enter the correctadministrator user name and password.

FBTFIR002E Cannot connect to the WebSphereApplication Server.

Explanation: An attempt to connect to the targetWebSphere Application Server failed. It might be dueto any of the following reasons: WebSphere ApplicationServer is not in service, or it is not responding.


Administrator response: Start or restart theWebSphere Application Server. If this error recurs,check the WebSphere Application Server log files todetermine the source of the error.

FBTFIR003E The WebSphere Application Serverinstallation directory is not valid.

Explanation: The fim.appservers.properties file in FIMinstall directory etc folder might not have the correctentry for WebSphere Application Server installationdirectory.


Administrator response: Make sure thefim.appservers.properties has the correct value forwas.install.location.

FBTFIR004E The federation name you specifiedalready exists. Specify a differentfederation name.

Explanation: The federation name you have enteredalready exists in the system.


Administrator response: Specify a different federationname.

FBTFIR005E The federation name can contain onlycharacters from the set 'a-z', 'A-Z' and'0-9'. Change the federation name tomatch the criteria.

Explanation: The federation name does not complywith the prescribed set of characters to use.


Administrator response: Make sure that the federationname you have specified complies with the prescribedset of characters that you can use.

FBTFIR006E Unable to complete the task due to awsadmin SOAP connection timeout.

Explanation: The current process can take a long timeto complete. The wsadmin SOAP connection mighttime out before the operation is finished.


Administrator response: To avoid timeouts, modifythe com.ibm.SOAP.request.Timeout property to 800. Theproperty is in the WebSphere installation directory andthe following subdirectory: /profiles/profile_name/properties/soap.client.props. Then, restart theWebSphere server. Note: The timeout might occurduring runtime deployment. As a result, the processhalts. You can run the same configurations again, andthe tool proceeds in carrying out subsequent tasks.

FBTFIR007E You have multiple FIM domains. Thetool does not support multiple TivoliFederated Identity Managementdomains.

Explanation: The Federation First Steps tool currentlydoes not support a cluster environment.


Administrator response: Make sure you are notworking on a cluster environment.

FBTFIR008E You have multiple WebSphereApplication Server clusters. The tooldoes not support multiple clusters.

Explanation: The Federation First Steps tool currentlydoes not support a multiple cluster environment.

FBTCON426E • FBTFIR008E



Administrator response: Make sure you are notworking in a multiple cluster environment.

FBTFIR009E The Deployment Manager has no clustermembers. The tool does not support aDeployment Manager without clustermembers.

Explanation: The tool does not support a DeploymentManager without cluster members.


Administrator response: Make sure you are notworking with a Deployment Manager that has nocluster members.

FBTFIR010E The type of process connected is nothandled.

Explanation: Only WebSphere Application Serverprocess and Deployment Manager process are handled.


Administrator response: Make sure you are connectedto either a WebSphere Application Server process orDeployment Manager process.

FBTFIR011E A user name and password must bespecified to login.

Explanation: A user name and password must bespecified to login.


Administrator response: Enter your credentials in theappropriate fields.

FBTFIR012E A problem occurred. Check the log fordetails.

Explanation: A problem occurred. Check the log fordetails.


Administrator response: Check the Federation FirstSteps tool log file for details.

FBTFIR014E You must enter the appropriate value foreach field.

Explanation: Fill out the fields with the appropriatevalue.


Administrator response: Make sure that all the fieldshave been filled out with appropriate values.

FBTFIR015E There is an error in loading the TivoliFederated Identity Manager commandline interface. If you have just installedTivoli Federated Identity Manager,ensure that you stop the WebSphereApplication Server, and then restart itbefore attempting to run the FederationFirst Steps tool.

Explanation: The FIM command line interface mightnot be loaded properly.


Administrator response: Ensure that the TivoliFederated Identity Manager is installed, and thecommand line interface is properly initialized. See theCommand reference section in the AdministrationGuide for details (http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.tivoli.fim.doc_6.2.1/concept/commandoverview.html).

FBTFIR016E There is an error running a nativeprocess.

Explanation: Some processes might have someproblems running on certain native platforms.



FBTFIR017E You must enter a base URL for yourprotocol endpoints.

Explanation: A common base URL is required for allprotocol endpoints.



FBTFIR018E Unable to execute tfimcfg.jar.

Explanation: The Federation First Steps tool requiresthe tfimcfg.jar file to be in its original location.


Administrator response: Make sure that the tfimcfg.jarfile is in the original location as when the TivoliFederated Identity Manager was installed.

FBTFIR019E Unable to create a temporary workingdirectory.

Explanation: The Federation First Steps tool requires atemporary working directory to be created.


Administrator response: Make sure that thetemporary directory of the system is not full, and the

FBTFIR009E • FBTFIR019E


Federation First Steps tool has read and writepermissions to it.

FBTFIR020E Unable to load thefim.appservers.properties file.

Explanation: The Federation First Steps tool requiresthe fim.appservers.properties file to be present andreadable on this system.


Administrator response: Make sure that TivoliFederated Identity Manager has been installed correctly,and the Federation First Steps tool has the correctpermissions read the installation directory.

FBTFIR021E Failed to retrieve the TCP/IP ports thisserver uses for connections.

Explanation: The Federation First Steps tool failed toretrieve the TCP/IP ports this server uses forconnections.


Administrator response: Make sure serverindex.xml isnot corrupted and is readable. The file is in theWebSphere installation directory and the followingsubdirectory: /profiles/profile_name/config/cells/cell_name/nodes/node_name/serverindex.xml.

FBTFIR022E Unable to connect to the TivoliFederated Identity ManagerInfoServiceXML endpoint atEndpointURL.

Explanation: Unable to connect to the Tivoli FederatedIdentity Manager InfoServiceXML endpoint.


Administrator response: Make sure that theInfoServiceXML endpoint can be accessed.

FBTFIR023E The WebSEAL configuration file youspecified is not valid.

Explanation: The WebSEAL configuration file youspecified is not valid.


Administrator response: Specify a valid path toWebSEAL configuration file.

FBTFIR045E You have a cluster environment. Thistemplate does not support a clusterenvironment.

Explanation: This template currently does not supporta cluster environment.


Administrator response: Make sure you are notworking on a cluster environment.

FBTFIR050E Failed to configure WebSEAL as thePoint of Contact server. Please see thelog for details.

Explanation: Failed to configure WebSEAL as thePoint of Contact server. Please see the log for details.


Administrator response: Read the log for the cause offailure, and fix it accordingly.

FBTFIR057E The Assertion Consumer Service URLyou specified is not a valid URL.

Explanation: The Assertion Consumer Service URLyou specified is not a valid URL.


Administrator response: Make sure the AssertionConsumer Service URL provided by the partner is avalid URL.

FBTFIR058E The ImmutableID lookup methodspecified is not valid.

Explanation: You did not specify a valid ImmutableIDlookup method.


Administrator response: Specify the correctImmutableID lookup value: 0=TAM principal UUID,1=FIM alias service.

FBTFIR059E The domain name is not valid.

Explanation: You did not specify a valid domainname.


Administrator response: Specify the correct domainname that is associated with your account.

FBTFIR060E Specify a valid domain name.

Explanation: You did not specify a valid domainname.


Administrator response: Specify a valid domainname.

FBTFIR061E Select a value from the drop-down.

Explanation: You did not select a value from thedrop-down.




Administrator response: Select a value from thedrop-down.

FBTFIR062E Specify a valid federation name.

Explanation: You did not specify a valid federationname.


Administrator response: Specify a valid federationname.

FBTFIR063E Failed to get the keys from the keystore.

Explanation: The keys were not retrieved from thekeystore.


Administrator response: Failed to get the keys fromthe keystore.

FBTFIR064E Failed to import the key into thekeystore.

Explanation: The key was not imported into thekeystore because you might have provided a wrongkeystore password or wrong file path.


Administrator response: Failed to import the key intothe keystore.

FBTFIR065E One or more required fields aremissing.

Explanation: You did not enter all the required inputfields.


Administrator response: One or more required fieldsare missing.

FBTFIR066E Could not connect to the Tivoli AccessManager environment.

Explanation: You cannot connect to the Tivoli AccessManager because of wrong user name passwordcombination or the Tivoli Access Manager is notrunning on the specified port.


Administrator response: Could not connect to theTivoli Access Manager environment.

FBTFIR067E The mapping rule file is missing.

Explanation: You did not provide the mapping rule.


Administrator response: The mapping rule file ismissing.

FBTFIR073W It appears that Tivoli FederatedIdentity Manager has not beenconfigured with WebSEAL as the Pointof Contact. In order for risk basedaccess to function correctly, you mustconfigure Tivoli Federated IdentityManager with WebSEAL as Point ofContact.

Explanation: One or more pre-requisite set up may bemissing, check the message and resolve the issue.

System action: None.


FBTFIR074E ConfigStep failed due to ConfigStepError

Explanation: One or more internal failures may havecaused configuration wizard to fail. Check the logs formore details.

System action: Check the logs for a more detailedexplanation and fix inputs or environmental issuesbefore trying again.

Administrator response: Check the logs for a moredetailed explanation and fix inputs or environmentalissues before trying again.

FBTFIR080E Tivoli Access Manager ConfigurationFailed, Please check whether it isalready running on this system, andpadmin command can be executed onthis system. Error details : ErrorDetails




FBTFIR081E Invalid junction name specified.






FBTFIR082E Invalid Tivoli Access Manager ResourceURI specified.




FBTFIR083E Invalid Point of Contact Server URLSpecified.




FBTFIR085E Risk-based Access Configuration couldNOT be completed successfully.




FBTFIR086E Invalid WebSEAL instance name.




FBTFIR089E Failed Execution of : command Exit code :exitCode Output : output Error : error




FBTFMS100E argument is a required argument.

Explanation: A required argument was missing.

System action: The request has been halted.

Administrator response: Examine the client code thatmade this call and ensure that it passes the rightarguments.

FBTFMS101E argument is not a legal argument.Input must be: DEBUG_MIN,DEBUG_MID, DEBUG_MAX,AUDIT_ID_AUTH, AUDIT_SECURITY,AUDIT_CREATE_MOD_DELETE,INFO, WARN, ERROR, or OFF

Explanation: The given event level string was not avalid value.

System action: The request returned the empty string.

Administrator response: Examine the client code thatmade this call and ensure that it passes a legal value.

FBTFMS102E argument is not a valid ID.

Explanation: The given unique ID does not exist.

System action: An exception has been thrown.

Administrator response: Pass in a valid ID.

FBTFMS103E Expected a list of size size1, butreceived a list of size size2

Explanation: This method expected a list of a certainsize and received a different size.

System action: An exception has been thrown.

Administrator response: Pass in a list with the rightsize.

FBTFMS104E Received an unexpected argumenttype: msg

Explanation: This method expected an argument of acertain type and received an argument with a differenttype.

FBTFIR082E • FBTFMS104E


System action: An error has been logged.

Administrator response: Pass in an argument with thecorrect type.

FBTFMS105E Received an unexpected value msg1.Expected one of the following: msg2

Explanation: This method expected a certain valuefrom a given list of values but received something else.


Administrator response: Pass in an expected value.

FBTFMS106E Encountered an error getting aninstance of ModuleLoaderFactory: msg1.

Explanation: The module factory loader threw anexception.


Administrator response: Check the trace log todetermine the cause of the problem.

FBTFMS107E A configuration file or directory wasnot found: msg1.

Explanation: A required configuration file was notfound.


Administrator response: Ensure that the required fileexists.

FBTFMS108E Could not delete the point of contactclient given by ID: id.

Explanation: The delete operation failed.


Administrator response: Ensure that the ID of thegiven entity exists in the configuration.

FBTFMS109E Could not delete the delegate protocolinstance given by ID: id.




FBTFMS110E Could not delete the protocoldetermination module given by ID: id.




FBTFMS111E Could not delete the global handlergiven by ID: id.




FBTFMS112E Could not delete the page selectorgiven by ID: id.




FBTFMS116E The management operation is missingrequired input values. The managementoperation has failed to complete.

Explanation: The management operation is missingrequired input values.

System action: The operation will return failure.

Administrator response: The management operationbeing called requires specific input values to completethe operation. Check the documentation for all therequired input values.

FBTFMS117E The provided password is incorrect orthe keystore keystore does not exist. Themanagement operation has failed tocomplete.

Explanation: The provided password was not correct,or the keystore does not exist.


Administrator response: Ensure that the keystoreexists and ensure the correct password was entered.

FBTFMS118E Error encountered when retrieving theencoded format of the certificate.

Explanation: An attempt was made to encode acertificate that returned errors.


Administrator response: Check the trace logs for amore specific exception error.

FBTFMS119E Error encountered while creating thekeystore for export. Export operationfailed.

Explanation: During the generation of the keystore toexport the server encountered a error.


FBTFMS105E • FBTFMS119E


Administrator response: Check the logs for anexception that will give a more specific reason for theerror.

FBTFMS120E Error encountered while importing thegiven keystore. Import operation failed.

Explanation: During the importing of the keystore theserver encountered a error.



FBTFMS121E The store storename does not exist.Operation failed to complete.

Explanation: The given store does not exist.


Administrator response: Ensure that the given storeexists.

FBTFMS122E The import into store storename failed.Operation failed to complete, checktrace logs for more specific error.

Explanation: An error was encountered when the keyand/or certificate were being imported.


Administrator response: Check the trace logs for amore specific error message.

FBTFMS123E The password for the given keystoreis incorrect. Operation failed tocomplete.

Explanation: An error was encountered validating thepassword for the given keystore.


Administrator response: Ensure that the correctpassword is entered for the keystore or for the keyentry.

FBTFMS124E An error occurred when attempting toupdate the store (storename) with thenew data. Operation failed to complete.

Explanation: An error occurred while updating thespecified store.



FBTFMS125E The key alias alias name returned nodata for the keystore provided. Confirmthat the key alias given exists.Operation failed to complete.

Explanation: There are no keys or certificates locatedat the key alias given.


Administrator response: Confirm that the given keyalias exists in the provided keystore.

FBTFMS126E The key alias alias name already existsin the store store name. Operation failedto complete.

Explanation: The import operation was asked to notoverwrite existing key aliases and the alias providedalready existed in the store.


Administrator response: Confirm that the given keyalias does not exists in the provided store.

FBTFMS127E The encountered file 'file name' couldnot be read.

Explanation: An error occurred while attempting toread the specified file.


Administrator response: Confirm that the file has thecorrect permissions and is a valid JKS file.

FBTFMS128E The configured directory 'directoryname' could not be read or does notexist.

Explanation: An error occurred while attempting toread the configured directory.


Administrator response: Confirm that the directoryexists and has the correct permissions.

FBTFMS129E The specified label 'label' could not bedeleted from the specified key store 'keystore'.

Explanation: An error occurred while attempting tomodify the specified key store.


Administrator response: Confirm that the inputvalues to the management operation are correct.



FBTFMS135E Obtaining a new context requires theITFIM_CONTEXT_DOMAIN parameter.

Explanation: The management service operationrequires the domain name to be set using theITFIM_CONTEXT_DOMAIN parameter.


Administrator response: Set theITFIM_CONTEXT_DOMAIN parameter as input to themanagement operation.

FBTFMS136E The specified key store name 'key storename' is already in use, and cannot bere-used again to create a new key store.

Explanation: An error occurred while attempting tocreate a key store.


Administrator response: Confirm that the inputs tothe management operation are correct.

FBTFMS137E An error occurred creating key store'key store name'.

Explanation: An error occurred while attempting tocreate a key store.


Administrator response: Confirm that the inputs tothe management operation are correct and check tracelogs for details.

FBTFMS138E STS module instance cannot bedeleted because it is in use.

Explanation: An error occurred while attempting todelete an STS module instance.


Administrator response: Confirm the STS moduleinstance is not in use before attempting to delete it.

FBTFMS139E An error occurred while reading thelicense file path. The default license willbe used instead. The root cause of theerror was 'exception text'.

Explanation: Federated Identity Manager attempted toverify the license file, but the verification failed.

System action: The system will use the default license.

Administrator response: Verify that the license fileexists and has not been modified from the versionincluded with your product installation media. Ifnecessary, copy the original license file from theFederated Identity Manager installation media intoplace.

FBTFMS140E Could not delete the point of contactprofile given by ID: id. Ensure that theprofile exists, is not read-only, and isnot the currently active profile.



Administrator response: Ensure that the ID of thegiven entity exists in the configuration, is not read-only,and is not the current profile.

FBTFMS141E Could not modify the point of contactprofile given by ID: id. Make sure theprofile exists and is not read-only.

Explanation: The modify operation failed.


Administrator response: Ensure that the ID of thegiven entity exists in the configuration and it is notread-only.

FBTFMS142E The plug-in directory was null.

Explanation: The plug-in directory could not bedetermined by the Management Service.


Administrator response: Ensure that themoduledirs.properties file exists inside theITFIMManagementService.ear application.

FBTFMS143E Could not make the point of contactprofile given by ID: id the currentprofile. The profile must contain a SignIn callback and Local ID callback tomake it an active profile. The currentprofile configuration is incomplete.

Explanation: The make profile current operation hasfailed.


Administrator response: Ensure that the ID of thegiven entity has a valid configuration.

FBTFMS144E An error occurred whilecommunicating with the TDI Server.

Explanation: The list of configuration files for the TDIServer could not be retrieved.


Administrator response: Ensure that the TDI Serverdaemon is running.



FBTFMS145E Could not delete the audit clientprofile given by ID: id. Ensure that theprofile exists and is not the currentlyactive profile.



Administrator response: Ensure that the ID of thegiven entity exists in the configuration and is not thecurrent profile.

FBTFMS146E STS module chain argument cannot bedeleted because it is in use.

Explanation: An error occurred while attempting todelete an STS module chain.

System action: The operation returns failure.

Administrator response: Confirm that the STS modulechain is not in use before attempting to delete it.

FBTIDS001W The alias service configuration file(etc/idservice.xml) was not found.

Explanation: The alias service configuration file wasnot found.

System action: The alias service will start with defaultclients.

Administrator response: Ensure that the request hasall the required data.

FBTIDS002E The module reference id ['referenceId'], isinvalid. The module reference does notexist.

Explanation: The referenced identifier does not exist.

System action: The plug-in module will not beavailable at runtime.

Administrator response: Validate the Identity Serviceconfiguration.

FBTIDS003E The class 'className' with modulereference id 'referenceId' could not beinitialized. The init method did notsuccessfully complete.

Explanation: The module implementation did notsuccessfully initialize.


Administrator response: Validate the Identity Serviceconfiguration and installed Identity Service plugins.

FBTIDS004E The class 'className' does not implementthe interfaces of class 'referenceClass'.

Explanation: The module does not implement therequired interface.


Administrator response: Validate the Identity Serviceconfiguration and installed Identity Service plugins.

FBTISJ001E Unable to locate the local interface name.

Explanation: No EJB instance was found.


Administrator response: Validate the configuration ofthe EJB, then try the operation again.

FBTISJ002E The identity service was unable to readthe user's alias.

Explanation: The LDAP alias-read operation failed.

System action: The service will not return a value.

Administrator response: Validate the configuration ofthe ID service, and check logs for an EJB error message.

FBTISJ003E The identity service was unable to writethe user's alias.

Explanation: The LDAP alias-write operation failed.

System action: The service will not return a value.

Administrator response: Validate the configuration ofthe ID service, and check the logs for an EJB errormessage.

FBTISL001E The local interface name could not belocated.

Explanation: No EJB instance can be found.


Administrator response: Validate the configuration ofthe EJB.

FBTISL002E The remote interface name could not belocated.




FBTFMS145E • FBTISL002E


FBTISL003E The Naming name of the EJB was notprovided.




FBTISL004E A manager could not be created on thisnode. This result might not be an errorif the system is running in a clusteredenvironment. Confirm the configurationand startup on the appropriate node.




FBTISL006E Configuration was not provided for theenterprise bean.

Explanation: No EJB configuration can be found.



FBTISL007E The provided SSL configuration is notvalid.

Explanation: The SSL configuration contains missingparameters or parameters that are not valid.


Administrator response: Validate the configuration ofthe ID service.

FBTISL008E The configuration key key is not valid.

Explanation: The configuration contains a parameterkey that is not valid.

System action: The configuration key will be ignored.

Administrator response: Validate the configuration ofthe ID service.

FBTISL012E The bootstrap failed

Explanation: The configuration contains a parameterkey.

System action: The configuration key will be ignored.

Administrator response: Validate the configuration ofthe ID service

FBTISL014E The identity service was unable to readthe user's alias.

Explanation: The alias read LDAP operation failed.

System action: The service will return no value.

Administrator response: Validate the configuration ofthe ID service, and check logs for an LDAP errormessage.

FBTISL015E The identity service was unable to writethe user's alias.

Explanation: The alias write LDAP operation failed.



FBTISL016E The identity service was unable to readthe user's attributes.

Explanation: The attribute read LDAP operationfailed.



FBTISL017E The identity service was unable to writethe user's attributes.

Explanation: The attribute write LDAP operationfailed.



FBTISL018E The provided DN, dn, does not exist.

Explanation: The attribute read LDAP operationfailed.



FBTISL019E The attribute attribute with value valuecould not be written.

Explanation: The attribute write LDAP operationfailed.


Administrator response: Validate the configuration of

FBTISL003E • FBTISL019E


the ID service, and check logs for an LDAP errormessage.

FBTISL020E No trusted keystore was returned by thekey service.

Explanation: The call to the key service did not returna trusted keystore.

System action: The service SSL functionality will notoperate.

Administrator response: Validate that theconfiguration has the correct trusted key store name.

FBTISL021E No trusted keystore type was returnedby the key service.

Explanation: The call to the key service did not returna trusted keystore type.

System action: The default key store type will beused.

Administrator response: Validate that theconfiguration has the correct trusted key store name.

FBTISL022E The input provided to the managementoperation is not valid.

Explanation: This error is typically due to null inputvalues, missing input values, or input values of thewrong type.

System action: The management operation will behalted

Administrator response: Check the trace for the inputto the management operation.

FBTISL023E The input provided to the managementoperation is not valid, the parameterparameter is missing.


System action: The management operation will behalted


FBTISL024E The input provided to the managementoperation is not valid and the type typefor parameter parameter is not valid. Theexpected input is expectedType.


System action: The management operation will behalted.


FBTISL025E The input provided to the managementoperation are not valid. The server serveris undefined.




FBTISL026E The provided service configuration isnot valid. The required parameterparameter is not specified.

Explanation: The specified parameter is required forID service LDAP function.

System action: The current operation will be halted.

Administrator response: Check the productdocumentation for the correct parameters.

FBTISL027E The provided server configuration is notvalid. The required parameter parameteris not specified.

Explanation: The specified parameter is required forID service LDAP function.

System action: The current operation will be halted.

Administrator response: Check the productdocumentation for the correct parameters for serverconfiguration.

FBTISL028E The ID service LDAP management beancould not be registered.

Explanation: An error has occurred while registeringthe management bean for the ID service LDAPprovider.

System action: The server will start with nomanagement interface.

Administrator response: Enable trace and check forerrors leading up to this failure.

FBTISL029E The configuration update failed.

Explanation: An error has occurred while updatingthe server configuration.

System action: The server will continue running withthe existing configuration.

Administrator response: Enable trace and check forerrors leading up to this failure.

FBTISL020E • FBTISL029E


FBTIVT003E The distributed map to run the testcannot be located.

Explanation: The current test cannot be run becausethe distributed map could not be located.

System action: The test has failed.

Administrator response: Validate the setup of theWebSphere Application Server environment, cluster,and replication domain.

FBTIVT004E The key ''key'' cannot be located in thedistributed map.

Explanation: The current test has failed because thespecified key could not be found.

System action: The test has failed.

Administrator response: Validate the setup of theWebSphere Application Server environment, cluster,and replication domain.

FBTKES001E The global configuration properties fileis not in the classpath of the server.

Explanation: The global configuration properties filecould not be found in the server's classpath. The file istypically created at installation time for the installerand is required for the server to successfully start.

System action: The request is halted.

Administrator response: Ensure that the system wasinstalled correctly, locate the global configurationproperties file, and ensure that the file is located in theserver's classpath.

FBTKES002E No keystore or keystore password wasprovided.

Explanation: A keystore or keystore password or bothmust be provided for the server to start.


Administrator response: Ensure that the keystore hasthe correct file permissions for the server to read andwrite.

FBTKES003E The password could not beunobfuscated.

Explanation: The obfuscated password could notsuccessfully be unobfuscated.


Administrator response: Check that the Java thatsupports the A.E.S. 128-cipher algorithm is being used.

FBTKES005E A problem was encountered whilecreating the keystore at location:filename.

Explanation: Because the keystore at the givenlocation did not exist, the server attempted to create anew keystore but failed.

System action: The keystore was not created.

Administrator response: Ensure that the directorypath up to the given file exists and that the correct readand write file permissions are set. Check the causeexception to get more specific details about whatcaused the problem.

FBTKES006E The key type for the given alias alias isan unknown key.

Explanation: An attempt was made to use a key thathas an unknown type.


Administrator response: Ensure that the key for thegiven alias is a supported key type.

FBTKES007E A key was not found with the givenalias (alias).

Explanation: The server could not find a key with theprovided alias.


Administrator response: Ensure that you have thecorrect keystore configured.

FBTKES008E The required input was not given.

Explanation: The required input was not given toprocess the request.


Administrator response: Ensure that the correct inputis given.

FBTKES009E The document owner was not given.The signature template could not begenerated.

Explanation: For the signature template to generatecorrectly, the document owner must be provided.


Administrator response: Ensure that the callerprovides the correct document owner.

FBTIVT003E • FBTKES009E


FBTKES010E A reference list of elements to be signedwas not given. The signature templatecannot be generated without a referencelist.

Explanation: For a signature template to be generated,a reference list must be provided.


Administrator response: Ensure that the callerprovides the correct reference list of elements to bereferenced in the generated signature template.

FBTKES011E A context was not provided by caller.

Explanation: The caller did not provide a context.


Administrator response: Ensure that a context isprovided.

FBTKES012E A key alias was not provided by thecaller.

Explanation: The caller did not provide a key alias.


Administrator response: Ensure that a key alias isprovided.

FBTKES013E No data was provided to be signed.

Explanation: The caller did not provide any data to besigned.


Administrator response: Ensure that there is dataprovided.

FBTKES014E A certificate was not found with thegiven alias (alias).

Explanation: The server could not find a certificatewith the provided alias.



FBTKES015E The signature validation failed.

Explanation: The server encountered an error whileattempting to validate a signature.


Administrator response: Check the cause exception tofind more details about why the validation failed.

FBTKES016E No document was given.

Explanation: An XML document is required toperform the operation.


Administrator response: Ensure that a document isprovided.

FBTKES017E The signature creation operation failed.

Explanation: The server encountered an error whileattempting to sign the given data.


Administrator response: Check the cause exception tofind more details about why the signing failed.

FBTKES020E The signature was not valid.

Explanation: The signature was determined to beinvalid while attempting to validate the byte array ofthe signature.



FBTKES021E No keystore directory was provided.

Explanation: A keystore directory must be providedfor the server to start.


Administrator response: Ensure that the keystoredirectory is provided.

FBTKES022E The keystore directory provided (alias)does not exist or is not a directory.

Explanation: The keystore directory provided in theconfiguration does not exist or is not a directory.


Administrator response: Ensure that the givendirectory exists.

FBTKES023E The required path element was notprovided.

Explanation: For the given request, a path that pointsto the specific XML element is required.


Administrator response: Ensure that the caller ispassing all required parameters.

FBTKES010E • FBTKES023E


FBTKES024E The given element path did not point toan XML element.




FBTKES025E The key encryption and signatureservice client factory could not locatethe key encryption and signature servicemodule.

Explanation: The modules or module directory couldnot be located in the current environmentconfiguration.


Administrator response: Ensure that the caller ispassing all required parameters and that theconfiguration is correct.

FBTKES026E An alias was not given.

Explanation: The caller did not pass an alias.


Administrator response: Ensure that the keyconfiguration has all the correct key alias namesconfigured.

FBTKES027E The given key profile does not have acipher assigned or an error occurredwhen getting an instance of the cipher.

Explanation: The key profile given did not return acipher.


Administrator response: Ensure that the key profileconfiguration has the cipher configured correctly.

FBTKES028E The raw key bytes for key id were notspecified.

Explanation: The key bytes were not specified in theconfiguration file for the given key ID.

System action: The key given was not generated,process continued to the next key in the configurationfile.

Administrator response: Ensure that the keyconfiguration has the required configuration item.

FBTKES029E The type for key id was not specified.

Explanation: The type was not specified in theconfiguration file for the given key ID.

System action: The key given was not generated,process continued to the next key in the configurationfile.

Administrator response: Ensure that the keyconfiguration has the required configuration item.

FBTKES030E An unknown error occurred, the cipherreturned no data but data was expected.

Explanation: Data was given to the cipher engine butit did not return any data.


Administrator response: Ensure that key profile, thecipher and the key are configured correctly.

FBTKES031E During the decryption an error wasencountered. It appears the given ciphertext is corrupt.

Explanation: The given cipher text could not bedecrypted and parsed into a valid XML document.

System action: The operation will return a failure.

Administrator response: Confirm that the message isnot being altered.

FBTKES032W The certificate with the subject'sdistinguished name of [dn] and serial of[number] has expired, therefore it wasnot used for runtime operations.

Explanation: The given certificate has expired and willnot be used for runtime operations.

System action: The system will not use the certificate.

Administrator response: Only use certificates that arestill valid.

FBTKES033E The block cipher algorithm URIprovided [URI] is not supported by theXML security API.

Explanation: The block cipher algorithm URI providedfrom configuration is not supported by the XMLsecurity API.

System action: The system will not complete therequest.

Administrator response: Change the configuration toa supported block cipher algorithm URI.



FBTKES034E The key transport algorithm URIprovided [URI] is not supported by theXML security API.

Explanation: The key transport algorithm URIprovided from configuration is not supported by theXML security API.


Administrator response: Change the configuration toa supported key transport algorithm URI.

FBTKES035E The provided message contained toomany EncryptedKey elements, theprocess is unable to determine thecorrect key to use.

Explanation: The provided message did not have aKeyInfo element as a child of the EncryptedDataelement. Because there was no KeyInfo element, theservice has to look for EncryptedKey elements underthe parent node of the EncryptedData. If there is morethan one EncryptedKey element under the parent, thiserror is returned.


Administrator response: Ensure the given messagecontains a KeyInfo element as a child of theEncryptedData element, which includes either theEncryptedKey or references the EncryptedKey if thereis more then one EncryptedKey in the message.

FBTKES036E No EncryptedKey element found, theprocess cannot decrypt the givenmessage.

Explanation: The given message did not contain aEncryptedKey element, the EncryptedKey elementcontains the key material to decrypt the EncryptedDataelement.


Administrator response: Ensure that messages containat least one EncryptedKey element for everyEncryptedData element.

FBTKES037E The key encryption and signatureservice client factory could not locate acertificate path validator module.

Explanation: The modules or module directory couldnot be located in the current environmentconfiguration.


Administrator response: Ensure that the required

certificate path validator module is properly configuredand installed.

FBTKES038W Certificate path validation is disabledbecause no keystores of type CACertificates are configured.

Explanation: There are no keystores of type CACertificates configured.


Administrator response: Ensure that at least onekeystore containing CA certificates is configured with atype of CA Certificates.

FBTKES039E The configuration file file could not beread.

Explanation: The configured file might not exist,might not be readable by this user, or might not be avalid file.

System action: The server cannot performinitialization of the hardware device.

Administrator response: Correct the configuration forthe hardware provider in etc/kessjks.xml and restartthe server.

FBTKES040E A <HardwareProviderType> elementcould not be found with reference IDidref in etc/kessjks.xml.

Explanation: The configuration file contains areference to an element that does not exit.

System action: The server cannot performinitialization of the hardware device.


FBTKES041E A <ModuleReference> element couldnot be found with reference ID idref inetc/kessjks.xml.

Explanation: The configuration file contains areference to an element that does not exit.

System action: The server will skip initialization ofthe module referenced by the ID.


FBTKES042E The hardware cryptographic devicecould not be initialized.

Explanation: The hardware cryptographic devicefailed to initialize. See previous messages.

System action: The server will not be able to perform



signing and cryptography services.

Administrator response: Verify that the hardwaredevice is installed correctly and is operating properly.

FBTKES043E There is no provider available toperform the requested operation.

Explanation: The signature and cryptographicprovider failed to initialize. See previous messages.

System action: The server cannot perform therequested operation.

Administrator response: Check the message log forrelated errors and take corrective action accordingly.

FBTKES044E The key encryption and signatureservice configuration is missing therequired parameter parameter.

Explanation: An error has occurred while validatingthe server configuration. This error is due to theabsence of a required parameter.

System action: The server will not function with amissing configuration.

Administrator response: Ensure that the missingconfiguration entry is specified.

FBTKES045E The hardware cryptography feature isnot supported by Tivoli FederatedIdentity Manager on this version ofWebSphere Application Server.

Explanation: The installed version of WebSphereApplication Server does not provide the proper supportfor the hardware cryptography feature.


Administrator response: Either upgrade to WebSphereApplication Server version 6.1 or greater, or disable thehardware cryptography feature.

FBTKES046E The key profile with alias alias requiresan initialization vector.

Explanation: The mode of the cipher in the key profilerequires an initialization vector to be configured.

System action: The key profile is discarded.

Administrator response: Correct the configuration andrestart the server.

FBTKES047E The key profile with alias alias has anincomplete initialization vector.

Explanation: The initialization vector must include asize or initialization data to be configured.

System action: The key profile is discarded.


FBTKES048E An exception occurred while processingthe keystore on the hardware device.The exception message text is: message.

Explanation: An exception was encountered whileprocessing the keystore provided by the hardwaredevice.

System action: The keys and certificates not alreadyprocessed will be unavailable.


FBTKES049E The message signature did not includethe required KeyInfo data to find avalidation certificate.

Explanation: The server is configured to use theKeyInfo data in the message signature to locate a keyfor signature validation but the signature does not havethe required data.

System action: The request is rejected.

Administrator response: Ensure that the senderincludes either a Public Key, X509 Certificate data, X509Subject Key Identifier or X509 Subject Name in theKeyInfo element of the signature.

FBTKES050E The message signature did not includeany KeyInfo data that matches theconfigured DN expression [alias].

Explanation: The server is configured to use theKeyInfo data in the message signature to locate a keyfor signature validation but the DN of the certificatedoes not match the allowable names in theconfiguration.


Administrator response: Ensure that the configuredDN expression is correct and retry the operation.

FBTKES051E There are no certificates available thatmatch the KeyInfo data in the messagesignature for the DN [alias].

Explanation: The server is configured to use theKeyInfo data in the message signature to locate a keyfor signature validation but a certificate could not befound in any keystore.


Administrator response: Ensure that the public keycertificate is imported into the Tivoli Federated IdentityManager keystore.



FBTKES052E The signature algorithm URI provided[URI] is not supported.

Explanation: The system does not support thesignature algorithm URI provided from theconfiguration.


Administrator response: Change the configuration tothe supported signature algorithm URI.

FBTKES053E The digest algorithm URI provided[URI] is not supported.

Explanation: The system does not support the digestalgorithm URI provided from the configuration.


Administrator response: Change the configuration tothe supported digest algorithm URI.

FBTKES054E The signing key type [KeyType] does notmatch the signature algorithm [URI].

Explanation: The signing key type does not match thesignature algorithm provided from the configuration.


Administrator response: Change the configuration tomatch the key type and signature algorithm.

FBTKES055E The key type [KeyType] does not supportencryption.

Explanation: The key type provided fromconfiguration does not support encryption.

System action: The system cannot complete therequest.

Administrator response: Change the configuration toa supported encryption key type.

FBTKJK001E A manager could not be created on thisnode. This result might not be an errorif the system is running in a clusteredenvironment. Confirm configuration andstartup on the appropriate node.

FBTKJK002E The global configuration properties fileis not in the classpath of the server.

Explanation: The global configuration properties filecould not be found in the server's classpath. The file istypically created at installation time for the installerand is required for the server to successfully start.

System action: The global configuration properties filecould not be found.

Administrator response: Ensure that the system wasinstalled correctly, locate the global configurationproperties file, and ensure that the file is located in theserver's classpath.

FBTKJK006E The Key Encryption and SignatureService Java Keystore management beancannot be registered.

Explanation: An error has occurred registering themanagement bean for the Key Encryption andSignature Service Java Keystore provider.

System action: The server will start with nomanagement interface.

Administrator response: Enable a trace and check forerrors leading up to this failure.

FBTKJK007E The configuration file for the KeyEncryption and Signature Service JavaKeystore, filename, cannot be read.

Explanation: An error has occurred reading theconfiguration for the Key Encryption and SignatureService Java Keystore provider.

System action: The server will not be able to startunless the configuration file is located on another node.


FBTKJK008E The bootstrap of the Key Encryptionand Signature Service Java Keystoreprovider has failed.

Explanation: The bootstrap process of the KeyEncryption and Signature Service Java Keystore did notcomplete successfully.

System action: Check earlier error and trace messagesfor problems leading up to this failure.

Administrator response: Validate the configuration ofthe Key Encryption and Signature Service Java Keystoreprovider.

FBTKJK009E The input provided to the managementoperation is not valid.




FBTKES052E • FBTKJK009E


FBTKJK010E The input provided to the managementoperation is not valid. The parameterparameter is missing.




FBTKJK011E The input provided to the managementoperation is not valid. The type type forparameter parameter is not valid. A valueof expectedType was expected.




FBTKJK012E The configuration update failed.

Explanation: An error has occurred while updatingthe server configuration.

System action: The server will continue running withthe existing configuration.


FBTKJK015E The key encryption and signatureservice configuration could not bediscovered because no configurationstore was found.

Explanation: An error has occurred discovering theserver configuration. This error occurred because thedistributed map instance could not be located.

System action: The server will not function withoutconfiguration information.

Administrator response: Ensure that the configurationstore is running on the application server and enablethe trace to check for errors leading up to this failure.

FBTKJK016E The key encryption and signatureservice configuration is missing therequired parameter parameter.

Explanation: An error has occurred while validatingthe server configuration. This error is due to theabsence of a required parameter.


Administrator response: Ensure that the missingconfiguration entry is specified.

FBTKJK017E The configured Java key storeconfiguration directory directory couldnot be read.

Explanation: The configured directory might not exist,might not be readable by this user, or might not be adirectory.


Administrator response: Ensure that the configuredentry is valid.

FBTKJK018E The configured Java key storeconfiguration directory contains a filefile that could not be read.

Explanation: The configured file might not exist,might not be readable by this user, or might not be avalid.

System action: The server will attempt to read theremaining files in the directory.

Administrator response: Ensure that the file is valid.

FBTKJK021E The required input was not given.

Explanation: The required input was not given toprocess the request.

System action: The request could not be processedbecause the required input is missing.

Administrator response: Ensure that the correct inputis given.

FBTKJK022E The document owner was not given andthe signature template could not begenerated.

Explanation: For the signature template to generatecorrectly, the document owner must be provided.

System action: The signature template was notgenerated.

Administrator response: Ensure that the callerprovides the correct document owner.

FBTKJK023E A reference list of elements to be signedwas not given. The signature templatecannot be generated without a referencelist.

Explanation: For a signature template to be generated,a reference list must be provided.

FBTKJK010E • FBTKJK023E


System action: Ensure that the caller provides thecorrect list of elements to be referenced in thegenerated signature template.

Administrator response: Ensure that the callerprovides the correct list of elements to be referenced inthe generated signature template.

FBTKJK024E A context was not provided by thecaller.

Explanation: The caller did not provide a context.


Administrator response: Ensure that a context isprovided.

FBTKJK025E A key alias was not provided by caller.




FBTKJK026E There was no data provided to besigned.

Explanation: The caller did not provide any data to besigned.


Administrator response: Ensure that data is provided.

FBTKJK027E A certificate with given alias (alias) wasnot found.

Explanation: The server could not find a certificatewith the provided alias.

System action: Ensure that you have the correctkeystore configured.


FBTKJK028E Signature validation failed.

Explanation: The server encountered an error whileattempting to validate a signature.

System action:

Administrator response: Check the cause exception todetermine why the validation failed.

FBTKJK029E No document was given.

Explanation: An XML document is required toperform the operation.


Administrator response: Ensure that a document isprovided.

FBTKJK030E The signature creation operation failed.

Explanation: The server encountered an error whileattempting to sign the given data.


Administrator response: Check the cause exception todetermine why the signing failed.

FBTKJK031E The signature is not valid.



Administrator response: Check the logs for exceptionsto determine why signature validation failed.

FBTKJK032E A key was not found with the givenalias (alias).

Explanation: The server could not find a key with theprovided alias.

System action: Ensure that you have the correctkeystore configured.


FBTKJK033E The required path element was notprovided.




FBTKJK034E The given element path did not point toan XML element.




FBTKJK035E The key type for a given alias alias is anunknown key.

Explanation: An attempt was made to use a key thathas an unknown type.

System action: An attempt was made to use a keythat has an unknown type.

Administrator response: Ensure that the key for given



alias is a supported key type.

FBTKJK036E The key encryption and signatureservice Java keystore was unable to finda worker to complete the task. Thiserror is likely due to an incorrectconfiguration.

Explanation: No configuration worker instance couldbe found.

System action: The operation returned failure.

Administrator response: Enable a trace and check thelogs for errors that might have lead up to this action.

FBTKJK037E The key encryption and signatureservice Java keystore EJB client couldnot create the remote interface, remote

Explanation: No remote EJB instance could be created.



FBTKJK038E The key encryption and signatureservice Java keystore EJB clientencountered an error with the EJBinvocation.

Explanation: An exception was thrown whilecommunicating with the remote EJB.



FBTKJK039E The SignedInfo signature value does notmatch the calculated value.

Explanation: The SignedInfo portion of the signaturedid not match the calculated value. This error isusually caused by the SignedInfo digest not matchingor the public key used to validate does not match theprivate key used to sign.


Administrator response: Ensure that the correctcertificate is used to validate the message.

FBTKJK040E The Reference with the identifieridentifier calculated a different digestvalue.

Explanation: The given Reference digest did notmatch the calculated digest. This error is usuallycaused by the message changing after being signed.


Administrator response: Ensure that the message does

not change after being signed.

FBTKJK041E While writing out the updated filefilename, an error was encountered. Theupdate to the file did not occur.

Explanation: An error was encountered when makingan update to the given file.


Administrator response: Ensure that the given fileexists and has the correct file permissions to allowupdates to occur. See the corresponding exception inthe trace file for more details.

FBTKJK042E The directory directory cannot be read.

Explanation: An error was encountered whenattempting to read the directory given.


Administrator response: Ensure that the givendirectory exists and that the correct file permissions areenabled.

FBTKJK043E The backup operation failed. Thebackup JAR file filename for directorydirectory cannot be created.

Explanation: An error was encountered whenattempting to create a backup.


Administrator response: Ensure that the givendirectory exists and that the correct file permissions areenabled.

FBTKJK045E The management operation is missingrequired input values. The managementoperation has failed to complete.

Explanation: The management operation is missingrequired input.


Administrator response: The management operationbeing called requires specific input to complete theoperation. Check the documentation for all the requiredinput.

FBTKJK046E The provided password is incorrect orthe keystore keystore does not exist. Themanagement operation has failed tocomplete.

Explanation: The provided password was not correct,or the keystore does not exist.


Administrator response: Ensure that the keystore



exists and ensure that the correct password wasentered.

FBTKJK047E An error was encountered whenretrieving the encoded format of thecertificate.

Explanation: An attempt was made to encode acertificate that returned errors.


Administrator response: Check the trace logs to findout a more specific exception error.

FBTKJK048E An error was encountered while creatingthe keystore for export. The exportoperation failed.

Explanation: During the generation of the keystore toexport, the server encountered a error.



FBTKJK049E An error was encountered whileimporting the given keystore. Theimport operation failed.

Explanation: During the importing of the keystore, theserver encountered a error.



FBTKJK050E The store storename does not exist. Theoperation failed to complete.

Explanation: The given store does not exist.


Administrator response: Ensure that the given storeexists.

FBTKJK051E The import into store storename failed.The operation failed to complete. Checkthe trace logs for more specific errors.

Explanation: An error was encountered when the keyor certificate or both were being imported.



FBTKJK052E The password for the given keystore isincorrect. The operation failed tocomplete.

Explanation: An error was encountered whilevalidating the password for the given keystore.


Administrator response: Ensure that the correctpassword is entered for the keystore or for the keyentry.

FBTKJK053E An error occurred when attempting toupdate the store (storename) with thenew data. The operation failed tocomplete.

Explanation: An error occurred when updating thestore listed.



FBTKJK054E The key alias alias name returned no datafor the keystore provided. Confirm thatthe key alias given exists. The operationfailed to complete.

Explanation: There are no keys or certificates locatedat the key alias given.


Administrator response: Confirm that the given keyalias exists in the provided keystore.

FBTKJK055E The key alias alias name already exists inthe store store name. The operation failedto complete.

Explanation: The import operation was asked to notoverwrite existing key aliases and the alias providedalready existed in the store.


Administrator response: Confirm that the given keyalias does not exist in the provided store.

FBTKJK056W The certificate with the subject'sdistinguished name of [dn] and serial of[number] has expired therefore it was notused for runtime operations.

Explanation: The given certificate has expired and willnot be used for runtime operations.

System action: The system will not use the certificate.

Administrator response: Only use certificates that arestill valid.

FBTKJK047E • FBTKJK056W


FBTKJK057E The block cipher algorithm URIprovided [URI] is not supported by theXML security API.

Explanation: The block cipher algorithm URI providedfrom configuration is not supported by the XMLsecurity API.


Administrator response: Change the configuration toa supported block cipher algorithm URI.

FBTKJK058E The key transport algorithm URIprovided [URI] is not supported by theXML security API.

Explanation: The key transport algorithm URIprovided from configuration is not supported by theXML security API.


Administrator response: Change the configuration toa supported key transport algorithm URI.

FBTKJK059E The provided message contained toomany EncryptedKey elements, we areunable to determine the correct key touse.

Explanation: The provided message did not have aKeyInfo element as a child of the EncryptedDataelement. Since there was no KeyInfo element theservice has to look for EncryptedKey elements underthe parent node of the EncryptedData. If there is morethen one EncryptedKey element under the parent, thiserror is returned.


Administrator response: Ensure the given messagecontains a KeyInfo element as a child of theEncryptedData element which includes either theEncryptedKey, or which references the EncryptedKey ifthere is more then one EncryptedKey in the message.

FBTKJK060E No EncryptedKey element found, we areunable to decrypt the given message.

Explanation: The given message did not contain aEncryptedKey element, the EncryptedKey elementcontains the key material to decrypt the EncryptedDataelement.


Administrator response: Ensure that messages containat least one EncryptedKey element for everyEncryptedData element.

FBTLIB001E A configuration error has occurred.

Explanation: A configuration error has occurred dueto invalid configuration.


Administrator response: Enable a trace for detailedmessages and validate the configuration.

FBTLIB002E Internal Error: The delegate protocolwas unable to retrieve the LibertyRequest Context.

Explanation: Internal Error: The delegate protocol wasunable to retrieve the Liberty Request Context.



FBTLIB003E The Liberty plug-in is not able to routethe incoming request correctly.

Explanation: The Liberty plug-in is not able todetermine the protocol that must be used for theincoming request.


Administrator response: Make sure that the endpointthat is configured is correct. Enable a trace for detailedmessages about the error.

FBTLIB004E Internal Error: The delegate protocolcannot retrieve the AuthnRequest fromincoming HTTP GET.

Explanation: The delegate protocol cannot retrieve theAuthnRequest from incoming HTTP GET.


Administrator response: Enable a trace for detailedmessages about the error.

FBTLIB005E Internal Error: The delegate protocolcannot retrieve the AuthnResponse fromincoming HTTP POST.

Explanation: The delegate protocol cannot retrieve theAuthnResponse from incoming HTTP POST.



FBTLIB006E Internal Error: The delegate protocolcannot decode the incomingAuthnResponse from BASE64.

Explanation: The delegate protocol cannot decode theincoming AuthnResponse from BASE64.

FBTKJK057E • FBTLIB006E



Administrator response: Make sure that theAuthnResponse was encoded correctly by the partner.Enable a trace for detailed messages about the error.

FBTLIB007E Internal Error: The delegate protocolcannot retrieve the value in the LARESfield in the incoming AuthnReponsePOST.

Explanation: The delegate protocol cannot retrieve thevalue in the LARES field in the incomingAuthnReponse POST.


Administrator response: Make sure that theAuthnResponse was sent by the partner adhering toLiberty specifications. Enable a trace for detailedmessages about the error.

FBTLIB008E Internal Error: An error was encounteredin the execution of protocol chain.

Explanation: An error was encountered in theexecution of protocol chain.

System action: Contact your IBM supportrepresentative.


FBTLIB009E Internal Error: The Delegate protocol isunable to process the response becauseit could not retrieve the AuthnRequestfrom LibertyContext.

Explanation: The Delegate protocol is unable toprocess the response because it could not retrieve theAuthnRequest from LibertyContext.



FBTLIB010E Internal Error: The Delegate protocol isunable to obtain the SingleSignOnUrlfrom the context.

Explanation: The Delegate protocol is unable to obtainthe SingleSignOnUrl from the context.


Administrator response: Make sure all the endpointsare configured correctly. Enable a trace for detailedmessages about the error.

FBTLIB011E Internal Error: The Delegate protocol isunable to process the response becauseit could not retrieve the AuthnResponsefrom LibertyContext.

Explanation: The Delegate protocol is unable toprocess the response because it could not retrieve theAuthnResponse from LibertyContext.



FBTLIB012E Internal Error: The Delegate protocol isunable to process the response becauseit could not convert the AuthnResponseto an XML string.

Explanation: The Delegate protocol is unable toprocess the response because it could not convert theAuthnResponse to an XML string.


Administrator response: The AuthnResponse messagemight not be formatted correctly. Enable a trace fordetailed messages about the error.

FBTLIB013E Internal Error: The Delegate protocol isunable to convert the response from anXML string to BASE64 encoded data.

Explanation: The Delegate protocol is unable toconvert the response from an XML string to BASE64encoded data.


Administrator response: The AuthnResponse messagemight not be formatted correctly. Enable a trace fordetailed messages about the error.

FBTLIB014E Internal Error: The Delegate protocol isunable to obtain theAssertionConsumerUrl from the context.

Explanation: The Delegate protocol is unable to obtainthe AssertionConsumerUrl from the context.


Administrator response: Make sure that all theendpoints are configured correctly. Enable a trace fordetailed messages about the error.

FBTLIB015E Internal Error: The Delegate protocol isunable to obtain the RelayState from theAuthnResponse.

Explanation: The Delegate protocol is unable to obtainthe RelayState from the AuthnResponse.


FBTLIB007E • FBTLIB015E


Administrator response: RelayState might not be setcorrectly in the AuthnResponse. Enable a trace fordetailed messages about the error.

FBTLIB016E Internal Error: The Delegate protocol isunable to find the template pagePageTemplate.

Explanation: The delegate protocol is unable to findthe specified page template.


Administrator response: Make sure that the productis installed and configured correctly. Enable a trace fordetailed messages about the error.

FBTLIB017E Internal Error: The delegate protocolcannot retrieve the LogoutRequest fromincoming HTTP GET.

Explanation: The delegate protocol cannot retrieve theLogoutRequest from incoming HTTP GET.



FBTLIB018E The delegate protocol cannot retrievethe EndPointType from the definedfederations.

Explanation: The specified endpoint is not configured.


Administrator response: Make sure that all theendpoints are configured correctly. Enable a trace fordetailed messages about the error.

FBTLIB019E The delegate protocol cannot convert thelogout response to a URL encodedstring.

Explanation: The delegate protocol cannot convert thelogout response to a URL encoded string.



FBTLIB020E Internal Error: The delegate protocolcould not find the session ID SessionIdin the global session.

Explanation: The specified session ID was not foundin the global session.


Administrator response: The session ID might nothave been stored or it might have expired. Enable atrace for detailed messages about the error.

FBTLIB021E The delegate protocol configurationdetermined that no federations aredefined.

Explanation: The delegate protocol configurationdetermined that no federations are defined.


Administrator response: Make sure that thefederations are defined. Enable a trace for detailedmessages about the error.

FBTLIB022E The required attribute VariableName wasnot found in the defined self-federationentity.

Explanation: The specified attribute is not defined inthe self-federation entity.


Administrator response: Make sure that the specifiedrequired attribute is defined in the self-federationentity. Enable a trace for detailed messages about theerror.

FBTLIB023E The Delegate protocol configurationcould not find the Provider ID in thedefined self-federation entity.

Explanation: The Delegate protocol configurationcould not find the Provider ID in the definedself-federation entity.


Administrator response: Make sure that the ProviderID is defined in the self-federation entity. Enable a tracefor detailed messages about the error.

FBTLIB024E The Delegate protocol configurationcould not find the Key identifier in thedefined self-federation entity.

Explanation: The Delegate protocol configurationcould not find the Key identifier in the definedself-federation entity.


Administrator response: Make sure the Key identifieris defined in the defined self-federation entity. Enable atrace for detailed messages about the error.



FBTLIB025E The SOAPEndpoint URL is malformed.SoapEndpoint = SoapEndpoint

Explanation: The specified SOAPEndpoint URL is notvalid.


Administrator response: Make sure that the correctSOAPEndpoint is configured. Enable a trace fordetailed messages about the error.

FBTLIB026E The Liberty plug-in cannot connect toSOAPEndpoint SoapEndpoint

Explanation: The Liberty plug-in cannot connect tothe specified SOAPEndpoint.


Administrator response: Make sure that theSOAPEndpoint accepts connections. Enable a trace fordetailed messages about the error.

FBTLIB027E The Liberty plug-in caught anunexpected exception when sending theSOAP message.

Explanation: The Liberty plug-in caught anunexpected exception when sending the SOAPmessage.



FBTLIB028E The Liberty plug-in received a SOAPrequest that is not valid.

Explanation: The Liberty plug-in received a SOAPrequest that is not valid.


Administrator response: Make sure that the receivedSOAP request is formatted correctly. Enable a trace fordetailed messages about the error.

FBTLIB029E The keystore is not initialized for SSLcommunication for the SOAP client.

Explanation: The keystore is not initialized for SSLcommunication for the SOAP client.



FBTLIB030E The Liberty plug-in caught an exceptionduring SSL initialization.

Explanation: The Liberty plug-in caught an exceptionduring SSL initialization.



FBTLIB031E The Liberty plug-in configuration failedto find the key Key in the SPSconfiguration.

Explanation: The Liberty plug-in configuration failedto find the specified key in the SPS configuration.



FBTLIB032E The Liberty SOAP client failed toinitialize due to an unexpectedexception.

Explanation: The Liberty SOAP client failed toinitialize due to an unexpected exception.


Administrator response: Make sure that the SOAPback channel configuration is correct. Enable a trace fordetailed messages about the error.

FBTLIB033E The Liberty plug-in is unable to get anartifact from the context.

Explanation: The Liberty plug-in is unable to get anartifact from the context.



FBTLIB034E The Liberty plug-in is unable to get anartifact from the incoming HTTP GETquery parameters.

Explanation: The Liberty plug-in is unable to get anartifact from the incoming HTTP GET queryparameters.





FBTLIB035E The Liberty plug-in is unable to get aSAML response from the context.

Explanation: The Liberty plug-in is unable to get aSAML response from the context.



FBTLIB036E Internal Error: The Delegate protocol isunable to get the logout response fromthe received HTTP GET.

Explanation: The Delegate protocol is unable to getthe logout response from the received HTTP GET.



FBTLIB037E Internal Error: The delegate protocolcannot retrieve the Logout responsefrom the context.

Explanation: The delegate protocol cannot retrieve theLogout response from the context.



FBTLIB038E The delegate protocol cannot convert alogout request to a URL-encoded string.

Explanation: The delegate protocol cannot convert alogout request to a URL-encoded string.



FBTLIB039E Internal Error: The Delegate protocol isunable to process the request because itcould not retrieve a LogoutRequest fromLibertyContext.

Explanation: The Delegate protocol is unable toprocess the request because it could not retrieve aLogoutRequest from LibertyContext.



FBTLIB040E An incorrect LECP header was receivedin the incoming request.

Explanation: An incorrect LECP header was receivedin the incoming request.



FBTLIB041E The Delegate protocol is unable to getthe AuthnRequest from the incomingSOAP message.

Explanation: The Delegate protocol is unable to getthe AuthnRequest from the incoming SOAP message.



FBTLIB042E The Delegate protocol is unable to getthe AuthnResponse from the receivedHTTP POST.

Explanation: The Delegate protocol is unable to getthe AuthnResponse from the received HTTP POST.


Administrator response: Make sure that the partner isconfigured to send the AuthnResponse. Enable a tracefor detailed messages about the error.

FBTLIB043E The Delegate protocol is unable to findan AuthnRequest in the received SOAPmessage.

Explanation: The Delegate protocol is unable to findan AuthnRequest in the received SOAP message.



FBTLIB044E Internal Error: The Delegate protocol isunable to get theAuthnRequestEnvelope from theContext.

Explanation: The Delegate protocol is unable to getthe AuthnRequestEnvelope from the Context.





FBTLIB045E Internal Error: The Delegate protocol isunable to get theAuthnResponseEnvelope from theContext.

Explanation: The Delegate protocol is unable to getthe AuthnResponseEnvelope from the Context.



FBTLIB046E A common domain name has not beenconfigured.

Explanation: An attempt was made to perform anIdentity Provider introduction but a common domainname was not configured.

System action: The operation was not performed.

Administrator response: Configure a common domainname and restart the server.

FBTLIB047E An MSISDN header was not found inthe incoming LECP request.

Explanation: The incoming LECP request does notcontain an MSISDN header.

System action: The request was rejected.

Administrator response: Configure the LECP providerID correctly and restart the server.

FBTLIB048E An error was encountered whileunobfuscating the passwordObfuscatedPassword for key Key from theconfiguration.

Explanation: Liberty plug-in tried to unobfuscate thespecified password set in the configuration, but failedto do so.

System action: The Liberty plug-in failed to initializeSSL for the SOAP backchannel.

Administrator response: Configure SSL for the SOAPbackchannel correctly and restart the server.

FBTLIB049E Partner provider ID cannot bedetermined for checking signatureconfiguration options.

Explanation: Liberty plug-in tried to find the partnerthis message was sent to or received from, but failed todo so.

System action: The Liberty plug-in failed to determinethe partner from the configuration.


FBTLIB050E Request to create an unsolicitedAuthnResponse was received but therequest does not contain all the requiredparameters.

Explanation: The required parameters are missing inthe request.

System action: The request was rejected.

Administrator response: The request must have theTargetURL and ProviderID parameters set.

FBTLIB100E The value value received forAttributeName in the ElementNameelement is not valid.

Explanation: The data received from the peer nodedoes not conform to Liberty protocol version 1.0.



FBTLIB101E A value for the attribute AttributeNamemust be provided for the <ElementName>element.

Explanation: The application is in error. Required datawas not set in the Liberty protocol object.



FBTLIB102E The VariableName message that wasreceived specifies an unsupportedversion [MajorMinor]. Only versionMajorMinor is supported.

Explanation: The data from the peer node specifies aversion that is not supported by this application.



FBTLIB103E The received message failed signatureverification: error_message.

Explanation: The received message was signed butsignature verification failed.





FBTLIB104E The received message was not signed.

Explanation: This application is configured to requirethat all received messages must be signed, but themessage received was not signed.



FBTLIB105E The attempt to sign a message wasunsuccessful.

Explanation: The protocol message could not besigned. This error could be caused by a keystoreconfiguration error or expired certificates.



FBTLIB106E An unexpected exception was caughtwhile initializing the keystore.

Explanation: An unexpected exception was caughtfrom the key service.

System action: The request will not be signed.


FBTLIB107E An unexpected exception was caughtdecoding a BASE64 encoded string.

Explanation: A string that should be BASE64 encodedcould not be decoded.

System action: The string is ignored.


FBTLIB108E The member elementMemberElementName must be providedfor the <ElementName> element.

Explanation: The application is in error. Required datawas not set in the Liberty protocol object.



FBTLIB109E The received <ElementName> elementdoes not contain the required memberelement MemberElementName.

Explanation: The sending application is in error.Required data was not included in the incomingrequest message.



FBTLIB110E The received element <ElementName>does not contain the required attributeMemberElementName.

Explanation: The sending application is in error.Required data was not included in the incomingrequest message.



FBTLIB111E The received element <ElementName>does not match the expected element<ExpectedElementName>.

Explanation: The sending application is in error. Therequest or response does not conform to the Libertymessage protocol.



FBTLIB112E The elements <ElementName> and<ElementName> are mutually exclusivemembers of the <ElementName> element.




FBTLIB113E The artifact string length is not valid.The length is <length> bytes instead of42 bytes.




FBTLIB114E The artifact type is unsupported.






FBTLIB115E The signature algorithm <length> ismissing or unsupported.




FBTLIB116E The received namespace URI[Namespace] does not match the expectednamespace URI [ExpectedNamespace] forelement <ExpectedNamespace>.




FBTLIB117E The received URL-encoded <Request> isnot valid: [Input string].

Explanation: The URL-encoded string that wasreceived is not valid. The most likely cause is that thedata was sent to the wrong URL endpoint by thesender.



FBTLIB118E A key alias was not provided by thecaller.




FBTLIB119E The attempt to encrypt or decrypt amessage was unsuccessful: Error message.

Explanation: The protocol message could not besigned. This error could be caused by a keystoreconfiguration error or expired certificates.



FBTLIB200E The protocol action caught anunexpected exception while building aLiberty assertion.

Explanation: The protocol action caught anunexpected exception from outside of Liberty whilebuilding a Liberty assertion.


FBTLIB201E The protocol action cannot retrieve theSAML status from the Liberty context.

Explanation: No SAML_STATUS attribute was foundin the Liberty context. This attribute is typically set bya previous protocol action.


FBTLIB202E The protocol action cannot find arequest ID in the request object.

Explanation: No RequestID attribute was found in therequest message being processed. This attribute isrequired.


FBTLIB203E The protocol action cannot determinethe current provider identifier.

Explanation: The configuration did not return anidentifier for the current provider.

Administrator response: Verify that configuration filesare present and have not been corrupted. If the filesappear good, enable a trace for detailed messages aboutthe error.

FBTLIB204E No federation exists for this principal.

Explanation: Single sign-on is not possible for thisprincipal because the account cannot be federated. Thefollowing conditions can prevent account federation:the user does not consent to federation when queried,the authentication request Federate element is set tofalse, the authentication request IsPassive element is setto true and the user cannot be queried for consent.

Administrator response: Verify that the authenticationrequest provides proper values for the Federate andIsPassive elements, and that the user answersaffirmatively if queried for consent to federate. Inaddition, enable a trace for detailed messages about theerror.



FBTLIB205E The protocol action caught anunexpected exception while determiningconsent to federate.

Explanation: The protocol action caught anunexpected exception outside of Liberty whiledetermining if the user consents to account federation.


FBTLIB206E The protocol action cannot determinethe identity of a locally authenticateduser.

Explanation: No local user information was availablein the Liberty context. This information is typically setby a previous protocol action by querying the localexecution environment for user identity and credentials.

User response: Verify that the user has logged onsuccessfully.


FBTLIB207E The protocol action cannot determinethe value of the name identifierprovided by the identity provider.

Explanation: No IDP_NAME_ID attribute was foundin the Liberty context. This value is typically set by aprevious protocol action.


FBTLIB208E The protocol action caught anunexpected exception while federatingthe principal.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileattempting to federate the principal.


FBTLIB209E The protocol action caught anunexpected exception while executingForceAuthn logic.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileexecuting ForceAuthn logic.


FBTLIB210E The protocol action cannot obtain a localtoken from the Liberty context.

Explanation: Local authentication is not possiblebecause the protocol action requires a LOCAL_TOKENattribute in the Liberty context. This attribute istypically set by a previous protocol action.


FBTLIB211E The protocol action caught anunexpected exception while attemptingto set the user's local credentials.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileattempting to set the user's local credentials.


FBTLIB212E SAML error in response: SamlStatus.

Explanation: The response message contains a SAMLerror indicating that the request was not successful.

Administrator response: Enable a trace on themessage provider for information about why the errorwas returned.

FBTLIB213E No Liberty assertion was returned in theauthentication response message.

Explanation: The identity provider did not return anyLiberty assertions in the authentication response. Singlesign-on failed.

Administrator response: Enable a trace on the identityprovider for information about why no Libertyassertions were included in the authentication response.

FBTLIB214E No RelayState element was found in theauthentication response.

Explanation: The authentication response message didnot contain a RelayState element, which is required forsingle sign-on. The RelayState should have beenprovided in the original authentication request.

Administrator response: Enable a trace on both theservice provider and identity provider for moreinformation. On the service provider, verify that theoriginal authentication request contains the appropriateRelayState element.

FBTLIB215E No request with identifier InResponseTowas found. The response is ignored.

Explanation: The response message contained anInResponseTo attribute whose value did not correspondto any request identifiers in the current session.



Administrator response: Enable a trace on both theservice provider and identity provider for moreinformation. On the service provider, verify that theoriginal request contains a RequestID attribute. On theidentity provider, verify that the response referencesthat same value in the InResponseTo attribute.

FBTLIB216E The protocol action caught anunexpected exception while processingthe Liberty message.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileprocessing the Liberty message.


FBTLIB217E The Liberty assertion could not beexchanged for a local credential.

Explanation: The protocol action caught anunexpected exception from the token exchange servicewhile exchanging a Liberty assertion for a localcredential.


FBTLIB218E The protocol action caught anunexpected exception while queryingthe user who wants to federate hisidentity.

Explanation: The protocol action caught anunexpected exception outside of Liberty while queryingthe user who wants to federate his identity.


FBTLIB219E The protocol action caught anunexpected exception while queryingthe execution environment for the user'scurrent federation state.

Explanation: The protocol action caught anunexpected exception outside of Liberty while queryingthe execution environment for the user's currentfederation state.



FBTLIB220E The protocol action caught anunexpected exception while queryingthe execution environment for the user'scurrent login state.

Explanation: The protocol action caught an

unexpected, non-Liberty exception while querying theexecution environment for the user's current login state.


FBTLIB221E A Liberty version mismatch occurred:runtime = LibertyRuntimeMajorVersion.LibertyRuntimeMinorVersion; message =MessageMajorVersion.MessageMinorVersion.

Explanation: The Liberty version of the message is notsupported by the Liberty runtime.

Administrator response: Verify that the providers inthis provider's circle of trust operate at a compatiblelevel of the Liberty protocol.

FBTLIB222E The protocol action caught anunexpected exception while validating aLiberty message.

Explanation: The protocol action caught anunexpected exception outside of Liberty whilevalidating a Liberty message.


FBTLIB223E The identity provider (IdentityProvider)does not have a configured federationwith the requesting service provider(ServiceProvider).

Explanation: There are no configured federations thatinclude the service provider who issued the request.

Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,establish a partnership with the service provider inquestion.

FBTLIB224E The user has no local credentials.

Explanation: The protocol being executed by thisaction requires that the user is locally authenticated. Nolocal credentials could be found; therefore, the protocolcannot be completed.


FBTLIB225E The protocol action caught anunexpected exception while verifyingthat the user has local credentials.

Explanation: The protocol action caught anunexpected exception outside of Liberty while verifyingthat the user has local credentials.




FBTLIB226E The protocol action caught anunexpected exception while building aLiberty request or response message.

Explanation: The protocol action caught anunexpected exception outside of Liberty while buildinga Liberty request or response message.


FBTLIB227E No destination URL was found in theLiberty context.

Explanation: The protocol action cannot find theAPPLIES_TO_URL attribute in the Liberty context. Thisattribute is typically set by a previous action that sets itto the value of a service provider'sAssertionConsumerServiceURL.

Administrator response: Verify that configuration filesare present and have not been corrupted. Enable a tracefor detailed messages about the error.

FBTLIB228E The local credential could not beexchanged for a Liberty assertion.

Explanation: The protocol action caught anunexpected exception from the token exchange servicewhile exchanging a local credential for a Libertyassertion.


FBTLIB229E The identity provider is passive andcannot authenticate the user.

Explanation: The identity provider must interact withthe user for local authentication, but it cannot becausethe authentication request's IsPassive element is set to'true'.

Administrator response: Retry the authenticationrequest with the IsPassive element set to 'false'.

FBTLIB230E The ForceAuthn element is notsupported.

Explanation: Forced authentication is not supported inthis release, and the authentication request'sForceAuthn element is set to 'true'.

Administrator response: Retry the authenticationrequest with the ForceAuthn element set to 'false'.

FBTLIB231E The ReauthenticateOnOrAfter attributeis not supported.

Explanation: Reauthentication requirements specifiedin the Liberty assertion is not supported in this release.Therefore, the assertion cannot be used for singlesign-on.

Administrator response: Retry the authenticationrequest, sending it to an identity provider that does notspecify a reauthentication time.

FBTLIB232E The provider identifier cannot beretrieved from configuration.

Explanation: Configuration did not return a value forthe provider identifier.

Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,add the needed configuration data.

FBTLIB233E The protocol profile could not beretrieved from the Liberty context.

Explanation: The Liberty context did not contain aLIB_PROTOCOL_PROFILE attribute. This attribute istypically set by the delegate protocol.


FBTLIB234E The protocol action caught anunexpected exception while generatingclaims for the token exchange between alocal credential and a Liberty assertion.

Explanation: The protocol action caught anunexpected exception outside of Liberty whilegenerating a LibertyClaims object for the tokenexchange.

Administrator response: Enable trace for detailedmessages about the error.

FBTLIB235E No provider identifier was found in theLiberty message.

Explanation: The protocol action could not find aprovider identifier in the message being processed.

Administrator response: Enable a trace for detailedmessages about the error, including format of themessage in question.

FBTLIB236E No identity service was found.

Explanation: No identity service was found.

Administrator response: Check the identity serviceconfiguration. Enable a trace for detailed messagesabout the error.

FBTLIB237E No token request information wasfound.

Explanation: Token exchange requires Issuerinformation, AppliesTo information, or both. NeitherIssuer information nor AppliesTo information could befound.



Administrator response: If the error is seen on anidentity provider, check the configuration and makesure that the self-provider is configured properly; thisconfiguration is needed to determine the Issuerinformation. Enable a trace for detailed messages aboutthe error, including the contents of the message, whichshould contain the ProviderID. The ProviderID isneeded to determine the AppliesTo information. If theerror is seen on a service provider, enable a trace fordetailed messages about the error; Issuer information isdetermined from information in the Liberty assertion,and AppliesTo information is determined from theRelayState in the original authentication request.

FBTLIB238E No alias was found for user User andprovider PartnerProvider.

Explanation: There was no alias found for thecurrently authenticated user for the specified partnerprovider.


FBTLIB239E The timestamp (IssueInstant attribute)in a received Liberty request or responsewas out of range.

Explanation: Validation failed for a received Libertymessage because the timestamp in the message did notfall within a configured range from the current system'stime.

Administrator response: Synchronize the clocks of thesending and receiving machines, if possible. Also checkthat the configured time skew tolerance is acceptable.

FBTLIB240E The protocol action caught anunexpected exception while executing alocal logout.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileexecuting a local logout.


FBTLIB241E The local logout operation failed.

Explanation: The local logout operation failed.


FBTLIB242E The protocol action could not build alist of service providers that were sentLiberty assertions on this session.

Explanation: The protocol action could not build a listof service providers that were sent Liberty assertionson this session.


FBTLIB243E The response does not correlate to thecurrent request.

Explanation: Validation failed for a Liberty or SAMLresponse because the InResponseTo attribute in areceived Liberty response did not match the currentrequest identifier.

Administrator response: Enable a trace on both theresponding and requesting machines for detailedmessages about the error.

FBTLIB244E The service provider (ServiceProvider)does not have a configured federationwith the responding identity provider(IdentityProvider).

Explanation: No configured federations include theidentity provider that issued the response.

Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,establish a partnership with the identity provider inquestion.

FBTLIB245E The service provider (ServiceProvider)making the logout request was notissued an assertion by this session inthe identity provider.

Explanation: The identity provider sessioninformation does not indicate that this service providerhas been issued an assertion. Therefore, the serviceprovider cannot initiate a logout request.

Administrator response: This error might mean thatthe identity provider has received an inappropriatelogout message. Examine the configuration and enablea trace to investigate which service providers canrequest authentication and which actually haverequested authentication.

FBTLIB246E The provider (ServiceOrIdentityProvider)does not have a required endpoint URLconfigured (EndpointURL).

Explanation: A required endpoint URL was not foundin the configuration for the specified provider.

Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,define the required endpoint URL for the provider inquestion.

FBTLIB247E Bad SAML status.

Explanation: A previous protocol action set theSAML_STATUS Liberty attribute to a value other than



Success, indicating that subsequent actions should notexecute.

Administrator response: Enable a trace to determinewhich action set the SAML_STATUS value, and whythe value is not samlp:Success.

FBTLIB248E No LogoutRequest was found for theresponding service provider(ServiceProvider).

Explanation: A LogoutResponse was received from aservice provider and no corresponding LogoutRequestcould be found. The LogoutResponse is ignored.


FBTLIB249E No audience entry was found forself-service provider (ServiceProvider).

Explanation: The Liberty assertion did not contain anaudience entry for the current self-provider. Theassertion is ignored.

Administrator response: Enable trace for detailedmessages on the issuing identity provider to determinewhy the self-provider was not included in the assertionaudience.

FBTLIB250E The protocol action caught anunexpected exception while validating aLiberty assertion.

Explanation: The protocol action caught anunexpected exception outside of Liberty whilevalidating a Liberty assertion.


FBTLIB251E The Liberty assertion failed validation.

Explanation: The Liberty assertion did not passvalidation checks of the ReauthenticationOnOrAfterattribute, the InResponseTo attribute, or theAudienceRestrictionCondition element.


FBTLIB252E Required data could not be found fromconfiguration.

Explanation: A required data item was not found inthe provider's configuration, so the operation cannot beperformed.

Administrator response: Enable a trace for detailedmessages about the error, including which data itemcould not be found. Then verify that the provider'sconfiguration files are not incorrect or unreadable andthat they contain the proper data.

FBTLIB253E Required data could not be found in aLiberty request or response message.

Explanation: A required data item was not found in aLiberty request or response message, so the operationcannot be performed.

Administrator response: Enable a trace for detailedmessages about the error, including which data itemcould not be found. Note that trace might need to beenabled on the provider of the Liberty message as wellto determine why the message lacks the required data.

FBTLIB254E Required data could not be found in theLiberty context.

Explanation: A required data item was not found inthe Liberty context, so the operation cannot beperformed.

Administrator response: Enable a trace for detailedmessages about the error, including which data itemcould not be found.

FBTLIB255E The issuer of the Liberty assertion(AssertionIsuer) did not match the issuerof the Liberty artifact (ArtifactIssuer).

Explanation: The Liberty assertion's issuer did notmatch the Liberty artifact's issuer. The assertion isignored.

Administrator response: Enable a trace for detailedmessages about the error. Verify that the configurationmaps the succinct ID in the artifact to the correctprovider.

FBTLIB256E The Liberty Service implementationclass (ClassName) is not valid.

Explanation: The Liberty Service implementationparameter is not valid.

Administrator response: Update the configuration.Ensure that the implementation class is a fully qualifiedJava class.

FBTLIB257E The Liberty Service failed to validatethe configuration.

Explanation: The Liberty Service failed to validate theconfiguration information.


FBTLIB258E The Liberty Service Factory failed toinstantiate the service with theimplementation class (ClassName).

Explanation: The Liberty Service Factory failed toinstantiate the service implementation class.




FBTLIB259E No assertion or status information wasfound for artifact (LibertyArtifact).

Explanation: No information related to the specifiedartifact could be found.

Administrator response: Verify that the artifact isspecified properly and that it has been used within theallowed assertion store timeout.

FBTLIB260E The Liberty module failed to retrievethe service factory for the specifiedservice key (Service Key).

Explanation: The Liberty module failed to retrieve theservice factory.

Administrator response: Enable trace for detailedmessages about the error. Verify that the configurationhas the correct entry for the service factory and retrythe operation.

FBTLIB261E The Liberty module failed to retrieve aservice instance using the servicefactory. (ServiceFactory).

Explanation: The Liberty module failed to retrieve aservice instance.


FBTLIB262E The succinct ID in the artifact does notcorrespond to a configured provider.

Explanation: No provider was mapped to the succinctID in the artifact. The artifact is ignored.

Administrator response: Enable a trace for detailedmessages about the error, including which succinct IDis in the artifact. Verify that configuration has correctmappings for providers and their succinct IDs.

FBTLIB263E The provider referenced by the succinctID in the Liberty artifact(ArtifactSuucinctIDProvider) did not matchthe current provider (SelfProvider).

Explanation: The provider mapped to the succinct IDin the Liberty artifact did not match the current identityprovider. The assertion request is ignored.

Administrator response: Enable a trace for detailedmessages about the error. Verify that the configurationhas the correct mappings for providers and theirsuccinct IDs.

FBTLIB264E The protocol action caught anunexpected exception while validating aLiberty artifact.

Explanation: The protocol action caught anunexpected exception outside of Liberty whilevalidating a Liberty artifact.


FBTLIB265E The protocol action caught anunexpected exception while building aLiberty artifact.

Explanation: The protocol action caught anunexpected exception outside of Liberty while buildinga Liberty artifact.


FBTLIB266E The Liberty module caught anunexpected exception while serializingan object.

Explanation: The Liberty module caught anunexpected exception while serializing an object.


FBTLIB267E The Liberty module caught anunexpected exception whiledeserializing an object.

Explanation: The Liberty module caught anunexpected exception while deserializing an object.


FBTLIB268E The Liberty LogoutRequest could not befound.

Explanation: The Liberty LogoutRequest object, whichis required to complete the operation, could not befound. If the operation was being performed on aservice provider, the LogoutRequest should be in theLiberty context. If the operation was being performedon an identity provider, the LogoutRequest should bein the Liberty session.


FBTLIB269E The Protected Resource URL valuecould not be found in the LibertyContext object.

Explanation: The Protected Resource URL value,which is required to complete the operation, could notbe found in the Liberty Context object.



Administrator response: Verify that the point ofcontact at the service provider is configured properly.

FBTLIB270E The requested provider provider does notexist.

Explanation: The provider ID, which is required toinitiate federation termination, could not be found.

Administrator response: Verify that the provider ID iscorrect and that the configuration specifies thatprovider ID.

FBTLIB271E The profile specified for terminationprofile is not valid.

Explanation: The profile specified is not present orsupported.

Administrator response: Verify that the profile URI iscorrect and that the configuration specifies thatprovider URI.

FBTLIB272E The federation termination service URLspecified for termination url is not valid.

Explanation: The URL specified is not present orsupported.

Administrator response: Verify that the URL is correctand that the configuration specifies that provider URL.

FBTLIB273E The federation termination serviceSOAP endpoint specified fortermination endpoint is not valid.

Explanation: The URL specified is not present orsupported.

Administrator response: Verify that the URL is correctand that the configuration specifies that provider URL.

FBTLIB274E The federation termination service ismissing a notification message.

Explanation: The notification message specified is notpresent or supported.

Administrator response: Verify that the message iscorrect and that the configuration specifies the providerURL and correct notification profile.

FBTLIB275E The federation partner's service returnURL, endpoint is missing or not valid.

Explanation: The termination service return URLspecified is not present or supported.

Administrator response: Verify that the message iscorrect and that the configuration specifies the providerURL and service return URL.

FBTLIB276E A response to an unsolicited federationtermination was received.

Explanation: A request was received as a response toan unsolicited federation termination. This request willbe ignored but could be due to the requestor nothaving cookies enabled. The configuration can overridethis default behavior.

Administrator response: Verify that the message iscorrect and that the configuration specifies the providerURL and service return URL.

FBTLIB277E The ID service request to remove analias for userId and provider providerIdfailed.

Explanation: The ID service operation was notsuccessful.

Administrator response: Validate that the identity andprovider are valid and check the log for messagesreturned from the ID service.

FBTLIB279E The user's response to the consent tofederate was not found in the browserquery string.

Explanation: Internal Error: The Delegate protocol isunable to process the response because it could notretrieve the AuthnRequest from LibertyContext.



FBTLIB280E The register name identifier could notbe performed. The user user does nothave a required name identifierconfigured for provider provider.

Explanation: For a register name identifier request tobe created, it is a requirement that the user has a nameidentifier for the partner.

Administrator response: Validate that the given userhas a name identifier configured.

FBTLIB281E The register name identifier requestfailed. The provider provider did notprovide a name identifier in the registername identifier request.

Explanation: A name identifier is required in aregister name identifier request.

Administrator response: Validate that the givenprovider is correctly formatting its register nameidentifier requests.



FBTLIB282E The register name identifier could notbe performed. The provider provider didnot provide an old name identifier inthe register name identifier request.

Explanation: A old name identifier is required in aregister name identifier request.


FBTLIB283E Register name identifier request failed.The provider provider provided the oldname identifier old identifier but theexpected one was expected old identifier.

Explanation: The provided old name identifier did notmatch the current name identifier. The register nameidentifier request failed.


FBTLIB284E The register name identifier could notbe performed. The provider providerdoes not have the required registername identifier endpoint configured.

Explanation: The given provider does not have therequired register name identifier endpoint configured.

Administrator response: Validate that the givenprovider has a register name identifier endpointconfigured.

FBTLIB285E The register name identifier request foruserid could not complete because theidentity service was unavailable.

Explanation: The identity service was not available tocomplete the register name identifier request.

Administrator response: Validate that the identityservice is configured into the environment and isfunctioning correctly.

FBTLIB286E The register name identifier request foruserid could not complete because anerror was encountered during themodification of the alias in the registry.

Explanation: The identity service was not able tomake the alias modification in the registry.

Administrator response: Check a trace log for a morespecific error that will indicate what caused theproblem.

FBTLIB287E No register name identifier responsemessage was given.

Explanation: The partner did not respond with aregister name identifier message.

Administrator response: Ensure that the partnerresponds with correctly formatted messages.

FBTLIB288E No provider identifier was given in theregister name identifier response.

Explanation: The provider did not respond with aprovider identifier.

Administrator response: Ensure that the providerresponds with correctly formatted messages.

FBTLIB289E The provider provider did not include astatus in the register name identifierresponse.

Explanation: The provider given did not include astatus or a correctly formatted status in its response.

Administrator response: Ensure that the providerresponds with correctly formatted messages.

FBTLIB290E No register name identifier requestfound in the session.

Explanation: When the provider returns a response,the original request is needed to complete thetransaction.

Administrator response: Ensure that the browser hascookies enabled.

FBTLIB291E The protocol action caught anunexpected exception while executing alocal login.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileexecuting a local login.


FBTLIB292E The name identifier provided forfederation termination, identifier, is notvalid.

Explanation: The requestor sent a name identifier thatwas not valid for the principal.




FBTLIB293E A federation termination notificationthat was not valid was received.

Explanation: An attempt to decode the federationtermination notification failed either because of schemaviolation or a signature failure.

Administrator response: Check a trace log for themessage and ensure that it is correctly formatted, andvalidate the configured keys for the partner sending thenotification.

FBTLIB294E The federation termination notificationcould not be created because'schemaMessage'. The federationtermination has not been performed.

Explanation: An attempt to encode the federationtermination notification failed either because of schemaviolation or a signature failure.

Administrator response: Check a trace log for themessage and ensure that it is correctly formatted, andvalidate the configured private key aliases.

FBTLIB295E The register name identifier provided isnot valid or could not be understood,because [reason]. The register nameidentifier has not been performed.

Explanation: An attempt to encode the register nameidentifier failed either because of a schema violation ora signature failure.


FBTLIB296E There was no register name identifierrequest provided. The register nameidentifier has not been performed.

Explanation: There was no register name identifierrequest provided.

Administrator response: Ensure that the providermaking the register name identifier request provides arequest message.

FBTLIB297E The register name identifier messagecould not be created because[schemaMessage]. The federationtermination has not been performed.

Explanation: No register name identifier request wascreated because an error occurred.


FBTLIB300E The identity service could not set theself or partner alias for user user andpartner provider provider.

Explanation: The identity service encountered an errorwhile storing alias data for the current local user.

Administrator response: Validate that the identityservice is configured into the environment and isfunctioning correctly.

FBTLIB301E A Liberty message was not included inthe request to the SOAP endpoint.

Explanation: The message that was received by theSOAP endpoint did not include a Liberty message as achild of the SOAP body.

Administrator response: Validate that the partner thatis sending messages to the SOAP endpoint is sendingcorrectly formatted Liberty requests.

FBTLIB304E The Delegate protocol is unable toobtain the AuthenticationURL endpoint.

Explanation: A required endpoint URL was not foundin the configuration for the specified provider.

Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,define the required endpoint URL for the provider inquestion.

FBTLIB305E The name identifier to be used todetermine the local user cannot beobtained from Liberty context.

Explanation: The name identifier that comes in therequest is needed to determine the local identity ofuser. It might not have come in the request.

Administrator response: Turn on the provider tracingto check if the incoming request had name identifiersset.

FBTLIB306E The protocol action caught anunexpected exception while attemptingto get the user's local credentials.

Explanation: The protocol action caught anunexpected exception outside of Liberty whileattempting to get the user's local credentials.


FBTLIB307E The protocol action caught anunexpected exception while executing.

Explanation: The protocol action caught anunexpected exception outside Liberty while executing.




FBTLIB308E The Liberty plug-in caught anunexpected exception when building theSOAP message.

Explanation: The Liberty plug-in caught anunexpected exception when building the SOAPmessage.



FBTLIB309E The received message failed signatureverification. The message was notsigned by a trusted signer or wasmodified after signing.

Explanation: The received message was signed butsignature verification failed.


Administrator response: Enable a trace for detailedmessages and validate configuration.

FBTLIB310E The configured Liberty version is validfor the federation federationId withdisplay name federationName.

Explanation: The Liberty version of the message is notsupported by the Liberty runtime.

Administrator response: Verify that the providers inthis provider's circle of trust operate at a compatiblelevel of the Liberty protocol.

FBTLIB311E The provider provider does not have anAssertionConsumerServiceURLendpoint configured with an ID of id.

Explanation: The configuration does not contain anAssertionConsumerServiceURL endpoint with the givenidentifier for the given provider.


Administrator response: Ensure that the configurationis correct.

FBTLIB312E The user user has authenticated with aone-time name identifier and cannotexecute a register name identifier action.

Explanation: The user was issued a one-time nameidentifier during authentication. Register nameidentifier actions can be executed only when a user hasbeen issued federated name identifiers.


Administrator response: No action is required.

FBTLIB313E The user user has authenticated with aone-time name identifier and cannotexecute a defederation action.

Explanation: The user was issued a one-time nameidentifier during authentication. Federation terminationactions can be executed only when a user has beenissued federated name identifiers.


Administrator response: No action is required.

FBTLIB314E The user was not authenticated becausea pre-existing logout request was found.

Explanation: The user was not authenticated becausea pre-existing logout request was detected. This canhappen if a user logs in but logs out of anotherfederated site, and the logout message arrives beforethe authentication credentials.


Administrator response: The user should log in again.

FBTLIB315E No authentication request was found inthe session.

Explanation: When a user authenticates, theauthentication request message is stored and used tovalidate the corresponding response message. Aresponse message was received, but there was not arequest message, and so the unsolicited response isrejected.


Administrator response: Enable a trace for detailedmessages.

FBTLIB316E The calculated proxy count value, count,is invalid.

Explanation: The calculated proxy count value mustbe at least one less than the original proxy count value.A pluggable proxy service has returned an invalidvalue. This limitation is specified by the LibertyArchitecture.


Administrator response: Install and configure a proxyservice that will return a valid proxy count value, suchas the default proxy service plug-in that is deliveredwith the product.



FBTLIB317E The user cannot be authenticateddirectly or by proxy.

Explanation: The incoming authentication requestforbids proxying of the request, and the identityprovider cannot authenticate the user directly.


Administrator response: The request should be retriedpermitting proxying, if possible. Otherwise, the requestshould be directed to another identity provider that isconfigured to authenticate users directly.

FBTLIB318E No identity provider was found inconfiguration.

Explanation: No identity provider was configured as apartner to this provider.


Administrator response: Verify that configuration filesare present and have not been corrupted. If necessary,define one or more identity provider partners for thisprovider.

FBTLIB319E The liberty version specified in thefederation group configuration 'groupId',self entity 'entity' is invalid. Specify thecorrect values in the'majorVersionProperty' and'minorVersionProperty' properties. Currentvalues MajorVersion: 'minorVersion'MinorVersion: 'minorVersion'

Explanation: An invalid liberty version is specified inthe configuration.

System action: The liberty module could not beinitialized.

Administrator response: Specify a valid libertyversion in the configuration.

FBTLIB320E The federation group type specified inthe configuration is not supported.Group id: 'id', Group display name: 'id',federation group type 'type'.

Explanation: The federation group defined is not asupported type.

System action: The Liberty Module could not beinitialized.

Administrator response: Verify that configuration filesare present and have not been corrupted. Specify asupported group type in the configuration.

FBTLIB321E The partnerEndpointType endpoint forpartner 'id' and display name'displayName' for federation group withID 'id' and display name 'displayName' isinvalid. Endpoint value 'displayName'.

Explanation: The specified partner endpoint is invalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid endpoint value in the configuration.

FBTLIB322E The partnerEndpointType endpoint for self'id' and display name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' is invalid.Endpoint value 'displayName'.

Explanation: The specified self endpoint is invalid.



FBTLIB323E The partnerEndpointType endpoint ismissing from the provider 'id' anddisplay name 'displayName' configurationfor federation group with ID 'id' anddisplay name 'displayName'.

Explanation: A required endpoint is missing from theprovider's configuration.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify therequired endpoint in the provider's configuration.

FBTLIB324E The propertyName property is missingfrom the provider 'id' and display name'displayName' configuration forfederation group with ID 'id' anddisplay name 'displayName'.

Explanation: A required property is missing from theprovider's configuration.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify therequired property in the provider's configuration.



FBTLIB325E The protocol profile value'protocolProfileValue' for protocol type'protocolProfile' specified for partner 'id'and display name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' is invalid.

Explanation: The specified protocol profile value isinvalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid protocol profile value in the configuration.

FBTLIB326E The property value 'propertyValue' forproperty 'propertyName' specified forprovider 'id' and display name'displayName' for federation group withID 'id' and display name 'displayName' isinvalid.

Explanation: The specified property value is invalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid property value in the configuration.

FBTLIB327E The boolean property value'propertyValue' for property 'propertyName'specified for provider 'id' and displayname 'displayName' for federation groupwith ID 'id' and display name'displayName' is invalid. For booleanproperties the permitted values are 'true'or 'false'.

Explanation: The specified boolean property value isinvalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid boolean property value in the configuration.

FBTLIB328E The numeric property value'propertyValue' for property 'propertyName'specified for provider 'id' and displayname 'displayName' for federation groupwith ID 'id' and display name'displayName' is invalid. The minimumvalue for this property is 'displayName'.

Explanation: The specified numeric property value isinvalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid numeric property value in the configuration.

FBTLIB329E The Identity provider succinct id value'propertyValue' specified under property'propertyName' for provider 'id' anddisplay name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' is invalid.The identity provider succinct ID is arequired property.

Explanation: The specified numeric property value isinvalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid identity provider succinct ID value in theconfiguration.

FBTLIB330E The common domain service host value'commonDomainServiceHost' specifiedusing property 'propertyName' for partner'id' and display name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' is invalid.The common domain service host muststart with http:// or https:// and end withthe common domain value 'displayName'.

Explanation: The specified common domain servicehost is invalid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid common domain service host in theconfiguration.

FBTLIB331E The Identity provider succinct ID value'propertyValue' specified under property'propertyName' for provider 'id' anddisplay name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' does notmatch the message digest of theprovider ID.

Explanation: The specified identity provider succinctID value is invalid.


Administrator response: Verify that configuration files



are present and have not been corrupted. Specify avalid identity provider succinct ID value in theconfiguration.

FBTLIB332E The proxy list is invalid.

Explanation: The proxy list used in a proxyauthentication request must adhere to the Libertyspecifications. A pluggable proxy service has returnedan invalid proxy list.


Administrator response: Install and configure a proxyservice that will return a valid proxy list, such as thedefault proxy service plug-in that is delivered with theproduct.

FBTLIB333E The 'propertyValue' property is missingfrom the partner with provider ID'providerId' configuration.

Explanation: The specified property is missing fromthe partner configuration.

System action: The SOAP client could not beinitialized.

Administrator response: Verify that configuration filesare present and have not been corrupted. Include themissing property in the partner configuration.

FBTLIB334E The authentication request contained aRequestAuthnContext element which isnot supported by this identity provider.

Explanation: This version of the product does notsupport RequestAuthnContext elements inauthentication requests. Any request containing aRequestAuthnContext cannot be processed.


Administrator response: No action is necessary on theidentity provider. If possible, configure the serviceprovider to issue authentication requests that do notinclude a RequestAuthnContext element.

FBTLIB335E Internal Error: The delegate protocolcannot retrieve the AuthnRequest fromincoming HTTP POST.

Explanation: Internal Error: The delegate protocolcannot retrieve the AuthnRequest from incoming HTTPPOST.



FBTLIB336E Internal Error: The Delegate protocol isunable to process the request because itcould not convert the liberty request toan XML string.

Explanation: Internal Error: The Delegate protocol isunable to process the request because it could notconvert the liberty request to an XML string.



FBTLIB337E Internal Error: The Delegate protocol isunable to convert the request from anXML string to BASE64 encoded data.

Explanation: Internal Error: The Delegate protocol isunable to convert the request from an XML string toBASE64 encoded data.



FBTLIB338E Internal Error: The Delegate protocol isunable to convert the request fromBASE64 encoded data to an XML string.

Explanation: Internal Error: The Delegate protocol isunable to convert the request from BASE64 encodeddata to an XML string.



FBTLIB339E Internal Error: The Delegate protocol isunable to process the request because itcouldn't parse the liberty request XMLstring.

Explanation: Internal Error: The Delegate protocol isunable to process the request because it couldn't parsethe liberty request XML string.



FBTLIB340E The maximum amount of authenticationattempts authenticationAttempts has beenreached. Please verify that the AccessControl Lists are specified correctly. TheauthenticationURL URL needs to be aprotected endpoint.



Explanation: The user has exhausted the amount ofattempts to authenticate.

System action: Verify the point of contactconfiguration.

Administrator response: Verify that the AccessControl Lists are specified correctly.

FBTLOG001E The logging configuration file wasnot found.

Explanation: The system could not find the filecontaining the logging configuration data.

System action: The system will revert to defaultsettings.

Administrator response: Ensure that the configurationfile exists and is in the classpath of the application.

FBTLOG002W An integer was expected.

Explanation: The system expected an argument ofinteger type.

System action: The system will revert to a hardcodedvalue (5000).

Administrator response: Ensure that the argument isthe correct type.

FBTLOG003W An EventLevel was expected.

Explanation: The system expected one of thefollowing: DEBUG_MIN, DEBUG_MID, DEBUG_MAX.

System action: The system will revert toDEBUG_MIN.

Administrator response: Ensure that the argument isvalid.

FBTLOG004W An EventType was expected.

Explanation: The system expected one of thefollowing: INFO_TYPE, WARN_TYPE, ERROR_TYPE,ALL_MSG_TYPE, TRACE_TYPE, AUDIT_TYPE.

System action: The system will revert toALL_MSG_TYPE.

Administrator response: Ensure that the argument isvalid.

FBTLOG005E An error occurred while saving theconfiguration.

Explanation: The system could not write theconfiguration file.

System action: The configuration will not be saved.

Administrator response: Ensure that the configurationfile is in the correct location and is writable.

FBTLOG006E An error occurred during the loadingof the logging configuration.

Explanation: The system could not read from the filecontaining the logging configuration data.

System action: The system will revert to defaultsettings.

Administrator response: Ensure that the configurationfile exists and is in the classpath of the application.

FBTLOG007E The management context was notvalid. The changes could not becommitted during this session.

Explanation: The management context wasinvalidated probably because a commit occurredelsewhere.

System action: The system will revert back to theprevious settings.

Administrator response: Create a new session andattempt the operation again.

FBTLOG008E An exception was received during thecommit process. The changes could notbe committed during this session.

Explanation: The management component caught anexception thrown while trying to commit the changes.



FBTLOG009E An exception was received during agetMaxMsgFileSize operation.

Explanation: An exception was received during theretrieveMaxMsgFileSize operation.



FBTLOG010E An exception was received during aretrieveMaxTraceFileSize operation.

Explanation: An exception was received during theretrieveMaxMsgFileSize operation.



FBTLOG001E • FBTLOG010E


FBTLOG011E An exception was received during aretrieveMsgType operation.

Explanation: An exception was received during theretrieveMsgType operation.



FBTLOG012E An exception was received during aretrieveTraceLevel operation.

Explanation: An exception was received during theretrieveTraceLevel operation.



FBTLOG013E Required parameters were missing.

Explanation: A required parameter was missing fromthe argument map.



FBTLOG014E An exception was received during aretrieveTracing operation.

Explanation: An exception was received during aretrieveTracing operation.



FBTLOG015E An exception was received during aretrieveAuditLevel operation.

Explanation: An exception was received during aretrieveAuditLevel operation.



FBTLOG016E An exception was received during aretrieveMaxAuditFileSize operation.

Explanation: An exception was received during theretrieveMaxAuditFileSize operation.



FBTLOG017E An exception was received during aretrieveLogHomeDir operation.

Explanation: An exception was received during theretrieveLogHomeDir operation.



FBTLOG018E An exception was retrieved during aretrieveProductName operation.

Explanation: An exception was received during theretrieveProductName operation.



FBTLOG019E An exception was received during aretrieveTivoliCommonDir operation.

Explanation: An exception was received during theretrieveTivoliCommonDir operation.



FBTLOG020E An exception was received during amodifyMaxMsgFileSize operation.

Explanation: An exception was received during themodifyMaxMsgFileSize operation.



FBTLOG021E An exception was received during amodifyMaxTraceFileSize operation.

Explanation: An exception was received during themodifyMaxTraceFileSize operation.





FBTLOG022E An exception was received during amodifyMsgType operation.

Explanation: An exception was received during themodifyMsgType operation.



FBTLOG023E An exception was received during amodifyTraceLevel operation.

Explanation: An exception was received during themodifyTraceLevel operation.



FBTLOG024E An exception was received during amodifyTracing operation.

Explanation: An exception was received during themodifyTracing operation.



FBTLOG025E An exception was received during amodifyAuditLevel operation.

Explanation: An exception was received during themodifyAuditLevel operation.



FBTLOG026E An exception was received during amodifyMaxAuditFileSize operation.

Explanation: An exception was received during themodifyMaxAuditFileSize operation.



FBTLOG027E An exception was received during amodifyLogHomeDir operation.

Explanation: An exception was received during themodifyLogHomeDir operation.



FBTLOG028E An exception was received during amodifyProductName operation.

Explanation: An exception was received during themodifyProductName operation.



FBTLOG029E An exception was received during amodifyTivoliCommonDir operation.

Explanation: An exception was received during themodifyTivoliCommonDir operation.



FBTLOG030E An exception was received during aretrieveComponentList operation.

Explanation: An exception was received during theretrieveComponentList operation.



FBTLOG037E The component identifier is null.

Explanation: The component identifier specified in arequest to initialize logging is null.

System action: The logging initialization request isignored.

Administrator response: This is an internalprogramming error. Report this problem and theinvocation stack dump found in SystemErr.log to yourIBM service representative.



FBTLOG038E Invalid class name provided forconstructing a logger: parameter

Explanation: The class name provided for constructinga logger should be a full package-qualified class namebeginning with com.tivoli.am.fim.

System action: The logger has not been created.

Administrator response: This is an internalprogramming error. Report this problem and theinvocation stack dump found in SystemErr.log to yourIBM service representative.

FBTMET001E The desired metadata element of typedescriptor was not found in the metadatafile.

Explanation: The metadata import operation failedbecause a proper descriptor was not found.


Administrator response: Verify that the metadata filecontains valid metadata and retry the operation.

FBTMOD001E The received request is missing therequired parameter: parameter




FBTMOD002E The element localName is missing therequired attribute attributeName

Explanation: The current element is not valid becauseit does not contain required attributes.

System action: The parse operation will be halted.

Administrator response: Validate the module XMLfile.

FBTMOD003E Encountered unexpected elementwith URI uri and local nameelementName while parsing modulesmetadata file.

Explanation: The current element is not valid in thatlocation either because it is in the wrong place or is anunknown element.



FBTMOD004E The specified version string version isin a format that could not berecognized.

Explanation: The value for the version attribute is inan unrecognized format.



FBTMOD005E The plug-in and module initializerwas unable to locate a directory whereplug-ins are stored.

Explanation: The Federated Identity Managerapplication does not contain the directory containingmodules and plug-ins.

System action: No plug-ins or modules can be used.

Administrator response: Validate the FederatedIdentity Manager configuration.

FBTOAU0010E The signature base string cannot becreated from the request.

Explanation: The OAuth server is unable to create abase string from the HTTP request because the requestmessage syntax is not valid.


Administrator response: Verify that the syntax of therequest message is a valid OAuth request message.

FBTOAU0011E The received signature does notmatch the calculated signature:Calculated signature: 'signature'Signature received: 'signature' Signaturebase string: 'string'.

Explanation: The signature on the received messagedoes not match the signature calculated at the OAuthserver.


Administrator response: Compare the base stringbuild in the OAuth server with the one used forsigning in the request message. If the base strings arethe same, check the client shared-secret that was usedto sign the base string at the OAuth client and server.

FBTOAU0012E The client with identifier: 'clientidentifier' sends the token: 'token' to theOAuth server. However, the token isassigned to a different client withidentifier: 'client identifier'.

Explanation: The token in the request is not mappedto the client identifier in the request.

System action: The authentication fails.

FBTLOG038E • FBTOAU0012E


Administrator response: Validate the client identifierin the request message and compare it with the clientidentifier stored in the server. Ensure that the token ismapped to the correct OAuth client.

FBTOAU0013E OAuth token exchange between theSPS and STS failed in the 'type'delegate.

Explanation: The SPS delegate is unable to receive anOAuth token from STS. Either the request sent to STS isnot valid, or there is no STS chain to process therequest.

System action: The token exchange stops.

Administrator response: Ensure that the request sentto STS is valid, and there is an STS chain to process therequest.

FBTOAU0014E A duplicate OAuth parameter withthe name: 'param' has been found.

Explanation: There is a duplicate parameter in therequest.


Administrator response: Ensure that there are noduplicate parameters in the request message.

FBTOAU0015E The authenticated user name cannotbe found in the OAuth request.

Explanation: The authenticated user name cannot befound because there is no proper Authentication serviceto handle the request.

System action: The authentication is rejected.

Administrator response: Ensure that the access controlfor the resource owner authorization endpoint isconfigured correctly.

FBTOAU0016E An STSUU token build failed due toan IOException.

Explanation: Unable to build an STSUU token fromthe request message because the request syntax is not avalid OAuth request.

System action: The STSUU build stops.

Administrator response: Verify that the content of therequest sent from the browser is a valid OAuth request.

FBTOAU0017E The OAuth protocol parameter:'param' is found in the authorizationheader and in the HTTP entity-body orquery parameter.

Explanation: OAuth parameter is found in twolocations.


Administrator response: Verify that the request sentfrom browser has a parameter that only exists in onelocation.

FBTOAU0018E The callback provided 'callback' is notvalid.

Explanation: The value callback URI in the request isnot valid because it is not an absolute URI or 'oob'.


Administrator response: Ensure that the callback iseither specified to an absolute URI or 'oob'.

FBTOAU0019E The realm received in the request:'realm' does not match the realm that thetoken was created for: 'realm'.

Explanation: The realm in the request does not matchthe one stored with the token in the request.


Administrator response: Ensure that the realm ismapped to the token in the request message.

FBTOAU001E The OAuth client with identifier:'client identifier' cannot be found.

Explanation: The client identifier in the request doesnot match any registered client, or the client is disabledat the OAuth server.


Administrator response: Ensure that the client is validand is registered correctly.

FBTOAU0020E The authorize delegate received aconsent-to-authorize page with a consentform verifier that is not valid.

Explanation: The consent form verifier sent to theAuthorize delegate is not valid.

System action: The browser displays an error pageand the operation stops.

Administrator response: Ensure that the consent formverifier in the request message and the one sent to theauthorize delegate are valid.

FBTOAU0021E The parameter value for theparameter: 'param' is not valid. The valuefound was: 'value'.

Explanation: The value of the parameter is not valid.

System action: The operation stops.

Administrator response: Ensure that the parametervalues in the request message has the correct type andformat.

FBTOAU0013E • FBTOAU0021E


FBTOAU0022E The configuration value for theparameter: 'param' is not valid. The valuefound was: 'value'.

Explanation: The value of the configuration parameteris not valid.


Administrator response: Ensure the configurationparameter type is correct and the value is valid.

FBTOAU0023E An OAuth client with identifier:'client identifier' attempted to reuse thetoken: 'token'.

Explanation: The client sent a token that has beenused for a token exchange.


Administrator response: Validate that the token in therequest message has never been used before.

FBTOAU0024E An OAuth client with identifier:'client identifier' attempted to verify atoken with the incorrect verificationcode: 'verification code'.

Explanation: The verification code is not mapped tothe client identifier in the OAuth server.


Administrator response: Ensure that the verificationcode in the request message is valid and mapped to theclient identifier in the OAuth server.

FBTOAU0025W The runtime cannot load the OAuthtoken cache with module ID: 'moduleID'.The default module with ID:'defaultModuleID' loads instead.

Explanation: The runtime plug-in manager cannotload the module ID specified during configuration.

System action: A default token cache module loadsinstead.

Administrator response: Validate that the module IDconfigured for the OAuth token cache and plug-inwhich contains the specified module are deployed tothe runtime.

FBTOAU0026E The configuration parameter: 'param'for action: 'action' is missing or containsan invalid value: 'value'.

Explanation: The current request cannot be completedbecause the configuration is not valid.



FBTOAU0027E The runtime cannot load the OAuthtrusted clients manager module with ID:'moduleID'. The default module with ID:'defaultModuleID' loads instead.


System action: A default trusted clients managermodule loads instead.

Administrator response: Validate that the module IDconfigured for the OAuth trusted clients manager andplug-in which contains the specified module aredeployed to the runtime.

FBTOAU0029E The authorize delegate receivedconsent form data that contained OAuth1.0 parameters.

Explanation: The consent page form returned one ormore OAuth 1.0 parameters such as oauth_callback oroauth_token.


Administrator response: Ensure that the consent pageform does not contain OAuth 1.0 parameters such asoauth_callback or oauth_token.

FBTOAU002E The OAuth token with lookup: 'tokenstring' and type: 'type' cannot be found.

Explanation: The token for the given token type doesnot exist in the cache.


Administrator response: Ensure that the token is validand is mapped to the token type.

FBTOAU0030E The authorize delegate received arequest that did not contain anoauth_token or a consent_form_verifier.

Explanation: The request to the authorize delegate didnot contain an oauth_token parameter or aconsent_form_verifier parameter.


Administrator response: Ensure that requests to theauthorize delegate contain either an oauth_token or aconsent_form_verifier.

FBTOAU003E The OAuth token with lookup: 'token'cannot be found.

Explanation: The token does not exist in the cache.




Administrator response: Ensure that the token in theincoming message is valid.

FBTOAU004E Validation of the OAuth requiredparameters for token type: 'type' failed.The following parameter was missing:'param'.

Explanation: The token validation failed because thereis a missing parameter in the request message for thegiven token type.


Administrator response: Verify that the requestmessage has all the required parameters for the giventoken type.

FBTOAU005E Validation of the OAuth versionparameter failed. The required versionnumber is: 'version', the supplied versionnumber was: 'version'.

Explanation: The validation failed because the versionnumber in the request is not supported.


Administrator response: Verify that the OAuth serversupports the version number in the request message.

FBTOAU006E Timestamp validation failed becausethe timestamp is set in advance. Currenttimestamp: 'timestamp' Suppliedtimestamp: 'timestamp' Allowed clockskew: 'skew' Allowed request lifetime:'lifetime'

Explanation: The timestamp validation failed becausethe timestamp in the request is set in advance.


Administrator response: There are several reasonsthat an OAuth message timestamp might be set in theadvance: the clocks on the client and the OAuth serverare skewed beyond the acceptable tolerance or theacceptable tolerance for message timestamp is set toolow. The administrator must check these points andmake any necessary adjustments.

FBTOAU007E Timestamp validation failed due toan expired request. Current timestamp:'timestamp' Supplied timestamp:'timestamp' Allowed clock skew: 'skew'Allowed request lifetime: 'lifetime'

Explanation: The timestamp in the request has expiredand is not valid.


Administrator response: There are several reasonsthat a OAuth message timestamp might be expired: the

clocks on the client and OAuth server are skewedbeyond the acceptable tolerance, network delays arehampering message flow, or the acceptable tolerancefor message timestamp is set too low. The administratormust check these points and make any necessaryadjustments.

FBTOAU008E A nonce replay attack was detectedwith the nonce: 'nonce'.

Explanation: A nonce replay attack happens when thesame nonce exists in the cache.


Administrator response: Ensure that signed messagessent to the OAuth server are only presented once.

FBTOAU009E The OAuth signature method 'method'is not supported.

Explanation: The OAuth server does not support thesignature method in the request.


Administrator response: Ensure that the OAuth serversupports the signature method in the request message.

FBTOAU028E The preferred client provider class:'preferred_provider' could not be loaded,falling back on the default clientprovider class: 'default_provider'.

Explanation: The preferred client provider class couldnot be found.

System action: The default client provider class isused.

Administrator response: Check that the preferredclient provider class is present.

FBTOAU201E The response type: 'response_type' isnot supported.

Explanation: The response_type parameter received inthe request has an unsupported value.


Administrator response: Ensure that theresponse_type parameter is one of the following: - code- token - a valid extension response type

FBTOAU202E The required parameter: 'name' wasnot found in the request.

Explanation: A required parameter for this requesttype was not found in the received request


Administrator response: Ensure that the requestcontains all of the required parameters.



FBTOAU203E The client with identifier: 'client_id'could not be found.

Explanation: The client identifier in the request doesnot match any registered client.



FBTOAU204E An invalid secret was provided forthe client with identifier: 'client_id'.

Explanation: The client secret in the request does notmatch the secret registered for this client.


Administrator response: Ensure that the client secretis valid for this client.

FBTOAU205E The preferred client provider class:'preferred_provider' could not be loaded,falling back on the default clientprovider class: 'default_provider'.

Explanation: The preferred client provider class couldnot be found.

System action: The default client provider class isused.

Administrator response: Check that the preferredclient provider class is present.

FBTOAU207E The browser request could not beconverted into an STSUU because:'message'.

Explanation: The process of converting an HTTPrequest to an STSUU failed.


Administrator response: Ensure that the request hasbeen properly constructed.

FBTOAU209E The token request with applies to:'applies_to' and issuer: 'issuer' failed.

Explanation: The token exchange failed.


Administrator response: Ensure that your OAuth 2.0trust chains have been correctly configured.

FBTOAU210E The redirection URI provided in therequest: 'redirect_uri' is either invalid, ordoes not meet matching criteria againstthe registered redirection URI.

Explanation: An invalid redirection URI wasprovided.


Administrator response: Ensure that you haveprovided the correct redirection URI.

FBTOAU211E The 'type' received of type 'sub_type'does not exist.

Explanation: An invalid grant/token was provided.


Administrator response: Check that the grant/tokenbeing provided is valid.

FBTOAU214E The 'type' received of type 'sub_type'does not belong to the client attemptingto use it.

Explanation: An invalid grant/token was provided.


Administrator response: Check that the grant/tokenbeing provided is valid.

FBTOAU215E The grant type: 'grant_type' is notsupported.

Explanation: The grant_type parameter received in therequest has an unsupported value.


Administrator response: Ensure that the grant_typeparameter is one of the following: - authorization_code- refresh_token - a valid extension grant type

FBTOAU216E The runtime could not load theOAuth 2.0 extension module with ID:'moduleID' for the extension point:'extension' . Instead the default modulewill be loaded with ID: 'defaultID'.

Explanation: The configuration specifies a module IDwhich could not be loaded by the runtime pluginmanager.

System action: A default module will be loadedinstead.

Administrator response: Validate that the plugincontaining the specified module is deployed to theruntime.

FBTOAU217E You are not authorized to access thisprotected resource.

Explanation: This resource can only be access by anauthorized user.


Administrator response: Ensure that the authorizationendpoint has been properly configured and secured.



FBTOAU218E The user denied consent to theprotected resource.

Explanation: The user denied authorization to theOAuth 2.0 client.

System action: Inform the client of the decision.


FBTOAU219E The scope requested in the accesstoken request exceeds the scope grantedby the resource owner.

Explanation: The client has requested an access tokenwith greater scope then that granted.


Administrator response: Ensure the client is notrequesting too great a scope in it's token request.

FBTOAU220E The authenticated client id: 'username'does not match the client id in therequest body: 'client_id'.

Explanation: The client's authenticated username doesnot match the client id it provided in the request body.


Administrator response: Ensure that the authenticatedusername matches the client id.

FBTOAU222E The client's registered redirection URIis not a valid absolute URI.

Explanation: The client's configured redirection URI isinvalid.


Administrator response: Ensure that your client isconfigured correctly.

FBTOAU223E The received redirection URI:'redirect_uri' does not match theredirection URI that this grant wasissued to.

Explanation: The redirection URI in the request is nothe same as the redirection URI used in the request forthe authorization grant.


Administrator response: Ensure the same redirectionURI is used when requesting an authorization grantand using an authorization grant.

FBTOAU224E The runtime cannot load the OAuth2.0 trusted clients manager module withID: 'moduleID'. The default module withID: 'defaultModuleID' loads instead.


System action: A default trusted clients managermodule loads instead.

Administrator response: Validate that the module IDconfigured for the OAuth trusted clients manager andplug-in which contains the specified module aredeployed to the runtime.

FBTOAU225E The authorization delegate received aconsent page form verifier that was notvalid compared to the verifier in theuser's session.

Explanation: The consent page form verifier sent tothe authorization delegate was not valid compared tothe verifier contained in the user's session.


Administrator response: Ensure that the consent pageform verifier parameter submitted matches that set bythe intial authorization delegate request.

FBTOAU226E The authorization delegate receivedconsent form data that contained OAuth2.0 parameters.

Explanation: The consent page form returned one ormore OAuth 2.0 parameters such as client_id,redirect_uri, response_type or state.


Administrator response: Ensure that the consent pageform does not contain OAuth 2.0 parameters such asclient_id, redirect_uri, response_type or state.

FBTOAU227E Multiple values of the OAuth 2.0protocol parameter: 'request_parameter'were found in the request.

Explanation: OAuth 2.0 protocol parameters may notoccur more then once in the request.


Administrator response: Make sure that OAuth 2.0request parameters do not occur more then once in therequest.



FBTOAU228E The request included multiple clientcredentials.

Explanation: OAuth 2.0 protocol requests may notinclude multiple client credentials, for example clientcredentials in both the BA header and the request body.


Administrator response: Make sure that OAuth 2.0request did not include client credentials in more thenone place, for example, in the BA header and therequest body.

FBTOAU229E Confidential clients accessing thetoken endpoint must authenticate usingtheir registered credentials.

Explanation: A confidential client attempted to accessthe token endpoint without authenticating.


Administrator response: Ensure any confidentialclients accessing the token endpoint present their clientcredentials.

FBTOAU230E The client credentials flow isrestricted to confidential clients.

Explanation: A public client attempted to use theclient credentials grant type, this grant type is restrictedto confidential clients.


Administrator response: Ensure public clients are notattempting to use the client credentials grant type.

FBTOAU231E The token endpoint is not configuredto allow public client access.

Explanation: A public client attempted to access atoken endpoint that has been configured to only allowconfidential clients.


Administrator response: If you wish to allow publicclients to access the token endpoint, it must beconfigured on the federation page in the TFIMmanagement console.

FBTOAU232E The client MUST use the HTTPPOST method when making accesstoken requests.

Explanation: A client attempted to make an accesstoken request without using the HTTP POST method.


Administrator response: Ensure that all requests tothe OAuth 2.0 token endpoint use the HTTP POSTmethod.

FBTOID0010E The openid.identity URL receivedfrom the identity provider: 'url1' did notmatch the openid.identity URL sent toit: 'url2'.

Explanation: The consumer sent a nonce to theidentity provider during login, and this was not sentback to the consumer. This could indicate a replayattack.


Administrator response: Please validate that theIdentity Provider is not replaying messages and that itis using the correct return_to URL.

FBTOID0011E The required set of fields were notsigned. The set of fields required to besigned is 'signatureRequired'. The set offields that were indicated as signed are'signed'.

Explanation: The consumer recieved a login responsewhich did not contain a signature over the minimumset of required fields.

System action: The request will be rejected.

Administrator response: Please validate that theIdentity Provider is sending a signature over at leastthe openid.identity and openid.return_to all the registryextension parameters.

FBTOID0012E The received message contained aninvalid signature.

Explanation: The signature on the received messagedid not match the expected signature value.


Administrator response: Please validate that thesender of the message is generating the signaturecorrectly.

FBTOID0013E The token exchange failed.

Explanation: The OpenID consumer was unable toexchange the login details for an authentication tokenat the trust service.

System action: The authentication will be rejected.

Administrator response: Please validate that the trustservice is available and running, and all requirementsof the trust chain have been met in the single-signonmessage from the identity provider.

FBTOID0014E The message was missing a requiredsigned parameter: 'param'

Explanation: The message has been rejected because aparameter which was required to be signed was notincluded in the response.

FBTOAU228E • FBTOID0014E



Administrator response: Please validate that themessage contains all the required signed parameters.

FBTOID0015E The message contained an associationhandle: 'association' which was notrecognized.

Explanation: The message has been rejected becausethe association handle parameter was not known to theIdentity Provider.

System action: The check_authentication will berejected.

Administrator response: Please validate that theconsumer is sending the correct association handle.

FBTOID0016E The message contained an associationhandle: 'association' which was exposedto a consumer.

Explanation: The message has been rejected becausethe association handle parameter was previouslyexposed to a consumer during an associate operation.

System action: The check_authentication will berejected.

Administrator response: Please validate that theconsumer is sending the correct association handle.

FBTOID0017E The message for mode 'mode' wassent with an invalid HTTP requestmethod: 'method'.

Explanation: The message has been rejected becausethe HTTP request method was not valid for themessage being sent.


Administrator response: Please validate that theconsumer is sending the message using the correctHTTP method.

FBTOID0018E The consumer requested an identityURL we could not validate: 'url'.

Explanation: The message has been rejected becausethe claimed identity URL could not be validated by theidentity provider.


Administrator response: Please validate that theconsumer is sending the correct format of identity URL.

FBTOID0019E The user attempted to login at theIdentity Provider however an OpenIDhas not yet been established.

Explanation: The authentication has been rejectedbecause the OpenID identity provider is configured in

alias mode, and no alias has yet been established forthe user.


Administrator response: Please ensure the end userhas established an OpenID alias before attemptinglogin.

FBTOID001E While processing action: 'action' theconfiguration parameter: 'param' wasdetermined to be missing or contain aninvalid value: 'value'.




FBTOID0020W The OpenID server has canceled thesignon attempt.

Explanation: The authentication has been canceled bythe OpenID Server.


Administrator response: Please ensure the end userhas instructed the OpenID server to trust the consumersite.

FBTOID0021E The user session has beendetermined to be invalid while trying toretrieve the session variable: 'variable'.This may have occured due to anincorrect transaction sequence, a sessiontimeout, or a session replication or statemanagement problem in a load-balancedenvironment.

Explanation: The user has either attempted atransaction in the wrong sequence, or the session haseither timed out (e.g. user too slow to post a form) orin a clustered environment the user session may nothave been replicated to all nodes in the cluster andfailover (or incorrect stateful sessions) has occured.


Administrator response: Please ensure the end userhas posted their form data in a timely fashion, and thatin a clustered environment statefulness is maintainedwhere possible between a browser and the TFIM serverinstance.

FBTOID0022E The token exchange failed.

Explanation: The OpenID identity provider wasunable to exchange the current user credential forsign-in details at the trust service.


FBTOID0015E • FBTOID0022E


Administrator response: Please validate that the trustservice is available and running, and all requirementsof the trust chain have been met.

FBTOID0023E The OpenID server: 'server' returnedan error during the attempt to establishan association: 'errtext'.

Explanation: The OpenID identity provider returnederror text while attempting to establish an association.

System action: The authentication attempt will behalted.

Administrator response: Please validate that theOpenID server is available and able to process OpenIDassociate messages.

FBTOID0024E The OpenID server: 'server' returnedan error during the attempt to check thesignature on a message: 'errtext'.

Explanation: The OpenID identity provider wasunable to check whether or not the message containeda valid signature, and returned error text.


Administrator response: Please validate that theconsumer is sending correct parameters to the OpenIDserver, and that the OpenID server is functioning.

FBTOID0025E The OpenID consumer HTTP useragent was configured to deny access to aURL which the request attempted toaccess: 'url'.

Explanation: The OpenID consumer received a requestwhich caused it to attempt to contact an OpenID serveror Identity URL at an address which the consumer hasbeen configured to deny access to.


Administrator response: Please validate that theconsumer user agent is configured correct, and that theclient is not attempting malicious URL attacks at yourconsumer.

FBTOID0026E The provided network mask in thenetwork declaration: 'url' is invalid.

Explanation: The network mask it outside thepermitted range for this type of network declaration.


Administrator response: Please validate that theconfiguration of permitted and denied networkaddresses for the user agent is correct.

FBTOID0027E The OpenID server: 'url' cannot becontacted because the protocol it uses isnot permitted in this federation'sconfiguration.

Explanation: Use of this OpenID server has beendenied because the protocol it uses is not permitted bythe configuration of the federation.


Administrator response: Please validate that theconfiguration of the federation is correct, and that theOpenID server is using a matching protocol.

FBTOID0028W The runtime could not load theTrusted Sites Manager with module ID:'moduleID'. Instead the default modulewill be loaded with ID: 'defaultModuleID'.

Explanation: The configuration specifies a module IDwhich could not be loaded by the runtime pluginmanager.

System action: A default trusted sites managermodule will loaded instead.

Administrator response: Please validate that moduleID configured for the trusted sites manager and thatthe plugin containing the specified module is deployedto the runtime.

FBTOID0029E The relying party supplied areturn_to URL: 'return_to' that did notmatch the supplied realm URL: 'realm'.

Explanation: If the relying party supplies both anopenid.return_to and openid.realm, the return_to URLis requried to match the realm.


Administrator response: Please validate that therequest parameters from the relying party are correct.

FBTOID002E While processing action: 'action' theruntime parameter: 'param' wasdetermined to be missing or contain aninvalid value: 'value'.

Explanation: The current request could not becompleted because the call to the delegate is not valid.


Administrator response: Validate that the system hasbeen called with the correct parameter value.

FBTOID0030W An association could not beestablished with OpenID Server'moduleID'. The transaction will continuewith check_authentication signaturevalidation. The error details are: error

FBTOID0023E • FBTOID0030W


Explanation: An associate request failed with theOpenID server.

System action: The signon will contine andcheck_authentication will be used for signaturevalidation.

Administrator response: Please validate that OpenIDserver is functioning correctly as associations should beused for performance reasons.

FBTOID0031E While processing action: 'action' thetime skew with the server at endpoint:'endpoint' was not within the definedtime skew: 'timeSkewSeconds'.

Explanation: The current request could not becompleted because the times did not match.


Administrator response: Synchronize your serverclock or increase theSPResponseNonceSkewTimeSeconds parameter for thisfederation. You can also set the parameter to -1 todisable skew checking.

FBTOID0032E While processing action: 'action' therelying party detected a requestcontaining an openid.response_noncethat has already been used:'responseNonce'.

Explanation: The current request could not becompleted because of the replay.


Administrator response: No administrator action isrequired. This could be a replay attack (which has beendenied), however if no attack is suspected validate thatthe partner OP is not sending duplicate assertionresponses.

FBTOID0033W An unexpected checkAuthenticationwas received. This could be due to areplay of the check_authenticationrequest or the responseNonce'responseNonce' was not generated by thisOpenID provider.

Explanation: The current request will return falsebecause of the unexpected response_nonce in thecheck_authentication request.

System action: The check_authentication will returnfalse.

Administrator response: No administrator resposne isrequired. If desired, the log file can be consulted todetermine whether this was a replay or an invalidopenid.response_nonce.

FBTOID0034E The identity provider'identity_provider' is not authorized tomake claims about the identifier:'claimed_identifier'.

Explanation: The message has been rejected becauseduring an OP identifier login the identity provider wasnot authorized to make claims about the returnedclaimed identifier.


Administrator response: Please verify that the identityprovider is sending correct claimed identifiers or OPendpoints during OP identifier login.

FBTOID0035W The identity provider is skippingprocessing of unrecognized extension'extension_uri'.

Explanation: The message contains an OpenIDextension that has not been implemented by thisOpenID provider.

System action: The extension is skipped.

Administrator response: Please verify that OpenIDrelying-parties use extensions that this OP supports.Check that the XRDS advertised by this OP onlyincludes supported extensions.

FBTOID0036E The identity provider is unable toprocess extension 'extension_uri'.

Explanation: The message contains an OpenIDextension that cannot be processed.

System action: The extension is skipped.

Administrator response: Check the extensionparameters passed in the message.

FBTOID0037E An illegal extension alias has beendetected: 'extension_alias'.

Explanation: The message contains an OpenIDextension that is not permitted by the specification.

System action: The message is rejected.

Administrator response: Ensure that the partner issending valid extension parameters in the OpenIDmessage.

FBTOID0038E An exception has occurred whentrying to parse attribute informationfrom the login form forAttributeExchange attribute:'ax_attribute'.

Explanation: The login form is not correctlyformatted.

System action: The login attempt is terminated.



Administrator response: Ensure that the login formcontains a correctly formatted URI for the attribute. If acount is specified, ensure that the value is either apositive integer or the string 'unlimited'.

FBTOID0039E An invalid value was received for theAttribute Exchange parameter: 'ax_param'The received value was: 'received_value'.The expected value was: 'expected_value'.

Explanation: The received message contained aninvalid value for an attribute exchange parameter.


Administrator response: Ensure that the OpenIDpartner is sending a valid value for the indicatedattribute exchange parameter.

FBTOID003E Alias management is not supportedfor this federation.

Explanation: The OpenID federation has not beenconfigured in Alias mode, therefore the aliasmanagement endpoint is not supported.

System action: The request will be ignored.

Administrator response: Do not use the aliasmanagement endpoint for this federation.

FBTOID0040W An attribute exchange message wassent with an unsupported mode:'ax_mode'

Explanation: The received message contained anunsupported attribute exchange mode.

System action: The attribute-exchange extension isignored for this request.

Administrator response: Ensure that the OpenIDpartner sends supported attribute-exchange messages.

FBTOID0041E An attribute exchange alias was notin a valid format: 'ax_alias'

Explanation: The received message contained anattribute exchange alias that did not meet the formatrequirements defined in the specification.


Administrator response: Ensure that the OpenIDpartner is sending correctly formattedattribute-exchange messages.

FBTOID0042E The OpenID identity provider doesnot advertise support for one or moreauthentication policies.

Explanation: An authentication policy has beenspecified, but the identity provider does not supportthis policy.


Administrator response: Ensure that the OpenIDpartner supports the authentication policy.

FBTOID0043E The OpenID identity provider doesnot support one or more assurance levelpolicies.

Explanation: An assurance level namespace has beenspecified, but the identity provider does not advertisesupport for it.



FBTOID0044E The OpenID identity provider didnot authenticate the user as requested.

Explanation: An authentication policy has beenspecified, but the identity provider did not authenticatethe user.



FBTOID0045E The OpenID identity provider didnot authenticate the user within thetime limit that is required.

Explanation: The identity provider reported that theuser was authenticated outside the specified maximumtime limit.


Administrator response: Ensure that the OpenIDpartner authenticates the user in a timely manner.

FBTOID0046E The OpenID identity provider didnot specify the time at which the userwas authenticated.

Explanation: A maximum authentication time limitwas specified, but the identity provider did not reportan authentication time.


Administrator response: Ensure that the OpenIDpartner authenticates the user in a timely manner.

FBTOID0047E The OpenID identity provider doesnot support the PAPE extension.

Explanation: The selected identity provider does notsupport the PAPE OpenID extension.


Administrator response: Ensure that the OpenID



partner supports PAPE or has enabled the sendalwaysconfiguration for PAPE.

FBTOID0048E The trust chain configured by thisOpenID identity provider did notprovide the time that the user wasauthenticated.

Explanation: PAPE support requires userauthentication time. Ensure that the configuredmapping rule for this federation returns this value.


Administrator response: Update the mapping rule toreturn this value.

FBTOID0049E The assurance level alias 'pape_alias'does not have a mapped namespace.

Explanation: The OpenID message contained anassurance level alias that has not been declared with anamespace mapping.


Administrator response: Ensure that only knownnamespace mappings are returned.

FBTOID004E The current user making the request isnot authenticated.




FBTOID0050W Relying Party discovery of the trustroot 'trustroot' resulted in an exception:extext.

Explanation: Relying-party discovery cannot besuccessfully performed on the trust root received in theOpenID request.

System action: The request might be rejected,depending on your configuration.

Administrator response: Ensure that the relying-partyadvertises XRDS at the provided trust root URL thatcontains a service for http://specs.openid.net/auth/2.0/return_to with a matching URI.

FBTOID0051E Relying Party discovery of the trustroot 'trustroot' failed to find a match forreturn_to URL 'returnto'.

Explanation: Relying-party discovery cannot besuccessfully performed on the trust root received in theOpenID request to validate the return_to URL.


Administrator response: Ensure that the relying-partyadvertises XRDS at the provided trust root URL thatcontains a service for http://specs.openid.net/auth/2.0/return_to with a matching URI.

FBTOID0052W The runtime could not load theIDGenerator with module ID:'moduleID'. Instead the default module isloaded with ID: 'defaultModuleID'.

Explanation: The configuration specifies a module IDthat the runtime plug-in manager cannot load.

System action: A default IDGenerator module isloaded instead.

Administrator response: Ensure that the module ID isconfigured for the IDGenerator and that the plug-incontaining the specified module is deployed to theruntime.

FBTOID0053E The maximum authentication agerequested by the Relying Party 'authAge'cannot be parsed.

Explanation: The Relying Party attempted to pass aparameter indicating the time in which a user musthave been authenticated. However, this parametercannot be parsed as an integer.


Administrator response: Ensure that the Relying Partyis sending valid data.

FBTOID0054E The PAPE assurance level alias 'alias'has been used multiple times in theresponse from the OpenID OP.

Explanation: The Relying Party returned an assurancelevel alias that is used multiple times. Each alias mustbe mapped to exactly one namespace.



FBTOID0055E The PAPE assurance level namespace'ns' has been used multiple times in theresponse from the OpenID OP.

Explanation: The Relying Party returned an assurancelevel namespace that is used multiple times. Eachnamespace must be mapped to exactly one alias.





FBTOID0056E The reported PAPE authenticationtime string 'time' is not a valid value.

Explanation: The authentication time is not valid.


Administrator response: Ensure that the sender issending valid data. The sender can be the RelyingParty, a mapping rule, or both.

FBTOID0057E The reported PAPE authenticationtime string 'time' is in the future.

Explanation: The authentication time is in the future.This situation usually occurs when the clock skewexceeds the configured skew amount.


Administrator response: Ensure that the sender issending valid data. The sender can be the RelyingParty or a mapping rule, or both.

FBTOID005E The alias: alias has already been usedby another user.

Explanation: The alias has been used by another userfor this federation.

System action: The alias will not be stored for thisuser - they will have to select another alias.

Administrator response: The user will need to chooseanother alias.

FBTOID006E The alias: 'alias' contains invalidcharacters. Only non-whitespace lettersand digits should be used.

Explanation: The alias should contain only letters ordigits.

System action: The alias will not be stored for thisuser - they will have to select another alias.

Administrator response: The user will need to chooseanother alias.

FBTOID007E An unexpected internal error hasoccurred: 'errtext'.

Explanation: An unexpected internal error hasoccured.


Administrator response: Please contact support.

FBTOID008E The supplied identity URL: 'idurl'could not be resolved to an OpenIDprovider.

Explanation: The URL endpoint could not be fetched,or the fetched page did not contain OpenID server

and/or delegate information.


Administrator response: Please validate that theOpenID Identity URL is correct, and that it returns apage containing OpenID identity headers.

FBTOID009E The received openid.return_to URLfrom the identity provider: 'url1' did notmatch the openid.return_to URL sent toit: 'url2'.

Explanation: The consumer sent an openid.return_toURL to the identity provider during login, and this wasnot sent back to the consumer. This could indicate areplay attack.


Administrator response: Please validate that theIdentity Provider is not replaying messages and that itis using the correct return_to URL.

FBTOTP000E Internal Error. Contact the SystemAdministrator.

Explanation: An internal error occurred.

System action: The one-time password managerencountered an error, process has been halted.

Administrator response: Check the log file for moreinformation about the cause of the problem.

FBTOTP100E The plug-in pluginName is missing therequired parameter parameter.

Explanation: A required plug-in is missing from theplug-in configuration.

System action: The one-time password plug-ininitialization encountered an error. The process hasbeen halted.

Administrator response: Provide the requiredparameter in the plug-in configuration.

FBTOTP101E The value [value] of the plug-inparameter parameter is not valid.

Explanation: Some of the values in the plug-inconfiguration are not valid.

System action: The one-time password plug-ininitialization encountered an error. The process hasbeen halted.

Administrator response: Fix the parameter value inthe plug-in configuration.

FBTOID0056E • FBTOTP101E


FBTOTP200E The one-time password provider fortype type is not found.

Explanation: The one-time password provider for thespecified type is not found.

System action: The process has been halted.


FBTOTP201E The one-time password delivery fordelivery type type is not found.

Explanation: The one-time password delivery for thespecified delivery type is not found.



FBTOTP202E The one-time password manager wasnot initialized.


System action: The one-time password managerencountered an error. The process has been halted.


FBTOTP300E The required input parameter param isnot found in the STSUU.

Explanation: A required input is missing from theinput parameter.


Administrator response: Provide the requiredparameter in the incoming STSUU.

FBTOTP301E Cannot obtain the one-time passworddelivery option.

Explanation: There was an error in obtaining theone-time password delivery option.


Administrator response: Examine the log to determinethe cause of the failure.

FBTOTP302E The one-time password cannot begenerated.

Explanation: There was an error in generating theone-time password.



FBTOTP303E The one-time password cannot bedelivered to deliveryAttribute.

Explanation: There was an error in delivering theone-time password.



FBTOTP304E The submitted one-time password isnot valid.

Explanation: The entered one-time password is notvalid.


Administrator response: Correct the one-timepassword and resubmit the form.

FBTOTP305E The required service handlehandleName was not provided to the STSmodule.

Explanation: The required service handle was notavailable.

System action: The STS request processing has beenhalted.

Administrator response: This error is a significantinternal error. Check the logs for error messagesindicating why the required service was not properlycreated.

FBTOTP306E An error occurred during theconstruction of the contents of amessage.

Explanation: The messaging component failed to builda message to send to the user.

System action: The one-time password operationcould not be completed.

Administrator response: The one-time passwordapplication could not send a message due to a problemconstructing the message contents. If details arerequired, enable trace logging and examine the nestedexception.

FBTOTP307E An internal error occurred. Contact theSystem Administrator.


System action: The one-time password applicationencountered an error. The process has been halted.


FBTOTP200E • FBTOTP307E


FBTOTP308E The page contents might be missingthe required information such as[requiredInfo] that is used to process ane-mail message request.

Explanation: The one-time password email deliverymodule requires certain information to process therequest. The required information is missing.


Administrator response: Examine the logs todetermine the cause of the problem.

FBTOTP309E The page contents might be missingthe required information such as[requiredInfo] that is used to process anSMS message request.

Explanation: The one-time password SMS deliverymodule requires certain information to process therequest. The required information is missing.



FBTOTP310E The one-time password that yousubmitted is not valid. Please submit avalid one-time password.

Explanation: You must use a valid one-time password.

System action: The one-time password is rejected.


FBTOTP311E The one-time password was submittedafter the one-time password expired.Please generate another one-timepassword, and submit it before itexpires.

Explanation: One-time passwords are only valid for acertain amount of time. Ensure that you submit theone-time password before it expires.

System action: The one-time password is rejected.


FBTOTP312E The one-time password cannot bedelivered to the email address: toEmail.Verify that the phone number is correct.

Explanation: There was an error in delivering theone-time password to the specified email address.



FBTOTP313E The one-time password authenticatecallback could not invoke the trustservice to perform token exchange foroperation id [operation id] .

Explanation: The one-time password authenticatecallback could not invoke the trust service to performthe one-time password operation.



FBTOTP314E The one-time password authenticatecallback could not retrieve the one-timepassword delivery options.

Explanation: The one-time password authenticatecallback could not to retrieve the one-time passworddelivery options.



FBTOTP315E The one-time password cannot begenerated or delivered.

Explanation: There was an error in generating anddelivering the one-time password.



FBTOTP316E The request received by the one-timepassword authentication callback wassent using a transport that is not valid.

Explanation: The request received by the one-timepassword authentication callback was sent using atransport that is not valid. The request was sent usingthe SOAP binding.

System action: The one-time password requestprocessing stopped.

Administrator response: Examine the logs todetermine the cause of the problem. Ensure that therequest is being sent using the appropriate binding.

FBTOTP317E The submitted one-time passwordcould not be validated.

Explanation: The one-time password module couldnot validate the submitted one-time password value.





FBTOTP318E Unable to send the message to[phoneNumber] with username [username]because the SMS gateway providerreturned a response HTTP status code[statusCode] which does not match thevalue that is configured in the responsefile for the parameterSuccessHTTPReturnCode: [successCode].

Explanation: The response HTTP status code returnedby the SMS gateway provider does not match the valuethat is configured in the response file for the parameterSuccessHTTPReturnCode.



FBTOTP319E Unable to send the message to[phoneNumber] with username [username]because the SMS gateway providerreturned an HTTP response body:[responseBody] which does not match theJava regular-expression pattern that isconfigured in the response file for theparameter SuccessHTTPResponseBodyRegexPattern: regexPattern.

Explanation: The HTTP response body returned bythe SMS gateway provider does not match the Javaregular-expression pattern that is configured in theresponse file for the parameterSuccessHTTPResponseBodyRegexPattern.



FBTOTP320E The list of methods for generating,delivering, and verifying one-timepassword returned fromOTPGetDeliveryMethods mapping ruleis invalid.

Explanation: OTPGetDeliveryMethods mapping rulemust return at least one method for generating,delivering, and verifying one-time password.


Administrator response: Ensure thatOTPGetDeliveryMethods mapping rule returns a validlist of methods for generating, delivering, and verifyingone-time password.

FBTOTP321E The submitted ID of the method forgenerating, delivering, and verifyingone-time password is invalid.

Explanation: The submitted ID must refer to one ofthe methods for generating, delivering, and verifyingone-time password returned by

OTPGetDeliveryMethods mapping rule.



FBTOTP322E The one-time password basedauthentication failed. The user is notauthenticated or the authentication levelin the credential is not equal or higherto the supported authentication level[authentication level].

Explanation: The authentication process failed togenerate a credential that supports the configuredauthentication level.



FBTOTP323E The value [action] received on theone-time password action query stringparameter is not valid.

Explanation: The value submitted using the actionquery string parameter is not valid.



FBTOTP324E The value [action] received on theone-time password action query stringparameter is not allowed when theprevious step was [previousPhase].

Explanation: The authentication process failed becausean invalid action value was specified.



FBTOTP325E The method for generating, delivering,and verifying one-time password wasnot found in the session.

Explanation: The method for generating, delivering,and verifying one-time password needs to be availablein the session.





FBTOTP326E The submitted CSRF token is invalid.

Explanation: The submitted CSRF token must matchthe last generated CSRF token.



FBTOTP328E The configured parameter[parameterName] with value [value] isoutside of the range [lowRange -highRange].

Explanation: The parameter is outside of the expectedrange.

System action: The configuration is invalid. One-timepasswords cannot be verified.

Administrator response: Update the configuration sothat the configuration parameter is in a valid range.

FBTOTP329E The configured parameter[parameterName] with value [value] isbelow the minimum value of [lowRange].

Explanation: The parameter is below the minimumaccepted value.

System action: The configuration is invalid. One-timepasswords cannot be verified.

Administrator response: Update the configuration sothat the configuration parameter is at least theminimum value.

FBTOTP330E Unable to locate the HMAC secretkey.

Explanation: The secret key of the user for one-timepassword generation could not be located.

System action: Unable to verify the one-timepassword.

Administrator response: Ensure that the secret key isbeing provided to the user through the STSUU.

FBTOTP331E The specified algorithm[parameterName] is not supported on thissystem.

Explanation: The algorithm chosen to generate theone-time passwords is not supported on this system. Itis possible that the algorithm was not named correctly,or a newer version of Java is required.

System action: The algorithm specified is notsupported, so one-time passwords cannot be verified.

Administrator response: Check the configuration tomake sure the algorithm is specified correctly. It ispossible that the algorithm is supported in a laterversion of Java than the one currently installed.

FBTOTP332E The one time use enforcement store[parameterName] could not be loaded orwas not found.

Explanation: The one time use enforcement store thatimplements the OTPReplayStore interface was notfound.

System action: Due to the configuration error,one-time passwords will not be generated or verified.

Administrator response: Check that the one time useenforcement store is available to be loaded. Also checkthat it implements the OTPReplayStore interface.

FBTOTP333E The one time use enforcement store[parameterName] implemented OTPStore,but not OTPReplayStore.

Explanation: The one time use enforcement store mustimplement the OTPReplayStore interface.

System action: Due to the configuration error,one-time passwords will not be generated or verified.

Administrator response: Specify a store thatimplements the OTPReplayStore interface.

FBTPWD001E The class classname is not theexpected interface. The class will not beused for obfuscation.

Explanation: The class given to do obfuscation doesnot implement the correct interface.

System action: The class will not be used to performobfuscation.

Administrator response: Ensure that the given classimplements the documented interface to performpassword obfuscation.

FBTPWD002E The password obfuscator utility isunable to locate the passwordobfuscator plugin.

Explanation: A problem was encountered whileattempting to load the plugin.

System action: The plugin was not loaded.

Administrator response: Check the logs for anexception that provides more details about the cause ofthe problem.

FBTPWD003E Could not determine the moduledirectory to load the passwordobfuscator plugin.

Explanation: A problem was encountered whileattempting to locate the plugin directory.


Administrator response: Check the logs for an

FBTOTP326E • FBTPWD003E


exception that provides more details about the cause ofthe problem.

FBTPWD004W The password obfuscator plugingiven could not be loaded. Ensure youhave the module package in yourclasspath.

Explanation: For a plugin to be loaded it requiressome prerequisite module libraries to load the plugin;the prerequisite module libraries are missing.


Administrator response: Ensure that you have therequired module libraries in the classpath to load thecustom plugin.

FBTRPT001E Check that all required reportparameters are set correctly.

Explanation: This error occurs when a required reportparameter is missing or has been set incorrectly in areport design file.

System action: System cannot execute reportingfunctionality.

Administrator response: Check report parametersettings in report design file.

FBTRPT002E The Report engine cannot be started.

Explanation: This error occurs due to problems in thereports configuration.


Administrator response: Check that the reportsconfiguration has been defined properly.

FBTRPT003E Detected invalid or nonexistentdirectory for report designs.

Explanation: This error occurs when the reportdesigns directory for the reports configuration isinvalid or does not exist.


Administrator response: Check that the report designsdirectory has been specified correctly in the reportsconfiguration.

FBTRPT004E Detected invalid or nonexistentdirectory for report designs.

Explanation: This error occurs when the reportarchives directory for the reports configuration isinvalid or does not exist.


Administrator response: Check that the reportarchives directory has been specified correctly in thereports configuration.

FBTRPT005E Could not find report design.

Explanation: This error occurs when a report designcannot be found in the report designs directory.


Administrator response: Check that the appropriatereport design is located in the report designs directoryas defined in the reports configuration.

FBTRPT006E Could not find archived report.

Explanation: This error occurs when an archivedreport cannot be found in the report archives directory.


Administrator response: Check that the appropriatearchived report is located in the report archivesdirectory as defined in the reports configuration.

FBTRPT007E Could not create archive reportdirectory for render type.

Explanation: This error occurs when a invalid orunsupported render type has been specified.


Administrator response: Specify pdf or html as arender type.

FBTRPT008E An error has occurred while runningreport.

Explanation: This error occurs when an unexpectederror has occurred while running a report.


Administrator response: Check the system logs forerror details.

FBTRPT009E Detected invalid report file name.

Explanation: This error occurs when the requirednaming convention for report design files is notfollowed.


Administrator response: Check that report design fileis named properly.

FBTPWD004W • FBTRPT009E


FBTRPT010E Detected invalid parameter with noselection choices.

Explanation: There was a problem retrieving selectionchoices for a list box, check box, or radio buttonparameter.


Administrator response: Check that the list box, checkbox, or radio button parameter has been definedcorrectly in the report design.

FBTRPT011E Detected unsupported or invalidparameter. Parameter must be a scalartype.

Explanation: This error occurs when a parameter isnot a scalar parameter.


Administrator response: Check that the parameter hasbeen defined as a scalar type in the report design. Onlyscalar parameters are supported in this release. Checkthe Review TFIM documentation for details on definingreport parameters.

FBTRTE001E The runtime configuration propertiesfile was not found.

Explanation: The runtime could not find itsconfiguration file in the classpath.

System action: The action will be halted.

Administrator response: Validate the runtimeconfiguration file is located in the runtimes classpath.

FBTRTE002E The runtime configuration domainproperty was not found.

Explanation: The runtime could not determine thedomain from its property configuration file.


Administrator response: Validate the runtimeconfiguration file is located in the runtimes classpathand the domain is set correctly.

FBTRTE003E The runtime configuration could not geta repository handle from the managedcontainer.

Explanation: The runtime requires a handle to therepository which it receives from the managedcontainer.


Administrator response: Validate the runtime is being

used by a managed application and the container isoperating correctly.

FBTRTE004E A required list of properties was notgiven.

Explanation: This action requires a properties list tobe given.


Administrator response: Validate that the requiredproperties are being passed.

FBTRTE005E The required property (property) was notgiven.

Explanation: This action requires the specifiedproperty to complete.


Administrator response: Validate that the requiredproperty is being given.

FBTRTE006E The given directory (directory) does notexist.

Explanation: The given directory must already exist tocomplete the action.


Administrator response: Validate that the givendirectory exists.

FBTRTE007E The given directory path (directory) couldnot be created.

Explanation: This action requires that the givendirectory path has the access to be created.


Administrator response: Validate that the givendirectory path can be created.

FBTRTE008E The given properties file (properties file)could not be found.

Explanation: This action requires that a properties filebe given.


Administrator response: Validate that the givenproperties file exists and has the correct access set.

FBTRTE012E The Access Manager server SSLconfiguration command returned witherrors. See the log file for more details.

Explanation: The Access Manager SvrSslCfg commandreturned with errors.


FBTRPT010E • FBTRTE012E



FBTRTE013E The Access Manager runtimeconfiguration command returned witherrors. See the log file for more details.

Explanation: The Access Manager PDJrteCfgcommand returned with errors.



FBTRTE014E The server type given is not a supportedtype.

Explanation: The listen mode is currently notsupported.


Administrator response: Ensure that a supportedlisten mode is entered.

FBTRTE015E An error occurred when updating theserver's state. Check server logs formore details.

Explanation: An error occurred when attempting tostore the new server's state. See the logs for moredetails.


Administrator response: Check the server logs formore details.

FBTRTE016E Unable to determine domain that thenode is a member of. The operation didnot complete.

Explanation: For any runtime operation to complete,the runtime must know what domain it is a member of.


Administrator response: Ensure that FederatedIdentity Manager was started correctly.

FBTRTE017E An error occurred when updating theconfiguration in the repository. Checkserver logs for more details.

Explanation: The configuration repository returned anerror.


Administrator response: Check the server logs formore details.

FBTRTE018E The provided JAR file is not in theexpected format. Import did notcomplete successfully.

Explanation: Only JAR files that are created by theexport function can be used to import. The JAR fileprovided was missing required data.


Administrator response: Ensure that only JAR filesthat are exported are used.

FBTRTE019E Did not find a software.properties file.Runtime deployment canceled.

Explanation: A software.properties file is required togive information about the runtime being deployed andit was not present.


Administrator response: Ensure that the runtime wasproperly installed.

FBTRTE020E Did not find a serialId in thesoftware.properties file. Runtimedeployment canceled.

Explanation: The software.properties file shouldcontain a serial identifier.



FBTRTE021E Could not find the EAR properties filegiven in the software.properties file.Runtime deployment canceled.

Explanation: The EAR properties file given in thesoftware.properties file could not be found. Thisproperties file is required to deploy the EAR.



FBTRTE022E An error occurred when attempting todeploy the runtime. Runtime was notdeployed.

Explanation: An error occurred during thedeployment of the runtime.


Administrator response: Ensure that the runtime wasproperly installed and check the logs for further details.

FBTRTE013E • FBTRTE022E


FBTRTE025E An error occurred when attempting toremove the runtime. Runtime was notremoved.

Explanation: An error occurred during the removal ofthe runtime.


Administrator response: Check the logs for furtherdetails.

FBTRTE026E The node could not be unconfigureddue to an error.

Explanation: An error occurred while attempting tounconfigure the runtime.



FBTRTE029E The node could not be configured dueto an error.

Explanation: An error occurred during the configuringof the runtime.



FBTRTE030E The domain domain name could not beremoved due to an error.

Explanation: An error occurred during the removal ofthe given domain.



FBTRTE034E The domain domain name could not becreated due to an error.

Explanation: An error occurred during the creation ofthe given domain.



FBTRTE037E Unable to modify the applicationparameter task or role name.

Explanation: An attempt to locate and modify aparticular set of application parameters failed.

System action: The parameters will not be modified.

Administrator response: No action is necessary unlessother problems occur.

FBTRTE038E software.properties is unavailable,cannot publish any directories todomain.

Explanation: A software.properties file is required togive information about the directories to publish.

System action: The publish action is halted.

Administrator response: Ensure the runtime wasproperly installed.

FBTRTE039E The software.properties key key ismissing or contains no directories topublish.

Explanation: A software.properties file is required togive information about the directories to publish.

System action: The publish action is halted.

Administrator response: Check thesoftware.properties file and ensure there is a key with avalue that is a directory or list of directories.

FBTSML001E The received request is missing therequired parameter: parameter




FBTSML002E The value value for attribute attr is notvalid.




FBTSML003E The requested target, target isunknown or disabled.



Administrator response: Validate the incomingmessage, and that the identity provider has configuredand enabled service provider partners for this target.

FBTSML004E The request received an artifact withsuccinct ID: succinctId, which did notmatch a known partner identityprovider.



Administrator response: Validate the incoming

FBTRTE025E • FBTSML004E


message and the configuration of the partner identityproviders.

FBTSML005E The current user making the requestis not authenticated.




FBTSML006E The token cannot be exchanged forthe service provider.



Administrator response: Validate the incomingmessage and the trust service configuration.

FBTSML007E No configured post page is availableto use to return the token to the serviceprovider.

Explanation: The current request could not becompleted because the token exchange succeeded butno configured post page was available.


Administrator response: This is a configuration error.Ensure that the post page exists in the templatedirectory.

FBTSML008E No token was available to return tothe service provider.




FBTSML009E The SAML response object received isnot valid.

Explanation: The current request could not becompleted because the SAML response object is notvalid.



FBTSML010E The sign-on message at the serviceprovider contained parameters that arenot valid.

Explanation: The current request could not becompleted because the sign-on request is not valid.


Administrator response: Validate the incomingmessage from the identity provider.

FBTSML011E The response from the identityprovider could not be understood or didnot contain an assertion: samlresponse.

Explanation: The current request could not becompleted because the identity provider response wasnot understandable or did not contain a SAMLassertion for sign on.


Administrator response: Ensure that the identityprovider is configured to send the correct XML elementresponse and that the request to the identity providerwas valid.

FBTSML012E The identity provider token cannot beexchanged for one that is valid for theresource.

Explanation: The current request could not becompleted because the identity provider response wasnot understandable.


Administrator response: Validate that the identityprovider is configured to send the correct XML elementresponse.

FBTSML013E The SAML artifact: artifact is notvalid.

Explanation: The current request could not becompleted as the provided SAML artifact is not valid.


Administrator response: Validate that the serviceprovider is configured correctly.

FBTSML014E The SAML assertion cannot beretrieved.

Explanation: The current request could not becompleted because a SAML assertion could not beretrieved.


Administrator response: Validate that the serviceprovider is configured correctly and that the identity

FBTSML005E • FBTSML014E


provider is configured to store the assertions for asufficient time.

FBTSML015E While processing action: action theinternal context was missing attribute:action.

Explanation: The current request could not becompleted because of an internal processing error.


Administrator response: Contact IBM softwaresupport with this log file.

FBTSML016E While processing action: action thefollowing configuration parameter wasdetermined to be missing or incorrect:action.




FBTSML017E The assertion could not be retrievedfrom the identity provider at: ip usingartifact: artifact.

Explanation: The service provider could not retrievethe assertion from the identity provider.


Administrator response: Ensure that the identityprovider is available.

FBTSML018E The user cannot be authenticated.

Explanation: The current request could not becompleted because the trust service response could notauthenticate the user.


Administrator response: Validate that the trust serviceand Point of Contact are properly configured.

FBTSML019E The SAML request is not valid.

Explanation: The current request could not becompleted because the request received is not valid.


Administrator response: Validate that the request isvalid.

FBTSML020E The where-are-you-from processreceived a request for the identityprovider: ipURL, which did not match aknown partner identity provider.

Explanation: The current request received awhere-are-you-from cookie which did not match anenabled partner identity provider.


Administrator response: Validate that the incomingmessage contains a WAYF cookie that matches one ofthe provider IDs for an enabled partner identityprovider. One workaround is to delete all persistentcookies on the browser and have the user perform theWAYF process again.

FBTSML021E The sign-on request at the serviceprovider did not contain valid sign-onparameters. Either a SAML Response ora SAML Artifact should be included inthe initial sign-on request.

Explanation: The current request could not becompleted because the sign-on request is not valid.


Administrator response: Validate the incomingmessage from the browser to ensure that the identityprovider has sent either a valid browser-artifact sign-on(redirect containing a SAMLart parameter), or a validbrowser-post sign-on (POST containing aSAMLResponse parameter).

FBTSML200E Unexpected exception: exception

Explanation: The SAML 2.0 plug-in caught anunexpected exception.


Administrator response: Examine the trace logs formore information.

FBTSML201E Cannot determine the message issuer.

Explanation: The Issuer attribute is required for thismessage and cannot be determined.


Administrator response: Verify that configuration iscorrect. The message issuer is the self provider ID.

FBTSML202W The provider is passive and cannotdisplay the following page on thebrowser: page

Explanation: The provider is passive cannot takecontrol of the user interface, including displayingpages.

FBTSML015E • FBTSML202W


System action: The page will not be displayed on thebrowser.

Administrator response: This might or might not be aproblem. If it is a problem, determine why the provideris passive by examining trace logs and configuration. Aprovider can be directed to be passive by the IsPassiveattribute in an authentication request.

FBTSML203E The provider cannot find the page todisplay.

Explanation: The provider cannot find a page todisplay in the browser.

System action: The page will not be displayed on thebrowser.

Administrator response: Examine the trace logs todetermine which page was supposed to have beendisplayed. It might have been an error status page or asuccess status page. Check the system installation todetermine if the pages have been properly installed.

FBTSML205E The provider is passive and cannotforce a user authentication.

Explanation: The provider is passive and cannot takecontrol of the user interface, including authenticatingthe user.

System action: The operation will halt.

Administrator response: Reconfigure the requestingprovider to send authentication requests that do notrequire forced authentication, or that do not require theidentity provider to be passive, or both.

FBTSML206E The provider is passive and cannotquery the user for consent to federate.

Explanation: The provider is passive and cannot takecontrol of the user interface, including querying theuser for consent-to-federate accounts.

System action: The operation will halt.

Administrator response: Reconfigure the requestingprovider to send authentication requests that do notrequire the identity provider to be passive.

FBTSML207E Cannot determine the SAML status.

Explanation: The SAML status attribute is required forthis message and cannot be determined.


Administrator response: Examine the trace logs to seewhy the SAML status was not set.

FBTSML208E Cannot create account linkagebetween the providers.

Explanation: The accounts are not linked and theSAML request forbids creating account informationrequired for linkage.


Administrator response: Reconfigure the requestingprovider to send authentication requests that allow theidentity provider to create account linkage. This is doneby setting the AllowCreate attribute in theNameIDPolicy element to true.

FBTSML209E Cannot create account linkagebetween the providers because the userdenied consent to federate.

Explanation: The accounts are not linked (federated)and the user denied permission to link them.


Administrator response: Instruct end users to consentto account linkage (federation).

FBTSML210E The timestamp in the SAML messageis out of range. The message timestamp,msgTime, is not within tolerance secondsof compareTime.

Explanation: The SAML message has a timestamp thatis not valid.

System action: The message will be ignored.

Administrator response: There are several reasonsthat a SAML message timestamp might be out of range:The clocks on the service and identity providerssystems are skewed beyond the acceptable tolerance,network delays are hampering message flow, or theacceptable tolerance for message timestamp is set toolow. The administrator should check these points andmake any necessary adjustments.

FBTSML211E The destination URL in the SAMLmessage (msgDest) does not match thecurrent provider location (here).

Explanation: The SAML message has a destinationURL that is not valid.


Administrator response: The most likely problem isthat the SAML message is being created with anincorrect destination. Verify that configuration on thesending provider specifies the correct URL for thereceiving provider.



FBTSML212E No authentication assertions werefound.

Explanation: No assertions could be found at theidentity provider.

System action: No assertions will be included in theauthentication response message.

Administrator response: Examine the trace logs to seewhy no authentication assertion was set.

FBTSML213E Cannot determine the messagedestination.

Explanation: The Destination attribute is required forthis message and cannot be determined.


Administrator response: Verify that configuration iscorrect. The message destination is the URI to whichthe message is sent.

FBTSML214E Cannot determine the endpointendpoint for provider provider.

Explanation: The required target endpoint for theSAML message cannot be determined.


Administrator response: Verify that configuration iscorrect.

FBTSML215E The name identifier policy in theauthentication request could not be metby this identity provider.

Explanation: The identity provider could not create aname identifier that adhered to the policy in theauthentication request. Usually, this means that thepolicy specified an unsupported format or not didspecify that a persistent identifier could be created.


Administrator response: Verify that authenticationrequests specify supported name identifier policies, ordo not specify a policy at all.

FBTSML216E The user account could not befederated.

Explanation: The identity provider could not federatethe user account. Usually, this means that there issomething wrong with the identity service.


Administrator response: Verify that the identityservice is configured properly and that the registryserver is available.

FBTSML217E This provider cannot accept anunsolicited authentication response.

Explanation: The authentication response beingprocessed does not have a corresponding authenticationrequest. This provider is not configured to acceptunsolicited authentication responses.


Administrator response: Verify that the serviceprovider is configured properly regarding acceptance ofunsolicited authentication responses.

FBTSML218E The specifications for the endpointendpoint are not valid.

Explanation: The endpoint specified by the SAMLmessage cannot be validated.


Administrator response: Verify that configuration iscorrect and that endpoint specifications such as index,URL and binding in the message are correct.

FBTSML219E Cannot determine the name identifierfor the logout request.

Explanation: The NameID attribute is required for thismessage and cannot be determined.


Administrator response: Examine the trace logs to seewhy no name identifier information was set.

FBTSML220E Cannot determine the session indexfor the logout request.

Explanation: The SessionIndex attribute is required forthis message and cannot be determined.


Administrator response: Examine the trace logs to seewhy no session index was set.

FBTSML221E The logout requester is not a validpartner.

Explanation: The issuer of the logout request messagecannot be determined as a valid partner to thisprovider. On an identity provider, the request issuermust be a provider to which this provider has issuedan assertion. On a service provider, the request issuermust be a provider that has issued an assertion to thisprovider.


Administrator response: If the request is legitimate,examine the trace logs to see why the request issuerwas not found in the list of known logout partners.



FBTSML222E The response message does notcorrelate to the pending request.

Explanation: The response message contains anInResponseTo attribute that does not match the IDattribute of the pending request. It is possible that theresponse was received in error.


Administrator response: If the response is legitimate,examine the trace logs to see why the InResponseToattribute does not match the ID attribute of thecurrently pending request.

FBTSML223E Logout failed.

Explanation: The locally authenticated user was notlogged out successfully.


Administrator response: Examine the trace logs to seewhy logout failed.

FBTSML224E Cannot find partner configuration forprovider partner.

Explanation: The required configuration for thepartner provider cannot be found.


Administrator response: Ensure that the partnerprovider's metadata has been imported into thisfederation and that the configuration file is notcorrupted.

FBTSML225E Token exchange failed.



Administrator response: Validate the incomingmessage and the trust service configuration. Inaddition, examine the trace logs to see why the tokenexchange failed.

FBTSML226E The message has an Issuer attributethat is not valid.

Explanation: The SAML message is required by thespecification to have an Issuer attribute. The Issuerformat, if specified, must beurn:oasis:names:tc:SAML:2.0:nameid-format:entity. Themessage is either missing the Issuer attribute or has thewrong format specified.


Administrator response: Examine the trace logs onthe provider that issued the message to see why themessage was constructed without the Issuer attribute or

with the incorrect Issuer format.

FBTSML227E The issuer of the ArtifactResolvemessage, issuer, does not match theintended recipient of the artifactmessage, recipient.

Explanation: An ArtifactResolve message was receivedfrom a provider which is not the intended recipient ofthe message associated with the artifact.

System action: The artifact in the ArtifactResolvemessage will not be exchanged for a SAML protocolmessage. An empty ArtifactResponse message will bereturned.

Administrator response: The system is behavingcorrectly by disregarding potential attacks.

FBTSML228E Cannot initialize the SOAP client forthe endpoint endpoint.

Explanation: Unable to initialize the SOAP client.


Administrator response: Validate the SOAP clientconfiguration. In addition, examine the trace logs foradditional information.

FBTSML229E The artifact exchange failed. Themessage could not be retrieved usingartifact: artifact.

Explanation: This provider attempted to exchange anartifact for a SAML protocol message but no messagewas returned.


Administrator response: Examine the artifact issuer tosee why the artifact was not exchanged. The artifactmay have expired and its associated message purgedfrom the system, for example.

FBTSML230E A SAML response message wasreceived that is not valid.

Explanation: A SAML response message was received,but a corresponding SAML request message could notbe found. The response is considered invalid.


Administrator response: If the SAML response isexpected, examine the trace logs to see why thecorresponding SAML request was not found.Otherwise, no action is needed.



FBTSML231E A SAML response message wasreceived that is not valid.

Explanation: A SAML response message was received,but it did not contain any AuthnStatements. Theresponse is considered invalid for purposes ofauthentication.


Administrator response: Examine the issuer of theSAML message to see why it issued a SAML assertionwith no AuthnStatement.

FBTSML232E No alias was found for user User andprovider PartnerProvider.

Explanation: There was no alias found for thecurrently authenticated user for the specified partnerprovider.

Administrator response: Enable trace for detailedmessages about the error.

FBTSML233E The identity service request to removean alias for userId and provider providerIdfailed.

Explanation: The identity service operation was notsuccessful.

Administrator response: Ensure that the identity andprovider are valid and check the log for messagesreturned from the identity service.

FBTSML234E No principal was found for aliasaliasId and partner provider providerId.


Administrator response: Validate that the alias andprovider are valid and check the log for messagesreturned from the identity service.

FBTSML235E The identity service request to updatean alias for userId and provider providerIdfailed.


Administrator response: Validate that the identity andprovider are valid and check the log for messagesreturned from the identity service.

FBTSML236E The assertion issued by partnerProvidercould not be validated or decrypted.

Explanation: The assertion could not be validated ordecrypted.

Administrator response: Make sure that the validationkeys, decryption keys and decryption parameters are

configured properly for the provider that issued theassertion. The trace log will indicate which operationfailed, validation or decryption.

FBTSML237E The SAML message could not bedecrypted.

Explanation: The SAML message could not bedecrypted.

Administrator response: Make sure that thedecryption keys and decryption parameters areconfigured properly for the provider that sent themessage.

FBTSML238E The SAML message signature couldnot be validated.

Explanation: The SAML message signature could notbe validated.

Administrator response: Make sure that the validationkey is configured properly for the provider that sentthe message.

FBTSML239E The SAML message could not beparsed.

Explanation: The SAML message could not be parsed.

Administrator response: Make sure that incomingmessage is properly formatted.

FBTSML240E The SAML artifact could not beparsed.

Explanation: The SAML artifact could not be parsed.

Administrator response: Make sure that incomingartifact is properly formatted.

FBTSML241E The incoming HTTP message is notvalid.

Explanation: The incoming HTTP message is notvalid.

Administrator response: Make sure that incomingHTTP message is properly formatted.

FBTSML242E Authentication failed at the identityprovider.

Explanation: The SAML status included in theauthentication response message indicates thatauthentication failed at the identity provider.


Administrator response: Examine the trace logs onthe identity provider that issued the response messageto see why the authentication operation failed.



FBTSML243E The name identifier in the request isnot valid.

Explanation: The name identifier in the request doesnot match the information that was stored for thatprovider during login. If the service provider wasacting as a member of an affiliation group during login,the name identifier in the request must reflect that fact.


Administrator response: If the request is legitimate,examine the trace logs to see why information in therequest name identifier does not match the informationstored for that provider.

FBTSML244E Cannot perform the name IDmanagement operation on a nameidentifier with format Format.

Explanation: The name identifier established duringauthentication in the current session is not persistent.Name ID update and termination managementoperations can be performed only on persistent nameidentifiers.


Administrator response: The user should authenticateusing a means that establishes a persistent nameidentifier and then retry the operation.

FBTSML245E The request was missing the TARGETparameter.

Explanation: The initial request to the service providermust contain a TARGET parameter.


Administrator response: Modify the initial request tothe service provider to contain a TARGET parameter,which should point to the desired SSO target URL.

FBTSML246E The request failed due to an internalerror on the identity provider.

Explanation: The identity provider encountered aninternal error preparing the samlp:Response for theservice provider.


Administrator response: Check the identity providerlog to determine the root cause of this error. Theidentity provider configuration for this partner mightnot be correct.

FBTSML247E The SAML request for artifact Artifactcould not be created using signing keyKeyIdentifier.

Explanation: The service provider was unable togenerate a signed samlp:Rquest message.


Administrator response: Check that the serviceprovider signing key identifier is correctly configured.

FBTSML248E The SAML artifact Artifact has alreadybeen presented to the identity provider.

Explanation: The identity provider has detected thatthis artifact has already been presented for exchange.


Administrator response: This could be a replay attack,or the browser user may have simply reloaded thepage containing the redirect to the service providerwith the artifact.

FBTSML249E The federation group type specifiedin the configuration is not supported.Group ID: 'id', Group display name: 'id',federation group type 'type'.

Explanation: The federation group defined is not asupported type.

System action: The SAML module could not beinitialized.

Administrator response: Verify that configuration filesare present and have not been corrupted. Specify asupported group type in the configuration.

FBTSML250E The partnerEndpointType endpoint forpartner 'id' and display name'displayName' for federation group withID 'id' and display name 'displayName' isnot valid. Endpoint value is'displayName'.

Explanation: The specified partner endpoint is notvalid.

System action: The SAML Module could not beinitialized.


FBTSML251E The partnerEndpointType endpoint forself 'id' and display name 'displayName'for federation group with ID 'id' anddisplay name 'displayName' is not valid.Endpoint value is 'displayName'.

Explanation: The specified self endpoint is not valid.





FBTSML252E The partnerEndpointType endpoint ismissing from the provider 'id' anddisplay name 'displayName' configurationfor federation group with ID 'id' anddisplay name 'displayName'.

Explanation: A required endpoint is missing from theprovider's configuration.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify therequired endpoint in the provider's configuration.

FBTSML253E The propertyName property is missingfrom the provider 'id' and display name'displayName' configuration forfederation group with ID 'id' anddisplay name 'displayName'.

Explanation: A required property is missing from theprovider's configuration.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify therequired property in the provider's configuration.

FBTSML254E The property value 'propertyValue' forproperty 'propertyName' specified forprovider 'id' and display name'displayName' for federation group withID 'id' and display name 'displayName' isnot valid.

Explanation: The specified property value is not valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid property value in the configuration.

FBTSML255E The boolean property value'propertyValue' for property 'propertyName'specified for provider 'id' and displayname 'displayName' for federation groupwith ID 'id' and display name'displayName' is not valid. For Booleanproperties the permitted values are 'true'or 'false'.

Explanation: The specified Boolean property value isnot valid.


Administrator response: Verify that configuration files

are present and have not been corrupted. Specify avalid Boolean property value in the configuration.

FBTSML256E The numeric property value'propertyValue' for property 'propertyName'specified for provider 'id' and displayname 'displayName' for federation groupwith ID 'id' and display name'displayName' is not valid. The minimumvalue for this property is 'displayName'.

Explanation: The specified numeric property value isnot valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid numeric property value in the configuration.

FBTSML257E The Identity provider succinct idvalue 'propertyValue' specified underproperty 'propertyName' for provider 'id'and display name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' is not valid.The identity provider succinct ID is arequired property.

Explanation: The specified numeric property value isnot valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid identity provider succinct ID value in theconfiguration.

FBTSML258E The common domain service hostvalue 'commonDomainServiceHost'specified using property 'propertyName'for partner 'id' and display name'displayName' for federation group withID 'id' and display name 'displayName' isnot valid. The common domain servicehost must start with http:// or https://and end with the common domain value'displayName'.

Explanation: The specified common domain servicehost is not valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid common domain service host in theconfiguration.



FBTSML259E The provider source id value'propertyValue' specified under property'propertyName' for provider 'id' anddisplay name 'displayName' forfederation group with ID 'id' anddisplay name 'displayName' does notmatch the message digest of theprovider ID.

Explanation: The specified provider source ID value isnot valid.


Administrator response: Verify that configuration filesare present and have not been corrupted. Specify avalid provider source ID value in the configuration.

FBTSML260E The binding value value for attributeattr is not valid for profile profile.

Explanation: The specified binding is not valid for theprofile being executed.



FBTSML261E Unobfuscation of the basicauthentication password for SOAPclient authentication failed.

Explanation: Unobfuscation of the basic authenticationpassword for SOAP client authentication failed.


Administrator response: Check the logs for a runtimeexception.

FBTSML262E The ECP profile is not enabled for theprovider.

Explanation: The ECP profile is not enabled.



FBTSML263E The name identifier policy in therequest is not valid.

Explanation: The name identifier policy in the requestis not valid. The format is not a supported format orthe SPNameQualifier is not known to the provider.


Administrator response: If the request is legitimate,examine the trace logs to see why the name identifierpolicy is considered invalid.

FBTSML264E The SAML assertion contains asession index value that has beeninvalidated by a previously receivedlogout request.

Explanation: The current request could not becompleted because a SAML assertion is not consideredvalid.


Administrator response: If the response is legitimate,examine the trace logs to see why the session indexattribute was included on a logout request.

FBTSML265E The SAML assertion with thespecified assertion ID value was notfound.

Explanation: The current request could not becompleted because a SAML assertion was not stored orthe assertion ID is not valid.


Administrator response: Please submit the requestwith a valid assertion ID.

FBTSML266E The index 'value' for endpoint type'value' specified using query stringparameter 'value' does not exist.

Explanation: The current request could not becompleted because a the endpoint index is not valid.


Administrator response: Please submit the requestwith a valid endpoint index.

FBTSML267E The value 'value' specified using querystring parameter 'value' is not validinteger value.

Explanation: The current request could not becompleted because a query string parameter is notvalid.


Administrator response: Please submit the requestwith a valid integer value.

FBTSML268E Logout from one or more partnersfailed.

Explanation: A failed status was returned from one ormore partner logout attempts.

System action: The request did not completesuccessfully.

Administrator response: Check the logs for failurereason.



FBTSML269E The users account was notsuccessfully deferated from the partner.

Explanation: The users account was not successfullydeferated from the partner



FBTSML270E The user provided to theadministrative command does not havean active session.

Explanation: The users could not be logged outbecause they do not currently have a valid session.


FBTSML271E The SAML assertion cannot beretrieved using artifact: artifact

Explanation: The current request could not becompleted because a SAML assertion could not beretrieved.


Administrator response: Validate that the serviceprovider is configured correctly and that the identityprovider is configured to store the assertions for asufficient time.

FBTSML272E The SAML module was unable toquery the user attributes.

Explanation: The current request could not becompleted because the SAML module was unable tocreate a attribute query service claims object.



FBTSML273E The SAML module was unable toobtain the subject name id from theattribute query request.

Explanation: The current request could not becompleted because the subject name id is not valid.


Administrator response: Please submit a validattribute query request.

FBTSML274E The SAML module was unable toobtain the subject principal name usingthe name id included with the attributequery request.

Explanation: The current request could not becompleted because the subject principal name can notbe obtained.


Administrator response: Please submit a validattribute query request.

FBTSML275E The SAML message could not beretrieved using artifact: artifact.

Explanation: The provider could not retrieve theSAML message using the supplied artifact.


Administrator response: Ensure that the artifact isvalid and the provider is properly configured.

FBTSML276E The SAML artifact: artifact is expired.

Explanation: The artifact received is no longer valid.


Administrator response: Ensure that the artifact isvalid and the provider is properly configured.

FBTSOC001E The SOAP endpoint passed in theSOAP client is not valid. The passed-invalue was parameter.



Administrator response: Make sure that the correctSOAP endpoint URL is configured.

FBTSOC002E An error occurred in initializing SSLwith the SOAP endpoint.

Explanation: The server might not be enabled for SSL.The SSL parameters passed in might not be valid.


Administrator response: Validate the partner's SSLconfiguration for the SOAP back channel.

FBTSOC003E The TrustStore identifier passed inSOAPClientImpl is null. The SSLconnection with the endpoint parametercannot be initialized.



Administrator response: Validate the partner's SSL

FBTSML269E • FBTSOC003E


configuration for the SOAP back channel.

FBTSOC004E The KeyStore name parameter cannotbe obtained from KessService.

Explanation: The specified keystore cannot beobtained from KessService.



FBTSOC005E The TrustStore cannot be initializedfrom the passed in identifier parameter.

Explanation: The truststore parameter passed in is notvalid.



FBTSOC006E The SOAP client is unable to parsethe response SOAP message.

Explanation: The SOAP client was unable to parse theincoming response SOAP message.


Administrator response: Validate the Access ControlList configuration in the destination endpoint.

FBTSOC007E The Client Keystore cannot beinitialized from the passed in identifierparameter.

Explanation: The client keystore parameter passed inis not valid.



FBTSOC008E The SOAP client is unable to send therequest SOAP message.

Explanation: The SOAP client was unable to send theoutgoing request SOAP message.


Administrator response: Validate the Access ControlList configuration in the destination endpoint.

FBTSOC009E Unobfuscation of the basicauthentication password for SOAPclient authentication failed.

Explanation: Unobfuscation of the basic authenticationpassword for SOAP client authentication failed.


Administrator response: Check the logs for a runtimeexception.

FBTSOC010E Unable to construct a SOAP faultbecause the compulsory parameterparameter was null.

Explanation: A constructor of a SOAP fault attemptedto build it without the required parameter.

System action: The SOAP fault will not be build.

Administrator response: Contact support.

FBTSOC011E The AccessApproval module: modulehas denied access to the endpoint: url

Explanation: A custom AccessApproval module hasdenied access to the endpoint.

System action: The connection is rejected.

Administrator response: If the URL is supposed to beaccessible, modify the custom access approval moduleto permit access to it.

FBTSOC012E Unable to load an AccessApprovalmodule with the extension ID: module

Explanation: The extension manager could not loadan AccessApproval module.

System action: The request is not processed.

Administrator response: Verify that an extension withthe specified ID is included in the published plug-ins.

FBTSPS002E The requester cannot be prompted foran identity provider. No definedfederations are valid for the request.

Explanation: The current request and delegateprotocol do not match any known defined federation.


Administrator response: Validate the configuration ofthe single sign-on protocol service.

FBTSPS003E The template identifier cannot be located.

Explanation: The current request action cannot beprocessed.



FBTSPS004E The template document used to requesta requester's identity provider is notvalid.

Explanation: The template document is missing therequired tokens or is not a valid XML document.

FBTSOC004E • FBTSPS004E




FBTSPS006E The request message could not beunderstood by the adapter.

Explanation: The request adapter was unable to adaptthe input message.


Administrator response: Validate the configuration ofthe single sign-on protocol service and the inputmessage.

FBTSPS007E The single sign-on protocol service is ina state such that the status cannot bedisplayed with a template page.

Explanation: This error can be caused by an inputrequest before the single sign-on protocol service isfully bootstrapped or it is caused by a configurationthat is not valid.



FBTSPS008E Requests cannot be accepted.

Explanation: This error can be caused by an inputrequest before the single sign-on protocol service isfully bootstrapped or it can be caused by aconfiguration that is not valid.



FBTSPS010E The request to address address cannot beaccepted.

Explanation: This error might be caused bymisconfiguration or by a request that is not valid.



FBTSPS011E The protocol for address address couldnot be determined.

Explanation: This error typically occurs because theconfiguration is not valid or because a configurationhas not been received.


Administrator response: Validate the configuration ofthe single sign-on protocol service and replicationlatency.

FBTSPS012E The single-sign on protocol service hasnot started.

Explanation: This error typically occurs because theconfiguration is not valid or because a configurationhas not been received.


Administrator response: Validate the configuration ofthe single sign-on protocol service and replicationlatency.

FBTSPS014E An instance of a distributed map cannotbe retrieved.

Explanation: Without the distributed map, the singlesign-on protocol service cannot be configured.


Administrator response: Validate the configuration ofthe single sign-on protocol service and environment.

FBTSPS015E An error occurred while moving to anew configuration.

Explanation: The newly set or retrieved configurationcould not be used.


Administrator response: Validate the configuration ofthe single sign-on protocol service and environment.

FBTSPS017E An error occurred while bootstrappingthe single sign-on protocol service.

Explanation: The configuration could not be found orcontains items that are not valid.

System action: The startup will be halted.

Administrator response: Validate the configuration ofthe single sign-on protocol service. A detailed messagecan be found in the trace.

FBTSPS018E The version of the configurationinputVersion is not valid for the singlesign-on protocol service.

Explanation: The configuration version is not valid.


Administrator response: Validate the configuration ofthe single sign-on protocol service and theconfiguration versions.

FBTSPS006E • FBTSPS018E


FBTSPS020E The configured component classNamecannot be loaded.

Explanation: The configuration component is notvalid.



FBTSPS021E The configured endpoint endpoint is notvalid.




FBTSPS025E Unable to register a management bean.



Administrator response: Check the log file for errors.

FBTSPS027E The configured delegate protocol delegateis not valid.



Administrator response: Validate the configuration ofthe single sign-on protocol service and validconfiguration versions

FBTSPS029E The configured delegate protocol delegatehas a configuration entry that is notvalid for the configuration file location.



Administrator response: Validate the configuration ofthe single sign-on protocol service and validconfiguration versions.

FBTSPS037E The single sign-on protocol serviceconfiguration file cannot be located.This result might be expected.




FBTSPS038E The configuration file at confLocationcannot be read. This file is specified inthe configuration and is required for thesingle sign-on protocol service to start.

Explanation: The configuration file is not valid. Thisresult might be due to access violations or an XMLvalidation error.



FBTSPS039E The component component cannot becreated.

Explanation: The configuration file is not valid, or aspecified class could not be loaded.



FBTSPS040E The component component cannot becreated. The provided configuration isnot valid.

Explanation: The configuration file is not valid.



FBTSPS041E No input was received with themanagement operation.

Explanation: The management operation is not valid.


Administrator response: Validate the managementoperation.

FBTSPS042E The property, property, is required forthis operation.






FBTSPS043E The page factory root, root, does notexist.




FBTSPS044E The page factory default language, root,does not exist.




FBTSPS045E The given reference ID, id, is not valid.




FBTSPS046E The given classname ,classname, couldnot be loaded.




FBTSPS047E The given entity, entity, does not exist.




FBTSPS048E The given value, value, is not valid forconfiguration item item.




FBTSPS051E The WebSEAL authentication serviceclient cannot be initialized.




FBTSPS052E The WebSEAL authentication serviceclient is not in a valid state because theconfiguration is not valid and cannot beused.

Explanation: The sign in or sign out operation cannotbe performed.


Administrator response: Validate the configuration ofthe authentication service and policy serverconfiguration files.

FBTSPS053E The credential included with therequest, cred, is not valid.

Explanation: The credential format is notunderstandable.


Administrator response: Validate the configuration ofthe authentication service and WebSEAL.

FBTSPS054E The entity ID, id, is not valid.




FBTSPS055E The configured class, classN, does notimplement or extend the required classor interface, intf.

Explanation: The configuration file is not valid.



FBTSPS056E The token included with the sign inrequest, cred, is not valid.

Explanation: The token type and format is notunderstandable.


Administrator response: Validate the configuration ofthe authentication service and caller.

FBTSPS057E The required WebSEAL header, cred, ismissing.

Explanation: The header is required for properoperation.




Administrator response: Validate the WebSEALconfiguration.

FBTSPS058E The sign out operation has failed.

Explanation: Sign out failed.


Administrator response: Check the trace log fordetailed output from the policy server.

FBTSPS059E The configured default page factoryselector, selector, is not valid.

Explanation: The specified default selector is notvalid.


Administrator response: Check the configured defaultagainst the available selectors.

FBTSPS060E Page factory operation requires at leastone page selector.

Explanation: The specified page factory configurationdoes not specify any selectors.


Administrator response: Check the configuration ofthe page factory.

FBTSPS061E An unexpected error has occurred with aprotocol module module.

Explanation: This error might be caused bymisconfiguration or by a request that is not valid.


Administrator response: Validate the configuration ofthe single sign-on protocol service, protocol module,and the input message.

FBTSPS062E The Point of Contact protocol module ismissing the required action, specifiedby parameter parameter.

Explanation: This error is typically caused by arequest that is not valid. The action parameter isnecessary to determine the behavior of the module.


Administrator response: Validate the request message.

FBTSPS063E The Point of Contact protocol module ismissing the required token for thechosen action.

Explanation: This error is typically caused by arequest that is not valid. The token is necessary toperform the specified action.


Administrator response: Validate the request message.

FBTSPS064E The configured module with ID id andversion version was not found whensearching for modules.

Explanation: The module with the specified ID andversion was not found while attempting to loadmodules. This can occur if the Federated IdentityManager modules have not been configured correctlyor the module does not exist.

System action: The request to load the module will behalted.


FBTSPS065E The configured module with ID id doesnot expose a class with ID id.

Explanation: The module with the given ID andexposed class ID was not found while attempting toload modules. This can occur if the Federated IdentityManager modules have not been configured correctlyor the module does not exist.



FBTSPS066E The configured module with ID idreferencing a module with ID moduleIdwith java class className cannot beinstantiated.

Explanation: When attempting to load a module withthe given ID and class name, an error occurred. Thiscan occur if the if the Federated Identity Managermodules have not been configured correctly or themodule does not exist.





FBTSPS067E The configured module reference,referenceId, could not be located in theconfiguration.

Explanation: In order to load a module, a validreference ID is required.



FBTSPS068E An attempt was made to retrieve acomponent with identifier 'id' whichdoes not exist.

Explanation: In order to load a component, a validreference ID is required.

System action: The request to load the componentwill be halted.


FBTSPS069E The delegate protocol instance delegateIdrequires a protocol actionactionClassName which could not becreated.

Explanation: The actions for the delegate protocolneed to be located and created in order to be invoked.

System action: The request to load the componentwill be halted.


FBTSPS073E The group membership group specifiedfor delegate id is not valid and will beignored.

Explanation: The specified group ID does not exist orcould not be found.

System action: The protocol module will not haveaccess to that group's properties.


FBTSPS074E The delegate protocol id will not beavailable at runtime because theproperties provided in the groups that itis a member of are not valid.

Explanation: The properties for the delegate groupmemberships are not correct. This typically indicatesthat federation configuration is not valid.

System action: The protocol module will not beavailable at runtime.

Administrator response: Validate the FederatedIdentity Manager configuration. Additional messages inthe error and trace logs by the protocol implementationwill display the exact error condition.

FBTSPS075E The delegate protocol id will not beavailable at runtime because theprotocol action className could not becreated.

Explanation: A protocol action used by this delegatecould not be created.

System action: The protocol module will not beavailable at runtime.

Administrator response: Validate the FederatedIdentity Manager configuration and check the trace andmessage logs for further details.

FBTSPS076E An error occurred reading pagetemplates. The SPS will continuestartup, but no pages will be availableat runtime.

Explanation: An error occurred reading the pagesdirectory. The directory may not exist or the servicemay not have the required permissions to read the files.

System action: Startup will continue, but pages willnot be available at runtime.


FBTSPS077E An error occurred creating the servicefactory id. This service factory will notbe available to protocols at runtime.

Explanation: An error occurred creating the servicefactory.

System action: Startup will continue, but the servicewill not be available at runtime.


FBTSPS078E An error occurred creating the point ofcontact client id. The service will not beavailable to protocols at runtime.

Explanation: An error occurred creating the point ofcontact client.





FBTSPS079E An error occurred creating the globalhandler id. The service will not beavailable at runtime.

Explanation: An error occurred creating the globalhandler.



FBTSPS080E An error occurred creating the protocoldetermination module id. The servicewill not be available at runtime.

Explanation: An error occurred creating the protocoldetermination module.



FBTSPS081E Unable to retrieve an instance of theIdServiceClientFactory.

Explanation: An error occurred retrieving an instanceof the alias service client factory.



FBTSPS082E Unable to retrieve an instance of theToken Command Factory with endpointendpoint.

Explanation: An error occurred retrieving an instanceof the token service client factory.



FBTSPS083E The single sign-on protocol service wasunable to locate a directory wheretemplate pages are stored.

Explanation: The Federated Identity Managerapplication does not contain the directory containingtemplate page directories.

System action: No template pages can be used.


FBTSPS084E An internal error has occurred withinthe SPS.

Explanation: The current request could not beprocessed because of an internal error.

System action: Processing of the current request willbe halted.


FBTSPS085E The current request cannot be acceptedbecause the component that is requiredto process it is missing.

Explanation: The current request could not beprocessed because of an internal error.

System action: Processing of the current request willbe halted.


FBTSPS087E Unable to retrieve an instance of theName Identifier Generator with key id.

Explanation: An error occurred retrieving an instanceof the specified NameId generator from the aliasservice.

System action: The request is stopped.


FBTSPS088W The time zone identifier given, [id], isnot valid.

Explanation: The given time zone identifier is not asupported time zone.

System action: The default UTC time zone will beused.

Administrator response: Ensure that the time zoneidentifier in the configuration is correct. Check thereturned exception for more details.

FBTSPS089W The time display pattern [id] is notsupported.

Explanation: The given time display pattern is notsupported.

System action: The default ISO8601 time format willbe used.

Administrator response: Ensure that the time format

FBTSPS079E • FBTSPS089W


in the configuration is correct. Check the returnedexception for more details.

FBTSPS090W The callback [id] could not beinitialized.

Explanation: An error was encountered during theinitialization of the given callback.

System action: The given callback will be removedfrom the list of running callbacks.

Administrator response: Check the logs for a relatedexception and correct the problem. The error is mostlikely caused by a configuration error.

FBTSPS092E Access denied.

Explanation: The user does not have permission toaccess the Web page.

System action: The user will be shown a Web pageindicating that access is not allowed.

Administrator response: If the user should bepermitted to access the Web page, the administratorshould grant the user permission. The administratormay need to add a user to the group being used forSOAP endpoint access control, for instance.

FBTSPS096E The point of contact implementationfailed to perform programmatic login.

Explanation: An error occurred performing JAASlogin.



FBTSPS097E The point of contact implementationfailed to authenticate the userperforming the request.

Explanation: An error occurred performing JAASlogin.



FBTSPS098E The point of contact implementationfailed to obtain the initial request URL.

Explanation: An error occurred obtaining the initialrequest URL from the user session.


Administrator response: Validate the FederatedIdentity Manager configuration and check the trace and

message logs for further details.

FBTSPS106E ITFIM Form Login Error



Administrator response: Check the trace and messagelogs for further details.

FBTSPS107E Form Login Error




FBTSPS109E Form authentication failed.




FBTSPS110E Check the user ID and password, andtry again.




FBTSPS111E The point of contact endpoint requiresthe user to be authenticated. Pleasevalidate the point of contact settings.

Explanation: Unable to obtain user information fromthe request.


Administrator response: Validate that the securityroles are mapped properly to users and the point ofcontact settings.

FBTSPS112E Access to the URL 'url' by the user 'username' was denied because the user wasnot assigned the role 'role name'.

Explanation: A user attempted to access the specifiedURL, but was denied access.


Administrator response: Validate that the securityroles are mapped properly to users. If the request was aSOAP request, verify that the partner has a validpassword or certificate. Verify that the SOAP EndpointSecurity Settings have been configured properly. If you

FBTSPS090W • FBTSPS112E


are using groups to control access to the SOAPendpoint, verify that the partner's user ID is in thecorrect group.

FBTSPS113E The query service factory wasconfigured with a class name thatcannot be loaded. The class name is:'class'

Explanation: This is an internal error in theconfiguration of the query service factory in the sps.xmlconfiguration file.

System action: The query service factory cannot beconfigured.

Administrator response: Report this error to IBMSoftware Support; this error should not happen.

FBTSPS114E The query service was unable tocomplete the request with the trustservice.

Explanation: An exception was thrown whencommunicating with the trust service.


Administrator response: Examine the exceptionreported in the log file.

FBTSPS115E The claims object passed to the queryservice for update was of type: 'class'and did not support the requiredinterface: 'interface'.

Explanation: An internal programming error has beendetected.


Administrator response: Report this error to IBMSoftware Support; this error should not happen.

FBTSPS116W Cannot locate the domain mappingfile. Will not try to initializeITFIMRuntime components.

Explanation: The Tivoli Federated Identity Managerdomain mapping properties file could not be located inthe WebSphere configuration repository. This could bethat the Tivoli Federated Identity Manager runtime hasnot yet been deployed.

System action: The Tivoli Federated Identity Managerruntime components will not be initialized.

Administrator response: Deploy the Tivoli FederatedIdentity Manager runtime.

FBTSPS120E The Tivoli Federated Identity Managerruntime components cannot beinitialized because the runtime cannotconnect to a remote configurationrepository.

Explanation: If the Tivoli Federated Identity Managerruntime components are deployed in a WebSpherecluster, then the runtime components need to acquire ahandler to a remote deployment manager'sconfiguration repository. This connection may fail if thedeployment manager was not started, or that themanaged nodes were started before launching thedeployment manager.

System action: The runtime components are left in anuninitialized state.

Administrator response: Restart the WebSpherecluster by first starting the deployment manager, thenstarting the node agents, and finally starting themanaged node servers.

FBTSPS121W The credential attribute 'attribute' withvalue 'attribute value' could not be addedto the SSO token because the attributessize limit has been reached.

Explanation: The Tivoli Federated Identity ManagerPoC implementation was not able to add the attributeto the SSO token.

System action: The SSO token will not include theattribute.

Administrator response: Increase the attributes sizelimit.

FBTSPS122E The Tivoli Federated Identity Managerruntime components are not initialized.

Explanation: The Tivoli Federated Identity Managerruntime components are not initialized. The runtimenode is probably not configured. The followingcomponents will not be operational: Security TokenService, Single Sign-on Protocol Service, Info Service,and Audit Service.


Administrator response: Configure the runtime nodes.

FBTSTM006E The given TokenType or AppliesTo(TokenType/AppliesTo) in the request is notsupported by this server's configurationfor RequestType RequestType.

Explanation: The request requested a TokenType orAppliesTo that is not supported by the server'sconfiguration. This error can occur because the requestdata did not map to any processing chains or becausethe expected processing chain that the request maps todid not start correctly.

FBTSPS113E • FBTSTM006E



Administrator response: Ensure that the request hasall the required data.

FBTSTM007E STSModule module_name not found.

Explanation: The server attempted to load theSTSModule but could not because an error occurred.

System action: The module has not been loadedpossibly because the chains that the module is in havenot been loaded.

Administrator response: Check the server logs forerrors and exceptions to identify the problem.

FBTSTM008E The QName namespace prefix(QName) does not match any definednamespaces.

Explanation: The given namespace prefix does notmatch any defined namespaces.


Administrator response: Ensure that the request usessupported XML namespaces.

FBTSTM009E The server did not start correctly.

Explanation: The trust server did not start correctlybecause of internal errors.

System action: The server will not accept requests.

Administrator response: Inspect logs andconfiguration files and ensure that data in theconfiguration file is correct.

FBTSTM010E A TokenType or AppliesTo must bespecified in the request.

Explanation: According to the specification, at leastone of TokenType or AppliesTo must be specified in therequest.


Administrator response: Ensure that the requiredrequest data is given.

FBTSTM011E The date and time are not in theexpected UTC format.

Explanation: The date and time given in the requestwas not in the expected UTC time format.


Administrator response: Ensure that the correct timeformat is used for the request.

FBTSTM013E A RequestType must be specified inthe request.

Explanation: According to the specification, aRequestType must be specified in the request.



FBTSTM014E The given RequestType (RequestType)is not supported by this server'sconfiguration.

Explanation: The RequestType does not apply to anyof the STSChainMappingDefinitions located in theserver's configuration.



FBTSTM015E Either no configured XPath selected anode from the request, or the givenTokenType or AppliesTo(TokenType/AppliesTo) in the request is notsupported by this server's configurationfor RequestType RequestType and Issuer(Issuer).

Explanation: Either no XPath in the configurationselected a node from the request, or the requestrequested a TokenType or AppliesTo that is notsupported by the server's configuration.



FBTSTM016E The given Issuer (Issuer) is notsupported by this server's configuration.

Explanation: The Issuer does not apply to any of theSTSChainMappingDefinitions located in the server'sconfiguration.



FBTSTM017E The server could not find the expectedtoken included in the request.

Explanation: The given request did not include theexpected token based on the server's configuration.



FBTSTM007E • FBTSTM017E


FBTSTM018E An incorrect namespace wasencountered and received QName, butexpected QName.

Explanation: The client sent a request that used anamespace that was not expected. This error istypically caused by an old namespace being used.


Administrator response: Ensure that the supportedXML namespaces are used.

FBTSTM019E The expected namespace URI for theWS-Trust schema was not found in therequest.

Explanation: The client did not specify a validWS-Trust schema in the request.



FBTSTM020E An error was encountered whenattempting to open file filename.

Explanation: The server attempted to open thespecified file and encountered an error.

System action: The operation did not complete.

Administrator response: Ensure that the file existsand has the correct file permissions.

FBTSTM021E Either the properties file (filename)was not found in the classpath or thekey (key) returned no data.

Explanation: The given properties file could not befound in the classpath or the key to look up data in theproperties file did not return the expected data.

System action: The operation did not complete.

Administrator response: Ensure that the givenproperties file is located in the classpath, or that thekey given has data associated with it, or both.

FBTSTM022E The message passed to the servicefrom the webservices runtime was notcomplete or did not exist.

Explanation: A possible cause of this problem is thatthe Trust Service System Handler was not installedcorrectly or was removed from the system.

System action: The request was halted.

Administrator response: Ensure that the Trust ServiceSystem Handler is installed and located in theWebSphere Application Server classpath.

FBTSTM023E The trust service did not startsuccessfully because it could not locatethe local or distributed configurationdata.

Explanation: The trust service could not locate theconfiguration data.

System action: The service did not start.

Administrator response: If the service is the onlyservice for the domain, ensure that the configurationfile exists. If the service is in a cluster, ensure that thecluster is operating correctly.

FBTSTM030E The trust service did not fully stop.




FBTSTM031E The trust service did not fully start.




FBTSTM032E The trust service did not fully start,stop, or both.




FBTSTM033E The trust service failed to writeconfiguration to persistent storage.




FBTSTM034E The context was not found.




FBTSTM035E The management method requested isnot implemented.






FBTSTM036E An error occurred while retrieving theserver's configuration for themanagement operation.

Explanation: The server encountered an error when itattempted to retrieve its configuration.

System action: The operation was halted.

Administrator response: Check logging messages forerrors related to retrieving the server's configurationand ensure that the correct file permissions are set onthe server's configuration file.

FBTSTM038E A classname must be provided.

Explanation: The caller-requested operation requires aclassname but did not provide a classname.


Administrator response: Ensure that a classname isgiven.

FBTSTM039E The classname provided (classname)was not found in the server's classpath.

Explanation: A classname was provided that does notexist in the server's classpath.


Administrator response: Ensure that the given classexists in the server's classpath.

FBTSTM041E The classname provided (classname)does not implement the requiredinterface for modules.

Explanation: The classname provided exists but doesnot implement the required interface for modules.


Administrator response: Ensure that the classnameprovided implements the required interface formodules.

FBTSTM042E The classname provided (classname)does not implement the expected model.

Explanation: The classname provided does not have ano-argument public constructor.


Administrator response: Ensure that the classnameprovided includes a no-argument public constructor.

FBTSTM043E The given unique identifier (identifier)does not exist in the configuration.

Explanation: The given unique identifier does notexist.


Administrator response: Ensure that the providedidentifier exists in the current configuration.

FBTSTM044E The remove request could not becompleted. There must be no referencesto the object being removed in order forthe request to complete.

Explanation: There must be no references to theconfiguration data being removed.


Administrator response: Ensure that the configurationdata being removed does not have any references to it.

FBTSTM046E The unique identifier did not matchthe expected type.

Explanation: The given unique identifier did notmatch the expected type in the configuration. This errormight also mean that the unique identifier did not existin the configuration.


Administrator response: Ensure that the entire uniqueidentifier is for the correct data.

FBTSTM047E A unique identifier must be provided.

Explanation: A unique identifier was not provided.


Administrator response: Ensure that a uniqueidentifier is provided.

FBTSTM048E The request type is already in theconfiguration.

Explanation: The management request to add a newrequest type was denied because there cannot beduplicate request types in the configuration.


Administrator response: Ensure that the request typeis not already in the configuration.

FBTSTM049E To add a request type, a request typeURI must be provided.

Explanation: A request type URI was not providedand is required.


Administrator response: Ensure that a unique requesttype URI is provided.



FBTSTM050E The mapping type given is not asupported mapping type.

Explanation: Either the mapping type was not givenor it did not match one of the supported mappingtypes.


Administrator response: Ensure that the mappingtype is one of the supported mapping types.

FBTSTM051E The request-type mapping requestedto be modified does not exist.

Explanation: The request-type mapping requested tobe modified does not exist in the server's configuration.


Administrator response: Ensure that the request typemapping that is being modified exists in the server'sconfiguration.

FBTSTM058E The chain (chain identifier) could notbe initialized due to errors.

Explanation: The given chain could not be startedwithout errors being returned.


Administrator response: Check the trace logs for amore specific error for the given chain.

FBTSTM059E The request failed to processsuccessfully.

Explanation: The given request failed to processsuccessfully. See the server logs for a specific cause ofthe failure.

System action: The request was halted.

Administrator response: Check the trace logs for amore specific error for the given chain.

FBTSTM060E The module reference ID used in theconfiguration of module chain ID'chainId', (chainReference) is not valid. Themodule reference does not exist.

Explanation: The referenced identifier does not exist.

System action: The module chain will not be availableat runtime.

Administrator response: Validate the STSconfiguration.

FBTSTM061E The module reference used in theconfiguration of module chain ID'chainId', (referenceId) is not valid. Themodule does not exist.

Explanation: The referenced module does not exist.


Administrator response: Validate the STSconfiguration and installed STS plug-ins.

FBTSTM062E The class 'className' referenced inmodule chain ID 'chainId' could not beinitialized. The init method did notsuccessfully complete.

Explanation: The module implementation did notsuccessfully initialize.



FBTSTM063E The module chain with ID 'id' couldnot be created because of an earliererror.

Explanation: The module chain could not besuccessfully created.



FBTSTM064E The module chain with ID 'id' doesnot exist.

Explanation: The module chain could not be locatedin the configuration.



FBTSTM065E The input request did not contain anydata and cannot be processed.

Explanation: The input request was null or was notprovided.

System action: The request cannot be processed.

Administrator response: Validate the configuration ofthe caller and the input message.



FBTSTM067E The module chain mapping with ID'id' references a group that does notexist.

Explanation: The group membership was either notspecified or does not exist in the configuration.Modules with the module chain may need informationfrom this group to operate.

System action: The module chain mapping will not beavailable at runtime.


FBTSTM068W The server encountered an exceptionwhile processing a request in validatemode. If the environment has traceenabled, the exception will appear inthe trace log.

Explanation: The STS encountered an exception whileprocessing a request in the validate mode. According tospecifications, the server must return a status codesimilar to the following: http://schemas.xmlsoap.org/ws/2005/02/trust/status/invalid. The exception wascaught and logged, allowing the server to return thecorrect message.

System action: The request failed. The server returnedan http://schemas.xmlsoap.org/ws/2005/02/trust/status/invalid status message.

Administrator response: Validate the requestparameters and retry the operation.

FBTSTM069E The security token service could notcreate a logger in the given directory(directory name) because it is not adirectory.

Explanation: The Security Token Service was not ableto create a logger in the given directory because it isnot a directory.

System action: The logger will not log messages.

Administrator response: Ensure the given directory isa valid directory.

FBTSTM070E The security token service messagelogger encountered an error and couldnot log the message.

Explanation: The security token service messagelogger encountered an error that is preventing it fromlogging messages.


Administrator response: Confirm that the system isallocated enough resources and there are noinitialization errors.

FBTSTM071E The security token service messagelogger encountered an error whilecreating the log file. The error text is: filename.

Explanation: The Security Token Service was not ableto create a log file because an error occurred.


Administrator response: Correct the logger name.

FBTSTM072E The security token service messagefor chain mapping (Mapping) failedsignature validation.

Explanation: The Security Token Service was not ableto validate the signature on the trust message. Thismay be caused by an incorrect key alias configured forthis chain mapping or the SOAP request was modifiedalong the way or the message was not signed by atrusted signer.


Administrator response: Verify that the correct keyalias is configured and the SOAP message was notmodified en route.

FBTSTM073E The security token service isconfigured to validate signatures forchain mapping (Mapping) but therequest received was not signed.

Explanation: The Security Token Service was not ableto validate the signature on the trust message.Threceived request was not signed.


Administrator response: Ensure that the messagecame from a trusted source and that the message mustbe signed.

FBTSTS001E The given SAML assertion is not validyet.

Explanation: The given SAML assertion's NotBeforetime has not been reached.


Administrator response: Ensure that the server's clockis synchronized with the other server's clocks that itparticipates with in the secure domain.

FBTSTS002E The given SAML assertion has expired.

Explanation: The given SAML assertion has expired.



FBTSTM067E • FBTSTS002E


FBTSTS003E The given SAML assertion token'sdigital signature is not valid.

Explanation: The given SAML assertion token's digitalsignature is not valid.


Administrator response: Ensure that the assertiontoken has not been modified after the signing.

FBTSTS004E The given SAML assertion was notsigned, a valid signature was expectedwith the assertion.

Explanation: The given SAML assertion was notsigned, a valid signature was expected with theassertion.


Administrator response: If signature validation is notrequired, re-configure the SAML module so it does notverify signatures.

FBTSTS005E Issuing SAML assertion has failed, noneof the supported Subject types werepresent.

Explanation: Issuing SAML assertion has failed, noneof the supported Subject types were present.


Administrator response: Subject types should beemailAddress, X509SubjectName orWindowsDomainQualifiedName.

FBTSTS006E No audience has been found in thegiven assertion.

Explanation: An Audience element with valid URI ismissing from the AudienceRestrictionCondition elementin the assertion xml document.


Administrator response: An Audience URI shouldexist in the request.

FBTSTS007E Issuing SAML assertion has failed, noauthentication method was given.

Explanation: The AuthenticationMethod attributeshould exist as part of the given assertionAuthenticationStatement element.


Administrator response: Ensure that theAuthenticationMethod attribute exists as part of thegiven assertion AuthenticationStatement element, forexample, password, X509-PKI, PGP, etc.

FBTSTS008E Assertion issuer is not configured.

Explanation: An issuer was not configured butassertion signing was configured.


Administrator response: If assertion signing isrequired, an issuer must be configured. Reconfigurethis application and re-start the server.

FBTSTS009E Keystore alias is not configured.

Explanation: A keystore alias must be configured ifassertion signing or validation is configured.


Administrator response: If assertion signing orvalidation is required, a keystore alias must beconfigured. Reconfigure this application and restart theserver.

FBTSTS010E The Identity Provider [ IDP ] provided aname identifier [ alias ] that could not bemapped to a valid principal name bythe Identity Service.

Explanation: The Identity provider's name identifierwas not found in the Identity Service.


Administrator response: Ensure that the principal isfederated.

FBTSTS011E Invalid security token. Claims elementwas not found.

Explanation: Liberty requires that a valid Claimselement must be in the security token.


Administrator response: This is an internal error.

FBTSTS012E The Access Manager Java Runtimeconfiguration file is not specified.

Explanation: The path to the Access Manager JavaRuntime configuration file is not specified in the STSmodules configuration file.


Administrator response: If issuing of IVCreds isenabled, ensure that a configuration file location of AMJava Runtime is specified.

FBTSTS013E The digital signature of the givenIV-Cred token is invalid.

Explanation: The given IV-Cred token's digitalsignature is invalid.


FBTSTS003E • FBTSTS013E


Administrator response: Ensure that the IV-Credtoken has not been modified after the signing.

FBTSTS014E There was an invalid Principal Chaingiven in the Access Manager credential.

Explanation: The Access Manager credential has ainternal structure called Principal Chain which isrequired for the credential to be a valid credential.



FBTSTS015E The IV-Cred binary token is invalid ornot present.

Explanation: The IV-Cred module requires that a validBinarySecurityToken element must be in the securitytoken.



FBTSTS016E A principal name was not provided tocreate an Access Manager credential.

Explanation: Creating an IV-Cred credential requires aprincipal name.


Administrator response: Provide a principal entity inthe request.

FBTSTS017E An Access Manager credential could notbe created for the given principal.

Explanation: A principal name was provided that isnot valid.


Administrator response: Ensure that a valid principalname is provided.

FBTSTS018E Unexpected exception was caught.

Explanation: An unexpected exception was caught.



FBTSTS019E The audience in the assertion does notmatch the Service Provider's URI.

Explanation: The audience restriction value in anassertion must match the URI of the Service Provider.


Administrator response: Ensure that the application isproperly configured.

FBTSTS020E The InResponseTo attribute in theassertion does not match the request IDof an Authentication request.

Explanation: The InResponseTo attribute, if specified,must match an Authentication request.


Administrator response: This may be due to anattempt to replay an assertion.

FBTSTS021E The Keystore service is not available forsigning or validating assertions.

Explanation: The Keystore service was not started orhas encountered an error.


Administrator response: Validate the configurationand restart the server.

FBTSTS022E The given Username Token has expired.

Explanation: The given Username Token has expired.



FBTSTS023E The given Username token's digitalsignature is not valid.

Explanation: The given Username token's digitalsignature is not valid.


Administrator response: Ensure that the token has notbeen modified after the signing.

FBTSTS024E The given same Username token wasreplayed.

Explanation: The given Username token was verifiedbefore and now it is being reused. This server'sconfiguration does not allow Username tokens to bereused.


Administrator response: Each Username token has aunique Nonce to protect it from Replay Attack. Checkto see whether the token has been cached and re-issuedagain without refreshing the Nonce.

FBTSTS025E A principal name was not provided tocreate a Username token.

Explanation: Creating a Username Token requires aPrincipal name.




Administrator response: Provide a Principal entity inthe request.

FBTSTS026E The given Username token's digitalsignature is missing.

Explanation: The given Username token's digitalsignature is missing.



FBTSTS027E The expected security token type ismissing.

Explanation: The expected security token type ismissing.



FBTSTS028E The given SAML assertion was verifiedbefore and now it is being reused. Thisserver's configuration does not allowassertions to be reused.

Explanation: The use-once enforcement has beenenabled and the given SAML assertion has beenverified before.


Administrator response: Ensure assertions are usedonly once.

FBTSTS030E The Liberty AuthnContext containsunsupported Authentication ContextStatement references.

Explanation: Authentication Context Statementreferences are not supported.


Administrator response: Ensure that the sendingService Provider specifies only Authentication Contextclass references.

FBTSTS031E The Liberty AuthnContext contains aninvalid Authentication Context Classreference.

Explanation: The Liberty architecture specifies thevalid set of Authentication Context classes. Thereceived AuthnRequest contained a class reference thatis not valid.


Administrator response: Ensure that the sending

Service Provider sends only supported AuthenticationContext class references.

FBTSTS032E The authentication request requires anauthentication method that is notsupported.

Explanation: The authentication request specifiesauthentication class references that must be used toauthenticate the principal, but none of these classes aresupported by this implementation.


Administrator response: Ensure that the sendingService Provider specifies at least one AuthenticationContext class reference that is supported by thisapplication.

FBTSTS033E The Access Manager Java Runtimeconfiguration file is not specified.

Explanation: The path to the Tivoli Access ManagerJava Runtime configuration file is not specified.


Administrator response: Ensure a configuration filelocation for the Tivoli Access Manager Java Runtime isspecified.

FBTSTS034E A principal name was not provided withwhich to create an Access Managerprincipal.

Explanation: Creating an Access Manager principalrequires a principal name.


Administrator response: Provide a principal name inthe request.

FBTSTS035E The Status Token Module has not beenenabled.

Explanation: The configuration key'status.module.enable' must be present and set to trueon every federation where the status token is used.


Administrator response: Enable the status module.

FBTSTS036E The IV-Cred token module does notoperate in the given mode, 'mode'.

Explanation: The mode that was configured for themodule is not valid.

System action: The module will not be available atruntime.

Administrator response: Change the operation modeto 'issue' or 'validate'.



FBTSTS037E The IV-Cred token moduleconfiguration is missing a requiredparameter, 'param'.

Explanation: The specified parameter is required foroperation.


Administrator response: Add the specified parameterto the configuration.

FBTSTS038E The token module does not operate inthe given mode, 'mode'.




FBTSTS039E The specified keystore alias (alias) wasnot found or is not valid.

Explanation: The key service could not find a keywith the provided alias or the alias has an invalid type.

System action: The token module will be disabled.

Administrator response: Ensure you have the correctkeystore configured.

FBTSTS040E An anonymous principal name is notconfigured for partner identity provider.

Explanation: An assertion was received from theidentity provider with a onetime name identifier, butan anonymous principal name is not specified in theconfiguration for the partner.

System action: The token exchange cannot beperformed.

Administrator response: Configure an anonymousprincipal name for the partner.

FBTSTS041E A username token was not present inthe current request.

Explanation: The current request did not contain auser name token for validation.


Administrator response: Ensure that clients aresending the username token.

FBTSTS042E The input token [namespace][local ] is nota username token and cannot be parsed.

Explanation: The current request did not contain auser name token for validation.


Administrator response: Ensure that clients aresending the username token.

FBTSTS043E The received message does not contain acreated time element.

Explanation: The current request did not contain acreated time element, although configuration specifiesthat it is required.


Administrator response: If clients do not send theusername token or created time, then they must disablelifetime checking.

FBTSTS046E The AppliesTo element is missing fromthe request or is badly formed.

Explanation: The AppliesTo element is missing fromthe request or is badly formed.


Administrator response: Ensure the configuration iscorrect.

FBTSTS047E None of the requested authenticationcontext requirements can be met.

Explanation: The authentication request contained oneor more authentication contexts whose requirementscannot be met by the identity provider.



FBTSTS048E The attribute profile specified in therequest is not supported.

Explanation: The request specified an attribute profilethat is not supported by the identity provider.





FBTSTS049E The Attribute in the request containedan unexpected content for the name orthe value.

Explanation: The request specified an attribute that isnot supported by the identity provider.



FBTSTS050E A Keystore alias is not configured forencryption.

Explanation: A keystore alias must be configured ifencryption is to be used.


Administrator response: An encryption keystore aliasis required for sending or receiving encrypted elements.Reconfigure this application and re-start the server.

FBTSTS051E The Assertion does not contain a validrecipient or the bearer subjectconfirmation is missing.

Explanation: The Subject in the assertion must containa bearer subject confirmation with a recipient value thatmatches the Assertion Consumer service endpoint ofthe Service Provider.


Administrator response: Ensure that the identityprovider conforms with the SAML 2.0 SSO profile.

FBTSTS052E A Keystore alias is not configured fordecryption and the assertion isencrypted or contains encryptedelements.

Explanation: A keystore alias must be configured inorder to process encrypted assertion elements.


Administrator response: An decryption keystore aliasis required for receiving encrypted elements.Reconfigure this application and re-start the server.

FBTSTS053W A Keystore alias is not configured forencryption. Attribute attrname will notbe encrypted.

Explanation: The mapping rule has indicated apreference for encrypting an attribute, but a keystorealias has not been configured for encryption.

System action: The request for encryption is ignored.

Administrator response: An encryption keystore aliasis required for sending or receiving encrypted elements.Reconfigure this application and re-start the server.

FBTSTS054E An unrecognized SAML Conditionelement has been found in theAssertion: [ Element ].

Explanation: The Assertion state is indeterminatebecause of an unrecognized Condition element.


Administrator response: Ensure that the federation isproperly configured.

FBTSTS055E Validation of the digital signature onthe given element failed.

Explanation: The validation of the digital signature onthe given element failed. Either the signature iscorrupted or the wrong validation key was used.

System action: The STS request fails and returns anerror.

Administrator response: Determine whether the causeof the failure is a corrupted signature or invalid key, fixthe problem, and regenerate the request.

FBTSTS056E A valid JAAS principal was not found.

Explanation: A valid JAAS principal was not found.

System action: The request fails; the system returns anerror.

Administrator response: Determine the reason whythe requestor is not authenticated to WebSphere, fix theproblem, then try again.

FBTSTS057E Generation of the binary security tokenfailed.

Explanation: The STS failed to issue a binary securitytoken.

System action: The request fails; the system returns anerror

Administrator response: Check the logs to determinethe cause of the failure, fix the problem, and try again.

FBTSTS058E An error occurred validating theattributes of the RequestSecurityToken.

Explanation: An error occurred validating theattributes of the RequestSecurityToken.

System action: The request fails; the system returns anerror

Administrator response: Check the logs for the causeof the error, fix the problem, and try again.



FBTSTS059E The required parameterDSIG.VerificationKeyIdentifier was notfound.

Explanation: The required parameterDSIG.VerificationKeyIdentifier was not found.

System action: The request fails; the system returns anerror.

Administrator response: Ensure that the parameter isset correctly and try again.

FBTSTS060E The protected object name for the webservice is not specified.

Explanation: The protected object name configurationparameter has not been specified.


Administrator response: Ensure a protected objectname configuration parameter is specified.

FBTSTS062E JAAS authentication for user insertfailed.

Explanation: The system failed to authenticate thegiven user through JAAS.


Administrator response: Ensure that the user'scredentials are valid and resubmit the request.

FBTSTS063E The X.509 security token is missing or isnot valid.

Explanation: The X.509 security token to be validatedis either missing or is not valid.


Administrator response: Ensure that the X.509security token is valid and resubmit the request.

FBTSTS064E The X.509 certificate path is not valid.

Explanation: The X.509 certificate path for thecertificate or certificates, contained within the securitytoken, is not valid.


Administrator response: Ensure that the X.509security token is valid and resubmit the request.

FBTSTS065E The Kerberos security token is missingor is not valid.

Explanation: The Kerberos security token to bevalidated is either missing or is not valid.


Administrator response: Ensure that the Kerberos

security token is valid and resubmit the request.

FBTSTS066E STSUniversalUser has more than onePrincipal 'name' attribute: param1param2: param2

Explanation: The STSUniversalUser should have onlyone Principal attribute with the key 'name'. Otherwise,the STSUniversalUser is ambiguous.


Administrator response: Ensure that theSTSUniversalUser has only one 'name' Principalattribute and resubmit the request.

FBTSTS067E The Kerberos service name is notconfigured.

Explanation: The Kerberos service name is notconfigured.


Administrator response: Ensure that the Kerberosservice name is configured.

FBTSTS068E The signature generation process for thegiven element has failed.

Explanation: The server attempted to digitally signsomething and has failed to do so.


Administrator response: Determine the cause of thefailure and resubmit the request.

FBTSTS069E The received assertion failed signatureverification.

Explanation: The server's attempt to verify anassertion's digital signature has failed.



FBTSTS070E Required assertion signature not found.

Explanation: The assertion was not signed as required.



FBTSTS071W The delegation module was not givenany delegate modules at initialization.The module will do nothing whencalled.

Explanation: The delegation module was placed in amodule chain, but was not given any modules for

FBTSTS059E • FBTSTS071W


delegation. When this module is invoked, it will donothing.


Administrator response: Ensure that the module isproperly configured by providing it a list of delegatemodules.

FBTSTS072E Cannot find module instance with IDinsert.



Administrator response: Verify the module instanceID exists.

FBTSTS073E The token presented is not an LTPAtoken.

Explanation: The token presented was not a binarysecurity token and therefore not an LTPA token.

System action: Request fails.

Administrator response: Make sure that the Base inthe request contains an LTPA token as a binary securitytoken.

FBTSTS074E The LTPA token is empty.

Explanation: An empty token was presented to themodule.


Administrator response: Make sure that the requestcontains an LTPA Token.

FBTSTS075E Token creation failed.

Explanation: The token could not be created.


Administrator response: Make sure that the correctpassword was presented for the keys. Otherwise, readthe description of the exception that caused this andcheck the trace log for errors.

FBTSTS076E LTPA Token is invalid.

Explanation: The LTPA token presented for validationis not valid. Extended error information should beavailable in the exception stack trace.


Administrator response: Make sure that the requestcontains a valid LTPA token.

FBTSTS077E Validated token information is empty,incorrect keys are the probable reason.

Explanation: The information gathered from the tokenis empty.


Administrator response: Make sure that the correctkeys and password are used for token consumption.

FBTSTS078E The STS Universal User cannot beempty.

Explanation: The STS Universal User documentpassed into the module was empty.


Administrator response: Make sure that the STSUniversal User document presented to the module isnot empty.

FBTSTS079E The realm used for token creation is notspecified. You must specify a realm ineither the configuration or the STSUniversal User principal.

Explanation: The realm that was going to be used fortoken creation was empty. This must be specified inorder for the user ID to be created.


Administrator response: Either reconfigure themodule to insert a static realm, or specify a realm inthe STS Universal User principal.

FBTSTS080E The User ID is not specified. Each tokencreated must have a User ID.

Explanation: No name attribute was specified in theSTS Universal User.


Administrator response: Check the STS UniversalUser document and make sure that a name is specifiedin the principal.

FBTSTS081E The LTPA token module does notoperate in the given mode, 'mode'.



Administrator response: Change the operation modeto 'issue', 'exchange' or 'validate'.



FBTSTS082E The password for the keys is not valid.

Explanation: The password configured to decrypt thekeys is not valid.


Administrator response: Enter the correct passwordfor the LTPA keys.

FBTSTS083E The public key is not valid.

Explanation: The public key entered is not a validpublic key.


Administrator response: Enter a valid public keyvalue.

FBTSTS084E The private key is not valid.

Explanation: The private key entered is not a validprivate key.


Administrator response: Enter a valid private keyvalue.

FBTSTS085E The shared key is not valid.

Explanation: The shared key entered is not a validshared key.


Administrator response: Enter a valid shared keyvalue.

FBTSTS086E The JCE provider specified, 'provider',does not exist.

Explanation: The JCE provider entered is not a validprovider.


Administrator response: Enter a valid provider, or usethe default provider.

FBTSTS087E The algorithm specified, 'algorithm', doesnot exist.

Explanation: The algorithm entered is not a validalgorithm.


Administrator response: Enter a valid algorithm, oruse the default.

FBTSTS088E The padding specified in the ciphersuite, 'padding', does not exist.

Explanation: The padding entered is not valid.


Administrator response: Enter valid padding, or usethe default.

FBTSTS089E The decryption of the token failed. Thiscould be caused by an invalid token,invalid shared key or an invalidpassword for the key.

Explanation: The decryption of the token failed. Thiscould be caused by a token, shared key, or passwordthat is not valid.


Administrator response: Verify that the LTPA sharedkey and password are correct.

FBTSTS090E The encryption of the token failed. Thiscould be caused by an invalid token,invalid shared key or an invalidpassword for the key

Explanation: The encryption of the token failed. Thiscould be caused by a token, shared key, or passwordthat is not valid.


Administrator response: Verify that the LTPA sharedkey and password are correct.

FBTSTS091E The Version specified in theconfiguration for issuing a token:'version' is not valid. It must be either 1or 2.

Explanation: The LTPA token version number is notvalid.


Administrator response: Verify that the LTPA tokenbeing sent to the module is LTPAv1 or LTPAv2.

FBTSTS092E The expiration parameter in theSTSUniversalUser not a valid number:'expiration'.

Explanation: The LTPA expiration time is not valid. Itmust be a valid positive integer representing thenumber of milliseconds since the epoch that this tokenexpires.




Administrator response: Verify that the mapping rulesets the expiration Principal attribute correctly.

FBTSTS093E The LTPA token has expired. Expirationtime: 'expiration'. Current time: 'now'.

Explanation: The LTPA token has expired.


Administrator response: Verify that the expirationtime of the token is valid and that the clock on thesystem where the token is generated is in sync with theclock on the FIM Runtime.

FBTSTS100E The text block for variable 'variable' is'text', which is not a valid XML node.

Explanation: The variable is being used to add anXML node as a value to an STSUniversalUser; however,the text for that variable is not a valid XML nodestring.

System action: Conversion of TDI Variable to XMLNode fails.

Administrator response: Modify the Tivoli DirectoryIntegrator assembly line to produce valid a XML stringfor the node value, or use a string value.

FBTSTS101E The assembly line identified by 'al'could not be executed.

Explanation: The assembly line could not besuccessfully invoked.


Administrator response: Check the causing exceptionto determine if this was an assembly line error, or anRMI error invoking the assembly line.

FBTSTS102E The assembly line represented by [Hostname: hostname Port: portConfigurationFilename: configAssemblyLineName:alname] cannot beloaded.

Explanation: The assembly line cannot be loaded.Check that the connection details are correct and thatthe server is running.


Administrator response: Validate that the TivoliDirectory Integrator connection, configuration andassembly line details are correct, and that the TivoliDirectory Integrator server is running.

FBTSTS105W Invalidating connection to TDI Serverrmiurl.

Explanation: The connection to the Tivoli DirectoryIntegrator server has been invalidated due to anexception during a remote operation. This can occur,for example, if the Tivoli Directory Integrator server isrestarted.

System action: The server connection will be droppedand a reconnection will be attempted on the nexttransaction.

Administrator response: No immediate administrationintervention is necessary. If this message appearsregularly, validate that the Tivoli Directory Integratorserver is running correctly and is reachable.

FBTSTS106E The Tivoli Directory Integrator server athostname hostname and port port cannotbe reached.

Explanation: The connection to the Tivoli DirectoryIntegrator server cannot be established. This could bean invalid configuration, a networking problem, or aninactive server.

System action: The request will fail.

Administrator response: Check that the TivoliDirectory Integrator server is running and reachable,and that the configuration of the hostname and port forthe Tivoli Directory Integrator server is correct.

FBTSTS107W Another thread has detected that theconnection to Tivoli Directory Integratorserver at hostname hostname and portport is invalid. One retry for this requestwill be attempted.

Explanation: The connection to the Tivoli DirectoryIntegrator server failed, and was detected by anotherthread while waiting for an available connection.

System action: The request will be retried once.

Administrator response: Check that the TivoliDirectory Integrator server is running and reachable.

FBTSTS108E Too many threads (numthreads) werewaiting for access to the assembly line: [Hostname: hostname Port: portConfigurationFilename: configAssemblyLineName:alname]

Explanation: The threshold for the maximum numberof waiting threads on the assembly line has beenexceeded.

System action: The request will fail, and should beretried later when traffic eases.

Administrator response: Check that the TivoliDirectory Integrator server is functioning normally. It



may be necessary to increase the pool size for theassembly line, or increase the maximum number ofthreads that can wait.

FBTSTS109E A timeout (timeoutval msec) occurredwhile waiting for a connection to theTivoli Directory Integrator server forassembly line: [ Hostname: hostnamePort: port ConfigurationFilename: configAssemblyLineName:alname]

Explanation: The thread was waiting for a connectionto the Tivoli Directory Integrator server, and thetimeout was reached.

System action: The request will fail, and may beretried later.

Administrator response: Check that the TivoliDirectory Integrator server is functioning normally. Itmay be necessary to increase the pool size for theassembly line, or increase the maximum timeout.

FBTSTS110E A thread was unexpectedly interruptedwhile waiting for an assembly linehandler for: [ Hostname: hostname Port:port ConfigurationFilename: configAssemblyLineName:alname]

Explanation: A thread was waiting for an assemblyline handler, and was unexpectedly interrupted. Thiserror should not occur.

System action: The request will fail.

Administrator response: Contact IBM SoftwareSupport.

FBTSTS120E The TAM GSO module does not operatein the given mode, 'mode'



Administrator response: Change the operation modeto 'map'.

FBTSTS121E The token representing the current userwas empty.

Explanation: This indicates an error in the request tothe trust service, or a processing error in a previousmodule in the trust chain.


Administrator response: Validate your trust chainconfiguration and the request to the trust service.

FBTSTS122E Could not retrieve GSO credentials fromTivoli Access Manager for the GSOresource 'rsrc' for user 'user'.

Explanation: Tivoli Access Manager could not becontacted, or the returned credentials were empty.


Administrator response: Validate that the TivoliAccess Manager policy server is running and that theTivoli Access Manager user has a matching GSOresource.

FBTSTS123E The Tivoli Access Manager credentialsdo not contain a username for the GSOresource 'rsrc' for user 'user'.

Explanation: The Tivoli Access Manager configurationis not valid.


Administrator response: Validate that the TivoliAccess Manager GSO credentials for this user arecorrectly populated.

FBTSTS124E The token representing the current userdid not contain a username.

Explanation: This indicates an error in the request tothe trust service, or a processing error in a previousmodule in the trust chain.


Administrator response: Validate your trust chainconfiguration and the request to the trust service.

FBTSTS125E The configuration for the Tivoli AccessManager GSO resource name is missing.

Explanation: This message indicates a configurationerror.


Administrator response: Validate your trust chainconfiguration.

FBTSTS126E The Access Manager Java Runtimeconfiguration file is not specified ordoes not exist.

Explanation: The path to the Tivoli Access ManagerJava Runtime configuration file is not specified or thefile does not exist.


Administrator response: Ensure that Tivoli AccessManager Java Runtime is configured for this domain.



FBTSTS130E Invalid security token. Claims elementis missing the required attribute 'name'.

Explanation: The Claims element must contain thespecified attribute or element.



FBTSTS131E Invalid security token. The Assertiondoes not contain an AuthnStatementelement.

Explanation: The SAML 20 SSO protocol requires thepresence of at least one authentication statement(AuthnStatement) element.


Administrator response: Ensure that the IdentityProvider is compliant with the SAML 2.0 SSO protocol.

FBTSTS132E The SAML STS module was unable tolocate the issued assertion.

Explanation: The selection criteria specified to querythe issued assertion does not match any of theassertions cached or the assertion has expired.


Administrator response: Provide a valid selectioncriteria.

FBTSTS140E The STSUniversalUser STS moduledoes not operate in the given mode,'mode'.




FBTSTS141E The token passed to the STS module forvalidation was not an STSUniversalUsertoken.

Explanation: This indicates the token module has beencalled in validate mode with a token that is not anSTSUniversalUser.


Administrator response: Validate that the client of thetrust service is passing the correct token type.

FBTSTS142E The incoming security token did notcontain the required browser requestclaims.

Explanation: An STS module requiresBrowserRequestClaims in the incoming security token.


Administrator response: Ensure that the STS modulerequiring the claims is invoked by a protocol thatprovides the claims.

FBTSTS150E The Access Manager Java Runtimeconfiguration file does not exist.

Explanation: The Tivoli Access Manager Java Runtimeconfiguration file does not exist.



FBTSTS151E A Tivoli Access Manager principal namewas not provided.

Explanation: An authentication check requires aprincipal name.


Administrator response: Provide a principal name inthe STS universal user.

FBTSTS160E The Access Manager Java Runtimeconfiguration file does not exist.

Explanation: The Tivoli Access Manager Java Runtimeconfiguration file does not exist.



FBTSTS161E A Tivoli Access Manager principal namewas not provided.

Explanation: An authorization check requires aprincipal name.


Administrator response: Provide a principal name inthe STS universal user.

FBTSTS162E A Tivoli Access Manager protectedobject name was not provided.

Explanation: An authorization check requires aprotected object name.


Administrator response: Provide a protected object



name in the STS universal user.

FBTSTS163E A Tivoli Access Manager action was notprovided.

Explanation: An authorization check requires anaction.


Administrator response: Provide an action in the STSuniversal user.

FBTSTS165E The LTPA token configuration ismissing the required secret shared key.

Explanation: The LTPA token requires a secret sharedkey to be able to encrypt or decrypt LTPA tokens.


Administrator response: Verify that the secret sharedkey was given for the LTPA token module. Also, verifythat there wasn't an error during startup wheninitializing the LTPA token module's configuration.

FBTSTS166E The LTPA token configuration ismissing the required public key.

Explanation: The LTPA token requires a public key tobe able to validate LTPA tokens.


Administrator response: Verify that the public keywas given for the LTPA token module. Also, verify thatthere wasn't an error during startup when initializingthe LTPA token module's configuration.

FBTSTS167E The LTPA token configuration ismissing the required private key.

Explanation: The LTPA token requires a private key tobe able to issue LTPA tokens.


Administrator response: Verify that the private` keywas given for the LTPA token module. Also, verify thatthere wasn't an error during startup when initializingthe LTPA token module's configuration.

FBTSTS168E The LTPA token configurationvalidation failed.

Explanation: The LTPA token configuration validationfailed.


Administrator response: Verify that the configurationfor the LTPA module is correct. Also, examine thesystem log for any reported exceptions.

FBTSTS180E The mapping extension utility functionfnc failed.

Explanation: The mapping extension utility functionfailed, and the error message should contain acaused-by exception which explains the root cause.


Administrator response: Examine the system log forthe reported root-cause exception.

FBTSTS181E WebSphere Registry authentication foruser insert failed.

Explanation: The system failed to authenticate thegiven user through the WebSphere Registry.


Administrator response: Ensure that the user'scredentials are valid and resubmit the request.

FBTSTS190E The Kerberos realm name is missing orinvalid.

Explanation: The Kerberos realm name is missing orinvalid.


Administrator response: Ensure that the Kerberosrealm name is present in the STS universal user bydefining the appropriate mapping rule.

FBTSTS191E The Kerberos client name is missing orinvalid.

Explanation: The Kerberos client name is missing orinvalid.


Administrator response: Ensure that the Kerberosclient name is present in the STS universal user bydefining the appropriate mapping rule.

FBTSTS192E The Kerberos client password is missingor invalid.

Explanation: The Kerberos client password is missingor invalid.


Administrator response: Ensure that the Kerberosclient password is present in the STS universal user bydefining the appropriate mapping rule.

FBTSTS193E The Kerberos service name is missing orinvalid.

Explanation: The Kerberos service name is missing orinvalid.




Administrator response: Ensure that a mapping rulethe Kerberos service name is present in the STSuniversal user by defining the appropriate mappingrule.

FBTSTS200E The KESS STS module does not operatein the given mode, 'mode'

Explanation: The configured mode is invalid.

System action: The module is not available atruntime.


FBTSTS201E The KESS STS token configuration isnot valid for a required parameter:'param'. Value: 'value'

Explanation: The KESS STS token module has beenconfigured with an invalid option.


Administrator response: Verify that the configurationfor the token module contains the required parametersfor the operation.

FBTSTS202E The STSUniversalToken is missing therequired 'ElementID' Context Attribute.

Explanation: When performing signing operations, theSTSUniversalUser must contain a Context Attributecalled 'ElementID'. This attribute must have a valuethat matches the value of a reference attribute in theelement to sign.


Administrator response: Verify that theSTSUniversalUser processed by this module contains aContext Attribute called 'ElementID'. Verify that valueof the attribute matches the value of a referenceattribute that can be signed.

FBTSTS203E The KESS STS Module cannotdetermine a node to sign from theattribute: 'attrname'.

Explanation: The STSUniversalUser attribute did notcontain a node value that the KESS STS module cansign.


Administrator response: Verify that theSTSUniversalUser processed by this module contains anode value in the configured attribute that can besigned.

FBTSTS204E The KESS STS Module failed tovalidate a signature for XML: 'xml'.

Explanation: The KESS STS Module cannot completethe signing operation because the signature is invalid.


Administrator response: Verify that the client issending XML with a valid signature and that KESScontains a matching signature validation key.

FBTSTS205E The KESS STS Module cannotdetermine a node to validate from theattribute: 'attrname'.

Explanation: The KESS STS module cannot validatethe signature because the STSUniversalUser attributecontaines an invalid node value.


Administrator response: Verify that theSTSUniversalUser processed by this module contains anode value in the configured attribute that can bevalidated.

FBTSTS206E The KESS STS Module cannotdetermine a node to encrypt from theattribute: 'attrname'.

Explanation: The KESS STS module cannot completethe encryption operation because the STSUniversalUserattribute contains a node value that cannot beencrypted.


Administrator response: Verify that theSTSUniversalUser processed by this module contains anode value in the configured attribute that can beencrypted.

FBTSTS207E The KESS STS Module cannotdetermine a node to decrypt from theattribute: 'attrname'.

Explanation: The KESS STS module cannot completethe decryption operation because the STSUniversalUserattribute contains a node value that cannot bedecrypted.


Administrator response: Verify that theSTSUniversalUser processed by this module contains anode value in the configured attribute that can bedecrypted.



FBTSTS208E The Default Map Module could notdetermine mapping rule type.

Explanation: The Default Map Module cannotdetermine the rule type based on the configuration.

System action: Identity mapping fails.

Administrator response: Verify that the defaultmapping module is configured correctly.

FBTSTS220E The SAML Attribute Query STS moduledoes not operate in the given mode,'mode'.




FBTSTS221E The SAML Attribute Query STS modulecould not find an assertion on theattribute query saml response.

Explanation: The attribute authority did not returnedan assertion on the saml response.


Administrator response: Verify that the configurationis correct. Also, examine the system log for anyreported exceptions.

FBTSTS222E The SAML Attribute Query STS modulecould parse the assertion from theattribute query saml response.

Explanation: The SAML attribute query sts modulewas not able to parse the assertion on the samlresponse.



FBTSTS223E The SAML Attribute Query STS modulecould not validate the xml digitalsignature.

Explanation: The SAML attribute query sts modulewas not able to validate the xml digital signature.



FBTSTS224E The SAML Attribute Query STS modulesignature validation key is not properlyconfigured.

Explanation: The SAML attribute query sts modulesignature validation key is not properly configured.


Administrator response: Verify that the validation keyis configured on the partner configuration.

FBTSTS225E The SAML Attribute Query STS modulecould not get the saml response fromthe soap envelope.

Explanation: The SAML attribute query sts modulecould not get the saml response from the soapenvelope.



FBTSTS226E The assertion included on the SAMLAttribute Query SAML Response is notsigned. This module is configure toreject unsigned assertions.

Explanation: The SAML attribute query sts moduleexpects the assertion to be signed.


Administrator response: Verify the configuration andmodify the settings to make assertion signatureoptional.

FBTSTS227E The SAML Attribute Query STS modulecould not parse the saml response.

Explanation: The SAML attribute query sts modulecould not parse the saml response.



FBTSTS228E The SAML Attribute Query STS modulecould not decrypt the xml message.

Explanation: The SAML attribute query sts modulewas not able to decrypt the xml message.





FBTSTS229E The SAML Attribute Query STS moduledecryption key is not properlyconfigured.

Explanation: The SAML attribute query sts moduledecryption key is not properly configured.


Administrator response: Verify that the validation keyis configured on the partner configuration.

FBTSTS230E The SAML Attribute Query SAMLResponse is not signed. This module isconfigure to reject unsigned samlresponse.

Explanation: The SAML attribute query sts moduleexpects the saml response to be signed.


Administrator response: Verify the configuration andmodify the settings to make saml response signatureoptional.

FBTSTS231E The SAML Attribute Query STS modulecould not sign the attribute query xmlmessage.

Explanation: The SAML attribute query sts modulewas not able to sign the attribute query xml message.



FBTSTS232E The SAML Attribute Query STS modulecould not create the attribute query xmlmessage.

Explanation: The SAML attribute query sts modulecould not create the attribute query xml message.



FBTSTS233E The SAML Attribute Query STS modulewas not able to send the attribute queryxml message.

Explanation: The SAML attribute query sts modulecould not send the attribute query xml message to theattribute authority.



FBTSTS234E The SAML Attribute Query STS modulewas not able to obtain the user principalname.

Explanation: The SAML attribute query sts modulecould not obtain the user principal name.


Administrator response: Verify that the configurationis correct. Verify that the mapping module is setting theuniversal user values properly.

FBTSTS235E The SAML Attribute Query STS modulewas not able to obtain the partner aliasfrom the alias service.

Explanation: The SAML attribute query sts modulecould not obtain the partner alias from the alias service.



FBTSTS236E The SAML Attribute Query STS modulereceived an invalid saml response.

Explanation: The saml response received by theSAML attribute query sts module is not valid.



FBTSTS237E The response message InResponseToattribute does not correlate to thepending request ID attribute.

Explanation: The response message contains anInResponseTo attribute that does not match the IDattribute of the pending request. It is possible that theresponse was received in error.


Administrator response: If the response is legitimate,examine the trace logs to see why the InResponseToattribute does not match the ID attribute of thecurrently pending request.

FBTSTS238E The timestamp in the SAML message isout of range. The message timestamp,msgTime, is not within tolerance secondsof compareTime.

Explanation: The SAML message has a timestamp thatis not valid.


Administrator response: There are several reasons



that a SAML message timestamp might be out of range:The clocks on the communicating providers systems areskewed beyond the acceptable tolerance, networkdelays are hampering message flow, or the acceptabletolerance for message timestamp is set too low. Theadministrator should check these points and make anynecessary adjustments.

FBTSTS239E Cannot determine the SAML status.

Explanation: The SAML status attribute is required forthis message and cannot be determined.


Administrator response: Examine the trace logs to seewhy the SAML status was not set.

FBTSTS240E The attribute query request failed at theattribute authority.

Explanation: The SAML status included in the samlresponse message indicates that the request failed atthe attribute authority.


Administrator response: Examine the trace logs at theattribute authority or the saml response to see why therequest operation failed.

FBTSTS241E The SAML Attribute Query STS tokenconfiguration is not valid for a requiredparameter: 'param'. Value: 'value'

Explanation: The SAML Attribute Query STS tokenmodule has been configured with an invalid option.



FBTSTS242E The SAML Attribute Query STS tokenconfiguration is not valid for a requiredparameter: 'param'. Value: 'value' is out ofrange. Minimum value: 'value' MaximumValue: 'value'

Explanation: The SAML Attribute Query STS tokenmodule has been configured with an invalid option.



FBTSTS260E The OAuth validation request for tokentype: 'type' failed.

Explanation: The OAuth validation request failedbecause the syntax of the request message or theparameters is not valid.


Administrator response: Ensure that the requestmessage and the parameters have the correct syntax.

FBTSTS261E The OAuth token type: 'type' cannot becreated.

Explanation: The OAuth server cannot issue anOAuth token for the requested token type.

System action: The OAuth token request is rejected.

Administrator response: Check the trace logs todetermine the cause of the error.

FBTSTS262E The OAuth server failed to authorizethe OAuth token: 'token' and user name:'username'.

Explanation: The OAuth server cannot generate averification code.

System action: The authorization of the client isrejected.


FBTSTS263E The validation for the OAuth token:'token' failed.

Explanation: The OAuth server cannot validate thetoken.

System action: The token validation fails.


FBTSTS265E The token type:'type' that was received isnot valid.

Explanation: The token type value is not recognized.


Administrator response: Ensure that the token typesent to the OAuth server is valid.

FBTSTS266E The STSUU token passed to the STSdoes not have the requiredparameter:'param'.

Explanation: The STSUU token sent to the server doesnot have all the required parameters.




Administrator response: Check the trace log to seewhich parameter is not present and to determine thecause of the error.

FBTSTS268E The configuration value for theparameter: 'param' is not valid. The valuefound was: 'value'. The default value'default value' is used instead.

Explanation: The value of the configuration parameteris not valid.


Administrator response: Ensure that the configurationparameter type is correct and that the value is valid.

FBTSTS269E An OAuth parameter with the name:'param' already exists.

Explanation: There is a duplicate parameter in therequest.


Administrator response: Ensure that there are noduplicate parameters in the request message.

FBTSTS270E The OAuth token with lookup: 'tokenstring' and type: 'type' cannot be found.

Explanation: The token for the given token type doesnot exist in the cache.


Administrator response: Ensure that the token is validand is mapped to the token type.

FBTSTS271E Invalid STS mode: 'mode'.

Explanation: The STS mode is not mapped to the STSmodule.


Administrator response: Ensure that the STS moduleis configured with the correct mode.

FBTSTS272E A two-legged OAuth request fromclient: 'client identifier' failed.

Explanation: The OAuth server is not configured toaccept two-legged OAuth requests.


Administrator response: Ensure that two-leggedOAuth is enabled at the OAuth server.

FBTSTS273E The OAuth client with identifier: 'clientidentifier' cannot be found.

Explanation: The client identifier in the request doesnot match any registered client or the client is disabledat the OAuth server.



FBTSTS290E Invalid STS mode: 'mode'.

Explanation: The STS mode is not mapped to the STSmodule.

System action: The request is halted

Administrator response: Ensure that the STS moduleis configured with the correct mode.

FBTSTS292E The OAuth 2.0 request type:'request_type' is not valid.

Explanation: The value of the request_type parameteris not valid.


Administrator response: Ensure your OAuth 2.0enforcement point is providing the correct value forthis parameter, or no value at all.

FBTSTS293E The OAuth 2.0 token module requestfailed due to the following exception:'name'.

Explanation: An internal exception caused the requestto stop.


Administrator response: Check the exception thatcaused this error.

FBTSTZ001E The Keystore service is not available forgenerating, signing, or validating RACFPassTicket Tokens.

Explanation: Internal Error:The Keystore service couldnot be accessed.



FBTSTZ002E RACF PassTicket Processing Failed! SAFrc=VALUE_0, RACF rc=VALUE_1, RACFreason code=VALUE_2.

Explanation: RACF returned an error while processinga PassTicket.


FBTSTS268E • FBTSTZ002E


Administrator response: Refer to the z/OS SecurityServer RACF Messages and Codes for moreinformation on the SAF/RACF return and reasoncodes.

FBTSTZ003E The value provided is not a validPassTicket.

Explanation: The given Username token's passwordwas not a valid PassTicket.


Administrator response: Ensure the defined Usernametoken's password was generated by a standardPassTicket generator with the correct secret key for thespecified user ID and configured application name.

FBTSTZ004E The PassTicket cannot be validated forthe user ID <VALUE_0>, applicationname <VALUE_1>, and key profile<VALUE_2>.

Explanation: The given PassTicket does not validatefor the given user ID, application name, and secret key.


Administrator response: Ensure the defined Usernametoken's password was generated by a standardPassTicket generator with the correct secret key for thespecified user ID and configured application name.

FBTSTZ005E The specified user ID <VALUE_0>,application name <VALUE_1>, and/orkey profile <VALUE_2>, do not meet theminimal PassTicket requirements.

Explanation: The configuration and/or the Usernametoken's username do not meet the PassTicketrequirements.


Administrator response: Validate the configurationand ensure the user ID and application name satisfyPassTicket requirements.

FBTSTZ006E An encryption error occurred duringPassTicket processing.

Explanation: Internal Error: An error was encounteredduring the encryption phase of PassTicket processing.



FBTSTZ007E An unknown error occurred duringPassTicket processing.

Explanation: Internal Error: An unknown internalerror was encountered.



FBTSTZ008E The value specified for encryption anddecryption of PassTickets was invalid.The value specified must be exactlysixteen characters long and shouldcontain only hexadecimal digits 0-9 anda-f. Please reconfigure your PassTicketmodule specifying a valid key.

Explanation: The PassTicket module requires that anadministrator specify a DES key as sixteen hexadecimaldigits. The administrator failed to do so.


Administrator response: Use the console toreconfigure the PassTicket module, specifying anappropriate encryption key.

FBTTAC003E An error occurred when reading orwriting the file file name:\nerror text\n

Explanation: An error occurred when either readingor writing a file. The error text contains additionalinformation about the error.

System action: If the file is a non-critical file, the toolwill attempt to proceed. If the file is critical to theoperation being performed, the tool will exit.

Administrator response: Attempt to resolve theproblem described by the error text. Verify that the fileexists. If the error occurs because the tool does nothave permission to modify the file, verify the file iswritable.

FBTTAC004E Unable to understand file file name, lineline number.\n The text 'invalid line fromstanza file' is not valid.\n

Explanation: An error occurred when interpreting astanza file. The file format does not appear to becorrect.

System action: The file will not be read. The tool willexit.

Administrator response: The most likely cause of thiserror is that the file specified is not a Tivoli AccessManager for e-Business stanza file. Verify that the filespecified is the correct file to use. If necessary, refer tothe documentation for examples of how to use theautoconfiguration tool.

FBTSTZ003E • FBTTAC004E


FBTTAC005E Unable to connect to host host name orIP address, port TCP port number:\nerrortext\n

Explanation: The tfimcfg tool tried to create a TCPconnection to the server and port specified. Theconnection failed.

System action: The action taken depends on whatconnection failed. In some cases, the connection will beretried or the configuration will continue even thoughthe connection failed. In other cases, the configurationwill stop. Subsequent messages will explain whataction is being taken.

Administrator response: The administrative responsedepends on which TCP connection failed and for whatreasons. As a general rule, the administrator shouldverify connectivity to the machine to which theconnection failed. Administrators should also verifythat they entered the correct hostname and portinformation if they were prompted to do so.

FBTTAC006W Please verify the WebSEAL server isrunning.\n

Explanation: The WebSEAL server does not appear tobe running, so the autoconfiguration cannot proceed.

System action: The autoconfiguration tool will exitwithout modifying any configuration.

Administrator response: Start the WebSEAL server. Ifthe WebSEAL server is already running, verify that theconfiguration file specified is correct.

FBTTAC007E The file file name indicates that\nPDJrte has not been fully configured foryour Java runtime. Please configure\nthe PDJrte in 'full' mode before runningthe FIM TAM autoconfiguration tool.\n

Explanation: The FIM TAM autoconfiguration toolrequires that the PDJrte package be fully configuredbefore the tool is run.

System action: The autoconfiguration tool will exitwithout modifying any configuration.

Administrator response: Use the pdconfig program toconfigure the PDJrte in 'full' mode, and then rerun theFIM TAM autoconfiguration tool.

FBTTAC008W The stanza entry [stanza name]entryname was not found.\n

Explanation: The FIM TAM autoconfiguration toolchecked for but did not find the configuration file entrydescribed in the message.

System action: If it is possible to proceed without thatconfiguration entry, the autoconfiguration tool will doso. Otherwise the tool will exit.

Administrator response: Verify that the configurationfile specified to the autoconfiguration tool belongs to aconfigured WebSEAL server.

FBTTAC011W The value property name was notspecified in the response file.\n

Explanation: The FIM TAM autoconfiguration toolchecked for but did not find the response file entrydescribed in the message.

System action: If it is possible to proceed without theresponse file entry, the autoconfiguration tool will doso. Otherwise the tool will exit.

Administrator response: If the configuration proceeds,no action is necessary. If the configuration fails, attemptan interactive configuration by omitting the '-rspfile'option.

FBTTAC015E An unexpected erroroccurred:\nexception text:\nexception stacktrace\n

Explanation: Most error conditions are handledautomatically by the autoconfiguration tool. Thismessages means an unexpected error occurred, andcould not be handled automatically.

System action: The autoconfiguration tool will givethe administrator an opportunity to make differentselections for the configuration.

Administrator response: Attempt to diagnose thecause of the error based on the exception text. Ifpossible, choose different configuration options.

FBTTAC019E None of the endpoints for thisfederation are handled by thisWebSEAL server. Configuration cannotcontinue. Federation endpoint URLs:

Explanation: The tool examined the URLs hosted bythis WebSEAL server and the URLs used by thefederation specified. None of the URLs for thefederation are intended for this WebSEAL server. Themessage is followed by a list of endpoints for thefederation.

System action: The autoconfiguration tool will givethe administrator an opportunity to choose a differentfederation to configure.

Administrator response: Make sure that you haveconfigured your WebSEAL server to specify on theappropriate hostnames and port number for thefederation you are configuring.

FBTTAC022E No federations are configured on thisWebSEAL server.\n

Explanation: The tool checked for federations that had

FBTTAC005E • FBTTAC022E


been configured on this WebSEAL server, and therewere none.

System action: The autoconfiguration tool will donothing.

Administrator response: No administrative responseis necessary unless the administrator wishes toconfigure federation information that was not detectedby the autoconfiguration tool. In that case, theunconfiguration should be performed manually.

FBTTAC034E The group group name exists in theregistry but has not been imported intoTivoli Access Manager.\n

Explanation: The group specified exists in the userregistry, but has not been imported into Tivoli AccessManager.

System action: The autoconfiguration tool will promptthe administrator to select a different group.

Administrator response: The administrator shouldeither use a different group, or else use pdadmin orWPM to import the user into Tivoli Access Manager.

FBTTAC035E Unable to determine junction point forendpoint URL URL\n You may need tomanually create a junction for thatendpoint.\n

Explanation: The federation uses an endpoint thatwould require a junction / on the WebSEAL server. Theautoconfiguration tool cannot create that junction.

System action: The autoconfiguration tool will skipcreating that junction.

Administrator response: The administrator shouldeither reconfigure their federation to use a differentendpoint, or else manually create the / junction.

FBTTAC045E Error creating ACL acl name andattaching it\n to object name: exceptionmessage\n

Explanation: An error occurred in the process ofcreating and attaching an ACL.

System action: The autoconfiguration tool willcontinue with the configuration.

Administrator response: The administrator mayattempt to diagnose the error condition and fix theproblem, or they may create the ACL manually.

FBTTAC046E Junction creation failed with error codeerror code.\n

Explanation: An error occurred in the process ofcreating a junction. Other messages may have moreinformation on the root cause of the problem.

System action: The autoconfiguration tool will

continue with the configuration.

Administrator response: The administrator mayattempt to diagnose the error condition and fix theproblem, or they may create the junction manually.

FBTTAC047E Junction creation failed:\nerrormessages\n.

Explanation: An error occurred in the process ofcreating a junction. Other messages may have moreinformation on the root cause of the problem.


Administrator response: The administrator mayattempt to diagnose the error condition and fix theproblem, or they may create the junction manually.

FBTTAC048W Unable to locate the library namelibrary.\n Using default library libraryname.\n

Explanation: The autoconfiguration tool could notfind a library.

System action: The autoconfiguration tool willcontinue with the configuration, inserting a standardlibrary path for the library location. The WebSEALserver may fail to start properly after the configurationis done.

Administrator response: If WebSEAL does not startafter the configuration is complete, the administratorshould check the WebSEAL log file to verify theproblem is the library name, and then specify thecorrect name in the WebSEAL configuration file.

FBTTAC049W Error interpreting federation endpoint'endpoint type', URL url:\n exception text\n

Explanation: The autoconfiguration tool could notinterpret a URL associated with the federation.

System action: The autoconfiguration tool willcontinue with the configuration, ignoring themalformed URL.

Administrator response: The administrator may needto perform manual configuration for the endpoint.

FBTTAC054E Error connecting to url:\nexceptiontext\n

Explanation: The autoconfiguration tool could notconnect to a URL.

System action: The autoconfiguration tool will promptthe administrator to correct the URL.

Administrator response: The administrator shouldcorrect the URL.



FBTTAC055E The URL url does not appear toconnect to a Web server.\n

Explanation: The autoconfiguration tool could notconnect to a URL.


Administrator response: The administrator shouldcorrect the URL.

FBTTAC056E The request to the Web server failed.Response: http error code http statusmessage:\n Response text:\n \n text fromweb server:\n \n \n

Explanation: The Web server returned an error for anHTTP request.


Administrator response: The administrator may needto update the Web server configuration to fix theproblem.

FBTTAC057W Warning: the URL url appears toconnect directly to WebSphere. Forbetter performance and stability,connecting to a Web server running theWebSphere Web server plug-in isrecommended.

Explanation: The administrator specified a URL thatconnects directly to WebSphere, which is not arecommended configuration.


Administrator response: The administrator may needto update the Web server configuration to fix theproblem.

FBTTAC059E No federations were returned from theITFIM InfoService.\n Responsebody:\n\n response text \n

Explanation: The Federated Identity ManagerInfoService did not return any federations.

System action: The autoconfiguration tool will promptthe administrator to correct the URL for the InfoService.

Administrator response: The administrator shouldmake sure that federations have been configured on theFederated Identity Manager server. It may be necessaryto restart the WebSphere server if the configuration hasbeen changed recently.

FBTTAC081E Unable to create Tivoli Access Manageradministration context.\n

Explanation: An error occurred creating the TivoliAccess Manager administration context. Other errormessages with more detail may be displayed.

System action: The autoconfiguration tool will givethe administrator an opportunity to specify a differentTAM user-id ans password.

Administrator response: Attempt to diagnose thecause of the error based on the other error messages.Verify the administrator user-id and password arecorrect.

FBTTAC087E ACL deletion failed:\nerror messages\n.

Explanation: An error occurred in the process ofdeleting an ACL. Other messages may have moreinformation on the root cause of the problem.

System action: The autoconfiguration tool willcontinue with the unconfiguration.

Administrator response: The administrator shoulddelete the junction manually.

FBTTAC088E Attribute deletion failed:\nerrormessages\n.

Explanation: An error occurred in the process ofdeleting extended attributes from an object. Othermessages may have more information on the root causeof the problem.

System action: The autoconfiguration tool willcontinue with the unconfiguration.

Administrator response: The administrator shoulddelete the attributes manually.

FBTTAC098E An error occurred when restarting theWebSEAL server. Please check\n the logfile log file to diagnose and fix theproblem.\n

Explanation: The configuration tool tried to restartWebSEAL, but the server did not start.

System action: The autoconfiguration tool will notproceed until the WebSEAL server is operational.

Administrator response: The administrator shouldcheck the WebSEAL log file and correct the problem.

FBTTAC101W An error occurred when executing thecommand command:\n exception text\n

Explanation: Executing a command failed.

System action: The action taken depends on whichcommand failed, and for what reasons.

Administrator response: No response is necessary

FBTTAC055E • FBTTAC101W


unless other problems occur.

FBTTAC102E The Tivoli Access Manager policyserver was unable to modify an\n entryin the user registry because ofinsufficient access rights. You may\nneed to update the ACLs applied toyour user registry to grant the policy\nserver access. The error message fromthe policy server was:\n TAM errormessages\n

Explanation: An attempt to create a user or groupfailed, and the error message from the Tivoli AccessManager policy server indicates that the problem is dueto insufficient LDAP access rights.

System action: The user or group will not be created.If the user or group is not critical, the remainder of theconfiguration will proceed.

Administrator response: Refer to the Tivoli AccessManager documentation on applying IBM Tivoli AccessManager ACLs to new LDAP suffixes for additionalinformation on how to correct the LDAP ACLs.

FBTTAC111W The Web server did not provide a CAcertificate for the SSL handshake. Youwill need to contact the Web serveradministrator to obtain the CAcertificate. Once you have obtained theCA certificate, add it to the WebSEALkey database manually.

Explanation: The fimtamcfg tool attempts todownload the CA certificate from the Web server, sincemany Web servers include the CA certificate as part ofthe SSL handshake. The CA certificate was not includedin the SSL handshake, so the administrator will need toobtain the certificate through other means.

System action: The configuration will continuewithout the CA certificate, but the junction fromWebSEAL to the application server will not functioncorrectly until WebSEAL has the CA certificate.

Administrator response: Refer to the message forinstructions on how to resolve this problem. Forassistance with adding the CA certificate to theWebSEAL key database, refer to the WebSEALadministration guide chapters discussing SSL andGSKit.

FBTTAC113E Unable to convert key database filename from .kdb format to .jks format.The gsk7cmd program returned errorcode numeric error code.log data

Explanation: The fimtamcfg tool attempts to convertthe WebSEAL key database from .kdb format to .jks(Java Key Store) format. This conversion failed with thespecified error code and error text.

System action: The administrator will be prompted toeither correct the problem or else cancel theconfiguration.

Administrator response: Read the messages printed tothe screen to diagnose the root cause of the problem.Correct the problem, and then repeat the configuration.

FBTTAC114E Unable to add the certificate cert file tothe key database file name. The gsk7cmdprogram returned error code numericerror code.log data

Explanation: The fimtamcfg tool attempts to add aWeb server's CA certificate to the WebSEAL keydatabase. This process failed with the specified errorcode and error text.

System action: The administrator will be prompted toeither correct the problem or else cancel theconfiguration.

Administrator response: Read the messages printed tothe screen to diagnose the root cause of the problem.Correct the problem, and then repeat the configuration.

FBTTAC117E The values provided in the responsefile for the SSL certificate did not matchthe values presented by the SSL server.Invalid value: Certificate DN or fingerprintConfiguration cannot continue.

Explanation: The fimtamcfg tool checks the certificatepresented by an SSL partner against the expectedvalues recorded in a response file from previousconfigurations. The certificates did not match.

System action: The fimtamcfg tool will not continueconfiguration until the partner's certificate can bevalidated.

Administrator response: The administrator shouldmake sure that the values they have provided for theFederated Identity Manager hostname and port arecorrect. If those values are correct, the administratorshould verify the SSL certificate presented by the Webserver is the correct certificate. If the hostname, port,and certificate are all correct, the administrator shouldrun the configuration in interactive mode, without the-rspfile flag, to complete the task.

FBTTAC122E The option command line option must bespecified.

Explanation: The tfimcfg tool was passed invalidcommand line options.

System action: The tfimcfg tool will exit.

Administrator response: Review the tfimcfg usagemessage and documentation and correct the commandline options.



FBTTAC123E The argument to the option commandline option must be specified.




FBTTAC124E The configuration option command lineoption is not valid.




FBTTAC125E The file file name does not appear tobelong to a WebSEAL server.

Explanation: The tfimcfg tool examined theconfiguration file specified and determined it did notbelong to a WebSEAL server.

System action: The tool will exit without changingany configuration.

Administrator response: The most likely cause of thiserror is that the file specified is not a Tivoli AccessManager for e-Business stanza file that belongs to aWebSEAL server. Verify that the file specified is thecorrect file to use. If necessary, refer to thedocumentation for examples of how to use theautoconfiguration tool.

FBTTAC140W LDAP server type 'ldap server type'unknown. You should manually updatethe ACLs for the LDAP suffixes.

Explanation: The tfimcfg tool tries to set appropriateACLs on LDAP suffixes, but does not support allLDAP server types. The ACLs could not be updatedbecause the LDAP server was not recognized.

System action: The configuration will continuewithout updating the ACLs.

Administrator response: The administrator shouldmanually update the ACLs on the LDAP suffixes.

FBTTAC145W Object already exists. Reusing existingobject.

Explanation: The tfimcfg tool tries to create LDAPobjects as needed. An object already exists.

System action: The configuration will reuse the object.

Administrator response: No response necessary.

FBTTAC146W Missing required property propertyname.

Explanation: A required property was not specified inthe response file.

System action: The configuration will stop.

Administrator response: Correct the response file.

FBTTAC147W Suffix already exists. Reusing existingsuffix.

Explanation: The tfimcfg tool tries to create LDAPsuffixes as needed. A suffix already exists.

System action: The configuration will reuse the suffix.

Administrator response: No response necessary.

FBTTAC148W LDAP server type 'ldap server type'unknown. You should manually addLDAP suffixes.

Explanation: The tfimcfg tool tries to automaticallycreate suffixes, but does not support all LDAP servertypes. The suffixes could not be created because theLDAP server was not recognized.

System action: The configuration will continuewithout creating the suffixes.

Administrator response: The administrator shouldmanually create the LDAP suffixes.

FBTTAC150E Unable to connect to LDAPserver:exception.

Explanation: The tfimcfg tool was unable to make aconnection to the LDAP server.

System action: The configuration will halt.

Administrator response: Verify that the hostname andport number specified for the connection are correctand that the LDAP server can be contacted.

FBTTAC151E Unable to authenticate to LDAPserver:exception. Verify that the user-idand password are correct.

Explanation: The tfimcfg tool was unable to make aconnection to the LDAP server.


Administrator response: Verify that the user-id andpassword specified for the connection are correct.



FBTTAC152E Permission denied by LDAPserver:exception. Verify that you arebinding to LDAP as an administrativeuser with sufficient permissions tocomplete the configuration tasks.

Explanation: The tfimcfg tool was unable to access theLDAP server because of insufficient access rights.


Administrator response: Verify that the user you areusing to bind to LDAP has sufficient access rights toperform the failing configuration task.

FBTTAC153E Object not found:exception. You mayhave specified an incorrect object DN,or you may need to create an LDAPsuffix manually.

Explanation: The tfimcfg tool was unable to create anobject in the LDAP server because the parent objectwas not found.


Administrator response: Verify that you havespecified the object DN correctly. You may need tocreate the suffix for the object manually.

FBTTAC154W Configuration of authenticated SOAPendpoints with the IVT application isnot recommended. Authentication forthe IVT application can conflict withauthentication for the SOAP endpoints.

Explanation: The IVT application requires formsauthentication, while SOAP endpoints requirecertificate or BA authentication. Attempting to use boththose authentication types simultaneously can causeone or both to stop functioning.

System action: The configuration will continue.

Administrator response: The administrator should usea separate WebSEAL server for SOAP endpoints.

FBTTAC187E POP creation failed: error messages.

Explanation: An error occurred in the process ofcreating a POP. Other messages may have moreinformation on the root cause of the problem.


Administrator response: Attempt to diagnose theerror condition and fix the problem, or create the POPmanually.

FBTTAC188E An invalid URL value was entered.

Explanation: The value entered was not a valid URL.

System action: The autoconfiguration tool will showthe URL entry prompt again.

Administrator response: Enter a valid URL.

FBTTRC002W The service stub cannot be retrievedusing a JNDI Lookup. Falling back onService Locator. The handlerconfiguration is likely to fail.


System action: Processing continued.

Administrator response: Check the log files for moreinformation.

FBTTRC003E The Trust Service Client handler ismissing or improperly configured.

Explanation: The handler is missing from the clientside handler chain. If this handler is missing or notpresent, or the client is not running as a managedapplication, the Trust Client cannot retrieve nor set themessages sent to the trust server.



FBTTRC004W The returnedRequestSecurityTokenResponse did nothave a wsu:Id

Explanation: Without an element ID, the client cannotreceive the original message.



FBTTRC006E No DOM message implementationwas passed.

Explanation: The Trust Client implementation isexpecting the passed-in message to contain a DOM treethat represents the SOAP envelope.



FBTUSC000E Internal Error. Contact the SystemAdministrator.




FBTTAC152E • FBTUSC000E


FBTUSC001E The required attribute attributeNamewas not found in the incoming STSRequest.

Explanation: The required attribute was not found inthe incoming STS Request. The required attribute isexpected to be added to the request by another STSmodule earlier in the trust chain.


Administrator response: Enable tracing to helpdetermine why the attribute was not added.

FBTUSC002E The required configuration parameterconfigParameterName was not provided tothe STS module.

Explanation: The required configuration parameterwas not provided.


Administrator response: Ensure that the configurationfor the module has been correctly performed.

FBTUSC003E The required service handlehandleName was not provided to the STSmodule.

Explanation: The required service handle was notavailable.


Administrator response: This error is a significantinternal error. Check the logs for error messagesindicating why the required service was not properlycreated.

FBTUSC004E E-mail could not be sent to thefollowing address: address.

Explanation: An e-mail could not be sent to therequested address. This error is not an internal error.

System action: The User Self Care operation could notbe completed.

Administrator response: The User Self Careapplication could not send e-mail to the indicatedaddress. If details are required, please enable tracelogging and examine the nested exception.

FBTUSC005E An e-mail could not be sent due to aproblem with the messaging component.

Explanation: An e-mail could not be sent due to aproblem with the messaging component.

System action: The User Self care operation could notbe completed.

Administrator response: The User Self Careapplication could not a message due to a problem withthe messaging component. If details are required,please enable trace logging and examine the nestedexception.

FBTUSC006E An error occurred during theconstruction of the contents of amessage.

Explanation: The messaging component failed to builda message to send to the user.

System action: The User Self care operation could notbe completed.

Administrator response: The User Self Careapplication could not send a message due to a problemconstructing the message contents. If details arerequired, please enable trace logging and examine thenested exception.

FBTUSC007E The page contents might be missingthe required information such as[requiredInfo] that is used to process ane-mail message request.

Explanation: The E-mail Message STS module requirescertain information in order to process the request. Therequired information is missing.



FBTUSC010E Password change failed.

Explanation: The password change operation failed.

System action: The password for the user has notbeen changed.

Administrator response: Ensure that the registryserver is available. Check the log file for moreinformation about the cause of the problem.

FBTUSC011E Profile lookup failed.

Explanation: The profile lookup operation failed.



FBTUSC012E Profile update failed.

Explanation: The profile update operation failed.

System action: The request was halted withoutmodifying the user profile.

FBTUSC001E • FBTUSC012E



FBTUSC013E User account creation failed.

Explanation: The user account creation operationfailed.

System action: The request was halted withoutcreating the user account.


FBTUSC014E User account deletion failed.

Explanation: The user account deletion operationfailed.

System action: The request was halted withoutdeleting the user account.


FBTUSC015E Group membership update failed.

Explanation: The group membership update operationfailed.



FBTUSC016E User lookup failed.

Explanation: The user lookup operation failed.



FBTUSC017E Context attributes required to performthe operation are missing: data

Explanation: This operation requires one or morecontext attributes that are not present. This errorusually indicates a problem with a custom mappingrule.


Administrator response: Ensure that any custommapping rules in the chain pass on all incomingcontext attributes.

FBTUSC020E You must specify a user name.

Explanation: The user has not specified a user name.This message is displayed to the user.

System action: No action is necessary. The enrollmentrequest has not been processed.

Administrator response: No action is necessary.

FBTUSC021E The specified passwords do notmatch.

Explanation: The specified passwords do not match.This message is presented to the user.

System action: No action is necessary. The userenrollment request has not been processed.

Administrator response: No response is necessary.

FBTUSC022E The enrollment validation data mustbe supplied.

Explanation: The user has submitted the enrollmentcompletion form without the enrollment validationdata. This message is presented to the user.



FBTUSC023E The enrollment validation data is notcorrect, or the enrollment process hasalready been completed.

Explanation: The user has submitted enrollmentvalidation data that does not match a currentenrollment request or has resubmitted the enrollmentcompletion form.



FBTUSC024E The requested user name, username isalready in use.

Explanation: The requested user name is already inuse. This message is displayed to the user.

System action: No action is necessary. The enrollmentrequest has not been processed.


FBTUSC025E Account creation failed.

Explanation: The user account could not be created.This message is displayed to the user.

System action: The enrollment process has not beencompleted.



Administrator response: Examine the applicationserver logs to determine the cause of the problem.

FBTUSC026E Unable to generate a confirmation ID:error.

Explanation: Unable to generate a confirmation ID.

System action: The enrollment request has not beenprocessed.

Administrator response: Examine the applicationserver logs to determine the cause of the problem.

FBTUSC027E You must enter values in both thepassword and password confirmationfields.

Explanation: The user has not supplied either thepassword or the password confirmation.



FBTUSC028E The specified e-mail addresses do notmatch.

Explanation: The specified e-mail addresses do notmatch. This message is presented to the user.



FBTUSC029E You must enter both the e-mailaddress and e-mail address confirmationfields.

Explanation: The user has not supplied either thee-mail address or the e-mail address confirmation.



FBTUSC030E The USCChangePassword STSmodule does not operate in the givenmode, 'mode'.


System action: The module is not available atruntime.


FBTUSC031E Additional data is required to performthe operation: data

Explanation: The operation requires additional data.


Administrator response: Ensure that the specifieddata items are present before requesting the operation.

FBTUSC032E The new password and confirmationpassword do not match.

Explanation: The new password and the confirmationpassword must match.


Administrator response: Ensure that the newpassword and confirmation password are the same.

FBTUSC033E The current password is incorrect.

Explanation: The current password is incorrect.


Administrator response: Ensure that the currentpassword is correct.

FBTUSC034E The password change operation failed.

Explanation: The password change operation failed.



FBTUSC035E The new password does not meet thepassword policy requirements.

Explanation: The new password does not meet thepassword policy requirements.


Administrator response: Select a new password thatcomplies with the password policy requirements.

FBTUSC040E Unable to find your accountvalidation questions.

Explanation: The secret question module did notprovide any account validation questions to present tothe user and did not provide a failure reason.





FBTUSC041E This account has been locked due totoo many failed account validationattempts.

Explanation: The user made too many failed attemptsto validate the account, so the account has been locked.



FBTUSC042E There is already a password changerequest in progress for this account.

Explanation: The user already started the passwordchange process. The user can make only one passwordchange request at a time.



FBTUSC043E The password change request hasalready been processed.

Explanation: The password change request identifiersupplied by the user does not identify a currentpassword change request.



FBTUSC044E The information required to locateyour user name is missing.

Explanation: The information required to locate theuser name was not supplied.



FBTUSC045E Account validation failed.

Explanation: You provided an incorrect answer to theaccount validation question.



FBTUSC046E Unable to retrieve your accountvalidation details.

Explanation: The secret question mapping module didnot provide the name of the profile attribute used tostore the answer to the account validation question.


Administrator response: The account recovery modulechain contains a mapping module. Check that themapping rule correctly maps the secret questionidentifiers to the profile attributes.

FBTUSC047E Unable to retrieve your accountvalidation details.

Explanation: Unable to find a value for the profileattribute that holds the answer to the selected accountvalidation question.


Administrator response: Check that the mapping ruleused in the account recovery module chain maps secretquestion identifiers to the correct profile attributes.

FBTUSC048E You must specify a user name.

Explanation: The user has not specified a user name.This message is displayed to the user.

System action: No action is necessary. The accountrecovery request has not been processed.


FBTUSC049E You must specify the answer to theaccount validation question.

Explanation: The user has not supplied the answer tothe account validation question.

System action: The account recovery request has notbeen processed.


FBTUSC050E No authenticated user identity isavailable.

Explanation: The requested operation can only beperformed using an authenticated user identity, butnone is available.


Administrator response: Check the securityconfiguration to ensure that authentication is requiredto access this operation.

FBTUSC051E The account could not be deleted.

Explanation: The account could not be deleted.



FBTUSC060E The required Context Attributes werenot found in the incoming STSUU.

Explanation: A User Self Care STS module requiresContext Attributes in the STSUU.


Administrator response: Investigate the previousmodules in the trust chain to ensure that none of them



remove the context attributes from the STSUU, andcorrect if necessary. If removal is not the problem, theprotocol service invoking the chain might have failed toprovide the context attributes. In this case, the error isan internal error.

FBTUSC061E The module received the contextattribute: handleName containing a valuethat is not valid: value.

Explanation: The module received a required contextattribute, but the value is not valid.


Administrator response: Determine whether any STSmodules preceding this module in the chain haveincorrectly set the value of the required attribute andcorrect.

FBTUSC062E The User Self Care module cannotcreate a local token.

Explanation: The User Self Care module cannot createa local token.

System action: The User Self Care request processingstopped.


FBTUSC063E The User Self Care module cannotlocate the context attributes.

Explanation: The User Self Care cannot locate thecontext attributes.



FBTUSC064E The User Self Care module cannotinvoke the STS.

Explanation: The User Self Care module cannotcontact the STS to fulfill the user request.



FBTUSC065E The User Self Care module failed tosend a response to the user request.

Explanation: The User Self Care module cannot senda response to the user request.



FBTUSC066E The User Self Care module cannotlocate a redirect URL on the contextattributes.

Explanation: The User Self Care cannot locate theredirect URL on the context attributes.



FBTUSC067E The User Self Care module failed tosend a browser redirect response to theuser request. Redirect URL: pageID.

Explanation: The User Self Care module failed to senda browser redirect response to the user request.



FBTUSC068E The User Self Care module cannotfind the page template for pageidentifier: pageID.

Explanation: The User Self Care module cannot findthe page template with the specified page identifier.



FBTUSC069E The User Self Care module failed toreturn a browser form to the user. PageID: formID.

Explanation: The User Self Care was unable return abrowser form to the user.



FBTUSC070E The User Self Care module cannotfind the form page identifier from thecontext attributes.

Explanation: The User Self Care module cannot findthe form page identifier from the context attributes.





FBTUSC071E The User Self Care module cannotprocess the error generated.

Explanation: The User Self Care module cannotprocess the error generated.



FBTUSC072E The User Self Care module cannotprocess the request.

Explanation: The User Self Care module cannotprocess the request.



FBTUSC073E The User Self Care module requestwas sent using a transport that is notvalid.

Explanation: The User Self Care module was sentusing a transport that is not valid. The request was sentusing the SOAP binding.


Administrator response: Examine the logs todetermine the cause of the problem. Ensure that therequest is being sent using the appropriate binding.

FBTUSC080E Unable to locate your profile details.

Explanation: A profile retrieval or update operationreturned an error that the user was not in the registry.This error might occur when users have been recentlydeleted.

System action: The STS request processing stopped.

Administrator response: Check that the user registryis correctly configured and is currently available. Checkthat the configuration of the entity management STSmodule specifies the correct user registry suffix.

FBTUSC081E One or more of the specified profileattributes might not be updated.

Explanation: A profile update request included one ormore profile attributes that users cannot edit. This errormight indicate malicious user activity.

System action: The STS request processing stopped.

Administrator response: Enable tracing in the profilemanagement STS module to identify the attributenames. Check that the profile update form includesonly profile attributes from the list of permittedattributes in the profile management STS moduleconfiguration. Verify that the set of permitted attributesis correct.

FBTUSC082E The specified e-mail addresses do notmatch.

Explanation: The specified e-mail addresses do notmatch. This message is presented to the user.

System action: No action is necessary. The profileupdate request has not been processed.


FBTUSC084E The account recovery STS moduleconfiguration is incorrect.

Explanation: The account recovery STS moduleconfiguration includes the account recovery lookupattribute and the account recovery validation attributes.

System action: The account recovery STS module hasnot been initialized. Account recovery operations failuntil this error is corrected.

Administrator response: Correct the configuration ofthe account recovery STS module. Ensure that theaccount recovery lookup attribute and the accountrecovery validation attributes are specified.

FBTUSC085E The e-mail message STS moduleconfiguration is incorrect.

Explanation: The e-mail message STS moduleconfiguration includes the SMTP server name, SMTPuser name, SMTP user name password, and enrollmente-mail address.

System action: E-mail message operations fail untilthe e-mail message STS module is initialized.

Administrator response: Correct the configuration ofthe e-mail message STS module. Ensure that the SMTPserver name, SMTP user name, SMTP user namepassword and enrollment e-mail address are specified.

FBTUSC086E The group membership STS moduleconfiguration is incorrect.

Explanation: The group membership STS moduleconfiguration lists the groups into which a new user isto be added.

System action: The group membership STS modulehas not been initialized. Group membership operationsfail until this error is corrected.

Administrator response: Correct the configuration ofthe group membership STS module.



FBTUSC087E The password does not meet thepassword policy requirements.

Explanation: The password does not meet thepassword policy requirements.


Administrator response: Select a password thatcomplies with the password policy requirements.

FBTUSC088E The password is incorrect.

Explanation: The user has not specified the currentpassword correctly.


Administrator response: Correct the password andresubmit the form.

FBTUSC089E The secret question STS module is notconfigured correctly.

Explanation: The secret question STS moduleconfiguration includes the minimum number of secretquestions, maximum number of secret questions, andthe number of required secret questions to be answeredcorrectly for users to be validated.

System action: The secret question STS module hasnot been initialized. Secret question operations cannotfunction correctly until his error is corrected.

Administrator response: Correct the configurationsettings of the secret question STS module. Ensure thatthe following fields are configured correctly: minimumnumber of secret questions, maximum number of secretquestions, and the number of required secret questionsto be validated.

FBTUSC090E You have not answered enough secretquestions.

Explanation: The user answered less than theminimum number of secret question required forvalidation.



FBTUSC091E You have answered more secretquestions than what is allowed.

Explanation: The number of secret question answeredis more than maximum number of secret questionpermitted.



FBTUSC092E You did not provide an answer to therequired secret question fields.

Explanation: No input from the secret question fieldswas retrieved.



FBTUSC093E You are not allowed to answer thesame question more than once.

Explanation: There are duplicate question input insecret questions.



FBTUSC098E Migration cannot be done because thehashing algorithm SHA-256 is notsupported.

Explanation: The hashing algorithm SHA-256 is notsupported.

System action: Operation canceled.

Administrator response: Check JVM support forhashing algorithm.

FBTUSC099E The required host parameter ismissing. Please specify the hostname ofthe directory machine using the -hoption.

Explanation: A host parameter is required to do themigration.


Administrator response: Specify a directory hostparameter to proceed with the migration.

FBTUSC100E The required bind distinguished nameparameter is missing. Please specify thebind distinguished name of thedirectory using the -D option.

Explanation: A bind distinguished name parameter isrequired to do the migration.


Administrator response: Specify a value for the binddistinguished name parameter to proceed with themigration.



FBTUSC101E The required bind credentialparameter is missing. Please specify thebind credential of the directory usingthe -w option.

Explanation: A bind credential parameter is requiredto do the migration.


Administrator response: Specify a value for the bindcredential parameter to proceed with the migration.

FBTUSC102E The required base distinguished nameparameter is missing. Please specify thebase distinguished name of thedirectory using the -baseDn option.

Explanation: A base distinguished name parameter isrequired to do the migration.


Administrator response: Specify a value for the basedistinguished name parameter to proceed with themigration.

FBTUSC103E The required secret question attributeparameter is missing. Please specify thesecret question attribute using the-attribute option.

Explanation: A secret question attribute parameter isrequired to do the migration.


Administrator response: Specify a value for the secretquestion attribute parameter to proceed with themigration.

FBTUSC104E The parameter parameter was notrecognized.

Explanation: The migration cannot be done becauseone or more of the specified parameters were notrecognized.


Administrator response: Use only the supportedparameters.

FBTUSC105E The user parameter does not have avalid secret question format. The tool isnot going to migrate the secret questionvalue for this user.

Explanation: The secret question value for this usercannot be migrated because the secret question formatis not valid.

System action: Migration of secret question value foruser not done.

Administrator response: The user record is not validfor migration.

FBTADM106E The OTP Type or the OTP ProviderModule Id parameter specified in theproperty OTPProviderModuleConfigs doesnot correspond to any OTP Type or anyOTP Provider Module Id specified inthe propertyOTPTypesToOTPProviderModuleIds.



Administrator response: Ensure that the specifiedOTP Type or OTP Provider Module Id is valid.

FBTADM107E The Delivery Type or the OTPDelivery Module Id parameter specifiedin the propertyOTPDeliveryModuleConfigs does notcorrespond to any Delivery Type or anyOTP Delivery Module Id specified inthe propertyOTPTypesToOTPDeliveryModuleIds.



Administrator response: Ensure that the specifiedDelivery Type or OTP Delivery Module Id is valid.

FBTWSF001E The received request is missing therequired parameter: parameter




FBTWSF002E The received request at 'age' seconds,is expired.




FBTWSF003E The logout failed.

Explanation: The logout failed for the current session.

System action: The logout request will continue.

Administrator response: Ensure that the point ofcontact is configured to send the correct session HTTPheader.

FBTUSC101E • FBTWSF003E


FBTWSF004E The requesting realm, realm, isunknown.




FBTWSF005E The value value for attribute attr is notvalid.




FBTWSF006E The current user making the requestis not authenticated.




FBTWSF007E The token for the service providercannot be exchanged.




FBTWSF008E No token was available to return tothe service provider.




FBTWSF009E No configured post page wasavailable to use to return the token tothe identity provider.

Explanation: The current request could not becompleted. The token exchange succeeded but noconfigured post page was available.


Administrator response: This error is a configurationerror. Ensure that the post page exists in the templatedirectory.

FBTWSF010E The response from the identityprovider, wresult, could not beunderstood.




FBTWSF011E The identity provider token could notbe determined as the one that is validfor the resource.




FBTWSF012E The user cannot be authenticated.

Explanation: The current request could not becompleted because the trust service response could notauthenticate the user.


Administrator response: Validate that the trust serviceand point of contact are properly configured.

FBTWSF013E The timestamp provided, time, doesnot match any known time format.

Explanation: The current request could not becompleted because the lifetime could not be validated.


Administrator response: Validate that the partner isconfigured to send the correct time values.

FBTWSF014E The Tivoli Access Managerconfiguration for the service is notconfigured correctly or the Tivoli AccessManager context is no longer valid.

Explanation: When the Tivoli Access Manageroperation was attempted an error was returned.


Administrator response: Ensure that the configurationof Tivoli Access Manager for the service is pointing to avalid Tivoli Access Manager Runtime for the Javaconfiguration file.

FBTWSF004E • FBTWSF014E


FBTWSF016E The template template filename forsign-out is not valid.

Explanation: When the server attempted to build theWS-Federation sign-out to all the service providers, thetemplate was not valid.

System action: The sign-out request will be halted.

Administrator response: Ensure that the providedtemplate is correct.

FBTWSF017E An identity provider cannot bedetermined for the current requester.

Explanation: When attempting to determine thecurrent requester's identity provider, a failure occurred.

System action: The sign-in request will be halted.

Administrator response: Ensure that configuration iscorrect.

FBTWSF018E Invalid configuration; missingconfiguration for self IP/STS endpointin federation with ID 'id' and displayname 'displayName'.

Explanation: The IP/STS endpoint has not beenspecified in the configuration. This value is used atruntime to redirect requestors back to this endpoint.

System action: The initialization of this module willbe halted.


FBTWSF019E Invalid configuration; missingconfiguration for partner 'id' IP/STSendpoint in federation with ID 'id' anddisplay name 'displayName'.

Explanation: The IP/STS endpoint has not beenspecified in configuration. This value is used at runtimeto redirect requestors back to this endpoint.



FBTWSF020E Invalid configuration; invalid lifetimefor partner 'id' in federation with ID 'id'and display name 'displayName'.

Explanation: The configured message lifetime is in aninvalid format, expecting integer values. This parameteris used at runtime for message validation.


Administrator response: Ensure that the configurationis correct.

FBTWSP001E The provisioning configuration fileinsert is missing or is not valid.

Explanation: The configuration cannot be read or itsformat is incorrect.

Administrator response: Enable a trace for detailedmessages and ensure that the configuration is presentand valid.

FBTWSP002E The provisioning configuration fileinsert could not be written.

Explanation: The configuration cannot be written tofile.

Administrator response: Enable a trace for detailedmessages and ensure that the file path is correct andthat writing to the file is permitted.

FBTWSP003E The target provisioning service URLis not configured.

Explanation: The configuration is incorrect as itdoesn't include the mandatory target provisioningservice URL.


FBTWSS001E The command line arguments are notvalid.

Explanation: The syntax of the command linearguments is incorrect.

Administrator response: Correct the syntax and tryagain.

FBTWSS004E An error occurred while accessing theTivoli Access Manager server using theconfiguration URL insert.

Explanation: The Tivoli Access Manager configurationor the configuration URL is incorrect.

Administrator response: Ensure that the Tivoli AccessManager configuration and the configuration URL arecorrect.

FBTWSS011E The security token is not valid or ismissing.

Explanation: The security token syntax is not valid orthe security token is missing.

Administrator response: Check the log and ensure theconfiguration is correct.

FBTWSF016E • FBTWSS011E


FBTWSS021E The configuration is in error.

Explanation: The configuration is incorrect.


FBTWSS031E An error occurred accessing the TrustService.

Explanation: An error occurred accessing the TrustService or the Trust Service returned an error response.


FBTWSS032E An XML processing error occurred.

Explanation: A parsing or some other error related toXML processing occurred.


FBTXRD001E A value for the attribute AttributeNamemust be provided for the <ElementName>element.

Explanation: The application is in error. Required datawas not set in the XRDS document.


Administrator response: Enable a trace for detailedmessages and check with the XRDS document provider.

FBTXRD002E The member elementMemberElementName must be providedfor the <ElementName> element.

Explanation: The application is in error. Required datawas not set in the XRDS document.


Administrator response: Enable a trace for detailedmessages and check with the XRDS document provider.

FBTXRD003W An XRDS document parse error hasoccurred. This was non-fatal due toHTML discovery fall back.

Explanation: The XRDS document could not beparsed correctly. Discovery will fall back to HTMLbased discovery.

System action: The system will fall back to HTMLdiscovery and ignore the XRDS document.

Administrator response: Retrieve the XRDS documentfrom the log to check the validity of the document.

FBTXRD004E The canonicalID from the first XRIresolution request ClaimedIdentifier didnot resolve to the same XRI as thesecond XRI resolution requestCanonicalID.

Explanation: An incorrect CanonicalID was found inthe first XRDS document request. This may have beenan attempt by the user to impersonate another personusing their XRI.


Administrator response: Inspect the logs and, ifappropriate, report the abuse to the CanonicalIDsauthorative XRI provider.

FBTXRD005E Unable to perform XRDS resolutionon the XRI XRI supplied.

Explanation: An appropriate service was not found inthe XRDS document.


Administrator response: Retrieve the XRDS documentfrom the log to check the validity of the document andif the required service is included.

FBTXRD006E Unable to perform XRDS resolutionbecause XRIs are not supported.

Explanation: XRI support has been disabled in thisconfiguration.


Administrator response: To enable XRI resolution,modify the XRIProxies and SupportXRI configurationitems in the federation properties.

FBTWSS021E • FBTXRD006E


Chapter 3. Common Auditing and Reporting Servicemessages

These messages are provided by the Common Auditing and Reporting Servicecomponent.

CBACC0058W The maxCacheFiles property value ofmaxCacheFiles disk cache files has beenreached. This means no more disk cachefiles can be created until at least oneexisting cache file is drained anddeleted. The server must be availablefor this to happen. The value of thediskCachePath property is diskCachePath.The process will wait until it can createa new cache file or the amount of timespecified by the tempStorageFullproperty elapses, at which time eventswill be discarded.

Explanation: The maximum allowed number of diskcache files has been reached. This value is specified bythe value of the maxCacheFiles property.

Administrator response: The routine will wait until adisk cache file is deleted before proceeding. Check thevalues of the maxCacheFiles and maxCacheFileSizeproperties. The combination of these values limits theamount of disk space that will be used for diskcaching. When the limit is reached, the process willwait for a disk cache file to be deleted. If this limit istoo low, it can be increased by increasing the value ofthe maxCacheFiles property or the maxCacheFileSizeproperty, or both properties.

CBACC0059W The file system containing the diskcache files may be out of space. Thevalue of the diskCachePath property isdiskCachePath. The process is not beingterminated because this problem will becorrected when the server becomesavailable and existing disk cache filesare drained and deleted. The processwill wait until space becomes availableor the amount of time specified by thetempStorageFull property elapses, atwhich time events will be discarded.

Explanation: An IOException was received whentrying to open or write to a disk cache file. This mayindicate that the file system is out of space.

Administrator response: Check the size of the filesystem containing the file path name displayed in themessage. If it is too small to contain the amount of diskcaching required, then increase the size.

CBACC0060E The file system containing the diskcache files may be out of space or nomore cache files can be created. numberevents were discarded.

Explanation: An event record could not be written tothe disk cache. Either the maximum number of cachefiles exist and are all full or the system is out of diskspace.

Administrator response: Check the size of the filesystem containing the file path name displayed in themessage. If it is too small to contain the amount of diskcaching required, then increase the size.

CBACC0066E The event cannot be cached becauseshutdown has started.

Explanation: An event record could not be written tothe disk cache because the disk cache is in the processof shutting down.


CBACE0028E num_errors errors were reported whileattempting to send audit events,possibly resulting in discarded auditevents.

Explanation: An event queue processing threadreceived errors while attempting to send audit events.

Administrator response: One or more error messagesin the error log will be associated with this errormessage. Inspect the error log for error messages justprior to this one for more detailed information aboutthe error condition.

CBACE0037E An error occurred while sendingevents to the Common Auditing andReporting Service server: The SOAPfault is soapfault_string and the faultdetail is soapfault_detail.

Explanation: The SOAP function failed.

Administrator response: The error message from thecall is included. Inspect this message to obtain morespecific information about the error condition.

CBACE0038E An error occurred while opening thedisk cache file diskCachePath. The error


message is: errorMsg .

Explanation: The open of the disk cache file failed.


CBACE0042E An error occurred while writing to thedisk cache diskCachePath. The errormessage is: errorMsg.

Explanation: The write on the disk cache file failed.


CBACE0043E An error occurred while reading thedisk cache file diskCachePath The errormessage is: errorMsg.

Explanation: The read on the disk cache file failed.


CBACE0044E The disk cache directory diskCachePathdoes not exist.

Explanation: The configured disk cache directory doesnot exist.

Administrator response: Create the specified diskcache directory.

CBACE0045E The disk cache directory diskCachePathis not a directory.

Explanation: The configured disk cache directory isnot a file directory.

Administrator response: Specify the correct directory.

CBACE0046E An error occurred when creating a filein the specified cache directorydiskCachePath. The error message is:errorMsg.

Explanation: The configured disk cache directory isnot a file directory.

Administrator response: Specify the correct directory.

CBACE0047E Disk cache initialization failedbecause the minimum number of cachefiles could not be created.

Explanation: The disk cache must be able to create atleast one cache file for successful initialization. Thismay occur if there is not enough disk space available orthe configured value for the maximum number ofcache files is reached.

Administrator response: Increase the maximumnumber of cache files or make more disk spaceavailable, or both.

CBACE0061E The initialization propertypropertyName value propertyValue cannotbe less than minValue or greater thanmaxValue.

Explanation: A Properties object contains a propertyvalue that is not valid. The property name and theincorrect value are provided in the message.

Administrator response: Correct the configuration ofthe specified property.

CBACE0062E An unexpected exception was receivedduring the initialization of the diskcache. The text of the exception is:exceptionText

Explanation: An unexpected exception was received.

Administrator response: Check the exception text forthe cause of the problem. Correct the configuration, ifnecessary, then retry the operation.

CBACE0063W The Common Auditing andReporting Service server cannot becontacted. This may be due to aconfiguration error. Events will continueto be cached until contact isre-established. Events may be discardedif contact is not re-established beforethe maxCacheFiles parameter value ofmaxCacheFiles is exceeded or there is nomore disk space.

Explanation: The server cannot be contacted.

Administrator response: Verify that the configuredvalues for serverURL, keyFilePath, certLabel,stashFilePath, clientUserName, clientPassword,compress, and responseTimeout are correct, then makesure that the server is operational.

CBACE0064W The system has temporarily lostcontact with the Common Auditing andReporting Service server. Events willcontinue to be cached until contact isre-established. Events may be discardedif contact is not re-established beforethe maxCacheFiles parameter value ofmaxCacheFiles is exceeded or there is nomore disk space.

Explanation: The server cannot be contacted.

Administrator response: Ensure that the server isoperational.

CBACE0042E • CBACE0064W


CBACE0800E The required initialization propertypropertyName is missing.

Explanation: A Properties object is missing a requiredproperty. This may be a property that is alwaysrequired, or may be a property that is required incontext of other property values.

Administrator response: Correct the configuration ofthe Common Auditing and Reporting Serviceproperties for the application to configure the missingproperty.

CBACE0801E The initialization propertypropertyName value propertyValue is notvalid.

Explanation: A Properties object contains a propertythat is set to a value that is not valid. The propertyname and the incorrect value are provided in themessage.

Administrator response: Correct the configuration ofthe Common Auditing and Reporting Serviceproperties for the application to correct the value of thespecified property.

CBACE0802E A Synchronization Mode NotSupported Exception has beengenerated: exception Text

Explanation: A synchronization mode that is notsupported by the configured emitter has been specifiedby the calling application.

Administrator response: If the application requires thespecified synchronization mode, then correct theconfiguration to identify an emitter implementationthat can support that mode.

CBACE0803E An exception was generated by theinitialization of FileHandler(pattern,auditFileSize, maxAuditFiles). Exception:exceptionText

Explanation: CARSTextFileEmitterImpl emitterimplementation received an exception fromFileHandler.

Administrator response: Check the exception text forthe cause of the problem. Correct the configuration tospecify values that are acceptable to FileHandler. Notethat the pattern is set according to configured values:(auditFileLocation)/(auditFilePrefix)_audit(g).log Where(g) is replaced by FileHandler with an incremented fileindex for use in rollover.

CBACE0804E An exception was generated by theevent validation code. Exception:exceptionText

Explanation: CARSTextFileEmitterImpl emitter

implementation received an exception from the eventvalidater.

Administrator response: Check the exception text forthe cause of the problem. Correct the configuration ofthe Common Auditing and Reporting Serviceproperties for the application to specify values that areacceptable to FileHandler.

CBACE0805E The required Properties object is nullor not valid.

Explanation: An initialization Properties object is nullor not valid. There may be a problem with theconfiguration of the application, or there may be aninternal error in the application.

Administrator response: Correct the configuration ofthe Common Auditing and Reporting Serviceproperties for the application.

CBACE0806E The interface method methodName isnot supported by the currentimplementation.

Explanation: An interface method has been called thatis not supported by the implementation class.

Administrator response: There may be a problemwith the configuration of the application.

CBACE0807E No emitter implementation is loaded.

Explanation: The emitter factory implementation doesnot have an emitter implementation loaded.

Administrator response: There might be a problemwith the configuration of the application. View the logfor previous errors logged during the building of theemitter implementation by the emitter factory.

CBACE0808E An exception was thrown byjava.util.logging.Logger when writing anaudit event to the audit text file.Exception: exceptionText.

Explanation: The event could not be written to theaudit text file. There might be a problem with the filesystem.

Administrator response: Check the exception text forthe cause of the problem, and correct the problem.

CBACE0809E The Common Auditing and ReportingService Web service is not available. Thefollowing exception was thrown whensending audit events to the Web service:exceptionText.

Explanation: The events could not be sent to theCommon Auditing and Reporting Service Web service.

Administrator response: Check the exception text for

CBACE0800E • CBACE0809E

Chapter 3. Common Auditing and Reporting Service messages 185

the cause of the problem, and correct the problem.

CBACE0810E The application server is listening, butthe URL mapping to the Web service isincorrect. exceptionText

Explanation: Unable to contact the Web service at theendpoint specified.

Administrator response: Verify the endpoint of theWeb service is correct in the configuration. Contact theserver administrator as the application may not berunning.

CBACE0811E The Web service communicated that ithad a problem with the message sent.exceptionText

Explanation: The server communicated that it had aproblem with the request sent.

Administrator response: Verify that the events beingsent to the server are of the proper format.

CBACE0812E An error occurred on the server.exceptionText

Explanation: This is not a client-side problem. Theserver had a problem while processing the request.

Administrator response: Notify the serveradministrator that the server is experiencing problems.

CBACE0813E An unknown error occurred whilecommunicating with the server.exceptionText

Explanation: An unknown error was generated whilecommunicating with the server.

Administrator response: Analyze the exception textfor more details.

CBACE0814E Both basic authentication and clientcertificate authentication are specified inthe configuration. At most one isallowed.

Explanation: Both basic authentication and clientcertificate authentication are specified in theconfiguration. At most one is allowed.

Administrator response: Modify the configurationproperties file to have at most one client authenticationmechanism.

CBACE0815E No service was listening on theprovided port. exceptionText

Explanation: Unable to connect to an applicationserver listening on the port specified in the Web serviceendpoint.

Administrator response: Contact the serveradministrator and make sure the server is running.Verify that the provided endpoint for the application iscorrect.

CBACE0816E The SOAP client experienced an errorduring the processing of the providedevent. exceptionText

Explanation: The SOAP client experienced an errorwhile processing the provided events to be sent to theWeb service

Administrator response: Verify that the sent event isvalid. Check the logs for more detail.

CBACE0817E The SOAP client found a providedevent to be null.

Explanation: The SOAP client experienced an errorwhile processing the provided events because an eventwas null.

Administrator response: Verify that the exploiter issending valid events.

CBACE0818E The specified password is not correctfor the Java keystore.

Explanation: The password that was specified is notcorrect for the Java™ keystore.

Administrator response: Verify that the specifiedpassword is correct for the specified Java keystore.

CBACE0819E The specified Java keystore could notbe found.

Explanation: The Java keystore that was specified iseither incorrect or does not exist.

Administrator response: Verify that the specified Javakeystore is correct.

CBACE0820E An unexpected exception occurredwhile contacting the service to validatesecurity properties.

Explanation: An unexpected exception occurred whilecontacting the service to validate security properties.

Administrator response: Analyze the caused byexception for more details.

CBACE0821E Could not establish an SSL connectionwith the server because the serverrequires client side certificateauthentication and an appropriatekeystore was not provided.

Explanation: The server communicated that it doesnot recognize the provided keystore as a clientcertificate it accepts.



Administrator response: Verify that the correct Javakeystore was specified and that the server wasconfigured correctly.

CBACE0822E Could not establish an SSL connectionwith the server because the server'spublic certificate is not in the specifiedtruststore.

Explanation: The server's public certificate must be inthe specified truststore in order to establish an SSLconnection with the server.

Administrator response: Verify that the correct Javatruststore was specified and verify that the server'spublic certificate has been added.

CBACE0823E The user name provided to the serveris not authorized to access the requestedresource.

Explanation: The user name provided to the servermust be authorized to access the requested resource.

Administrator response: Verify that the user namethat is configured is correct and that the permissionsfor this user are configured at the Web service.

CBACE0824E An incorrect user name, password, orboth was provided to the server forbasic authentication.

Explanation: A correct user name and password mustbe provided to the server for basic authentication.

Administrator response: Verify that a user name andpassword are configured and that they are correct forthe server being accessed.

CBACE0875E An incorrect user name, password, orboth was provided to the server forbasic authentication.

Explanation: A correct user name and password mustbe provided to the server for basic authentication.

Administrator response: Verify that a user name andpassword are configured and that they are correct forthe server being accessed.

CBACE0876E The user name provided to the serveris not authorized to access the requestedresource.

Explanation: The user name provided to the servermust be authorized to access the requested resource.

Administrator response: Verify that the user namethat is configured is correct and that the permissionsfor this user are configured at the Web service.

CBACE0877E Could not establish an SSL connectionwith the server because the server'spublic certificate is not in the specifiedtruststore.

Explanation: The server's public certificate must be inthe specified truststore in order to establish an SSLconnection with the server.

Administrator response: Verify that the correct Javatruststore was specified and verify that the server'spublic certificate has been added.

CBACE0878E Could not establish an SSL connectionwith the server because the serverrequires client side certificateauthentication and an appropriatekeystore was not provided.

Explanation: The server communicated that it doesnot recognize the provided keystore as a clientcertificate it accepts.

Administrator response: Verify that the correct Javakeystore was specified and that the server wasconfigured correctly.

CBACE0879E An unexpected exception occurredwhile contacting the service to validatesecurity properties.

Explanation: An unexpected exception occurred whilecontacting the service to validate security properties.

Administrator response: Analyze the caused byexception for more details.

CBACE0880E The specified Java keystore could notbe found.

Explanation: The Java keystore that was specified iseither incorrect or does not exist.

Administrator response: Verify that the specified Javakeystore is correct.

CBACE0881E The specified password is not correctfor the Java keystore.

Explanation: The password that was specified is notcorrect for the Java keystore.

Administrator response: Verify that the specifiedpassword is correct for the specified Java keystore.

CBACE0884E No service was listening on theprovided port. exceptionText

Explanation: Unable to connect to an applicationserver listening on the port specified in the Web serviceendpoint.

Administrator response: Contact the server



administrator and make sure the server is running.Verify that the provided endpoint for the application iscorrect.

CBACE0885E Both basic authentication and clientcertificate authentication are specified inthe configuration. At most one isallowed.

Explanation: Both basic authentication and clientcertificate authentication are specified in theconfiguration. At most one is allowed.

Administrator response: Modify the configurationproperties file to have at most one client authenticationmechanism.

CBACE0886E An unknown error occurred whilecommunicating with the server.exceptionText

Explanation: An unknown error was generated whilecommunicating with the server.

Administrator response: Analyze the exception textfor more details.

CBACE0887E An error occurred on the server.exceptionText

Explanation: This is not a client-side problem. Theserver had a problem while processing the request.

Administrator response: Notify the serveradministrator that the server is experiencing problems.

CBACE0888E The Web service communicated that ithad a problem with the message sent.exceptionText

Explanation: The server communicated that it had aproblem with the request sent.

Administrator response: Verify that the events beingsent to the server are of the proper format.

CBACE0889E The application server is listening, butthe URL mapping to the Web service isincorrect. exceptionText

Explanation: Unable to contact the Web service at theendpoint specified.

Administrator response: Verify the endpoint of theWeb service is correct in the configuration. Contact theserver administrator as the application may not berunning.

CBACE0890E The AXIS client found a providedevent to be null.

Explanation: The AXIS client experienced an errorwhile processing the provided events because an eventwas null.

Administrator response: Verify that the exploiter issending valid events.

CBACE0891E The AXIS client experienced an errorduring the processing of the providedevent. exceptionText

Explanation: The AXIS client experienced an errorwhile processing the provided events to be sent to theWeb service

Administrator response: Verify that the sent event isvalid. Check the logs for more detail.

CBACE0892E An error occurred while sendingevents to the Common Auditing andReporting Service server: The AXISfault is axisfault_string and the faultdetail is axisfault_detail.

Explanation: The AXIS function failed.


CBACON001E An internal error occurred whileattempting to retrieve the CommonAudit Service configuration component.The configuration component was notfound in the connected WebSphereApplication Server.

Explanation: The name of the MBean was badlyformed; consequently the Common Audit ServiceConsole could not find theCommonAuditServiceConfiguration MBean in theconnected WebSphere Application Server.

Administrator response: Ensure that theCommonAuditServiceConfiguration MBean is correctlydeployed and running in the target WebSphereApplication Server. The MBean name might have beenincorrectly formatted.

CBACON002E The Common Audit Serviceconfiguration component was not foundin the connected WebSphereApplication Server. Check whether theCommon Audit Service configurationcomponent is deployed and runninginto the WebSphere Application Server.

Explanation: The configuration component(CommonAuditServiceConfiguration MBean)communicates with the Common Audit Serivce Console

CBACE0885E • CBACON002E


to set and update Common Audit Service configurationsettings. This MBean was not found in the connectedWebSphere Application Server.

Administrator response: Ensure that theCommonAuditServiceConfiguration MBean isdeployed, running, and available in the connectedWebSphere Application Server. You can run thewsadmin command from the command line of thesystem where the target WebSphere Application Serveris running to determine if the MBean is deployed:wsadmin>$AdminControl queryNamesWebSphere:*,type=CarsConfig If the MBean is present,the fully qualified ObjectName of the MBean isreturned; otherwise nothing is returned.

CBACON003E A WebSphere Application Serverconfiguration target object was notselected. Select a target object from theWebSphere Target drop-down list that isdisplayed on the WebSphere TargetMapping panel.

Explanation: A WebSphere configuration target mustbe selected to configure the Common Audit Serviceserver. If no target objects are listed, theCommonAuditServiceConfiguration MBean might nothave returned the list of WebSphere configurationtarget objects that are available in the connectedWebSphere Application Server process. A null or emptylist can result if you do not provide correct WebSphereAdministrative user credentials in the WebSphereSecurity panel of the Common Audit Service Console.

Administrator response: Confirm that the MBean didnot return null or an empty list of WebSphereApplication Server configuration target names. Ensurethat you have provided the correct user credentials,then try the operation again.

CBACON004E The Common Audit Service Consolereceived a WebSphere configurationtarget object from the Common AuditService configuration component that isnot valid. Ensure that the selectedWebSphere configuration target objectexists in the connected WebSphereApplication Server or DeploymentManager process.

Explanation: The target object received from theWebSphere Application Server process cannot be used.

Administrator response: Determine if the selectedWebSphere cluster or server is present and running inthe connected WebSphere Application Server, then trythe operation again.

CBACON005E An error occurred while attemptingto display a page in the Common AuditService Console configuration wizard.

Explanation: A PageException error with an unknowncause was received while attempting to retrieve theCommon Audit Service Console wizard page from theWeb Component Library (WCL) page manager.

Administrator response: Check the WebSphereApplication Server log files to determine the cause ofthe error, then try the operation again. If the problempersists, contact IBM software support to resolve thisissue.

CBACON006E A record of the last configured AuditDatabase was received from theCommon Audit Service configurationcomponent that is not valid.

Explanation: This exception might have occurredbecause the $CARS_HOME/server/etc/carsconfig.status and $CARS_HOME/server/etc/carsdb.properties files, which are related to theconfiguration status of the Audit Database, werecorrupted.

Administrator response: Try the operation again. Ifthe problem persists, contact IBM software support toresolve the problem.

CBACON007W A JDBC handle that is not valid wasreceived from the Common AuditService configuration component.

Explanation: This warning might have occurredbecause the JDBC resources were not configuredcorrectly in the selected WebSphere configuration targetobject.

Administrator response: Verify that Common AuditService JDBC resources are properly configured in theselected WebSphere configuration target. If the JDBCresources are not present, configure them manually oruse the Common Audit Service Console. Forinformation on manual configuration, refer to theAuditing Guide provided with your product.

CBACON008E A value that is not valid was enteredinto field {0}. A value of type {1} wasexpected. Enter a valid value and try theoperation again.

Explanation: The specified value does not meet therequirements for this field.

Administrator response: Change the value to a validtype, then try the operation again.

CBACON003E • CBACON008E


CBACON009E The value specified in the {0} fieldmust be {1} digits long. Enter a validvalue and try the operation again.


Administrator response: Change the value to theexpected length, and try the operation again.

CBACON011E An exception was received from theCommon Audit Service configurationcomponent : {0}

Explanation: The Common Audit Serviceconfiguration component on the target server could notprocess the specified information, and returned anerror.

Administrator response: Use the text specified in theerror message to correct the error, then try theoperation again. If the problem persists, check theWebSphere Application Server log files for moreinformation.

CBACON012E The Common Audit Serviceconfiguration component does not existin the selected WebSphere configurationtarget. The Common Audit Serviceconfiguration component must beinstalled and running in the connectedWebSphere Application Server process.

Explanation: The configuration component(CommonAuditServiceConfiguration MBean)communicates with the console to set and updateCommon Audit Service configuration settings. ThisMBean was not found in the selected WebSphereApplication Server configuration target object. TheCommonAuditServiceConfiguration MBean might notbe installed correctly, or it might not be running.

Administrator response: Ensure that theCommonAuditServiceConfiguration MBean isdeployed, running, and available in the connectedWebSphere Application Server. You can run thewsadmin command from the command line of thesystem where the target WebSphere Application Serveris running to determine if the MBean is deployed:wsadmin>AdminControl queryNamesWebSphere:*,type=CarsConfig If the MBean is present,the fully qualified ObjectName of the MBean isreturned; otherwise nothing is returned.

CBACON013E {0}

Explanation: An MBean exception occurred from anunkonwn source.

Administrator response: Check the System.out log fileof the connected WebSphere Application Server todetermine the cause of the failure.

CBACON014E An internal error occurred whileinvoking the {0} method of the CommonAudit Service configuration component.

Explanation: This error should not occur. Theconfiguration component(CommonAuditServiceManagement MBean) might nothave been running when the error occurred.

Administrator response: Ensure that theCommonAuditServiceConfiguration MBean is installedcorrecty and running, then try the operation again. Ifthe error occurs again, check the log files to determinethe cause of the error. If the problem persists, contactIBM software support.

CBACON015E The Common Audit Service Consolefailed to connect to the specifiedWebSphere Application Server process.The error that was received is: {0}

Explanation: The WebSphere Application Server thatis pointed to by the JMX host and port values mightnot be running; or the host name, port number, or bothcould be specified incorrectly in the Common AuditService Host panel of the Console.

Administrator response: Ensure that the targetWebSphere Application Server is running, and ensurethat the correct host name and SOAP port number arespecified in the Common Audit Service Host panel ofthe Common Audit Service Console, then try theoperation again.

CBACON016E An attempt to connect to theWebSphere Application Server processfailed. The following error wasreturned: {0}

Explanation: This error can result while attempting toconnect to the WebSphere Application server process ifthe wrong user name, password, or both, are specifiedon the WebSphere Security panel of the Common AuditService Console.

Administrator response: Ensure that you arespecifying the correct user name and password, andensure that the destination WebSphere ApplicationServer process is running, then try the operation again.

CBACON017E A valid configuration target was notfound in the connected WebpshereApplication Server process.

Explanation: The connected WebSphere ApplicationServer process might not contain a valid configurationtarget, or the CommonAuditServiceConfigurationMBean running in the connected WebSphereApplication Server process might have failed to returnto the console the list of available configuration targets.

Administrator response: Ensure that the configurationtarget is present in the connected WebSphere

CBACON009E • CBACON017E


Application Server, and that the list of availableconfiguration targets is returned to the console forselection. Try the operation again.

CBACON018E The name of the database specifiedin the {0} field must be between {1} and{2} characters long. Enter a valid valueand try the operation again.



CBACON019E The JDBC connection setup failedbecause the previous attempt to createthe Audit Database failed.

Explanation: The Audit Database JDBC connector wasnot created because the creation of the Audit Databasewas not successful. The JDBC connector cannot becreated until the Audit Database is created successfully.

Administrator response: Ensure that the correctvalues are specified for for the creation of the AuditDatabase in the Audit Database panel. The JDBCconnector can then be created successfully.

CBACON020E The {0} field requires a value. Enter avalid value and try the operation again.

Explanation: The specified field is either empty orcontains a value that is not valid. A value must bespecified to continue.

Administrator response: Enter a valid value in thespecified field, and try the operation again.

CBACON022E The value specified in the {0} fieldmust be at least {1} digits long, but notgreater than {2} digits long. Enter a validvalue and try the operation again.



CBACON023E The Database Instance OwnerPassword field requires a value. Enter avalid value and try the operation again.

Explanation: The specified field is either empty orcontains a value that is not valid. A value must bespecified to continue.

Administrator response: Enter a valid value in thespecified field, and try the operation again.

CBAIN0110E Prerequisite detection has not found aninstallation of IBM WebSphereApplication Server. The feature selectedfor installation requires IBM WebSphereApplication Server Version 6.1 or higher.Install the required version and run theinstallation again.

Explanation: The target machine does not IBMWebSphere Application Server installed.

Administrator response: Install the required minimumlevel of IBM WebSphere Application Server and run theCommon Audit Service installation again. Consult theproduct documentation for more information regardingthe software requirements.

CBAIN0120E Prerequisite detection has not found aninstallation of IBM DB2. The featureselected for installation requires eitherthe IBM DB2 Server or the IBM DB2Client to operate. The versions allowedare from Version 8.1.7 or Version 9.1 andhigher. You must install an allowableversion of the IBM DB2 product eithernow or before attempting to use theselected product feature.

Explanation: The target machine does not have eitheran IBM DB2® Server or IBM DB2 Client installed.

Administrator response: Install the required minimumlevel of IBM DB2 Server or Client before attempting toconfigure the Audit Service. Consult the productdocumentation for more information regarding thesoftware requirements.

CBAIN0130E Prerequisite detection has found aninstallation of either IBM DB2 Server orClient but it is not a correct version. Theversions allowed are from Version 8.1.7or Version 9.1 and higher. You mustinstall an allowable version of the IBMDB2 product either now or beforeattempting to use the selected productfeature.

Explanation: The target machine does not have acorrect version of either an IBM DB2 Server or IBMDB2 Client installed.

Administrator response: Install the required minimumlevel of IBM DB2 Server or Client before attempting toconfigure the Audit Service. Consult the productdocumentation for more information regarding thesoftware requirements.

CBACON018E • CBAIN0130E


CBAIN0200E The Common Audit Service installationfailed. An installation rollback has beenattempted.

Explanation: The Common Audit Service installationfailed and the system was returned to its preinstallstate.

Administrator response: Check the log file for details.Consult the product documentation for moreinformation regarding problem determination.

CBAIN0204E The Common Audit Serviceuninstallation failed.

Explanation: The Common Audit Service Serveruninstallation failed.


CBAIN0206E Check the version log. Run theuninstallation again.

Explanation: An error occurred during theuninstallation of the Common Audit Service.


CBAIN0207E Check the version log.

Explanation: An error occurred during the installationof the Common Audit Service.


CBAIN0216E Prerequisite detection has not found aninstallation of IBM WebSphereApplication Server. The feature selectedfor installation requires IBM WebSphereApplication Server Version version. If theIBM WebSphere Application Server isactually installed then continue theinstallation and enter the correctinstallation path when requested.Otherwise cancel the installation, installthe required software and run theinstallation again.

Explanation: The install could not locate an installedIBM WebSphere Application Server.


CBAIN0221E Please enter a value for version.

Explanation: An attempt to continue the installationwas made without providing input for a required userinput field.

Administrator response: Provide input for the userinput field and continue the installation. Consult theproduct documentation for more information regardingrequired information during the installation.

CBAIN0227E Prerequisite detection has not found aninstallation of IBM WebSphereApplication Server. Install the requiredversion and run the installation again.

Explanation: The target machine does not IBMWebSphere Application Server installed.


CBAIN0235E Please enter a value for:

Explanation: An attempt to continue the installationwas made without providing input for a required userinput field.

Administrator response: Provide input for the userinput field and continue the installation. Consult theproduct documentation for more information regardingrequired information during the installation.

CBAIN0335E The Common Audit Service is alreadyconfigured on this profile. The CommonAudit Service must be installed on adifferent directory path to configureagainst this profile. Use the Back buttonto select a different path and continue.

Explanation: This installation of the Common AuditService is already configured to a WebSphereApplication Server profile. You must install theCommon Audit Service on a different path to installagainst another profile.

Administrator response: Verify that Common auditService is already installed against the correct profile. Ifnot then uninstall the Common Audit Service andreinstall against this profile. Consult productdocumentation for more information regarding theundeployment of IBM Tivoli Common Audit Serviceconfiguration management items before continuingwith this uninstallation.

CBAIN0200E • CBAIN0335E


CBAIN0336E Configuration Management itemscannot be deployed or undeployed.Before continuing with the CommonAudit Service deployment: Check thatyou do not have another installation ofthe Common Audit Service on yourmachine. You may have alreadydeployed the ConfigurationManagement items form this otherinstallation. In this case you mustundeploy the Common audit servicefrom the selected profile using theinstaller in the other installation.

Explanation: The Common Audit Serviceconfiguration management items can only be deployedonce for a WebSphere Application Server profile. TheCommon audit service can be installed multiple timeson a host machine but can only be configured onceagainst each profile.

Administrator response: Verify the Common AuditService configuration management items areundeployed from the profile. Consult productdocumentation for more information regarding theundeployment of IBM Tivoli Common Audit Serviceconfiguration management items before continuingwith this installation.

CBAIN0337E The Configuration items were notundeployed correctly. Before continuingwith the Common Audit Serviceundeployment: Check the configurationlog for error conditions. Check that theWebSphere Application Server profileyou select is valid and running correctly.

Explanation: Undeployment may fail for a WebSphereApplication Server profile if the profile is notconfigured correctly.

Administrator response: Verify the WebSphereApplication Server profile is correctly installed,configured and running correctly. Consult productdocumentation for more information regarding theundeployment of IBM Tivoli Common Audit Serviceconfiguration management items before continuingwith this installation.

CBAIN0338E The Configuration items were notdeployed correctly. Before continuingwith the Common Audit Servicedeployment: Check the configurationlog for error conditions. Check that theWebSphere Application Server profileyou select is valid and running correctly.

Explanation: Deployment may fail for a WebSphereApplication Server profile if the profile is notconfigured correctly.

Administrator response: Verify the WebSphere

Application Server profile is correctly installed,configured and running correctly. Consult productdocumentation for more information regarding thedeployment of IBM Tivoli Common Audit Serviceconfiguration management items before continuingwith this installation.

CBAIN0339E Please enter a value for the WebSphereprofile directory.

Explanation: The WebSphere profile directory field isempty

Administrator response: Provide a valid WebSphereprofile directory path and continue the installation.Consult the product documentation for moreinformation regarding required information during theinstallation.

CBAIN0340E Please enter a valid directory as aWebSphere profile directory.

Explanation: The WebSphere profile directory fieldvalue is not a valid directory.


CBAIN0341E Please enter a valid WebSphere profilepath. Either a valid cell or WebSphereinstall path could not be found for thisprofile.

Explanation: The setupCmdLine script for this profilewas not found or was invalid. The WAS_HOME andWAS_CELL variables were not found.


CBAIN0342E Please enter a valid WebSphere profilepath. The WebSphere edition andversion could not be determined for thisprofile.

Explanation: The WAS_HOME/properties/version/WAS.product file was not found or was invalid.WebSphere version information is contained in this file

Administrator response: Check the WebSphereinstallation related to this profile still exists andcontinue the installation. Consult the productdocumentation for more information regarding requiredinformation during the installation.



CBAIN0343E Please enter a valid WebSphere profilepath. Only the WebSphere Base editionor the WebSphere Network Deploymentedition are supported.

Explanation: The id attribute in the WAS.product filedid not contain either BASE or ND.

Administrator response: Install and configure thecorrect WebSphere edition and continue thisinstallation. Consult the product documentation formore information regarding prerequisite products.

CBAIN0344E Please enter a valid WebSphere profilepath. WebSphere version 6.1 is aprerequisite for Common Audit Service6.1.

Explanation: The version attribute in the WAS.productfile was not of the form 6.1.x.x.

Administrator response: Install and configure thecorrect WebSphere version and continue thisinstallation. Consult the product documentation formore information regarding prerequisite products.

CBAIN0345E Please enter a valid WebSphere profilepath. The type of profile could not bedetermined.

Explanation: The WAS_PROFILE/properties/version/profile.version file was not found or the id attribute init was not found.

Administrator response: Check the WebSphere profileis complete and continue this installation. Consult theproduct documentation for more information regardingrequired information during the installation.

CBAIN0346E Please enter a valid WebSphere profilepath. A managed node profile is notvalid.

Explanation: The id attribute in theWAS_PROFILE/properties/version/profile.version filedid not have value of dmgr yet the profile is part of acluster.

Administrator response: Check that a deploymentmanager or stand-alone profile is available andcontinue this installation. Consult the productdocumentation for more information regarding requiredinformation during the installation.

CBAIN0347E The SOAP connector port for thisprofile could not be found. Check theprofile is configured correctly.

Explanation: The SOAP_CONNECTOR_PORTproperty in the WAS_PROFILE/properties/portdef.props file could not be found. This could bebecause the file itself is not present or because theproperty entry is not in the file.

Administrator response: Check that the profile hasbeen configured correctly, especially the portallocations. Consult the product documentation formore information regarding required informationduring the installation.

CBAIN0348E A connection could not be made withthe deployment manager or stand-aloneserver in this profile. Ensure thedeployment manager or stand-aloneserver is running.

Explanation: The installer uses the SOAP protocol tocommunicate with WebSphere services. For SOAP towork the corresponding server must be running.

Administrator response: Issue the startManager orstartServer servername command as appropriate.Consult the product documentation for moreinformation regarding required information during theinstallation.

CBAIN0349E An attempt to communicate with theWebSphere server failed due to aninternal fault. Check the profile isconfigured correctly and the server isrunning.

Explanation: The connection attempt failed due to theAdminClient object not being created correctly. This ismost likely because the WebSphere class jars were notcorrectly loaded or were corrupt.

Administrator response: Check that the value of theWAS_HOME property in the setupCmdLine scriptidentifies a valid WAS installation. Consult the productdocumentation for more information regarding requiredinformation during the installation.

CBAIN0350E Please enter a value for the WebSphereAdministrator user name.

Explanation: The WebSphere user name field is empty.

Administrator response: Provide a valid WebSphereuser name and continue the installation. Consult theproduct documentation for more information regardingrequired information during the installation.

CBAIN0351E Please enter a value for the WebSphereAdministrator password.

Explanation: The WebSphere password field is empty.

Administrator response: Provide a valid WebSpherepassword corresponding with the user name andcontinue the installation. Consult the productdocumentation for more information regarding requiredinformation during the installation.



CBAIN0352E This is not a valid administrator useridor password.

Explanation: Could not connect to WebSphere as avalid administrator.

Administrator response: Provide a valid WebSphereadministrator login. Consult the productdocumentation for more information regarding requiredinformation during the installation.

CBAIN0353E Common Audit Service is alreadyinstalled on this profile. Please chooseanother profile.

Explanation: The WebSphere profile already hasCommon Audit Service installed on it.

Administrator response: The WebSphere profiledirectory path contains an config/ibmcars subdirectory.Consult the product documentation for moreinformation regarding required information during theinstallation.

CBAIN0354E The Common Audit Service is notinstalled on this profile. Please chooseanother profile.

Explanation: The WebSphere profile does not haveCommon Audit Service installed on it.

Administrator response: The WebSphere profiledirectory does not contain an config/ibmcarssubdirectory. Consult the product documentation formore information regarding required informationduring the uninstallation.

CBAIN0355E The Common Audit Service is notunconfigured from the profile - profile.Cancel this uninstall, fully unconfigurethe Common Audit Service then retry. Ifyou continue with this uninstall youmay need to manually unconfiguresome components of the Common AuditService.

Explanation: Common audit service has not beencompletely unconfigured from the WebSphere profile.

Administrator response: Inspect the install-path<CARS install path>/server/etc/carsconfig.status fileto determine which components are still configured.Consult the product documentation for moreinformation regarding manual unconfiguration.

CBAIN0356E This copy of the Common Audit Serviceis not installed against the selectedprofile. Reselect the profile andcontinue.

Explanation: This installer did not install the CommonAudit Service components on this profile.

Administrator response: The <CARS installpath>/server/profiles/profile_name does not match theprofile name selected. Consult the productdocumentation for more information regarding requiredinformation during the uninstallation.

CBAIN0357E The installer was unable to update theinstaller properties file. Check theinstall directory is valid.

Explanation: This installer could not create or updatethe installer.properties file in the install directory.

Administrator response: Check the install directoryhas write permissions and file create permissions.

CBAIN0358E The installer was unable to extract filesinto directory directory_name. Check theinstall directory has the correctpermissions.

Explanation: This installer could not extract files fromits archive into the directory. It may not have been ableto create the directory initially.

Administrator response: Check the install directoryhas write permissions and file create permissions.

CBAIN0359E The installer was unable to install thecomponent component_name.

Explanation: The component could not be installedbecause of some installer or other unspecified error.This error occurs when the component only contains anaction that executes on uninstallation.

Administrator response: Check the vpd.properties filefor this user is not corrupt. It might already contain aninstance record for this component.

CBAIN0360E The installer was unable to update thefile file_name. check the file exists andhas the correct permissions.

Explanation: This parameter file could not beupdated. It might not exist or have the correctpermissions.

Administrator response: Check the file exists and haswrite permissions.

CBAIN0361E The installer was unable to create aregistry entry with the file file_name.

Explanation: This registry file failed when applied toa Win32 registry.

Administrator response: Check the state of theWindows registry.



CBAIN0362E The installer was unable to complete theConfiguration Console deployment.

Explanation: This console deployment failed. Eitherone of the deployment JACL scripts or a file operationfailed.

Administrator response: Check that the WebSphereApplication Server profile selected is active - either theserver or deployment manager in the profile is running.Check that the user running the installation hasfile/directory create and update permissions in theprofile subdirectory.

CBAIN0363E The installer was unable to complete theAudit Service deployment.

Explanation: This audit service deployment failed.Either one of the deployment JACL scripts or a fileoperation failed.

Administrator response: Check that the WebSphereApplication Server profile selected is active - either theserver or deployment manager in the profile is running.Check that the user running the installation hasfile/directory create and update permissions in theprofile subdirectory.

CBAJS0001E formatArgument unsupported.

Explanation: The argument specifying how to formatthe event is not supported. Refer to the Auditing Guidefor the list of supported formats.

Administrator response: Specify a supported outputformat.

CBAWS0700E The IBM Tivoli Common AuditingWeb service could not look up theconfigured emitter profile. A stack traceof the error follows.

Explanation: The Web service encountered an errorwhen looking up the emitter factory profile specified inthe configuration. This error message is accompaniedby a stack trace of the exception that caused theproblem.

Administrator response: Examine the exception stacktrace immediately following this message to see thecause of this problem. Ensure that the emitter factoryprofile specified in the Web service configuration iscorrect. Ensure that the Common Event InfrastructureServer enterprise application is running properly. If theproblem persists, contact your IBM servicerepresentative.

CBAWS0701E The IBM Tivoli Common AuditingWeb service could not create a CommonEvent Infrastructure emitter. A stacktrace of the error follows.

Explanation: The IBM Tivoli Common Auditing Web

service could not be started due to an errorencountered when trying to connect to the CommonEvent Infrastructure server. This error message isaccompanied by a stack trace of the exception thatcaused the problem.

Administrator response: Examine the exception stacktrace immediately following this message to see thecause of this problem. Ensure that the emitter factoryprofile specified in the Web service configuration iscorrect. Ensure that the Common Event Infrastructureenterprise application is running properly. If theproblem persists, contact your IBM servicerepresentative.

CBAWS0702E The IBM Tivoli Common AuditingWeb service could not create a J2EEtransaction context. A stack trace of theerror follows.

Explanation: The Web service could not be started dueto an error encountered creating a transaction context.The Web service needs a transaction context for propertransactional processing of incoming events. This errormessage is accompanied by a stack trace of theexception that caused the problem.

Administrator response: Examine the exception stacktrace immediately following this message to see thecause of this problem. Ensure that you are running asupported version of WebSphere Application Server. Ifthe problem persists, contact your IBM servicerepresentative.

CBAWS0703E The IBM Tivoli Common AuditingWeb service could not create aSOAPFactory. A stack trace of the errorfollows.

Explanation: The Web service could not be started dueto an error encountered creating a JAX-RPCSOAPFactory. This error message is accompanied by astack trace of the exception that caused the problem.


CBAWS0704E The IBM Tivoli Common AuditingWeb service could not send an event tothe Common Event Infrastructure server.The failed event had the index index inan input message containing numEventsevents. Processing of the input messagewas stopped. A stack trace of theCommon Event Infrastructure errorfollows.

Explanation: The auditing Web service forwards

CBAIN0362E • CBAWS0704E


incoming events to the Common Event Infrastructureserver. The server failed to process an incoming event.This error message is accompanied by a stack trace ofthe exception that caused the problem.

Administrator response: Examine the exception stacktrace immediately following this message to see thecause of this problem. Ensure that the Common EventInfrastructure Server enterprise application is workingproperly. If the problem persists, contact your IBMservice representative.

CBAWS0705E The IBM Tivoli Common AuditingWeb service could not deserialize anincoming Common Base Event from aSOAP message. The failed event hadthe index index in an input messagecontaining numEvents events. Processingof the input message was stopped. Thefailure reason was: cbeXmlMsg

Explanation: The Web service receives Common BaseEvents from auditing clients, encoded in a SOAPmessage. One of these events could not be read due tosyntax that is not valid. This indicates a problem withthe client application.

Administrator response: Contact your IBM servicerepresentative.

CBAWS0706E The IBM Tivoli Common AuditingWeb service could not create a SOAPfault message. A stack trace of the errorfollows.

Explanation: When an error occurs processing events,the Web service returns a SOAP fault message to theclient application, containing details of the error. Anerror was encountered trying to build the SOAP faultmessage. This indicates a problem with the WebSphereWeb services runtime. This error message isaccompanied by a stack trace of the exception thatcaused the problem.


CBAWS0707E The XML element element is not validwithin a container element.

Explanation: This is one of the possible reasons forthe error message CBAWS0705E.


CBAWS0708E Failed to create the any element dueto an XML serialization error. The errormessage was: xmlErrorMsg.

Explanation: This is one of the possible reasons forthe error message CBAWS0705E. This message indicatesa problem with the JAXP runtime.

Administrator response: Examine the enclosed errormessage for a detailed description of the error. Ensurethat you are running a supported version of WebSphereApplication Server. If the problem persists, contact yourIBM service representative.

CBAWS0709E Duplicate XML element field withinelement container. +



CBAWS0710E The Common Base Event situationcategory categoryName is not valid.



CBAWS0711E The XML attribute attribute is notvalid for element container.



CBAWS0712E No XML text is allowed in elementelement.



CBAWS0713E Unknown message code: code;message parameters: parameters

Explanation: This message appears when a messagecannot be found in the translation table. It indicates aproblem with the installation of the Web service.

Administrator response: Verify that the IBM TivoliCommon Auditing Web service is installed properly. Ifthe problem persists, contact your IBM servicerepresentative.

CBAWS0705E • CBAWS0713E


CBAWS0714E The Common Base Event XML couldnot be converted to a string.EventFormatter methodeventFromCanonicalXML returned anexception : exception_text

Explanation: This message appears when an event'sXML cannot be converted to a string.javax.xml.transform.TransformerTransformerConfigurationException orTransformerException has been encountered. The eventcould not be processed as a Common Base Event.

Administrator response: Ensure that the applicationthat submits events is working properly. If the problempersists, contact your IBM service representative.

CBAWS0715E The Common Base Event XML couldnot be converted to aCommmonBaseEvent object.EventFormatter methodeventFromCanonicalXML returned anexception : exception_text

Explanation: This message appears when an eventcannot be processed as a Common Base Event. org.eclipse. hyades. logging. events. cbe. util. EventFormatter Event Formatter. event From Canonical XMLmethod returned an exception. The event could not beprocessed as a Common Base Event.

Administrator response: Ensure that the applicationthat submits events is working properly. If the problempersists, contact your IBM service representative.

CBAXS0001E The specified relational databasemanagement system is not supported.Database: rdbms_name Version:rdbms_version

Explanation: The Common Audit Service EJBconfiguration has been configured to store data in anunsupported relational database management system.

Administrator response: Configure the CommonAudit Service using the Common Audit ServiceConfiguration Wizard. Refer to your products AuditingGuide for a list of supported relational databasemanagement systems.

CBAXS0002E The relational database managementsystem reported the following error.Data source resource reference:data_source SQL state: sql_state Vendorcode: vendor_code Message: message

Explanation: The SQL state is the standard JDBC errorcode for the reported problem. The vendor code is thedatabase vendor specific error code. The messageparameter is the localized error message that isreturned by the relational database managementsystem.

Administrator response: Refer to the appropriaterelational database documentation for informationabout the SQL state, the vendor code, and the errormessage.

CBAXS0006E The Common Audit database schemais not at the required level. Thedatabase schema version isactual_schema_version, but the requiredversion is required_schema_version.

Explanation: The Common Audit Service databaseschema is not at the required level and is aninconsistent state. Events cannot be stored to the XMLdata store till the problem is corrected.

Administrator response: Please contact your IBMrepresentative to resolve the problem.

CBAXS0008E The WebSphere Application Serverconnection pooling system returned adatabase connection that is not valid.Data source resource reference:data_source

Explanation: The Common Audit Service XML datastore EJB received several StaleExceptionConnectionwhile trying to store events and the EJB has determinedthat database connection is not valid.

Administrator response: Refer to the WebSpehereApplication Server Administration guide and performthe recommended steps to recover from this errorcondition.

CBAXS0009E A database connection could not beobtained from the connection pool aftermaximum_retries attempts were made toobtain a connection. Data sourceresource reference: data_source

Explanation: The WebSphere Application Serverconnection pooling system was not able to return adatabase connection using the current configuration ofthe connection pool and the configured number ofretries.

Administrator response: Try one or more of thefollowing actions: Configure the data source again andincrease the maximum number of connections. Thisoption improves performance and event throughput.Configure the data source again and increase theconnection timeout value. Increase the number ofretries in the XML data store profile.

CBAXS0011E The XML data store cannot find theresource reference in JNDI. Resourcereference: resource_reference_name

Explanation: The XML data store uses resourcereferences to obtain the data source that is used toobtain connections to the database and for the object

CBAWS0714E • CBAXS0011E


that contains the configuration for the XML data store.The resource reference information that is specifiedduring the installation is not valid. For example, a JNDIname that is not valid was specified for the resourcereference. If the specified resource reference name isjava:comp/env/XmlStoreProfileReference, the XMLdata store cannot access the configuration data. If thespecified resource reference name isjava:comp/env/XmlDataSourceReference, the XMLdata store cannot access the data source.

Administrator response: In the administrative console,configure the specified resource reference to a validJNDI resource.

CBAXS0014E The relational database managementsystem reported the following error.Data source resource reference:data_source Database product: rdbms_nameDatabase version: rdbms_version SQLstate: sql_state Vendor code: vendor_codeMessage: message



CBAXS0016E The value property_value for theproperty property_name cannot beconverted to an integer. The defaultvalue of default_value is used.

Explanation: The internal table used by the CommonAudit Service is in an inconsistent state.


CBAXS0017E The value property_value for theproperty property_name is larger than themaximum allowed value ofmaximum_value. The default value ofdefault_value is used.

Explanation: The internal table used by the CommonAudit Service is in an inconsistent state resulting in theerror..


CBAXS0018E The value property_value for theproperty property_name is less than theminimum allowed value ofminimum_value. The default value ofdefault_value is used.

Explanation: The internal table used by the CommonAudit Service is in an inconsistent state resulting in theerror.


CBAXS0023E The relational database managementsystem reported the following error.Data source resource reference:data_source Database product: rdbms_nameDatabase version: rdbms_version SQLstate: sql_state Vendor code: vendor_codeMessage: message



CBAXS0024E The length of the XML column cannotbe determined from the databasemetadata.

Explanation: The XML data store uses the databasemetadata to determine length of the column. The XMLdata store needs this information to determine whetherto store the event in the main table or use both themain and the overflow tables.

Administrator response: Please contact your IBMrepresentative to resolve this problem.

CBAXS0026E The XML data store cannot convert anevent from string format to binaryformat. The event cannot be stored.

Explanation: The XML data store stores an event asbinary data, using the UTF-8 codeset to convert stringdata to binary data. Because the string-to-binary formatconversion failed, the event cannot be stored.

Administrator response: This error should not occur.If the problem persists, contact IBM Software Supportfor help.

CBAXS0014E • CBAXS0026E


CBAXS0027W The configuration value,interval_old_value, for the bucket checkinterval is not valid. The value has beenchanged to the default value, which isinterval_new_value seconds.

Explanation: The XML data store writes an event tothe current active bucket. The bucketCheckIntervalcustom property specifies the maximum time, inseconds, that the XML data store can function withoutchecking if the active bucket has been changed. Becausethe property value was set to a value that is less than 0,the XML data store will use the default value.

Administrator response: Set the value of thebucketCheckInterval property in the<WAS_HOME>/profiles/<profile_name>/config/ibmcars/ibmcarsserver.properties file to a positiveinteger, then restart WebSphere Application Server. In aclustered environment, restart the deployment managerand the managed nodes.

CBAXS0034W Either no value has been set or valueset is invalid for property property_nameDefault Value : default_value will beassigned to it.

Explanation: property_name : It will be eithercompress or checkbucketinterval default_value : Defaultvalues for these are true and 300000 respectively

CBAXS0035E The following error occured whilegetting handle toibmcarsserver.properties. error DefaultValues will be used for propertiescompress and checkbucketinterval

Explanation: error : The error that occured whileextracting handle of the repository fileibmcarsserver.properties

CBAXS0036E The following error occured whileloading ibmcarsserver.properties. errorDefault Values will be used forproperties compress andcheckbucketinterval

Explanation: error : The error that occured whileloading the repository file ibmcarsserver.properties

CBAXS0037W The event with global instance idglobalInstanceId can not be inserted intothe table tableName since an event withthe same global instance id alreadyexists.

Explanation: error : The error occured because anevent with a similar global instance id already exists inthe database

CBAXS0038E The event with global instance idglobalInstanceId can not be inserted intothe table tableName since the valuefieldValue for the normalized fieldfieldName is not valid.

Explanation: error : The error occured because thevalue for the normalized field is not a valid value.

CFGMB0001E The CARS_HOME environmentvariable was not found at was_scope.

Explanation: The CARS_HOME environment variablemust be defined at the cell scope of the specifiedWebSphere Application Server deployment target.

Administrator response: Define the CARS_HOMEenvironment variable at the cell scope of thedeployment target, and try the operation again.

CFGMB0002E The CARS_HOME environmentvariable defined at the was_scope scopewas not initialized with the installationlocation of the Common Audit Serviceserver.

Explanation: The CARS_HOME environment variabledefined at the cell scope of the deployment target mustbe initialized with the installation location of the targetCommon Audit Service server.

Administrator response: Initialize the CARS_HOMEenvironment variable with the value of the installationlocation of the target Common Audit Service server,and try the operation again.

CFGMB0003E An internal error occurred whileretrieving the value of theCARS_HOME environment variable.The error message that was received is:err_msg.

Explanation: An attempt to retrieve the value of theCARS_HOME environment variable failed because aprocessing error occurred during the operation.

Administrator response: Try the operation again. Ifthis error occurs again, check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the error.

CFGMB0004E The app_name application cannot bedeployed in the target_scope deploymenttarget scope because it already exists inthat deployment target scope.

Explanation: The application that is specified fordeployment into the deployment target scope must notalready be present in that scope.

Administrator response: Unconfigure (undeploy) theapplication from the deployment target scope using theconfiguration console and try the operation again.

CBAXS0027W • CFGMB0004E


CFGMB0005E The app_name application cannot beundeployed from the target_scopedeployment target scope because it doesnot already exist in that deploymenttarget scope.

Explanation: The application that is specified forundeployment from the deployment target scope musthave already been deployed in that scope.

Administrator response: Configure (deploy) theapplication in the deployment target scope using theconfiguration console and try the operation again.

CFGMB0006E The JDBC connector for the CommonAudit Service XML data store (database)cannot be created because the specifiedpath of the DB2 JDBC drivers, driver_dir,is not valid. Enter the valid path of theDB2 JDBC drivers that are used tocreate the JDBC connector for theCommon Audit Service XML data store(database).

Explanation: The correct path of the type-4 DB2 JDBCdrivers must be specified in the JDBC Connectors panelof the configuration console. The DB2 JAR filedb2jcc.jar contains DB2 type-4 JDBC drivers and isusually located at DB2_INSTALL_ROOT/java folder onthe target system.

Administrator response: Specify the correct path ofthe directory on the target system containing type-4DB2 JDBC drivers, and try the operation again.

CFGMB0007E The configuration of the JDBCconnector for the Common AuditService XML data store (database) failedbecause a connection to the db_namedatabase cannot be established usingthe specified JDBC connectioninformation.

Explanation: Valid JDBC connection information mustbe specified in the JDBC Connectors panel of theconfiguration console to create the JDBC connector forthe Common Audit Service XML data store (database).

Administrator response: Specify correct values for theXML data store host name, instance port number,instance owner user name, instance owner userpassword, and the location of type 4 JDBC drivers inthe JDBC Connectors panel of the configuration consoleand try the operation again

CFGMB0008E Input validation for the meth_namemethod failed because the specifieddatabase name, db_name, does not exist.

Explanation: The target database that is specified forthe deployment of the Java stored procedures mustalready exist.

Administrator response: Ensure that the specifieddatabase exists and that a connection can be establishedto it, then try the operation again.

CFGMB0009E Input validation for the meth_namemethod failed because an incorrect levelof software was detected for thespecified database name, db_name.

Explanation: The software versions of the databaseschema components and the reporting tables must be atspecific software levels. For the database to be at thecorrect level, the values of schemaMajorVersion,schemaMinorVersion, and SchemaPtfLevel in theCEI_T_PROPERTIES table must be 6, 0, and 0,respectively. For the reporting tables to be at the correctlevel, the values of ReportTableSchemaMajorVersion,ReportTableSchemaMinorVersion, andReportTableSchemaPtfLevel must be 2, 0, and 0,respectively.

Administrator response: Upgrade the target databaseused for the XML data store to the correct level, and trythe operation again.

CFGMB0011E Input validation for the meth_namemethod failed because the CommonEvent Infrastructure event server is notconfigured in the target_scope WebSphereApplication Server deployment target.

Explanation: The Common Event Infrastructure eventserver (EventService) must be configured in theWebSphere Application Server deployment targetbefore you can configure CommonAuditService to sendevents to the event server.

Administrator response: Ensure that Common EventInfrastructure EventService is configured in WebSphereApplication Server deployment target, and try theoperation again.

CFGMB0012E Input validation for the meth_namemethod failed because theibmcarsserver.properties file was notfound at target_scope.

Explanation: The ibmcarsserver.properties file must bepresent in the WAS_PROFILE_PATH/config/ibmcarsfolder to configure CommonAuditService to routeevents to the Common Event Infrastructure eventserver.

Administrator response: Ensure thatibmcarsserver.properties file is located at the requiredlocation, and try the operation again.

CFGMB0005E • CFGMB0012E


CFGMB0013E An internal error occurred whileexecuting the meth_name method. Theerror message that was received is:actual_exception

Explanation: A processing error occurred during theoperation.


CFGMB0014E An internal error occurred whiledeploying the app_name application. Theerror message that was received is:actual_exception

Explanation: The specified application might not havebeen deployed successfully because a processing erroroccurred during the operation.

Administrator response: Check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the error and the status of thedeployment.

CFGMB0015E An internal error occurred whileupdating the prop_val_pair key/value pairin the carsconfig.status file in theCARS_HOME/server/etc folder. Theerror message that was received is:actual_exception

Explanation: An attempt to update the specifiedinformation in the carsconfig.status file failed because aprocessing error occurred during the operation.


CFGMB0016E An internal error occurred whileuninstalling the app_name application.The error message that was received is:actual_exception

Explanation: An attempt to uninstall the specifiedapplication might have failed because a processingerror occurred during the operation.

Administrator response: Check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the error and the status of theuninstallation.

CFGMB0017E The app_name application failed tostart in the target_scope WebSphereApplication Server deployment target.The error message that was received is:actual_exception

Explanation: An attempt to start the specifiedapplication on the deployment target failed because aprocessing error occurred during the operation.


CFGMB0018E The app_name application failed tostop running in the target_scopeWebSphere Application Serverdeployment target. The error messagethat was received is: actual_exception

Explanation: An attempt to stop the specifiedapplication on the deployment target failed because aprocessing error occurred during the operation.


CFGMB0019E The enterprise applications related tothe Common Audit Service server couldnot be stopped in the target_scopeWebSphere Application Serverdeployment target because they werenot found in the specified deploymenttarget scope.

Explanation: Enterprise applications related to theCommon Audit Service server must be deployed intothe specified deployment target before they can bestopped.

Administrator response: Ensure that related enterpriseapplications are deployed and running in the specifieddeployment target, then try the operation again.

CFGMB0020E The changes made toibmcarsserver.properties file in theconfiguration repository of theDeployment Manager could not besynchronized with the copies of this filethat are located in the configurationrepositories of the managed nodes. Theerror message that was received is:actual_exception

Explanation: The configuration changes made to theDeployment Manager properties file were notpropagated to the corresponding managed nodesbecause an internal processing error occurred duringthe operation.

Administrator response: Ensure that nodeagentservice that is associated with each managed node isrunning, then try the operation again.



CFGMB0021E The JNDI name of theXmlStorePlugin application in thedefault Common Event Infrastructureevent server could not be defined. Theerror message that was received is:actual_exception

Explanation: The attempt to define the specified JNDIname of the XmlStorePlugin application failed.

Administrator response: Use the services integrationpanel of the WebSphere Administrative Console toensure that the xmlStoreEjbJndiName custom propertydoes not exist in the default Common EventInfrastructure event server, then try the operationagain. If the problem persists, check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the error.

CFGMB0022E The CARS Events event group couldnot be created in the default CommonEvent Infrastructure event server. Theerror message that was received is:actual_exception

Explanation: The attempt to create the specified eventgroup failed.

Administrator response: Ensure that event groupnamed CARS Events does not exist in the defaultCommon Event Infrastructure event server, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)to determine the source of the error.

CFGMB0023E The event selector string of thedefault All events event group in thedefault Common Event Infrastructureevent server could not be modified. Theerror message that was received is:actual_exception

Explanation: The attempt to change the event selectorstring of the specified event group failed.

Administrator response: Ensure that event groupnamed All events exists in the default Common EventInfrastructure event server, then try the operationagain. If the problem persists, check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the problem.

CFGMB0024E The JNDI name of theXmlStorePlugin application in thedefault Common Event Infrastructureevent server could not be removed. Theerror message that was received is:actual_exception

Explanation: The attempt to remove the JNDI name ofthe XmlStorePlugin application failed.

Administrator response: Use the services integration

panel of the WebSphere Administrative Console toensure that the xmlStoreEjbJndiName custom propertyexists in the default Common Event Infrastructureevent server, then try the operation again. If theproblem persists, check the WebSphere ApplicationServer log file (SystemOut.log) to determine the sourceof the error.

CFGMB0025E The CARS Events event group couldnot be removed from the defaultCommon Event Infrastructure eventserver. The error message that wasreceived is: actual_exception

Explanation: The attempt to remove the specifiedevent group failed.

Administrator response: Ensure that event groupnamed CARS Events exists in the default CommonEvent Infrastructure event server, then try the operationagain. If the problem persists, check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the error.

CFGMB0026E The event selector string of thedefault All events event group in thedefault Common Event Infrastructureevent server could not be restored. Theerror message that was received is:actual_exception

Explanation: The attempt to restore the event selectorstring of the All events group failed.

Administrator response: Ensure that event groupnamed All events exists in the default Common EventInfrastructure event server, then try the operationagain. If the problem persists, check the WebSphereApplication Server log file (SystemOut.log) todetermine the source of the problem.

CFGMB0027E The enable property of the target_appenterprise application could not be setto the enable_prop_val value. The errormessage that was received is:actual_exception

Explanation: The enable property was not set to thespecified value because a processing error occurredduring the operation.

Administrator response: Try the operation again. Ifthe problem persists, check the WebSphere ApplicationServer log file (SystemOut.log) to determine the sourceof the error.

CFGMB0028E The file permissions on thecmdTemp.sh temporary file could not bechanged.

Explanation: The file permissions on the cmdTemp.shtemporary file were not changed because a processing



error occurred during the operation.


CFGMB0029E The database named db_name couldnot be created. Review the log, log_file,to determine the cause of the failure.

Explanation: An error occurred while attempting tocreate the specified XML data store (database).

Administrator response: Ensure that the target DB2server is running and does not already contain thespecified database name, then try the operation again.If the problem persists, check the WebSphereApplication Server log file (SystemOut.log) or theCommon Audit Service logs (dbconfig.log) to determinethe source of the error.

CFGMB0031E The reporting staging tables couldnot be created in the target databasenamed db_name.

Explanation: An error occurred while attempting tocreate the staging tables in the specified database.

Administrator response: Ensure that the target DB2server is running and that the specified database existson the DB2 server and can be contacted, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) todetermine the source of the error.

CFGMB0032E The target database, db_name, couldnot be upgraded to the correct softwarelevel.

Explanation: The database that is specified for use asthe XML data store could not be upgraded to thecorrect software level. The software versions of thedatabase schema components and the reporting tablesmust be at specific software levels. For the database tobe at the correct level, the values ofschemaMajorVersion, schemaMinorVersion, andSchemaPtfLevel in the CEI_T_PROPERTIES table mustbe 6, 0, and 0, respectively. For the reporting tables tobe at the correct level, the values ofReportTableSchemaMajorVersion,ReportTableSchemaMinorVersion, andReportTableSchemaPtfLevel must be 2, 0, and 0,respectively.

Administrator response: Ensure that the target DB2server is running and that the specified database existson the DB2 server and can be contacted, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) todetermine the source of the error.

CFGMB0033E The IBMCARS_DD_REPORT andIBMCARS_EVENT_DETAIL Java storedprocedures could not be deployed intothe db_name database.

Explanation: An error occurred while attempting todeploy the specified Java stored procedures into thetarget database.

Administrator response: Ensure that the target DB2server is running and that the target database exists onthe DB2 server and can be contacted. If the server isrunning on a UNIX or Linux system, ensure that thelinks to the required JDK libraries are created in theuser/sbin folder, then try the operation again. Refer tothe Auditing Guide for information on the settings thatare required before deploying Java stored procedureson UNIX and Linux platforms.

CFGMB0034E The record of the last created XMLdata store (db_name) could not beupdated in the carsdb.properties file,which is located at CARS_HOME/server/etc folder on the target system.

Explanation: An error occurred while attempting toupdate the record in the carsdb.properties file of thelast created database that is used as the XML datastore.


CFGMB0035E The record of the last created XMLdata store (db_name) could not beremoved from the carsdb.properties file,which is located at CARS_HOME/server/etc folder on the target system.

Explanation: An error occurred while attempting toremove the record from the carsdb.properties file of thelast created database that is used as the XML datastore.


CFGMB0036E The value could not be set for theDB2UNIVERSAL_JDBC_DRIVER_PATHenvironment variable at the object_typelevel for the target_scope WebSphereApplication Server deployment target.

Explanation: An error occurred while attempting toset the value of theDB2UNIVERSAL_JDBC_DRIVER_PATH environmentvariable.

Administrator response: Try the operation again. If



the problem persists, check the WebSphere ApplicationServer log file (SystemOut.log) to determine the sourceof the error.

CFGMB0037E The JDBC resources that are used toaccess the XML data store (database)could not be created on the target_objectWebSphere Application Serverdeployment target because the specifieddeployment target does not exist.

Explanation: The WebSphere Application Serverdeployment target that is specified for creating theJDBC resources must already exist and cannot alreadycontain the JDBC resources.

Administrator response: Verify that the deploymenttarget exists and that the JDBC resources do not alreadyexist in the deployment target, then try the operationagain.

CFGMB0038E The JDBC connection informationthat is used to access the XML data store(database) could not be updated in theibmcars.properties file that is located inthe CARS_HOME/server/etc folder onthe target system. The error messagethat was received is: target_exception

Explanation: The ibmcars.properties file was notupdated with the JDBC connection information becausea processing error occurred during the operation.


CFGMB0039E The JDBC resources that are used toaccess the XML data store (database)could not be created on the target_objectWebSphere Application Serverdeployment target. The error messagethat was received is: target_exception

Explanation: The JDBC resources were not created onthe specified WebSphere Application Serverdeployment target because an error occurred duringprocessing.


CFGMB0040E The JDBC resources that are used toaccess the XML data store (database)could not be removed from thetarget_object WebSphere ApplicationServer deployment target. The errormessage that was received is:target_exception

Explanation: The JDBC resources were not removedfrom the specified WebSphere Application Serverdeployment target because an error occurred duringprocessing.


CFGMB0041E An internal error occurred whilequerying the target_scope WebSphereApplication Server deployment target todetermine if the Common EventInfrastructure event server wasconfigured. The error message that wasreceived is: target_exception

Explanation: A query failed to determine if the defaultCommon Event Infrastructure event server wasconfigured successfully on the deployment targetbecause a processing error occurred during theoperation.


CFGMB0042E An internal error occurred whilequerying the target DB2 server todetermine if the db_name databasealready exists. The error message thatwas received is: target_exception

Explanation: The query failed to determine if thespecified database name already exists on the targetDB2 server because an internal processing erroroccurred.

Administrator response: Ensure that the target DB2server is running, then try the operation again. If theproblem persists, check the WebSphere ApplicationServer log file (SystemOut.log) or the Common AuditService logs (dbconfig.log) to determine the source ofthe error.

CFGMB0043E An error occurred while querying thetarget DB2 server to determine if thetarget db_name database is at the correctsoftware level. The error message thatwas received is: target_exception

Explanation: The query failed to determine if thespecified database is at the correct software levelbecause an internal processing error occurred.

Administrator response: Ensure that the target DB2server is running and that the target DB2 servercontains the specified database name, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) to



determine the source of the error.

CFGMB0044E An error occurred while querying thetarget DB2 server to determine if theIBMCARS_DD_REPORT andIBMCARS_EVENT_DETAIL DB2 Javastored procedures are deployed into thedb_name database. The error messagethat was received is: target_exception

Explanation: The query failed to determine if thespecified Java stored procedures were deployedsuccessfully because a processing error occurred duringthe operation.

Administrator response: Ensure that the target DB2server is running and that the target DB2 servercontains the specified database name, then try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) todetermine the source of the error.

CFGMB0045E An error occurred while checking theability of the app_name enterpriseapplication to start on the next restart ofthe target WebSphere ApplicationServer. The error message that wasreceived is: target_exception

Explanation: An attempt failed to determine if thespecified application will start successfully if theWebSphere Application Server instance is restarted.


CFGMB0046E An error occurred while querying thetarget DB2 server to determine if thestaging tables are present in the targetdb_name database. The error messagethat was received is: target_exception

Explanation: The query failed to determine if thestaging tables are present in the target database becausean error occurred during the operation.


CFGMB0047E An internal error occurred whileretrieving the value of theUSER_INSTALL_ROOT environmentvariable of the target WebSphereApplication Server. The error messagethat was received is: target_exception

Explanation: The USER_INSTALL_ROOT environmentvariable contains the profile path of the targetWebSphere Application Server profile. This value couldnot be retrieved because an internal processing erroroccurred during the operation.


CFGMB0048E An internal error occurred whileretrieving the value of theDB2UNIVERSAL_JDBC_DRIVER_PATHenvironment variable defined at thetarget_scope level of the targetWebSphere Application Server process.The error message that was received is:target_exception

Explanation: The value of theDB2UNIVERSAL_JDBC_DRIVER_PATH environmentvariable could not be retrieved because an internalprocessing error occurred during the operation.


CFGMB0049E An internal error occurred whilechanging the values of the configurationstatus properties in the carsconfig.statusfile, which is located in theCARS_HOME/server/etc folder on thetarget system. The error message thatwas received is: target_exception

Explanation: The carsconfig.status file is located in theCARS_HOME/server/etc folder on the target systemand contains the properties that were initialize with thevalues that reflect the actual configuration status ofvarious components of the Common Audit Serviceserver that are in place. The values might not havebeen updated correctly because a processing erroroccurred during the operation.

Administrator response: Check the WebSphereApplication Server log file (SystemOut.log) todetermine the cause of the error.



CFGMB0050E An internal error occurred whileretrieving the list of configurabledeployment target objects that arepresent in the connected WebSphereserver process. The error message thatwas received is: target_exception

Explanation: The list of configurable deploymenttarget objects was not retrieved successfully because aprocessing error occurred during the operation.


CFGMB0051W No configurable servers or clusterswere found in the target WebSphereApplication Server installation.

Explanation: This error occurs if a cluster has not beendefined in the target Deployment Manager cell on theWebSphere Application Server Network Deploymentinstallation.

Administrator response: In the target DeploymentManager, define a cluster with at least one federatedcluster member, then try the operation again.

CFGMB0052E The current configuration status ofCommon Audit Service componentscannot be determined because aninternal error occurred while reading thevalues of the configuration properties inthe carsconfig.status file. The errormessage that was received is:target_exception

Explanation: The values of the configurationproperties in the carsconfig.status file could not beretrieved because a processing error occurred duringthe operation.


CFGMB0053E An internal error occurred whileretrieving the list of enterpriseapplications that are deployed in thetarget_scope WebSphere ApplicationServer deployment target. The errormessage that was received is:target_exception

Explanation: The list of enterprise applications couldnot be retrieved from the deployment target because aprocessing error occurred during the operation.

Administrator response: Try the operation again. Ifthis error occurs again, check the WebSphereApplication Server log file (SystemOut.log) to

determine the source of the error.

CFGMB0055E An internal error occurred whilequerying the target_scope WebSphereApplication Server deployment target todetermine if JDBC resources foraccessing the XML data store (database)are present. The error message that wasreceived is: target_exception

Explanation: The query failed to determine if theJDBC resources are present in the WebSphereApplication Server deployment target because aprocessing error occurred during the operation.


CFGMB0056E The JDBC resources that are definedin the target_object WebSphereApplication Server deployment targetcould not be used to connect to the XMLdata store (database). The error messagethat was received is: target_exception

Explanation: An error occurred while attempting toconnect to the database using the JDBC resources in thespecified WebSphere Application Server deploymenttarget.

Administrator response: Ensure that the JDBCprovider and data sources are created properly and thatthe target DB2 server containing the XML data store(database) is running. Restart the target WebSphereApplication Server to ensure that JNDI names of thedata sources are bound in the JNDI namespace. Try theoperation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)to determine the source of the error.

CFGMB0057W Enterprise applications that arerelated to Common Audit Service couldnot be started in the target_scopeWebSphere Application Serverdeployment target because theXmlStoreDS EJB application was notfound in the deployment target.

Explanation: The XmlStoreDS application was notfound on the deployment target. All enterpriseapplications that use the Common Audit Servicedepend on the XmlStoreDS application to store eventsin the XML data store (database).

Administrator response: Deploy the XmlStoreDSapplication in the specified WebSphere ApplicationServer deployment target, then try the operation again.

CFGMB0050E • CFGMB0057W


CFGMB0058W Enterprise applications that arerelated to Common Audit Service couldnot be started in the target_scopeWebSphere Application Serverdeployment target because the XMLdata store (database) does not exist.

Explanation: The XML data store was not found. Allenterprise applications that use the Common AuditService use the XML data store (database) to store auditevents.

Administrator response: Create the XML data store inthe target DB2 server, then try the operation again.

CFGMB0059E An internal error occurred whilereading the record of the last-createdXML data store (database) in theCARS_HOME/server/etc/carsdb.properties file on the targetsystem. The error message that wasreceived is: target_exception

Explanation: A processing error occurred whileattempting to read the record of the last-created XMLdata store (database) in the carsdb.properties file.


CFGMB0061E The Common Audit Service XMLdata store (database) cannot be createdbecause the DB2 instance profile path,inst_profile that is specified in the AuditDatabase panel of the configurationconsole does not contain a valid locationon the target system. Enter a valid DB2instance profile path to create theCommon Audit Service XML data store.

Explanation: The DB2 instance profile path specifiedin the Audit Database panel of the configurationconsole must contain a valid location in the file systemof the target system where the MBean is running.

Administrator response: Specify a valid DB2 instanceprofile path, then try the operation again.

CFGMB0062E The specified XML data store,db_name, could not be deleted. Reviewthe log, log_file, to determine the causeof the failure.

Explanation: An error occurred while attempting todelete the specified database that is used as the XMLdata store.

Administrator response: Ensure that the target DB2server is running and that the target DB2 servercontains the specified database name. Also, make surethat the specified database is not active, then try the

operation again. If the problem persists, check theWebSphere Application Server log file (SystemOut.log)or the Common Audit Service logs (dbconfig.log) todetermine the source of the error.

CFGMB0063E The Common Audit Serviceconfiguration method, meth_name, failedto execute because an invalid input_objectobject was passed as an input parameterto this method from the configurationconsole.

Explanation: The specified input parameter that waspassed to the specified method is not valid because theinput object or one or more of its members was null

Administrator response: Pass a valid input object tothe method and try again. If the problem persists, thencheck the WebSphere Application Server log file(SystemOut.log) or contact your system administrator

CFGMB0064E An internal error occurred whileupdating the value of thecars_server_prop property in theWAS_PROFILE_PATH/config/ibmcars/ibmcarsserver.properties file. The errormessage that was received is:actual_exception.

Explanation: An attempt to update the specifiedproperty value in the ibmcarsserver.properties filefailed because a processing error occurred during theoperation.


CFGMB0065E The database named db_name is not avalid XML data store (database).

Explanation: The database specified for use as theXML data store cannot be used because it does notcontain the main XML schema tables, CEI_T_XML00and CEI_T_XML01.

Administrator response: Specify a valid databasename for the XML data store in the Audit Databasepanel, then try the operation again.

CFGMB0068E The Common Audit Service XMLdata store (database) cannot be createdbecause the instance profile pathinst_profile that is specified in the AuditDatabase panel of the configurationconsole does not contain a target systemlocation with a db2profile executablefile. Enter a valid DB2 instance profilepath to create the Common AuditService XML data store.

CFGMB0058W • CFGMB0068E


Explanation: The DB2 instance profile path that isspecified must contain a target system location with adb2profile executable file.

Administrator response: Specify a valid DB2 instanceprofile path, then try the operation again.

CFGMB0069E An error occurred while querying thetarget DB2 server to determine if theXML schema tables (CEI_T_XML*) arepresent in the target db_name database.The error message that was received is:target_exception

Explanation: The query failed to determine if the XMLschema tables are present in the target databasebecause an error occurred during the operation.


CFGMB0070W Enterprise applications that arerelated to Common Audit Service couldnot be started in the target_scopeWebSphere Application Serverdeployment target because the JDBCconnector for the XML data store(database) does not exist.

Explanation: The JDBC connector for the XML datastore was not found. All enterprise applications thatuse the Common Audit Service use the same JDBCconnector to connect to the XML data store.

Administrator response: Create the JDBC connectorfor the XML data store at the appropriate scope in thetarget WebSphere Application Server, then try theoperation again.

CFGMB0069E • CFGMB0070W



Notices

This information was developed for products and services offered in the U.S.A.IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right maybe used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not give youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785 U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBMIntellectual Property Department in your country or send inquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan, Ltd.19-21, Nihonbashi-Hakozakicho, Chuo-kuTokyo 103-8510, Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law :

INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE.

Some states do not allow disclaimer of express or implied warranties in certaintransactions, therefore, this statement might not apply to you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Websites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.


IBM may use or distribute any of the information you supply in any way itbelieves appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:

IBM Corporation2Z4A/10111400 Burnet RoadAustin, TX 78758 U.S.A.

Such information may be available, subject to appropriate terms and conditions,including in some cases payment of a fee.

The licensed program described in this document and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement or any equivalent agreementbetween us.

Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurement may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers ofthose products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy ofperformance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

All statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subjectto change without notice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject tochange before the products described become available.

This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment to


IBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have notbeen thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. You may copy,modify, and distribute these sample programs in any form without payment toIBM for the purposes of developing, using, marketing, or distributing applicationprograms conforming to IBM's application programming interfaces.

If you are viewing this information in softcopy form, the photographs and colorillustrations might not be displayed.

Trademarks

IBM, the IBM logo, and ibm.com® are trademarks or registered trademarks ofInternational Business Machines Corp., registered in many jurisdictions worldwide.Other product and service names might be trademarks of IBM or other companies.A current list of IBM trademarks is available on the Web at Copyright andtrademark information; at www.ibm.com/legal/copytrade.shtml.

Adobe, Acrobat, PostScript and all Adobe-based trademarks are either registeredtrademarks or trademarks of Adobe Systems Incorporated in the United States,other countries, or both.

IT Infrastructure Library is a registered trademark of the Central Computer andTelecommunications Agency which is now part of the Office of GovernmentCommerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo,Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks orregistered trademarks of Intel Corporation or its subsidiaries in the United Statesand other countries.

Linux is a trademark of Linus Torvalds in the United States, other countries, orboth.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks ofMicrosoft Corporation in the United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the Officeof Government Commerce, and is registered in the U.S. Patent and TrademarkOffice.

UNIX is a registered trademark of The Open Group in the United States and othercountries.

Java and all Java-based trademarks and logos are trademarks or registeredtrademarks of Oracle and/or its affiliates.

Notices 213

Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in theUnited States, other countries, or both and is used under license therefrom.

Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo aretrademarks of HP, IBM Corp. and Quantum in the U.S. and other countries.

Other company, product, and service names may be trademarks or service marksof others.


��

Printed in USA

GC32-2289-05

Documents

Error Message Reference - IBM · About this publication IBM ®Tivoli Federated Identity Manager Version 6.2.2 implements solutions for federated single sign-on, Web services security