Transcription
IBM Security Access Manager for WebVersion 7.0Error Message Reference GI11-8157-02
IBM Security Access Manager for WebVersion 7.0Error Message Reference GI11-8157-02
NoteBefore using this information and the product it supports, read the information in “Notices” on page 299.Edition noticeNote: This edition applies to version 7, release 0, modification 0 of IBM Security Access Manager (productnumber 5724-C87) and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2001, 2012.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.
ContentsFigures . . . . . . . . . . . . . . . vChapter 4. Security Access ManagerPlug-in for Web Servers Messages . . 169About this publication . . . . . . . . viiIntended audience . . . . . . .Access to publications and terminologyRelated publications . . . . .Accessibility . . . . . . . . .Technical training . . . . . . .Support information . . . . . . vii. vii. ix. xi. xi. xi.Chapter 5. Security Access ManagerSession Management ServerMessages . . . . . . . . . . . . . 181Chapter 6. Security Access ManagerWeb Runtime Messages . . . . . . . 215Chapter 1. Message overview . . . . . 1. 1. 1Chapter 7. Common Auditing andReporting Service messages. . . . . 271Chapter 2. Security Access ManagerBase Messages . . . . . . . . . . . 5Notices . . . . . . . . . . . . . . 299Message types . .Message format .Chapter 3. Security Access ManagerWebSEAL Messages . . . . . . . . 145 Copyright IBM Corp. 2001, 2012iii
ivVersion 7.0: Error Message Reference
Figures1.Message ID format. Copyright IBM Corp. 2001, 2012. 2v
viVersion 7.0: Error Message Reference
About this publicationIBM Security Access Manager for Web, formerly called IBM Tivoli Access Managerfor e-business, is a user authentication, authorization, and web single sign-onsolution for enforcing security policies over a wide range of web and applicationresources.The IBM Security Access Manager for Web Error Message Reference provides a listof all informational, warning, and error messages associated with IBM SecurityAccess Manager for Web.Intended audienceThis book is intended for system administrators who are responsible formaintaining and troubleshooting IBM Security Access Manager for Web.Access to publications and terminologyThis section provides:v A list of publications in the “IBM Security Access Manager for Web library.”v Links to “Online publications” on page ix.v A link to the “IBM Terminology website” on page ix.IBM Security Access Manager for Web libraryThe following documents are in the IBM Security Access Manager for Web library:v IBM Security Access Manager for Web Quick Start Guide, GI11-9333-01Provides steps that summarize major installation and configuration tasks.v IBM Security Web Gateway Appliance Quick Start Guide – Hardware OfferingGuides users through the process of connecting and completing the initialconfiguration of the WebSEAL Hardware Appliance, SC22-5434-00v IBM Security Web Gateway Appliance Quick Start Guide – Virtual OfferingGuides users through the process of connecting and completing the initialconfiguration of the WebSEAL Virtual Appliance.v IBM Security Access Manager for Web Installation Guide, GC23-6502-02Explains how to install and configure Security Access Manager.v IBM Security Access Manager for Web Upgrade Guide, SC23-6503-02Provides information for users to upgrade from version 6.0, or 6.1.x to version7.0.v IBM Security Access Manager for Web Administration Guide, SC23-6504-02Describes the concepts and procedures for using Security Access Manager.Provides instructions for performing tasks from the Web Portal Managerinterface and by using the pdadmin utility.v IBM Security Access Manager for Web WebSEAL Administration Guide, SC23-6505-02Provides background material, administrative procedures, and referenceinformation for using WebSEAL to manage the resources of your secure Webdomain. Copyright IBM Corp. 2001, 2012vii
v IBM Security Access Manager for Web Plug-in for Web Servers Administration Guide,SC23-6507-02Provides procedures and reference information for securing your Web domainby using a Web server plug-in.v IBM Security Access Manager for Web Shared Session Management AdministrationGuide, SC23-6509-02vvvvProvides administrative considerations and operational instructions for thesession management server.IBM Security Access Manager for Web Shared Session Management Deployment Guide,SC22-5431-00Provides deployment considerations for the session management server.IBM Security Web Gateway Appliance Administration Guide, SC22-5432-00Provides administrative procedures and technical reference information for theWebSEAL Appliance.IBM Security Web Gateway Appliance Configuration Guide for Web Reverse Proxy,SC22-5433-00Provides configuration procedures and technical reference information for theWebSEAL Appliance.IBM Security Web Gateway Appliance Web Reverse Proxy Stanza Reference,SC27-4442-00Provides a complete stanza reference for the IBM Security Web GatewayAppliance Web Reverse Proxy.v IBM Security Access Manager for Web WebSEAL Configuration Stanza Reference,SC27-4443-00Provides a complete stanza reference for the WebSEAL Appliance.v IBM Global Security Kit: CapiCmd Users Guide, SC22-5459-00Provides instructions on creating key databases, public-private key pairs, andcertificate requests.v IBM Security Access Manager for Web Auditing Guide, SC23-6511-02Provides information about configuring and managing audit events by using thenative Security Access Manager approach and the Common Auditing andReporting Service. You can also find information about installing andconfiguring the Common Auditing and Reporting Service. Use this service forgenerating and viewing operational reports.v IBM Security Access Manager for Web Command Reference, SC23-6512-02Provides reference information about the commands, utilities, and scripts thatare provided with Security Access Manager.v IBM Security Access Manager for Web Administration C API Developer Reference,SC23-6513-02Provides reference information about using the C language implementation ofthe administration API to enable an application to perform Security AccessManager administration tasks.v IBM Security Access Manager for Web Administration Java Classes DeveloperReference, SC23-6514-02Provides reference information about using the Java language implementationof the administration API to enable an application to perform Security AccessManager administration tasks.v IBM Security Access Manager for Web Authorization C API Developer Reference,SC23-6515-02viiiVersion 7.0: Error Message Reference
Provides reference information about using the C language implementation ofthe authorization API to enable an application to use Security Access Managersecurity.v IBM Security Access Manager for Web Authorization Java Classes Developer Reference,SC23-6516-02Provides reference information about using the Java language implementation ofthe authorization API to enable an application to use Security Access Managersecurity.v IBM Security Access Manager for Web Web Security Developer Reference,SC23-6517-02Provides programming and reference information for developing authenticationmodules.v IBM Security Access Manager for Web Error Message Reference, GI11-8157-02Provides explanations and corrective actions for the messages and return code.v IBM Security Access Manager for Web Troubleshooting Guide, GC27-2717-01Provides problem determination information.v IBM Security Access Manager for Web Performance Tuning Guide, SC23-6518-02Provides performance tuning information for an environment that consists ofSecurity Access Manager with the IBM Tivoli Directory Server as the userregistry.Online publicationsIBM posts product publications when the product is released and when thepublications are updated at the following locations:IBM Security Access Manager for Web Information CenterThe pic/com.ibm.isam.doc 70/welcome.html site displays the information centerwelcome page for this product.IBM Publications CenterThe ons/servlet/pbi.wss site offers customized search functions to help you find all the IBMpublications that you need.IBM Terminology websiteThe IBM Terminology website consolidates terminology for product libraries in onelocation. You can access the Terminology website at ogy.Related publicationsThis section lists the IBM products that are related to and included with theSecurity Access Manager solution.IBM Global Security KitSecurity Access Manager provides data encryption by using Global Security Kit(GSKit) version 8.0.x. GSKit is included on the IBM Security Access Manager for WebVersion 7.0 product image or DVD for your particular platform.GSKit version 8 includes the command-line tool for key management,GSKCapiCmd (gsk8capicmd 64).About this publicationix
GSKit version 8 no longer includes the key management utility, iKeyman(gskikm.jar). iKeyman is packaged with IBM Java version 6 or later and is now apure Java application with no dependency on the native GSKit runtime. Do notmove or remove the bundled java/jre/lib/gskikm.jar library.The IBM Developer Kit and Runtime Environment, Java Technology Edition, Version 6and 7, iKeyman User's Guide for version 8.0 is available on the Security AccessManager Information Center. You can also find this document directly e:GSKit version 8 includes important changes made to the implementation ofTransport Layer Security required to remediate security issues.The GSKit version 8 changes comply with the Internet Engineering Task Force(IETF) Request for Comments (RFC) requirements. However, it is not compatiblewith earlier versions (1.1 or 1.2) of Transport Layer Security. Any component thatcommunicates with Security Access Manager that uses GSKit must be upgraded touse GSKit version 7.0.4.42, or 8.0.14.26 or later. Otherwise, communicationproblems might occur.IBM Tivoli Directory ServerIBM Tivoli Directory Server version 6.3 FP17 (6.3.0.17-ISS-ITDS-FP0017) is includedon the IBM Security Access Manager for Web Version 7.0 product image or DVD foryour particular platform. You can find more information about Tivoli Directory Server ectory-server/IBM Tivoli Directory IntegratorIBM Tivoli Directory Integrator version 7.1.1 is included on the IBM Tivoli DirectoryIntegrator Identity Edition V 7.1.1 for Multiplatform product image or DVD for yourparticular platform. You can find more information about IBM Tivoli Directory Integrator ectory-integrator/IBM DB2 Universal Database IBM DB2 Universal Database Enterprise Server Edition, version 9.7 FP4 is providedon the IBM Security Access Manager for Web Version 7.0 product image or DVD foryour particular platform. You can install DB2 with the Tivoli Directory Serversoftware, or as a stand-alone product. DB2 is required when you use TivoliDirectory Server or z/OS LDAP servers as the user registry for Security AccessManager. For z/OS LDAP servers, you must separately purchase DB2.You can find more information about DB2 at:http://www.ibm.com/software/data/db2xVersion 7.0: Error Message Reference
IBM WebSphere productsThe installation packages for WebSphere Application Server Network Deployment,version 8.0, and WebSphere eXtreme Scale, version 8.5, are included with SecurityAccess Manager version 7.0. WebSphere eXtreme Scale is required only when youuse the Session Management Server (SMS) component.WebSphere Application Server enables the support of the following applications:v Web Portal Manager interface, which administers Security Access Manager.v Web Administration Tool, which administers Tivoli Directory Server.v Common Auditing and Reporting Service, which processes and reports on auditevents.v Session Management Server, which manages shared session in a Web securityserver environment.v Attribute Retrieval Service.You can find more information about WebSphere Application Server was/library/AccessibilityAccessibility features help users with a physical disability, such as restrictedmobility or limited vision, to use software products successfully. With this product,you can use assistive technologies to hear and navigate the interface. You can alsouse the keyboard instead of the mouse to operate all features of the graphical userinterface.Visit the IBM Accessibility Center for more information about IBM's commitmentto accessibility.Technical trainingFor technical training information, see the following IBM Education website port informationIBM Support provides assistance with code-related problems and routine, shortduration installation or usage questions. You can directly access the IBM SoftwareSupport site at he IBM Security Access Manager for Web Troubleshooting Guide provides detailsabout:v What information to collect before you contact IBM Support.v The various methods for contacting IBM Support.v How to use IBM Support Assistant.v Instructions and problem-determination resources to isolate and fix the problemyourself.Note: The Community and Support tab on the product information center canprovide more support resources.About this publicationxi
xiiVersion 7.0: Error Message Reference
Chapter 1. Message overviewMessages indicate events that occur during the operation of the system.Depending on their purpose, messages might be displayed on the screen. Bydefault, all informational, warning, and error messages are written to the messagelogs. The logs can be reviewed later to determine what events occurred, to seewhat corrective actions were taken, and to audit all the actions performed. Formore information about message logs, see the IBM Security Access ManagerTroubleshooting Guide.Message typesIBM Security Access Manager for Web uses messages of specific types.The following types of messages are used:Informational messagesIndicate conditions that are worthy of noting but that do not require you totake any precautions or perform an action.Warning messagesIndicate that a condition has been detected that you should be aware of,but does not necessarily require that you take any action.Error messagesIndicates that a condition has occurred that requires you to take action.Message formatMessages logged by IBM Security Access Manager for Web adhere to the Tivoli Message Standard. Each message consists of a message identifier (ID) andaccompanying message text.Message ID formatA message ID consists of 10 alphanumeric characters that uniquely identify themessage.A message ID in Security Access Manager for Web is composed of:v three-character product identifier (HPD for Security Access Manager Base andCBA and CFG for Common Auditing and Reporting Service)v two-character or three-character component or subsystem identifierv three-digit or four-digit serial or message numberv one-character type code indicating the severity of the messageThe figure that follows shows a graphical representation of a possible message IDand identifies its different parts. (Some messages might use 2 characters for thecomponent ID and 4 digits for the serial number.) Copyright IBM Corp. 2001, 20121
FBTRTE033ISeverityI - InformationalW - WarningE - ErrorMessage number (3 digits)Component or subsystem identifier (3 characters)IBM product prefix (3 characters)Figure 1. Message ID formatComponent identifiersThe component identifier indicates which component or subsystem produced themessage.ADM Administration commandsAUDAuditCCCommon Auditing and Reporting Service disk cacheCDSInfoCard messagesCECommon Auditing and Reporting Service emitterCFGConfiguration propertiesCLICommand-line interfaceCOCommon Audit Service Configuration ConsoleCONSecurity Access Manager consoleFMSManagement serviceIDSIdentity serviceINCommon Auditing and Reporting Service installationISJAlias service JDBC componentISLAlias service LDAP componentIVTInstallation verification testKESKey service keystore managementKJKKey service keystore managementLIBLiberty single sign-on protocolLOGLoggingMBCommon Audit Service Configuration MBeanMGTManagementMETMetadata handlingMOD ModuleOID2OpenID messagesVersion 7.0: Error Message Reference
PWDPassword handlingRPTReport messagesRTERuntime environment component configurationSMLSAML single sign-on protocolSOCSOAP clientSPSSingle sign-on protocol serviceSTMSecure token serviceSTSSecure token service modulesSTZRACF PassTicket tokensSUCommon Audit Staging UtilityTACTivoli Access Manager configuration as point-of-contact serverTRCTrust clientUSCUser self careWSCommon Auditing and Reporting Service Web serviceWSFWS-Federation single sign-on protocolWSPProvisioning serviceWSSWeb services security managementXSCommon Audit Service XML data storeXUCommon Audit Service XML store utilitiesSeverityAssociated with each message is a severity level that indicates whether correctiveaction must be taken.Table 1. Severity levelSeverityDescriptionI (Informational)Provides information or feedback about normal events that occur. Ingeneral, no action needs to be performed in response to aninformational message.FBTRTE033I The domain default was successfully created.FBTSTM066I The Trust Service has been disabled.W (Warning)Indicates that a potentially undesirable condition has occurred, butprocessing can continue. Intervention or corrective action might benecessary in response to a warning message.FBTLOG002W An integer was expected.FBTTRC004W The returned RequestSecurityTokenResponsedid not have a wsu:IdChapter 1. Message overview3
Table 1. Severity level (continued)SeverityDescriptionE (Error)Indicates that a problem has occurred that requires intervention orcorrection before processing can continue. An error message might beaccompanied by one or more warning or informational messages thatprovide additional details about the problem.FBTCON013E The federation with ID insert could not beretrieved from the single sign-on protocol service.Explanation:This error can occur if the console is unable tocommunicate with the single sign-on protocol service.FBTSML260E The binding value value for attribute attris not valid for profile profile.Message textThe text of the message, in the system locale, also is recorded in the log file. If themessage text is not available in the desired language, the English language text isused.4Version 7.0: Error Message Reference
Chapter 2. Security Access Manager Base MessagesThese messages are provided by the Security Access Manager Base component.Explanation: An ACL entry failed the validity check.The Security Access Manager policy server's error logfile will contain an error status message indicating thereason for the failure.policy server, then stop the policy server, restore aknown good version of the master policy database, andthen start the Security Access Manager servers again. Ifthe problem persists, check IBM Electronic Support foradditional information - rt/index.html?ibmprd tivmanAdministrator response: Review the Security AccessManager policy server's error log to determine thereason that the ACL failed the validity check.HPDAC0451E A protected object should have onlyone attached ACL (%s).HPDAC0153E Could not build ACL with thesupplied ACL entries.Explanation: See message.HPDAC0178ECould not obtain local host name.Explanation: The system library call to get the localhost name failed.Administrator response: Ensure
For technical training information, see the following IBM Education website at . IBM Support provides assistance with code-related problems and routine, short duration installation or usage questions. You can directly access
