Sun Java System Access Manager 7 2005Q4 Administration Guide

Previous: Part IV Command Line Reference

Part V Appendixes

This is part five of the Sun Java System Access Manager 7 2005Q4 Administration Guide contains error code listings and file reference. This section contains the following appendixes:

Appendix A AMConfig.properties File

AMConfig.properties is the main configuration file for Access Manager. You can configure some, but not all, of the properties in this file. This chapter provides descriptions of properties contained in AMConfig.properties, default property values, and instructions for modifying values that can be changed without rendering Access Manager unusable.

This chapter contains the following sections:

About the `AMConfig.properties` File

At installation, AMConfig.properties is located in the following directory: etc/opt/SUNWam/config.

AMConfig.properties contains one property per line, and each property has a corresponding value. Properties and values are case-sensitive. Lines that begin with the characters slash and asterisk (/*) are comments, and comments are ignored by the application. Comments end with a last line that contains the closing characters asterisk and slash (*/).

After you modify properties in AMConfig.properties, you must restart Access Manager to activate the changes.

Access Manager Console

com.iplanet.am.console.deploymentDescriptor

Value is set during installation. Example: /amconsole
com.iplanet.am.console.host

Value is set during installation. Example: hostName.domain.Name.com
com.iplanet.am.console.port

Value is set during installation. Example: 80
com.iplanet.am.console.protocol

Value is set during installation. Example: http

Access Manager Server Installation

com.iplanet.am.install.basedir

This is a READ-ONLY property. Do not modify the property value.

Value is set during installation. Example: /opt/SUNWam/web-src/services/WEB-INF
com.iplanet.am.install.vardir

This is a READ-ONLY property. Do not modify the property value.

Value is set during installation. Example: /var/opt/SUNWam
com.iplanet.am.installdir

This is a READ-ONLY property. Do not modify the property value.

Value is set during installation. Example: /opt/SUNWam
com.iplanet.am.jdk.path

Value is set during installation. Example: /usr/jdk/entsys-j2se
com.iplanet.am.locale

Value is set during installation. Example: en_US
com.iplanet.am.server.host

Value is set during installation. Example: hostName.domainName.com
com.iplanet.am.server.port

Value is set during installation. Example: 80
com.iplanet.am.server.protocol

Value is set during installation. Example: http
com.iplanet.am.version

Value is set during installation. Example: 7 2005Q4
com.sun.identity.server.fqdnMap[ ]

Enables Access Manager Authentication service to take corrective action when a user types an incorrect URL . This is useful, for example, when a user specifies a partial hostname or uses an IP address to access protected resources.

The syntax of this property represents invalid FQDN values mapped to their corresponding valid counterparts. The property uses the following form: com.sun.identity.server.fqdnMap[invalid-name]=valid—name . In this example, invalid-name is a possible invalid FQDN host name that may be used by the user, and the valid—name is the FQDN host name the filter will redirect the user to. If overlapping values for the same invalid FQDN exist, the application may become inaccessible. Using an invalid value for this property can also result in the application becoming inaccessible. You can use this property to map multiple host names. This is useful when the applications hosted on a server are accessible by multiple host names.

You can use this property to configure Access Manager so that no corrective action is taken for certain hostname URLs. This is useful, for example, when it is required that no corrective action such as a redirect be used for users who access the application resources by using the raw IP address.

You can specify a map entry such as: com.sun.identity.server.fqdnMap[IP]=IP .

You can specify any number of such properties may as long as they are valid properties and conform to the requirements described above. Examples: com.sun.identity.server.fqdnMap[isserver]=isserver.mydomain.comcom.sun.identity.server.fqdnMap[isserver.mydomain]=isserver.mydomain.com com.sun.identity.server.fqdnMap[IP address]=isserver.mydomain.com

am.util

com.iplanet.am.util.xml.validating

Default value is no. Determines if validation is required when parsing XML documents using the Access Manager XMLUtils class. This property is in effect only when value for the com.iplanet.services.debug.level property is set to warning or message. Allowable values are yes and no. The XML document validation is turned on only if the value for this property yes, and if value for com.iplanet.services.debug.level property is set to warning or message.

amSDK

Each SDK cache entry stores a set of AMObject attributes values for a user.

com.iplanet.am.sdk.cache.maxSize

Default value is 10000. Specifies the size of the SDK cache when caching is enabled. Use an integer greater than 0, or the default size (10000 users) will be used.
com.iplanet.am.sdk.userEntryProcessingImpl

This property specifies a plug-in which implements the com.iplanet.am.sdk.AMUserEntryProcessed interface to perform some post-processing for user create, delete and modify operations. The property if used should specify the fully qualified class name which implements the above interface.
com.iplanet.am.sdk.caching.enabled

Setting this to true enables caching, and setting this to false disables caching. The default is false.

Application Server Installation

com.iplanet.am.iASConfig

Value is set during installation. Example: APPSERVERDEPLOYMENT

This property is used to determine if Access Manager is running on iPlanet Application Server.

Authentication

com.sun.identity.auth.cookieName

Default value is AMAuthCookie. Specifies the cookie name used by Authentication Service to set the session handler ID during the authentication process. Once this process is completed (success or failure), this cookie is cleared or removed.
com.sun.identity.authentication.ocsp.responder.nickname

Value is set during installation. The Certificate Authority (CA) certificate nick name for that responder. Example: Certificate Manager - sun. If set, the CA certificate must be presented in the Web Server's certificate database.
com.sun.identity.authentication.ocsp.responder.url

Value is set during installation. Example: http://ocsp.sun.com/ocsp

Specifies the global OCSP responder URL for this instance. If the OCSP responder URL is set, the OCSP responder nick name must also be set. Otherwise both will be ignored. If both are not set, the OCSP responder URL presented in user's certificate will be used for OCSP validation. If the OCSP responder URL is not presented in user's certificate, then no OCSP validation will be performed.
com.sun.identity.authentication.ocspCheck

Default value is true. The global parameter to enable or disable OCSP checking. If this value is false, the OCSP feature in the Certificate Authentication module type cannot be used. .
com.sun.identity.authentication.special.users

Value is set during installation. Example: cn=dsameuser,ou=DSAME Users,o=AMRoot|cn=amService-UrlAccessAgent,ou=DSAME Users,o=AMRoot

Identifies the special user or users for this Access Manager authentication component. This user is used by the Client APIs to authenticate remote applications to the Access Manager server using the full user DN. The user will always be authenticated against the local directory server. Multiple values of this special user DN are separated by the pipe character (|). Use of this property is restricted to Authentication component only.
com.sun.identity.authentication.super.user

Value is set during installation. Example: uid=amAdmin,ou=People,o=AMRoot

Identifies the super user for this Access Manager instance. This user must use LDAP to log in, and must use the full DN. The user is always authenticated against the local Directory Server.
com.sun.identity.authentication.uniqueCookieDomain

Used to set the cookie domain for the above cookie name. This Cookie domain should be set such that it covers all the instances of the CDC (Cross Domain Controller) services installed in the network. For example,.example.com if all instances of Access Manager are within the domain example.com.
com.sun.identity.authentication.uniqueCookieName

Default value is sunIdentityServerAuthNServer. Specifies the cookie name set to the Access Manager server host URL when Access Manager is running against Session Cookie hijacking.
com.iplanet.am.auth.ldap.createUserAttrList

Specifies a list of user attributes that contain values that will be retrieved from an external Directory Server during LDAP Authentication when the Authentication Service is configured to dynamically create users. The new user created in the local Directory Server will have the values for attributes which have been retrieved from external Directory Server.

Example: attribute1, attribute2, attribute3

Certificate Database

Set these properties to initialize the JSS Socket Factory when iPlanet Web Server is configured for SSL.

com.iplanet.am.admin.cli.certdb.dir

Value is set during installation. Example: /opt/SUNWwbsvr/alias

Specifies certificate database path.
com.iplanet.am.admin.cli.certdb.passfile

Value is set during installation. Example: /etc/opt/SUNWam/config/.wtpass

Specifies certificate database password file.
com.iplanet.am.admin.cli.certdb.prefix

Value is set during installation. Example: https-hostName.domainName.com-hostName-

Specifies certificate database prefix.

Cookies

com.iplanet.am.cookie.encode

This property allows Access Manager to URLencode the cookie value which converts characters to ones that are understandable by HTTP.

Value is set during installation. Example: false
com.iplanet.am.cookie.name

Default value is iPlanetDirectoryPro. Cookie name used by Authentication Service to set the valid session handler ID. The value of this cookie name is used to retrieve the valid session information.
com.iplanet.am.cookie.secure

Allows the Access Manager cookie to be set in a secure mode in which the browser will only return the cookie when a secure protocol such as HTTP(s) is used.

Default value is false.
com.iplanet.am.console.remote

Value is set during installation. Example: false

Determines whether the console is installed on a remote machine, or is installed on a local machine and will be used by authentication console.
com.iplanet.am.pcookie.name

Specifies the cookie name for a persistent cookie. A persistent cookie continues to exist after the browser window is closed. This enables a user to log in with a new browser session without having to reauthenticate. Default value is DProPCookie.
com.sun.identity.cookieRewritingInPath

Default value is true. This property is read by the Authentication Service when Access Manager is configured to run in cookieless mode. The property specifies that the cookie needs to be rewritten as extra path information in the URL using this form: protocol://server:port/uri;cookiename=cookieValue?queryString. If this property is not specified, then the cookie will be written as part of the query string.
com.sun.identity.enableUniqueSSOTokenCookie

Default value is false. Indicates that Access Manager is running against Session Cookie hijacking when the value is set to true.

Debugging

com.iplanet.services.debug.directory

Specifies the output directory where debug files will be created. Value is set during installation. Example: /var/opt/SUNWam/debug
com.iplanet.services.debug.level

Specifies debug level. Default value is error. Possible values are:

off

No debug file is created.

error

Only error messages are logged.

warning

Only warning messages are logged.

message

Error, warning, and informational messages are logged.

Directory Server Installation

com.iplanet.am.defaultOrg

Value is set at installation. Example: o=AMRoot

Specifies the top-level realm or organization in the Access Manager information tree.
com.iplanet.am.directory.host

Value is set during installation. Example: DirectoryServerHost.domainName.com

Specifies fully-qualified host name of the Directory Server.
com.iplanet.am.directory.port

Value is set during installation. Example: 389

Specifies the Directory Server port number .
com.iplanet.am.directory.ssl.enabled

Default value is false. Indicates if Security Socket Layer (SSL) is enabled.
com.iplanet.am.domaincomponent

Value is set during installation. Example: o=AMRoot

Specifies the domain component (dc) attribute for the Access Manager information tree.
com.iplanet.am.rootsuffix

Value is set during installation. Example: o=AMRoot

Event Connection

com.iplanet.am.event.connection.delay.between.retries

Default value is 3000. Specifies the delay in milliseconds between retries to re-establish the Event Service connections.
com.iplanet.am.event.connection.ldap.error.codes.retries

Default values are 80,81,91. Specifies the LDAP exception error codes for which retries to re-establish Event Service connections will trigger.
com.iplanet.am.event.connection.num.retries

Default value is 3. Specifies the number of attempts made to successfully re-establish the Event Service connections.
com.sun.am.event.connection.idle.timeout

Default value is 0. Specifies the number of minutes after which the persistent searches will be restarted.

This property is used when a load balancer or firewall is between the policy agents and the Directory Server, and the persistent search connections are dropped when TCP idle timeoutoccurs. The property value should be lower than the load balancer or firewall TCP timeout. This ensures that the persistent searches are restarted before the connections are dropped. A value of 0 indicates that searches will not be restarted. Only the connections that are timed out will be reset.

Global Services Management

com.iplanet.am.service.secret

Value is set during installation. Example: AQICPX9e1cxSxB2RSy1WG1+O4msWpt/6djZl
com.iplanet.am.services.deploymentDescriptor

Value is set during installation. Example: /amserver
com.iplanet.services.comm.server.pllrequest.maxContentLength

Default value is 16384 or 16k. Specifies the maximum content-length for an HttpRequest that Access Manager will accept.
com.iplanet.services.configpath

Value is set during installation. Example: /etc/opt/SUNWam/config

Helper Daemons

com.iplanet.am.daemons

Default value is unix securid. Description
securidHelper.ports

Default value is 58943. This property takes a space-separated list and is used for the SecurID authentication module and helpers.
unixHelper.ipaddrs

Value is set during installation. Specifies a list of IP addresses to be read by the amserverscript and passed to the UNIX helper when starting the helper. This property can contain a list of space-separated trusted IP Addresses in IPv4 format.
unixHelper.port

Default value is 58946. Used in the UNIX Authentication module type.

Identity Federation

com.sun.identity.federation.alliance.cache.enabled

Default value is true. If true, federation metadata will be cached internally.
com.sun.identity.federation.fedCookieName

Default value is fedCookie. Specifies the name of the Federation Services cookie.
com.sun.identity.federation.proxyfinder

Default value is com.sun.identity.federation.services.FSIDPProxyImpl. Defines the implementation for finding a preferred identity provider to be proxied.
com.sun.identity.federation.services.signingOn

Default value is false. Specifies the level of signature verification for Liberty requests and responses.

true

Liberty requests and responses will be signed when sent, and Liberty requests and responses that are received will be verified for signature validity.

false

Liberty requests and responses that are sent and received will not be verified for signature.

optional

Liberty requests and responses will be signed or verified only if required by the Federation profiles.
com.sun.identity.password.deploymentDescriptor

Value is set during installation. Example: /ampassword
com.sun.identity.policy.Policy.policy_evaluation_weights

Default value is 10:10:10. Indicates the proportional processing cost to evaluate a policy subject, rule, and condition. The values specified influence the order in which the subject, rule, and condition of a policy are evaluated. The value is expressed using three integers which represent a subject, a rule, and a condition. The values are delimited by a colon (:) to indicate the proportional processing cost to evaluate a policy subject, rule, and condition.
com.sun.identity.session.application.maxCacheTime

Default value is 3. Specifies the maximum number of minutes for caching time for Application Sessions. By default, the cache does not expire unless this property is enabled.
com.sun.identity.sm.ldap.enableProxy

Default value is false. Specifies the Proxy Server to use for a connection. Set to true if LDAPProxy is supported by the backend storage. If true, use the Proxy Server for connection If false, no proxy is used for connection.
com.sun.identity.webcontainer

Value is set during installation. Example: WEB_CONTAINER

Specifies the name of the of the web container. Although the servlet or JSPs are not web container dependent, Access Manager uses the servlet 2.3 API request.setCharacterEncoding() to correctly decode incoming non English characters. These APIs will not work if Access Manager is deployed on Sun Java System Web Server 6.1. Access Manager uses the gx_charset mechanism to correctly decode incoming data in Sun Java System Web Server versions 6.1 and S1AS7.0. Possible values BEA6.1, BEA 8.1, IBM5.1 or IAS7.0. If the web container is Sun Java System Web Server, the tag is not replaced.

JSS Proxy

These properties identify the value for SSL ApprovalCallback. If the checkSubjectAltName or resolveIPAddress feature is enabled, you must create cert7.db and key3.db with the prefix value ofcom.iplanet.am.admin.cli.certdb.prefix in the com.iplanet.am.admin.cli.certdb.dirdirectory. Then restart Access Manager .

com.iplanet.am.jssproxy.checkSubjectAltName

Default value is false. When enabled, a server certificate includes the Subject Alternative Name (SubjectAltName) extension, and Access Manager checks all name entries in the extension. If one of the names in the SubjectAltName extension is the same as the server FQDN, Access Manager continues the SSL handshaking. To enable this property, set it to a comma separated list of trusted FQDNs. For example: com.iplanet.am.jssproxy.checkSubjectAltName= amserv1.example.com,amserv2.example.com
com.iplanet.am.jssproxy.resolveIPAddress

Default value is false.
com.iplanet.am.jssproxy.trustAllServerCerts

Default value is false. If enabled (true), Access Manager ignores all certificate-related issues such as a name conflict and continues the SSL handshaking. To prevent a possible security risk, enable this property only for testing purposes, or when the enterprise network is tightly controlled. Avoid enabling this property if a security risk might occur (for example, if a server connects to a server in a different network).
com.iplanet.am.jssproxy.SSLTrustHostListIf set, Access Manager checks the Platform Server list against the server host that is being accessed. If the server FQDNs of the two servers in the Platform Server list match, Access Manager continues the SSL handshaking. Use the following syntax to set the property:

com.iplanet.am.jssproxy.SSLTrustHostList = fqdn_am_server1 ,fqdn_am_server2, fqdn_am_server3
com.sun.identity.jss.donotInstallAtHighestPriority

Default value is false. Determines if JSS will be added with highest priority to JCE. Set to true if other JCE providers should be used for digital signatures and encryptions.

LDAP Connection

com.iplanet.am.ldap.connection.delay.between.retries

Default is 1000. Specifies the number milliseconds between retries.
com.iplanet.am.ldap.connection.ldap.error.codes.retries

Default values are 80,81,91. Specifies the LDAPException error codes for which retries to re-establish the LDAP connection will trigger.
com.iplanet.am.ldap.connection.num.retries

Default value is 3. Specifies the number of attempts made to successfully re-establish the LDAP connection.

Liberty Alliance Interactions

com.sun.identity.liberty.interaction.htmlStyleSheetLocation

Value is set during installation. Example: /opt/SUNWam/lib/is-html.xsl

Specifies path to style sheet that renders the interaction page in HTML.
com.sun.identity.liberty.interaction.wmlStyleSheetLocation

Value is set during installation. Example: /opt/SUNWam/lib/is-wml.xsl

Specifies path to style sheet that renders the interaction page in WML.
com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice

Default value isinteractIfNeeded. Indicates whether a web service consumer participates in an interaction. Allowed values are:

interactIfNeeded

Interacts only if required. Also used if an invalid value is specified.

doNotInteract

No interaction.

doNotInteractForData

No interaction for data.
com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime

Default value is 80. Web service consumer's preference on the acceptable duration for interaction. The value is expressed in seconds. The default value is used if the value is not specified or if a non-integer value is specified.
com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck

The default value is yes. Indicates whether a web service consumer enforces the requirement that a request redirected to a URL uses HTTPS. Valid values are yes and no. The case is ignored. The Liberty specification requires the value to be yes. If no value is specified, the default value is used.
com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader

Default value is yes. If not value is specified, the default value is used. Indicates whether a web service consumer includes userInteractionHeader. Allowable values are yes and no. The case is ignored.
com.sun.identity.liberty.interaction.wscWillRedirect

Default value is yes. Indicates whether the web service consumer redirects user for interaction. Valid values are yes and no. If not value is specified, the default value is used.
com.sun.identity.liberty.interaction.wspRedirectHandler

Value is set during installation. Example: http://hostName.domainName.com:portNumber/amserver/WSPRedirectHandler

Specifies the URL WSPRedirectHandlerServlet uses to handle Liberty WSF WSP-resource owner interactions based on user agent redirects. This should be running in the same JVM where the Liberty service provider is running.
com.sun.identity.liberty.interaction.wspRedirectTime

Default is 30. Web service provider's expected duration for interaction. Expressed in seconds. If the value is not specified, or if the value is a non-integer, the default value is used.
com.sun.identity.liberty.interaction.wspWillEnforceHttpsCheck

Default value is yes. If no value is specified, the default value is used. Indicates whether the web service consumer enforces the requirement that returnToURLuse HTTPS. Valid values are yes and no. (case ignored) the Liberty specification requires the value to be yes.
com.sun.identity.liberty.interaction.

wspWillEnforceReturnToHostEqualsRequestHost

The Liberty specification requires the value to be yes. Indicates whether the web service consumer enforces that returnToHost and requestHost are the same. Valid values areyes and no.
com.sun.identity.liberty.interaction.wspWillRedirect

Default is yes. If no value is specified, the default value is used. Indicates whether a web service provider redirects the user for interaction. Valid values are yes and no. Case is ignored.
com.sun.identity.liberty.interaction.wspWillRedirectForData

Default value is yes. If no value is specified, the default value is used. Indicates whether the web service provider redirects the user for interaction for data. Valid values are yes and no. Case is ignored.
com.sun.identity.liberty.ws.interaction.enable

Default value is false.
com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList

Default value is
=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08 |pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/ liberty/pp|is=urn:liberty:is:2003-08
. Specifies the namespace prefix mapping used when marshalling a JAXB content tree to a DOM tree. The syntax is prefix=namespace|prefix=namespace|...
com.sun.identity.liberty.ws.jaxb.packageList

Specifies JAXB package list used when constructing JAXBContext. Each package must be separated by a colon (:).
com.sun.identity.liberty.ws.security.TokenProviderImpl

Default value is com.sun.identity.liberty.ws.security.AMSecurityTokenProviderDescription.
com.sun.identity.liberty.ws.soap.certalias

Value is set during installation. Client certificate alias that will be used in SSL connection for Liberty SOAP Binding.
com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval

Default value is 60000. Specifies the number of milliseconds to elapse before cache cleanup events begin. Each message is stored in a cache with its ownmessageID to avoid duplicate messages. When a message's current time less the received time exceeds thestaleTimeLimit value, the message is removed from the cache.
com.sun.identity.liberty.ws.soap.staleTimeLimit

Default value is 300000. Determines if a message is stale and thus no longer trustworthy. If the message timestamp is earlier than the current timestamp by the specified number of milliseconds, the message the considered to be stale.
com.sun.identity.liberty.ws.soap.supportedActors

Default value is http://schemas.xmlsoap.org/soap/actor/next. Specifies supported SOAP actors. Each actor must be separated by a pipe character (|).
com.sun.identity.liberty.ws.ta.certalias

Value is set during installation. Specifies certificate alias for the trusted authority that will be used to sign SAML or SAML. BEARER token of response message.
com.sun.identity.liberty.ws.wsc.certalias

Value is set during installation. Specifies default certificate alias for issuing web service security token for this web service client.
com.sun.identity.liberty.ws.ta.certalias

Value is set during installation. Specifies certificate alias for trusted authority that will be used to sign SAML or SAML. BEARER token of response message.
com.sun.identity.liberty.ws.trustedca.certaliases

Value is set during installation.

Specifies certificate aliases for trusted CA. SAML or SAML BEARER token of incoming request. Message must be signed by a trusted CA in this list. The syntax is cert alias 1[:issuer 1]|cert alias 2[:issuer 2]|..... Example: myalias1:myissuer1|myalias2|myalias3:myissuer3. The value issuer is used when the token doesn't have a KeyInfo inside the signature. The issuer of the token must be in this list, and the corresponding certificate alias will be used to verify the signature. If KeyInfo exists, the keystore must contain a certificate alias that matches the KeyInfo and the certificate alias must be in this list.
com.sun.identity.liberty.ws.security.TokenProviderImpl

Value is set during installation. Specifies implementation for security token provider.
com.sun.identity.saml.removeassertion

Default value is true. A flag to indicate if de-referenced assertions should be removed from the cache. Applies to assertions that were created associated with artifacts, and have been de-referenced.

Logging Service

com.iplanet.am.logstatus

Specifies whether logging is turned on (ACTIVE) or off (INACTIVE). Value is set to ACTIVE during installation.

Logging Properties You Can Add to AMConfig.properties

You can configure the degree of detail to be contained in a specific log file by adding attributes to the AMConfig.properties file. Use the following format:

iplanet-am-logging.logfileName.level=java.util.logging.Level where logfileName is the name of a log file for an Access Manager service (see table 1), andjava.util.logging.Level is an allowable attribute value . Access Manager services log at the INFO level. SAML and Identity Federation services also log at more detailed levels (FINE, FINER, FINEST). Example:

iplanet-am-logging.amSSO.access.level=FINER

Logging to a particular log file can also be turned off. Example:

iplanet-am-logging.amConsole.access.evel=OFF

Table A–1 Access Manager Log Files


Log File Name	Records Logged
`amAdmin.access`	Successful amadmin command-line events
`amAdmin.error`	amadmin command-line error events
`amAuthLog.access`	Access Manager Policy Agent related events. See the Note following this table.
`amAuthentication.access`	Successful authentication events
`amAuthentication.error`	Authentication failures
`amConsole.access`	Console events
`amConsole.error`	Console error events.
`amFederation.access`	Successful Federation events.
`amFederation.error`	Federation error events.
`amPolicy.access`	Storage of policy allow events
`amPolicy.error`	Storage of policy deny events
`amSAML.access`	Successful SAML events
`amSAML.error`	SAME error events
`amLiberty.access`	Successful Liberty events
`amLiberty.error`	Liberty error events
`amSSO.access`	Single sign-on creation and destruction
`amSSO.error`	Single sign-on error events

Note –

The amAuthLog filename is determined by the Policy Agent properties in AMAgent.properties. For Web Policy Agents, the property is com.sun.am.policy.agents.config.remote.log. For J2EE Policy Agents, the property is com.sun.identity.agents.config.remote.logfile. The default is amAuthLog.host.domain.port, where host.domain is the fully-qualified host name of the host running the Policy Agent web server, and where port is the port number of that web server. If you have multiple Policy Agents deployed, you can have multiple instances of this file. The property com.sun.identity.agents.config.audit.accesstype (for both Web and J2EE Agents) determines what data is logged remotely. The logged data can include policy allows, policy denies, both allows and denies, or neither allows nor denies.

Naming Service

com.iplanet.am.naming.failover.url

This property is no longer being used in Access Manager 7.0.
com.iplanet.am.naming.url

Value is set during installation. Example: http://hostName.domainName.com:portNumber/amserver/namingservice

Specifies the naming service URL to use.

Notification Service

Use the following keys to configure the notification thread pool.

com.iplanet.am.notification.threadpool.size

Default value is 10. Defines the size of the pool by specifying the total number of threads.
com.iplanet.am.notification.threadpool.threshold

Default value is 100. Specifies the maximum task queue length.

When a notification task comes in, it is sent to the task queue for processing. If the queue reaches the maximum length, further incoming requests will be rejected along with a ThreadPoolException, until the queue has a vacancy.
com.iplanet.am.notification.url

Value is set during installation. Example: http://hostName.domainName.com:portNumber/amserver/notificationservice

Policy Agents

com.iplanet.am.policy.agents.url.deploymentDescriptor

Value is set during installation. Example: AGENT_DEPLOY_URI
com.sun.identity.agents.app.username

Default value is UrlAccessAgent. Specifies the username to use for the Application authentication module.
com.sun.identity.agents.cache.size

Default value is 1000. Specifies the size of the resource result cache. The cache is created on the server where the policy agent is installed.
com.sun.identity.agents.header.attributes

Default values are cn,ou,o,mail,employeenumber,c. Specifies the policy attributes to be returned by the policy evaluator. Uses the form a[,...]. In this example, a is the attribute in the data store to be fetched.
com.sun.identity.agents.logging.level

Default value is NONE. Controls the granularity of the Policy Client API logging level. The default value is NONE. Possible values are:

ALLOW

Logs access allowed requests.

DENY

Logs access denied requests.

BOTH

Logs both access allowed and access denied requests.

NONE

Logs no requests.
com.sun.identity.agents.notification.enabled

Default value is false. Enables or disables notifications for the Policy Client API.
com.sun.identity.agents.notification.url

Used by the policy client SDK to register policy change notifications. A mis-configuration of this property will result in policy notifications being disabled.
com.sun.identity.agents.polling.interval

Default value is 3. Specifies the polling interval which is the number of minutes after which an entry is dropped from the Client APIs cache.
com.sun.identity.agents.resource.caseSensitive

Default value is false. Description

Indicates whether case sensitive is turned on or off during policy evaluation.
com.sun.identity.agents.true.value

Indicates the true value of a policy action. This value can be ignored if the application does not need to access the PolicyEvaluator.isAllowed method. This value signifies how a policy decision from Access Manager should be interpreted. Default value is allow.
com.sun.identity.agents.resource.comparator.class

Default value is com.sun.identity.policy.plugins.URLResourceName

Specifies the resource comparison class name. Available implementation classes are: com.sun.identity.policy.plugins.PrefixResourceName and com.sun.identity.policy.plugins.URLResourceName.
com.sun.identity.agents.resource.delimiter

Default value is a backslash (/). Specifies the delimiter for the resource name.
com.sun.identity.agents.resource.wildcard

Default value is *. Specifies the wildcard for the resource name.
com.sun.identity.agents.server.log.file.name

Default value is amRemotePolicyLog. Specifies the name of the log file to use for logging messages to Access Manager. Only the name of the file is needed. The directory of the file is determined other Access Manager configuration settings.
com.sun.identity.agents.use.wildcard

Default value is true. Indicates whether to use a wildcard for resource name comparison.

Policy Client API

com.sun.identity.policy.client.booleanActionValues

iPlanetAMWebAgentService|POST|allow|deny

Default value is iPlanetAMWebAgentService|GET|allow|deny:.

Specifies Boolean action values for policy action names. Uses the form serviceName|actionName|trueValue|falseValue. Values for action names are delimited by a colon (:).
com.sun.identity.policy.client.cacheMode

Default value is self. Specifies cache mode for the client policy evaluator. Valid values are subtree and self. If set to subtree, the policy evaluator obtains policy decisions from the server for all the resources from the root of resource actually requested. If set to self, the policy evaluator gets the policy decision from the server only for the resource actually requested.
com.sun.identity.policy.client.clockSkew

Adjusts for time difference between the policy client machine and the policy server. If this property does not exist, and if the policy agent time differs from the policy server time, you occasionally see and incorrect policy decision. You must run a time-syncing service to keep the time on the policy server and on the policy client as close as possible. Use this property to adjust for the small time difference regardless of running time syncing service. Clock skew in seconds = agentTime - serverTime . Comment the property out on the policy server. Uncomment the line and set the appropriate value on the policy client machine or the machine running the policy agent agent-server clock skew (in seconds).
com.sun.identity.policy.client.resourceComparators=

serviceType=iPlanetAMWebAgentService|class=

Specifies ResourceComparators to be used for different service names. Copy the value from the Access Manager console. Go to Service Configuration > PolicyConfiguration > Global:ResourceComparator. Concatenate multiple values from Access Manager using a colon (: ) as the delimiter.
com.sun.identity.policy.plugins.URLResourceName|wildcard

Default value is *|delimiter=/|caseSensitive=trueDescription

Profile Service

com.iplanet.am.profile.host

This property is no longer used in Access Manager 7. It is provided only for backward compatibility. Value is set during installation. Example: hostName.domainName.com
com.iplanet.am.profile.port

This property is no longer used in Access Manager 7. It is provided only for backward compatibility. Value is set during installation. Example: 80

Replication

Use the following keys to configure replication setup.

com.iplanet.am.replica.delay.between.retries

Default value is 1000. Specifies the number of milliseconds between retries.
com.iplanet.am.replica.num.retries

Default value is 0. Specifies the number of times to retry.

SAML Service

com.sun.identity.saml.assertion.version

Default value is 1.1. Specifies default SAML version used. Possible values are 1.0 or 1.1.
com.sun.identity.saml.checkcert

Default value is on. Flag for checking the certificate embedded in the KeyInfo against the certificates in the keystore. Certificates in the keystore are specified by the com.sun.identity.saml.xmlsig.keystore property. Possible values are: on|off. If the flag is "on", * the certification must be presented in the keystore for * XML signature validation. If the flag is "off", skip * the presence checking. */

on

Certification must be presented in the keystore for XML signature validation

off

Skips the presence checking.
com.sun.identity.saml.protocol.version

Default value is 1.1. Specifies default SAML version used. Possible values are 1.0 or 1.1.
com.sun.identity.saml.removeassertion
com.sun.identity.saml.request.maxContentLength

Default value is 16384. Specifies the maximum content-length for an HTTP Request that will be used in SAML.
com.sun.identity.saml.xmlsig.certalias

Default value is test. Description
com.sun.identity.saml.xmlsig.keypass

Value is set during installation. Example: /etc/opt/SUNWam/config/.keypass

Specifies the path to the SAML XML key password file.
com.sun.identity.saml.xmlsig.keystore

Value is set during installation. Example: /etc/opt/SUNWam/config/keystore.jks

Specifies the path to the SAML XML keystore password file.
com.sun.identity.saml.xmlsig.storepass

Value is set during installation. Example: /etc/opt/SUNWam/config/.storepass

Specifies the path to the SAML XML key storepass file.

Security

com.iplanet.security.encryptor

Default value is com.iplanet.services.util.JSSEncryption. Specifies the encrypting class implementation. Available classes are: com.iplanet.services.util.JCEEncryption and com.iplanet.services.util.JSSEncryption.
com.iplanet.security.SecureRandomFactoryImpl

Default value is com.iplanet.am.util.JSSSecureRandomFactoryImpl. Specifies the factory class name for SecureRandomFactory. Available implementation classes are: com.iplanet.am.util.JSSSecureRandomFactoryImpl which uses JSS, and com.iplanet.am.util.SecureRandomFactoryImpl which uses pure Java.
com.iplanet.security.SSLSocketFactoryImpl

Default value is com.iplanet.services.ldap.JSSSocketFactory. Specifies the factory class name for LDAPSocketFactory. Available classes are: com.iplanet.services.ldap.JSSSocketFactory which uses JSS, and netscape.ldap.factory.JSSESocketFactory which uses pure Java.
com.sun.identity.security.checkcaller

Default value is false. Enables or disables Java security manager permissions check for Access Manager. Disabled by default. If enabled, then you should make appropriate changes to the Java policy file of the container in which Access Manager is deployed. This way, Access Manager JAR files can be trusted for performing sensitive operations. For more information, see the Java API Reference (Javadoc) entry for com.sun.identity.security.
am.encryption.pwd

Value is set during installation. Example: dSB9LkwPCSoXfIKHVMhIt3bKgibtsggd

Specifies the key used to encrypt and decrypt passwords.

Session Service

com.iplanet.am.clientIPCheckEnabled

Default value is false. Specifies whether or not the IP address of the client is checked in all SSOToken creations or validations.
com.iplanet.am.session.client.polling.enable

This is a READ-ONLY property. Do not modify the property value.

Default value is false. Enables client-side session polling. Please note that the session polling mode and the session notification mode are mutually exclusive. If the polling mode is enabled, the session notification is automatically turned off, and vice versa.
com.iplanet.am.session.client.polling.period

Default value is 180. Specifies number of seconds in a polling period.
com.iplanet.am.session.httpSession.enabled

Default value is true. Enables or disables USING httpSession.
com.iplanet.am.session.invalidsessionmaxtime

Default value is 10. Specifies the number of minutes after which the invalid session will be removed from the session table if it is created and the user does not login. This value should always be greater than the timeout value in the Authentication module properties file.
com.iplanet.am.session.maxSessions

Default value is 5000. Specify the maximum number of allowable concurrent sessions.

Login sends a Maximum Sessions error if the maximum concurrent sessions value exceeds this number.
com.iplanet.am.session.purgedelay

Default value is 60. Specifies the number of minutes to delay the purge session operation.

After a session times out, this is an extended time period during which the session continues to reside in the session server. This property is used by the client application to check if the session has timed out through SSO APIs. At the end of this extended time period, the session is destroyed. The session is not sustained during the extended time period if the user logs out or if the session is explicitly destroyed by an Access Manager component. The session is in the INVALID state during this extended period.
com.sun.am.session.caseInsensitiveDN

Default value is true. Compares the Agent DN. If the value is false, the comparison is case-sensitive.
com.sun.am.session.enableHostLookUp

Default value is false. Enables or disables host lookup during session logging.

SMTP

com.iplanet.am.smtphost

Default value is localhost. Specifies the mail server host.
com.iplanet.am.smtpport

Default value is 25. Specifies the mail server port.

Statistics Service

com.iplanet.am.stats.interval

Default value is 60. Specifies number of minutes to elapse between statistics logging. Minimum is 5 seconds to avoid CPU saturation. Access Manager assumes any value less than 5 seconds to be 5 seconds.
com.iplanet.services.stats.directory

Value is set during installation. Example: /var/opt/SUNWam/stats Specifies directory where debug files are created.
com.iplanet.services.stats.state

Default value is file. Specifies location of statistics log. Possible values are:

off

No statistics are logged.

file

Statistics are written to a file under the specified directory.

console

Statistics are written into Web Server log files.

Appendix B serverconfig.xml File

The file serverconfig.xml provides configuration information for Sun Java™ System Access Manager regarding the Directory Server that is used as its data store. This chapter explains the elements of the file and how to configure it for failover, how can you have multiple instances, how can you un-deploy the console and remove console files from a server. It contains the following sections:

Overview

serverconfig.xml is located in / AccessManager-base /SUNWam/config/ums. It contains the parameters used by the Identity SDK to establish the LDAP connection pool to Directory Server. No other function of the product uses this file. Two users are defined in this file: user1 is a Directory Server proxy user and user2 is the Directory Server administrator.

Proxy User

The Proxy User can take on any user’s privileges (for example, the organization administrator or an end user). The connection pool is created with connections bound to the proxy user. Access Manager creates a proxy user with the DN of cn=puser,ou=DSAME Users,dc=example,dc=com. This user is used for all queries made to Directory Server. It benefits from a proxy user ACI already configured in the Directory Server and, therefore, can perform actions on behalf of a user when necessary. It maintains an open connection through which all queries are passed (retrieval of service configurations, organization information, etc.). The proxy user password is always encrypted. Proxy User illustrates where the encrypted password is located in serverconfig.xml .

Example B–1 Proxy User In serverconfig.xml

<User name="User1" type="proxy">
<DirDN>
cn=puser,ou=DSAME Users,dc=example,dc=com
</DirDN>
<DirPassword>
AQICkc3qIrCeZrpexyeoL4cdeXih4vv9aCZZ
</DirPassword>
</User>

Admin User

dsameuser is used for binding purposes when the Access Manager SDK performs operations on Directory Server that are not linked to a particular user (for example, retrieving service configuration information). Proxy User performs these operations on behalf of dsameuser, but a bind must first validate the dsameuser credentials. During installation, Access Manager creates cn=dsameuser,ou=DSAME Users,dc=example,dc=com . Proxy User illustrates where the encrypted dsameuser password is found in serverconfig.xml .

Example B–2 Admin User In serverconfig.xml

 <User name="User2" type="admin">
 <DirDN>
 cn=dsameuser,ou=DSAME Users,dc=example,dc=com
 </DirDN>
 <DirPassword>
 AQICkc3qIrCeZrpexyeoL4cdeXih4vv9aCZZ
 </DirPassword>
 </User>

server-config Definition Type Document

server-config.dtd defines the structure for serverconfig.xml . It is located in AccessManager-base /SUNWam/dtd. This section defines the main elements of the DTD. MiscConfig Element is an example of the serverconfig.xml file.

iPlanetDataAccessLayer Element

iPlanetDataAccessLayer is the root element. It allows for the definition of multiple server groups per XML file. Its immediate sub-element is the ServerGroup Element. It contains no attributes.

ServerGroup Element

ServerGroup defines a pointer to one or more directory servers. They can be master servers or replica servers. The sub-elements that qualify the ServerGroup include Server Element, User Element, BaseDN Element and MiscConfig Element. The XML attributes of ServerGroup are the name of the server group, and minConnPool and maxConnPool which define the minimum (1) and maximum (10) connections that can be opened for the LDAP connection pool. More than one defined ServerGroup element is not supported.

Note –

Access Manager uses a connection pool to access Directory Server. All connections are opened when Access Manager starts and are not closed. They are reused.

Server Element

Server defines a specific Directory Server instance. It contains no sub-elements. The required XML attributes of Server are a user-friendly name for the server, the host name, the port number on which the Directory Server runs, and the type of LDAP connection that must be opened (either simple or SSL).

Note –

For an example of automatic failover using the Server element, see Failover Or Multimaster Configuration.

User Element

User contains sub-elements that define the user configured for the Directory Server instance. The sub-elements that qualify User include DirDN and DirPassword. It’s required XML attributes are the name of the user, and the type of user. The values for type identify the user’s privileges and the type of connection that will be opened to the Directory Serverinstance. Options include:

auth—defines a user authenticated to Directory Server.
proxy—defines a Directory Server proxy user. See Proxy User for more information.
rebind—defines a user with credentials that can be used to rebind.
admin—defines a user with Directory Server administrative privileges. See Admin User for more information.

DirDN Element

DirDN contains the LDAP Distinguished Name of the defined user.

DirPassword Element

DirPassword contains the defined user’s encrypted password.

Caution –

It is important that passwords and encryption keys are kept consistent throughout the deployment. For example, the passwords defined in this element are also stored in Directory Server. If the password is to be changed in one place, it must be updated in both places. Additionally, this password is encrypted. If the encryption key defined in the am.encryption.pwd property is changed, all passwords in serverconfig.xml must be re-encrypted using ampassword --encrypt password. .

BaseDN Element

BaseDN defines the base Distinguished Name for the server group. It contains no sub-elements and no XML attributes.

MiscConfig Element

MiscConfig is a placeholder for defining any LDAP JDK features like cache size. It contains no sub-elements. It’s required XML attributes are the name of the feature and its defined value.

Example B–3 serverconfig.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!--
 Copyright (c) 2002 Sun Microsystems, Inc. All rights reserved.

 Use is subject to license terms.

-->
<iPlanetDataAccessLayer>
        <ServerGroup name="default" minConnPool="1" maxConnPool="10">
                <Server name="Server1" host="
               ishost.domain_name" port="389"
type="SIMPLE" />
                <User name="User1" type="proxy">
                        <DirDN>
                                cn=puser,ou=DSAME Users,dc=example,dc=com
                        </DirDN>
                        <DirPassword>
                                AQICkc3qIrCeZrpexyeoL4cdeXih4vv9aCZZ
                        </DirPassword>
                </User>
                <User name="User2" type="admin">
                        <DirDN>
                                cn=dsameuser,ou=DSAME Users,dc=example,dc=com
                        </DirDN>
                        <DirPassword>
                                AQICkc3qIrCeZrpexyeoL4cdeXih4vv9aCZZ
                        </DirPassword>
                </User>
                <BaseDN>
                        dc=example,dc=com
                </BaseDN>
        </ServerGroup>
</iPlanetDataAccessLayer>

Failover Or Multimaster Configuration

Access Manager allows automatic failover to any Directory Server defined as a ServerGroup Element Server Element in serverconfig.xml. More than one server can be configured for failover purposes or multimasters. If the first configured server goes down, the second configured server will takeover. Failover Or Multimaster Configuration illustrates serverconfig.xml with automatic failover configuration.

Example B–4 Configured Failover in serverconfig.xml

<?xml version="1.0" encoding="ISO-8859-1" standalone="yes"?>
<!--
PROPRIETARY/CONFIDENTIAL. Use of this product is subject to license terms.
Copyright 2002 Sun Microsystems, Inc. All rights reserved.
-->
<iPlanetDataAccessLayer>
     <ServerGroup name="default" minConnPool="1" maxConnPool="10">
          <Server name="Server1" host="
            amhost1.domain_name" port="389" type="SIMPLE" />
          <Server name="Server2" host="
            amhost2.domain_name" port="389" type="SIMPLE" />
          <Server name="Server3" host="
            amhost3.domain_name" port="390" type="SIMPLE" />
          <User name="User1" type="proxy">
               <DirDN>
                    cn=puser,ou=DSAME Users,dc=example,dc=com
               </DirDN>
               <DirPassword>
                    AQIC5wM2LY4Sfcy+AQBQxghVwhBE92i78cqf
               </DirPassword>
          </User>
          <User name="User2" type="admin">
               <DirDN>
                    cn=dsameuser,ou=DSAME Users,dc=example,dc=com
               </DirDN>
               <DirPassword>
                    AQIC5wM2LY4Sfcy+AQBQxghVwhBE92i78cqf
               </DirPassword>
          </User>
          <BaseDN>
               o=isp
          </BaseDN>
     </ServerGroup>
</iPlanetDataAccessLayer>

Appendix C Log File Reference

This appendix lists the possible log files for each area of Access Manager functionality. The tables in this appendix document the following log file items:

Id — The log identification number.
Log Level — The Log Level attribute for the message.
Description — A description of the logging message.
Data — The data type to which the message pertains.
Triggers — Reason for the log file message.
Actions — Actions for you to take to gain more information.

Definitions and locations and of the log files are described in the Sun Java System Access Manager 7 2005Q4 Technical Overview.

Table C–1 Log Reference for amAdmin Command line utility


Id	Log Level	Description	Data	Triggers	Actions
1	INFO	Unsuccessful login for user.	user id	Unsuccessful login for user.
2 TEST	INFO	ADMINEXCEPTION Received	element nameerror message	Received ADMINEXCEPTION while processing Admin request(s).	Look in amAdmin debug file for more information.
3	INFO	Session destroyed	name of user	Session destroyed.
11	INFO	Service Schema Loaded	schema name	Successfully loaded service schema.
12	INFO	Service deleted	service name	Successfully deleted service.
13	INFO	Attributes Added	attribute name	Attributes successfully added.
21	INFO	There are no policies for this service	service name	Delete Policy Rule Flag specified, but service has no policies.
22	INFO	Policy Schema for Service not found	service name	Delete Policy Rule Flag specified, but could not find the policy schema for the service
23	INFO	Deleting Policies For Service	service name	Deleting Service with Delete Policy Rule Flag specified.
24	INFO	Done Deleting Policies For Service	service name	Deleting Service with Delete Policy Rule Flag specified.
25	INFO	Created Policy in Organization	policy nameorganization DN	Created Policy in Organization DN.
26	INFO	Deleted Policy from Organization	policy nameorganization DN	Deleted Policy from Organization DN.
31	INFO	Add Resource Bundle of Locale to Directory Server	resource bundle nameresource locale	Resource Bundle of Locale successfully stored in Directory Server.
32	INFO	Add Default Resource Bundle to Directory Server	resource bundle name	Default Resource Bundle successfully stored in Directory Server.
33	INFO	Deleted Resource Bundle of Locale from Directory Server	resource bundle nameresource locale	Successfully deleted Resource Bundle of Locale from Directory Server.
34	INFO	Deleted Default Resource Bundle of Locale from Directory Server	resource bundle name	Successfully deleted default Resource Bundle from Directory Server.
41	INFO	Modified Service Schema of service	name of service	Successfully modified Service Schema of service.
42	INFO	Deleted Service Sub Schema of service	name of sub schemaname of service	Successfully deleted service sub schema of service.
43	INFO	Added Service Sub Schema to service.	name of service	Successfully added service sub schema to service.
44	INFO	Added Sub Configuration to service.	name of sub configurationname of service	Successfully added sub configuration to service.
45	INFO	Modified Sub Configuration of service	name of sub configurationname of service	Successfully modified sub configuration of service.
46	INFO	Deleted Sub Configuration of service	name of sub configurationname of service	Successfully deleted sub configuration of service.
47	INFO	Deleted all Service Configurations of service.	name of service	Successfully deleted all service configurations of service.
91	INFO	Modify Service SubConfiguration in Organization	subconfiguration nameservice nameorganization DN	Successfully Modified Service SubConfiguration in Organization.
92	INFO	Added Service SubConfiguration in Organization	subconfiguration nameservice nameorganization DN	Successfully Added Service Sub Configuration in Organization.
93	INFO	Deleted Service SubConfiguration in Organization	subconfiguration nameservice nameorganization DN	Successfully Deleted Service Sub Configuration in Organization.
94	INFO	Created remote provider in organization	provider nameorganization DN	Successfully created remote provider in organization.
95	INFO	Modified remote provider in organization	provider nameorganization DN	Successfully modified remote provider in organization.
96	INFO	Modified hosted provider in organization	provider nameorganization DN	Successfully modified hosted provider in organization.
97	INFO	Created hosted provider in organization	provider nameorganization DN	Successfully created hosted provider in organization.	Look under identity repository log for more information.
98	INFO	Deleted Remote Provider in organization	provider nameorganization DN	Successfully Deleted Remote Provider in organization.
99	INFO	Created Authentication Domain in organization	name of circle of trustorganization DN	Successfully Created Authentication Domain in 0rganization.
100	INFO	Deleted Authentication Domain in organization.	name of circle of trustorganization DN	Successfully Deleted Authentication Domain in 0rganization.
101	INFO	Modified Authentication Domain in organization.	name of circle of trustorganization DN	Successfully Modified Authentication Domain in organization.
102	INFO	Attempt to modify service template	DN of service template	Attempted to modify service template.
103	INFO	Modified service template	DN of service template	Successfully modified service template.
104	INFO	Attempt to remove service template	DN of service template	Attempted to remove service template.
105	INFO	Removed service template	DN of service template	Successfully removed service template.
106	INFO	Attempt to add service template	DN of service template	Attempted to add service template.
107	INFO	Added service template	DN of service template	Successfully added service template.
108	INFO	Attempt to add nested groups to group	name of group to addDN of containing group	Attempted to add nested groups to group.
109	INFO	Added nested groups to group	name of group to addDN of containing group	Successfully added nested groups to group.
110	INFO	Attempt to add user to group or role	name of usertarget group or role	Attempted to add user to group or role.
111	INFO	Added user to group or role	name of usertarget group or role	Successfully added user to group or role.
112	INFO	Attempt to create entity.	DN of entity	Attempted to Create entity.
113	INFO	Created entity.	localized name of entityDN of entity	Created entity.
114	INFO	Attempt to create role	role DN	Attempted to create role.
115	INFO	Created role	name of role	Created role.
116	INFO	Attempt to create group container	name of group container	Attempted to create group container.
117	INFO	Create group container	name of group container	Created group container.
118	INFO	Attempt to create group.	name of group	Attempted to create group.
119	INFO	Create group.	name of group	Created group.
120	INFO	Attempt to create people container.	DN of people container	Attempted to create people container.
121	INFO	Create people container.	DN of people container	Created people container.
122	INFO	Attempt to create service template in organization or role	name of service templatename of organization or role	Attempted to create service template in organization or role.
123	INFO	Create service template in organization or role	name of service templatename of organization or role	Created service template in organization or role.
124	INFO	Attempt to create container	name of container	Attempted to create container.
125	INFO	Create container	name of container	Created container.
126	INFO	Attempt to create user.	name of user	Attempted to create user.
127	INFO	Create user.	name of user	Created user.
128	INFO	Attempt to delete entity.	DN of entity	Attempted to delete entity.
129	INFO	Delete entity.	localized name of entityDN of entity	Deleted entity.
130	INFO	Attempt to delete people container	DN of people container	Attempted to delete people container.
131	INFO	Delete people container	DN of people container	Deleted people container.
132	INFO	Attempt to delete role	name of role	Attempted to delete role.
133	INFO	Delete role	name of role	Deleted role.
134	INFO	Attempt to delete service template in organization	name of service templatename of organization	Attempted to delete service template in organization.
135	INFO	Delete service template in organization	name of service templatename of organization	Deleted service template in organization.
136	INFO	Attempt to delete container.	name of container	Attempted to delete container.
137	INFO	Delete container.	name of container	Deleted container.
138	INFO	Attempt to modify entity	localized name of entityDN of entity	Attempted to modify entity.
139	INFO	Modify entity	localized name of entityDN of entity	Modified entity.
140	INFO	Attempt to modify people container.	DN of people container	Attempted to modify people container.
141	INFO	Modify people container.	DN of people container	Modified people container.
142	INFO	Attempt to modify container.	name of container	Attempted to modify container.
143	INFO	Modify container.	name of container	Modified container.
144	INFO	Attempt to register service under organization.	name of servicename of organization	Attempted to register service under organization
145	INFO	Register service under organization.	name of servicename of organization	Registered service under organization
146	INFO	Attempt to unregister service under organization.	name of servicename of organization	Attempted to unregister service under organization
147	INFO	Unregister service under organization.	name of servicename of organization	Unregistered service under organization
148	INFO	Attempt to modify group.	name of group	Attempted to modify group
149	INFO	Modify group.	name of group	Modified group
150	INFO	Attempt to remove nested group from group.	name of nested groupname of group	Attempted to remove nested group from group.
151	INFO	Remove nested group from group.	name of nested groupname of group	Removed nested group from group.
152	INFO	Attempt to delete group	name of group	Attempted to delete group.
153	INFO	Delete group	name of group	Deleted group.
154	INFO	Attempt to remove a user from a Role	name of username of role	Attempted to remove a user from a Role.
155	INFO	Remove a user from a Role	name of username of role	Removed a user from a Role.
156	INFO	Attempt to remove a user from a Group	name of username of group	Attempted to remove a user from a Group.
157	INFO	Remove a user from a Group	name of username of group	Removed a user from a Group.
201	INFO	Attempt to add an Identity to an Identity in a Realm	name of identity to addtype of identity to add name of identity to add totype of identity to add to name of realm	Attempted to add an Identity to an Identity in a Realm.
202	INFO	Add an Identity to an Identity in a Realm	name of identity to addtype of identity to add name of identity to add totype of identity to add to name of realm	Added an Identity to an Identity in a Realm.
203	INFO	Attempt to assign service to an identity in a realm.	name of servicename of identitytype of identity name of realm	Attempted to assign service to an identity in a realm.
204	INFO	Assign service to an identity in a realm.	name of servicename of identitytype of identity name of realm	Assigned service to an identity in a realm.
205	INFO	Attempt to create identities of a type in a realm.	type of identityname of realm	Attempted to create identities of a type in a realm.
206	INFO	Create identities of a type in a realm.	type of identityname of realm	Created identities of a type in a realm.
207	INFO	Attempt to create identity of a type in a realm.	name of identitytype of identityname of realm	Attempted to create identity of a type in a realm.
208	INFO	Create identity of a type in a realm.	name of identitytype of identityname of realm	Created identity of a type in a realm.
209	INFO	Attempt to delete identity of a type in a realm	name of identitytype of identityname of realm	Attempted to delete identity of a type in a realm.
210	INFO	Delete identity of a type in a realm	name of identitytype of identityname of realm	Deleted identity of a type in a realm.
211	INFO	Attempt to modify a service for an Identity in a Realm	name of servicetype of identityname of identity name of realm	Attempted to modify a service for an Identity in a Realm.
212	INFO	Modify a service for an Identity in a Realm	name of servicetype of identityname of identity name of realm	Modified a service for an Identity in a Realm.
213	INFO	Attempt to remove an Identity from an Identity in a Realm	name of identity to removetype of identity to remove name of identity to remove fromtype of identity to remove from name of realm	Attempted to remove an Identity from an Identity in a Realm.
214	INFO	Remove an Identity from an Identity in a Realm	name of identity to removetype of identity to remove name of identity to remove fromtype of identity to remove from name of realm	Removed an Identity from an Identity in a Realm.
215	INFO	Attempt to set Service Attributes for an Identity in a Realm	name of servicetype of identityname of identity name of realm	Attempted to set Service Attributes for an Identity in a Realm.
216	INFO	Set Service Attributes for an Identity in a Realm	name of servicetype of identityname of identity name of realm	Set Service Attributes for an Identity in a Realm.
217	INFO	Attempt to unassign a service from an Identity in a Realm	name of servicetype of identityname of identity name of realm	Attempted to unassign a service from an Identity in a Realm.
218	INFO	Unassign a service from an Identity in a Realm	name of servicetype of identityname of identity name of realm	Unassigned a service from an Identity in a Realm.
219	INFO	Attempt to create organization	name of organization	Attempted to create an organization.
220	INFO	Create organization	name of organization	Created an organization.
221	INFO	Attempt to delete sub organization.	name of sub organization	Attempted to delete sub organization.
222	INFO	Delete sub organization.	name of sub organization	Deleted sub organization.
223	INFO	Attempt to modify role	name of role	Attempted to modify role.
224	INFO	Modify role	name of role	Modified role.
225	INFO	Attempt to modify sub organization.	name of sub organization	Attempted to modify sub organization.
226	INFO	Modify sub organization.	name of sub organization	Modified sub organization.
227	INFO	Attempt to delete user.	name of user	Attempted to delete user.
228	INFO	Delete user.	name of user	Deleted user.
229	INFO	Attempt to modify user.	name of user	Attempted to modify user.
230	INFO	Modify user.	name of user	Modified user.
231	INFO	Attempt to add values to a Service Attribute in a Realm.	name of attributename of servicename of realm	Attempted to add values to a Service Attribute in a Realm.
232	INFO	Add values to a Service Attribute in a Realm.	name of attributename of servicename of realm	Added values to a Service Attribute in a Realm.
233	INFO	Attempt to assign a Service to a Realm	name of servicename of realm	Attempted to assign a Service to a Realm.
234	INFO	Assign a Service to a Realm	name of servicename of realm	Assigned a Service to a Realm.
235	INFO	Attempt to create a Realm	name of realm createdname of parent realm	Attempted to create a Realm.
236	INFO	Create a Realm	name of realm createdname of parent realm	Created a Realm.
237	INFO	Delete Realm.	recursive or notname of realm deleted	Deleted Realm.
238	INFO	Delete Realm.	recursive or notname of realm deleted	Deleted Realm.
239	INFO	Attempt to modify a service in a Realm.	name of servicename of realm	Attempted to modify a service in a Realm.
240	INFO	Modify a service in a Realm.	name of servicename of realm	Modified a service in a Realm.
241	INFO	Attempt to remove an attribute from a service in a Realm	name of attributename of servicename of realm	Attempted to remove an attribute from a service in a Realm.
242	INFO	Remove an attribute from a service in a Realm	name of attributename of servicename of realm	Removed an attribute from a service in a Realm.
243	INFO	Attempt to remove values from a service's attribute in a Realm	name of attributename of servicename of realm	Attempted to remove values from a service's attribute in a Realm.
244	INFO	Remove values from a service's attribute in a Realm	name of attributename of servicename of realm	Removed values from a service's attribute in a Realm.
245	INFO	Attempt to set attributes for a service in a Realm.	name of servicename of realm	Attempted to set attributes for a service in a Realm.
246	INFO	Set attributes for a service in a Realm.	name of servicename of realm	Set attributes for a service in a Realm.
247	INFO	Attempt to unassign a service from a Realm.	name of servicename of realm	Attempted to unassign a service from a Realm.
248	INFO	Unassign a service from a Realm.	name of servicename of realm	Unassigned a service from a Realm.
249	INFO	Attempt to assign a Service to an Organization Configuration	name of servicename of realm	Attempted to assign a Service to an Organization Configuration.
250	INFO	Assign a Service to an Organization Configuration	name of servicename of realm	Assigned a Service to an Organization Configuration.
251	INFO	Assign a Service to an Organization Configuration Not Done	name of servicename of realm	Assigned a Service to an Organization Configuration, but the service is not one of the org config's assignable services.
252	INFO	Assign a Service to a Realm Not Done	name of servicename of realm	Assigned a Service to a Realm, but the service is not one of the realm's assignable services.
253	INFO	Attempt to unassign a service from an Organization Configuration.	name of servicename of realm	Attempted to unassign a service from an Organization Configuration.
254	INFO	Unassign a service from an Organization Configuration.	name of servicename of realm	Unassigned a service from an Organization Configuration.
255	INFO	Unassign a service not in the Organization Configuration or Realm.	name of servicename of realm	Requested to unassign a service not in the Organization Configuration or Realm.
256	INFO	Attempt to modify a service in an Organization Configuration.	name of servicename of realm	Attempted to modify a service in an Organization Configuration.
257	INFO	Modify a service in an Organization Configuration.	name of servicename of realm	Modified a service in an Organization Configuration.
258	INFO	Modify a service not in the Organization Configuration or Realm.	name of servicename of realm	Attempted to modify a service not in the Organization Configuration or Realm.

Table C–2 Log Reference for Authentication


Id	Log Level	Description	Data	Triggers	Actions
100	INFO	Authentication is Successful	message	User authenticated with valid credentials
101	INFO	User based authentication is successful	messageauthentication typeuser name	User authenticated with valid credentials
102	INFO	Role based authentication is successful	messageauthentication typerole name	User belonging to role authenticated with valid credentials
103	INFO	Service based authentication is successful	messageauthentication typeservice name	User authenticated with valid credentials to a configured service under realm
104	INFO	Authentication level based authentication is successful	messageauthentication typeauthentication level value	User authenticated with valid credentials to one or more authentication modules having authentication level value greater than or equal to specified authentication level
105	INFO	Module based authentication is successful	messageauthentication typemodule name	User authenticated with valid credentials to authentication module under realm
200	INFO	Authentication Failed	error message	Incorrect/invalid credentials presentedUser locked out/not active	Enter correct/valid credentials to required authentication module
201	INFO	Authentication Failed	error message	Invalid credentials entered.	Enter the correct password.
202	INFO	Authentication Failed	error message	Named Configuration (Auth Chain) does not exist.	Create and configure a named config for this org.
203	INFO	Authentication Failed	error message	No user profile found for this user.	User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly.
204	INFO	Authentication Failed	error message	This user is not active.	Activate the user.
205	INFO	Authentication Failed	error message	Max number of failure attempts exceeded. User is Locked out.	Contact system administrator.
206	INFO	Authentication Failed	error message	User account has expired.	Contact system administrator.
207	INFO	Authentication Failed	error message	Login timed out.	Try to login again.
208	INFO	Authentication Failed	error message	Authentication module is denied.	Configure this module or use some other module.
209	INFO	Authentication Failed	error message	Limit for maximum number of allowed session has been reached.	Logout of a session or increase the limit.
210	INFO	Authentication Failed	error message	Org/Realm does not exists.	Use a valid Org/Realm.
211	INFO	Authentication Failed	error message	Org/Realm is not active.	Activate the Org/Realm.
212	INFO	Authentication Failed	error message	Cannot create a session.	Ensure that session service is configured and maxsession is not reached.
213	INFO	User based authentication failed	error messageauthentication typeuser name	No authentication configuration (chain of one or more authentication modules) configured for userIncorrect/invalid credentials presented User locked out/not active	Configure authentication configuration (chain of one or more authentication modules) for userEnter correct/valid credentials to required authentication module
214	INFO	Authentication Failed	error messageauthentication typeuser name	User based Auth. Invalid credentials entered.	Enter the correct password.
215	INFO	Authentication Failed	error messageauthentication typeuser name	Named Configuration (Auth Chain) does not exist for this user	Create and configure a named config for this user
216	INFO	Authentication Failed	error messageauthentication typeuser name	User based Auth. No user profile found for this user.	User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly.
217	INFO	Authentication Failed	error messageauthentication typeuser name	User based Auth. This user is not active.	Activate the user.
218	INFO	Authentication Failed	error messageauthentication typeuser name	User based Auth. Max number of failure attempts exceeded. User is Locked out.	Contact system administrator.
219	INFO	Authentication Failed	error messageauthentication typeuser name	User based Auth. User account has expired.	Contact system administrator.
220	INFO	Authentication Failed	error messageauthentication typeuser name	User based Auth. Login timed out.	Try to login again.
221	INFO	Authentication Failed	error messageauthentication typeuser name	User based Auth. Authentication module is denied.	Configure this module or use some other module.
222	INFO	Authentication Failed	error messageauthentication typeuser name	User based auth. Limit for maximum number of allowed session has been reached.	Logout of a session or increase the limit.
223	INFO	Authentication Failed	error messageauthentication typeuser name	User based auth. Org/Realm does not exists.	Use a valid Org/Realm.
224	INFO	Authentication Failed	error messageauthentication typeuser name	User based auth. Org/Realm is not active.	Activate the Org/Realm.
225	INFO	Authentication Failed	error messageauthentication typeuser name	User based auth. Cannot create a session.	Ensure that session service is configured and maxsession is not reached.
226	INFO	Role based authentication failed	error messageauthentication typerole name	No authentication configuration (chain of one or more authentication modules) configured for roleIncorrect/invalid credentials presented User does not belong to this roleUser locked out/not active	Configure authentication configuration (chain of one or more authentication modules) for roleEnter correct/valid credentials to required authentication moduleAssign this role to the authenticating user
227	INFO	Authentication Failed	error messageauthentication typerole name	Role based Auth. Invalid credentials entered.	Enter the correct password.
228	INFO	Authentication Failed	error messageauthentication typerole name	Named Configuration (Auth Chain) does not exist for this role.	Create and configure a named config for this role.
229	INFO	Authentication Failed	error messageauthentication typerole name	Role based Auth. No user profile found for this user.	User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly.
230	INFO	Authentication Failed	error messageauthentication typerole name	Role based Auth. This user is not active.	Activate the user.
231	INFO	Authentication Failed	error messageauthentication typerole name	Role based Auth. Max number of failure attempts exceeded. User is Locked out.	Contact system administrator.
232	INFO	Authentication Failed	error messageauthentication typerole name	Role based Auth. User account has expired.	Contact system administrator.
233	INFO	Authentication Failed	error messageauthentication typerole name	Role based Auth. Login timed out.	Try to login again.
234	INFO	Authentication Failed	error messageauthentication typerole name	Role based Auth. Authentication module is denied.	Configure this module or use some other module.
235	INFO	Authentication Failed	error messageauthentication typerole name	Role based auth. Limit for maximum number of allowed session has been reached.	Logout of a session or increase the limit.
236	INFO	Authentication Failed	error messageauthentication typerole name	Role based auth. Org/Realm does not exists.	Use a valid Org/Realm.
237	INFO	Authentication Failed	error messageauthentication typerole name	Role based auth. Org/Realm is not active.	Activate the Org/Realm.
238	INFO	Authentication Failed	error messageauthentication typerole name	Role based auth. Cannot create a session.	Ensure that session service is configured and maxsession is not reached.
239	INFO	Authentication Failed	error messageauthentication typerole name	Role based auth. User does not belong to this role.	Add the user to this role.
240	INFO	Service based authentication failed	error messageauthentication typeservice name	No authentication configuration (chain of one or more authentication modules) configured for serviceIncorrect/invalid credentials presented User locked out/not active	Configure authentication configuration (chain of one or more authentication modules) for serviceEnter correct/valid credentials to required authentication module
241	INFO	Authentication Failed	error messageauthentication typeservice name	Service based Auth. Invalid credentials entered.	Enter the correct password.
242	INFO	Authentication Failed	error messageauthentication typeservice name	Named Configuration (Auth Chain) does not exist with this service name.	Create and configure a named config.
243	INFO	Authentication Failed	error messageauthentication typeservice name	Service based Auth. No user profile found for this user.	User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly.
244	INFO	Authentication Failed	error messageauthentication typeservice name	Service based Auth. This user is not active.	Activate the user.
245	INFO	Authentication Failed	error messageauthentication typeservice name	Service based Auth. Max number of failure attempts exceeded. User is Locked out.	Contact system administrator.
246	INFO	Authentication Failed	error messageauthentication typeservice name	Service based Auth. User account has expired.	Contact system administrator.
247	INFO	Authentication Failed	error messageauthentication typeservice name	Service based Auth. Login timed out.	Try to login again.
248	INFO	Authentication Failed	error messageauthentication typeservice name	Service based Auth. Authentication module is denied.	Configure this module or use some other module.
249	INFO	Authentication Failed	error messageauthentication typeservice name	Service based Auth. Service does not exist.	Please use only valid Service.
250	INFO	Authentication Failed	error messageauthentication typeservice name	Service based auth. Limit for maximum number of allowed session has been reached.	Logout of a session or increase the limit.
251	INFO	Authentication Failed	error messageauthentication typeservice name	Service based auth. Org/Realm does not exists.	Use a valid Org/Realm.
252	INFO	Authentication Failed	error messageauthentication typeservice name	Service based auth. Org/Realm is not active.	Activate the Org/Realm.
253	INFO	Authentication Failed	error messageauthentication typeservice name	Service based auth. Cannot create a session.	Ensure that session service is configured and maxsession is not reached.
254	INFO	Authentication level based authentication failed	error messageauthentication typeauthentication level value	There are no authentication module(s) having authentication level value greater than or equal to specified authentication level Incorrect/invalid credentials presented to one or more authentication modules having authentication level greater than or equal to specified authentication levelUser locked out/not active	Configure one or more authentication modules having authentication level value greater than or equal to required authentication levelEnter correct/valid credentials to one or more authentication modules having authentication level greater than or equal to specified authentication level
255	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based Auth. Invalid credentials entered.	Enter the correct password.
256	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based Auth. No Auth Configuration available.	Create an auth configuration.
257	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based Auth. No user profile found for this user.	User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly.
258	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based Auth. This user is not active.	Activate the user.
259	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based Auth. Max number of failure attempts exceeded. User is Locked out.	Contact system administrator.
260	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based Auth. User account has expired.	Contact system administrator.
261	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based Auth. Login timed out.	Try to login again.
262	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based Auth. Authentication module is denied.	Configure this module or use some other module.
263	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based Auth. Invalid Authg Level.	Please specify valid auth level.
264	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based auth. Limit for maximum number of allowed session has been reached.	Logout of a session or increase the limit.
265	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based auth. Org/Realm does not exists.	Use a valid Org/Realm.
266	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based auth. Org/Realm is not active.	Activate the Org/Realm.
267	INFO	Authentication Failed	error messageauthentication typeauthentication level value	Level based auth. Cannot create a session.	Ensure that session service is configured and maxsession is not reached.
268	INFO	Module based authentication failed	error messageauthentication typemodule name	Module is not registered/configured under realmIncorrect/invalid credentials presentedUser locked out/not active	Register/configure authentication module under realmEnter correct/valid credentials to authentication module
269	INFO	Authentication Failed	error messageauthentication typemodule name	Module based Auth. Invalid credentials entered.	Enter the correct password.
270	INFO	Authentication Failed	error messageauthentication typemodule name	Module based Auth. No user profile found for this user.	User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly.
271	INFO	Authentication Failed	error messageauthentication typemodule name	Module based Auth. This user is not active.	Activate the user.
272	INFO	Authentication Failed	error messageauthentication typemodule name	Module based Auth. Max number of failure attempts exceeded. User is Locked out.	Contact system administrator.
273	INFO	Authentication Failed	error messageauthentication typemodule name	Module based Auth. User account has expired.	Contact system administrator.
274	INFO	Authentication Failed	error messageauthentication typemodule name	Module based Auth. Login timed out.	Try to login again.
275	INFO	Authentication Failed	error messageauthentication typemodule name	Module based Auth. Authentication module is denied.	Configure this module or use some other module.
276	INFO	Authentication Failed	error messageauthentication typemodule name	Module based auth. Limit for maximum number of allowed session has been reached.	Logout of a session or increase the limit.
277	INFO	Authentication Failed	error messageauthentication typemodule name	Module based auth. Org/Realm does not exists.	Use a valid Org/Realm.
278	INFO	Authentication Failed	error messageauthentication typemodule name	Module based auth. Org/Realm is not active.	Activate the Org/Realm.
279	INFO	Authentication Failed	error messageauthentication typemodule name	Module based auth. Cannot create a session.	Ensure that session service is configured and maxsession is not reached.
300	INFO	User logout is Successful	message	User logged out
301	INFO	User logout is successful from user based authentication	messageauthentication typeuser name	User logged out
302	INFO	User logout is successful from role based authentication	messageauthentication typerole name	User belonging to this role logged out
303	INFO	User logout is successful from service based authentication	messageauthentication typeservice name	User logged out of a configured service under realm
304	INFO	User logout is successful from authentication level based authentication	messageauthentication typeauthentication level value	User logged out of one or more authentication modules having authentication level value greater than or equal to specified authentication level
305	INFO	User logout is successful from module based authentication	messageauthentication typemodule name	User logged out of authentication module under realm

Table C–3 Log Reference for the Access Manager Console


Id	Log Level	Description	Data	Triggers	Actions
1	INFO	Attempt to create Identity	identity nameidentity typerealm name	Click on create button in Realm Creation Page.
2	INFO	Creation of Identity succeeded.	identity nameidentity typerealm name	Click on create button in Realm Creation Page.
3	SEVERE	Creation of Identity failed	identity nameidentity typerealm name error message	Unable to create an identity under a realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
4	SEVERE	Creation of Identity failed	identity nameidentity typerealm name error message	Unable to create an identity under a realm due to data store error.	Look under data store log for more information.
11	INFO	Attempt to search for Identities	base realmidentity typesearch pattern search size limitsearch time limit	Click on Search button in identity search view.
12	INFO	Searching for Identities succeeded	base realmidentity typesearch pattern search size limitsearch time limit	Click on Search button in identity search view.
13	SEVERE	Searching for identities failed	identity nameidentity typerealm name error message	Unable to perform search operation on identities under a realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
14	SEVERE	Searching for identities failed	identity nameidentity typerealm name error message	Unable to perform search operation on identities under a realm due to data store error.	Look under data store log for more information.
21	INFO	Attempt to read attribute values of an identity	identity namename of attributes	View identity profile view.
22	INFO	Reading of attribute values of an identity succeeded	identity namename of attributes	View identity profile view.
23	SEVERE	Reading of attribute values of an identity failed	identity namename of attributeserror message	Unable to read attribute values of an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
24	SEVERE	Reading of attribute values of an identity failed	identity namename of attributeserror message	Unable to read attribute values of an identity due to data store error.	Look under data store log for more information.
25	SEVERE	Reading of attribute values of an identity failed	identity namename of attributeserror message	Unable to read attribute values of an identity due to exception service manager API.	Look under service manage log for more information.
31	INFO	Attempt to modify attribute values of an identity	identity namename of attributes	Click on Save button in identity profile view.
32	INFO	Modification of attribute values of an identity succeeded	identity namename of attributes	Click on Save button in identity profile view.
33	SEVERE	Modification of attribute values of an identity failed	identity namename of attributeserror message	Unable to modify attribute values of an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
34	SEVERE	Modification of attribute values of an identity failed	identity namename of attributeserror message	Unable to modify attribute values of an identity due to data store error.	Look under data store log for more information.
41	INFO	Attempt to delete identities	realm namename of identities to be deleted	Click on Delete button in identity search view.
42	INFO	Deletion of identities succeeded	realm namename of identities to be deleted	Click on Delete button in identity search view.
43	SEVERE	Deletion of identities failed	realm namename of identities to be deletederror message	Unable to delete identities. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
44	SEVERE	Deletion of identities failed	realm namename of identities to be deletederror message	Unable to delete identities due to data store error.	Look under data store log for more information.
51	INFO	Attempt to read identity's memberships information	name of identitymembership identity type	View membership page of an identity.
52	INFO	Reading of identity's memberships information succeeded	name of identitymembership identity type	View membership page of an identity.
53	SEVERE	Reading of identity's memberships information failed.	name of identitymembership identity typeerror message	Unable to read identity's memberships information. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
54	SEVERE	Reading of identity's memberships information failed.	name of identitymembership identity typeerror message	Unable to read identity's memberships information due to data store error.	Look under data store log for more information.
61	INFO	Attempt to read identity's members information	name of identitymembers identity type	View members page of an identity.
62	INFO	Reading of identity's members information succeeded	name of identitymembers identity type	View members page of an identity.
63	SEVERE	Reading of identity's members information failed.	name of identitymember identity typeerror message	Unable to read identity's members information. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
64	SEVERE	Reading of identity's members information failed.	name of identitymember identity typeerror message	Unable to read identity's members information due to data store error.	Look under data store log for more information.
71	INFO	Attempt to add member to an identity	name of identityname of identity to be added.	Select members to be added to an identity.
72	INFO	Addition of member to an identity succeeded	name of identityname of identity added.	Select members to be added to an identity.
73	SEVERE	Addition of member to an identity failed.	name of identityname of identity to be added. error message	Unable to add member to an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
74	SEVERE	Addition of member to an identity failed.	name of identityname of identity to be added. error message	Unable to add member to an identity due to data store error.	Look under data store log for more information.
81	INFO	Attempt to remove member from an identity	name of identityname of identity to be removed.	Select members to be removed from an identity.
82	INFO	Removal of member from an identity succeeded	name of identityname of identity removed.	Select members to be removed from an identity.
83	SEVERE	Removal of member to an identity failed.	name of identityname of identity to be removed. error message	Unable to remove member from an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
84	SEVERE	Removal of member from an identity failed.	name of identityname of identity to be removed. error message	Unable to remove member to an identity due to data store error.	Look under data store log for more information.
91	INFO	Attempt to read assigned service names of an identity	name of identity	Click on Add button in service assignment view of an identity.
92	INFO	Reading assigned service names of an identity succeeded	name of identity	Click on Add button in service assignment view of an identity.
93	SEVERE	Reading assigned service names of an identity failed.	name of identityerror message	Unable to read assigned service names of an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
94	SEVERE	Reading assigned service names of an identity failed.	name of identityerror message	Unable to read assigned service names of an identity due to data store error.	Look under data store log for more information.
101	INFO	Attempt to read assignable service names of an identity	name of identity	View the services page of an identity.
102	INFO	Reading assignable service names of an identity succeeded	name of identity	View the services page of an identity.
103	SEVERE	Reading assignable service names of an identity failed.	name of identityerror message	Unable to read assignable service names of an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
104	SEVERE	Reading assignable service names of an identity failed.	name of identityerror message	Unable to read assignable service names of an identity due to data store error.	Look under data store log for more information.
111	INFO	Attempt to assign a service to an identity	name of identityname of service	Click Add button of service view of an identity.
112	INFO	Assignment of service to an identity succeeded	name of identityname of service	Click Add button of service view of an identity.
113	SEVERE	Assignment of service to an identity failed.	name of identityname of serviceerror message	Unable to assign service to an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
114	SEVERE	Assignment of service to an identity failed.	name of identityname of serviceerror message	Unable to assign service to an identity due to data store error.	Look under data store log for more information.
121	INFO	Attempt to unassign a service from an identity	name of identityname of service	Click Remove button in service view of an identity.
122	INFO	Unassignment of service to an identity succeeded	name of identityname of service	Click Remove button in service view of an identity.
123	SEVERE	Unassignment of service from an identity failed.	name of identityname of serviceerror message	Unable to unassign service from an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
124	SEVERE	Unassignment of service from an identity failed.	name of identityname of serviceerror message	Unable to unassign service from an identity due to data store error.	Look under data store log for more information.
131	INFO	Attempt to read service attribute values of an identity	name of identityname of service	View service profile view of an identity.
132	INFO	Reading of service attribute values of an identity succeeded	name of identityname of service	View service profile view of an identity.
133	SEVERE	Reading of service attribute values of an identity failed.	name of identityname of serviceerror message	Unable to read service attribute values of an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation	Look under data store log for more information.
134	SEVERE	Reading of service attribute values of an identity failed.	name of identityname of serviceerror message	Unable to read service attribute values of an identity due to data store error.	Look under data store log for more information.
141	INFO	Attempt to write service attribute values to an identity	name of identityname of service	Click on Save button in service profile view of an identity.
142	INFO	Writing of service attribute values to an identity succeeded	name of identityname of service	Click on Save button in service profile view of an identity.
143	SEVERE	Writing of service attribute values to an identity failed.	name of identityname of serviceerror message	Unable to write service attribute values to an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store log for more information.
144	SEVERE	Writing of service attribute values to an identity failed.	name of identityname of serviceerror message	Unable to write service attribute values to an identity due to data store error.	Look under data store log for more information.
201	INFO	Attempt to read all global service default attribute values	name of service	View global configuration view of a service.
202	INFO	Reading of all global service default attribute values succeeded	name of service	View global configuration view of a service.
203	INFO	Attempt to read global service default attribute values	name of servicename of attribute	View global configuration view of a service.
204	INFO	Reading of global service default attribute values succeeded	name of servicename of attribute	View global configuration view of a service.
205	INFO	Reading of global service default attribute values failed	name of servicename of attribute	View global configuration view of a service.	Look under service management log for more information.
211	INFO	Attempt to write global service default attribute values	name of servicename of attribute	Click on Save button in global configuration view of a service.
212	INFO	Writing of global service default attribute values succeeded	name of servicename of attribute	Click on Save button in global configuration view of a service.
213	SEVERE	Writing of global service default attribute values failed.	name of servicename of attributeerror message	Unable to write global service default attribute values. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
214	SEVERE	Writing of global service default attribute values failed.	name of servicename of attributeerror message	Unable to write service default attribute values due to service management error.	Look under service management log for more information.
221	INFO	Attempt to get sub configuration names	name of servicename of base global sub configuration	View a global service view of which its service has sub schema.
222	INFO	Reading of global sub configuration names succeeded	name of servicename of base global sub configuration	View a global service view of which its service has sub schema.
223	SEVERE	Reading of global sub configuration names failed.	name of servicename of base global sub configuration error message	Unable to get global sub configuration names. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
224	SEVERE	Reading of global sub configuration names failed.	name of servicename of base global sub configuration error message	Unable to get global sub configuration names due to service management error.	Look under service management log for more information.
231	INFO	Attempt to delete sub configuration	name of servicename of base global sub configuration name of sub configuration to be deleted	Click on delete selected button in global service profile view.
232	INFO	Deletion of sub configuration succeeded	name of servicename of base global sub configuration name of sub configuration to be deleted	Click on delete selected button in global service profile view.
233	SEVERE	Deletion of sub configuration failed.	name of servicename of base global sub configuration name of sub configuration to be deletederror message	Unable to delete sub configuration. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
234	SEVERE	Deletion of sub configuration failed.	name of servicename of base global sub configuration name of sub configuration to be deletederror message	Unable to delete sub configuration due to service management error.	Look under service management log for more information.
241	INFO	Attempt to create sub configuration	name of servicename of base global sub configuration name of sub configuration to be createdname of sub schema to be created	Click on add button in create sub configuration view.
242	INFO	Creation of sub configuration succeeded	name of servicename of base global sub configuration name of sub configuration to be createdname of sub schema to be created	Click on add button in create sub configuration view.
243	SEVERE	Creation of sub configuration failed.	name of servicename of base global sub configuration name of sub configuration to be createdname of sub schema to be createderror message	Unable to create sub configuration. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
244	SEVERE	Creation of sub configuration failed.	name of servicename of base global sub configuration name of sub configuration to be createdname of sub schema to be createderror message	Unable to create sub configuration due to service management error.	Look under service management log for more information.
251	INFO	Reading of sub configuration's attribute values succeeded	name of servicename of sub configuration	View sub configuration profile view.
261	INFO	Attempt to write sub configuration's attribute values	name of servicename of sub configuration	Click on save button in sub configuration profile view.
262	INFO	Writing of sub configuration's attribute values succeeded	name of servicename of sub configuration	Click on save button in sub configuration profile view.
263	SEVERE	Writing of sub configuration's attribute value failed.	name of servicename of sub configurationerror message	Unable to write sub configuration's attribute values. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
264	SEVERE	Writing of sub configuration's attribute value failed.	name of servicename of sub configurationerror message	Unable to write sub configuration's attribute value due to service management error.	Look under service management log for more information.
301	INFO	Attempt to get policy names under a realm.	name of realm	View policy main page.
302	INFO	Getting policy names under a realm succeeded	name of realm	View policy main page.
303	SEVERE	Getting policy names under a realm failed.	name of realmerror message	Unable to get policy names under a realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under policy log for more information.
304	SEVERE	Getting policy names under a realm failed.	name of realmerror message	Unable to get policy names under a realm due to policy SDK related errors.	Look under policy log for more information.
311	INFO	Attempt to create policy under a realm.	name of realmname of policy	Click on New button in policy creation page.
312	INFO	Creation of policy succeeded	name of realmname of policy	Click on New button in policy creation page.
313	SEVERE	Creation of policy failed.	name of realmname of policyerror message	Unable to create policy under a realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under policy log for more information.
314	SEVERE	Creation of policy failed.	name of realmname of policyerror message	Unable to create policy under a realm due to policy SDK related errors.	Look under policy log for more information.
321	INFO	Attempt to modify policy.	name of realmname of policy	Click on Save button in policy profile page.
322	INFO	Modification of policy succeeded	name of realmname of policy	Click on Save button in policy profile page.
323	SEVERE	Modification of policy failed.	name of realmname of policyerror message	Unable to modify policy under a realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under policy log for more information.
324	SEVERE	Modification of policy failed.	name of realmname of policyerror message	Unable to modify policy due to policy SDK related errors.	Look under policy log for more information.
331	INFO	Attempt to delete policy.	name of realmnames of policies	Click on Delete button in policy main page.
332	INFO	Deletion of policy succeeded	name of realmname of policies	Click on Delete button in policy main page.
333	SEVERE	Deletion of policy failed.	name of realmname of policieserror message	Unable to delete policy. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under policy log for more information.
334	SEVERE	Deletion of policy failed.	name of realmname of policieserror message	Unable to delete policy due to policy SDK related errors.	Look under policy log for more information.
401	INFO	Attempt to get realm names	name of parent realm	View realm main page.
402	INFO	Getting realm names succeeded.	name of parent realm	View realm main page.
403	SEVERE	Getting realm names failed.	name of parent realmerror message	Unable to get realm names due to service management SDK exception.	Look under service management log for more information.
411	INFO	Attempt to create realm	name of parent realmname of new realm	Click on New button in create realm page.
412	INFO	Creation of realm succeeded.	name of parent realmname of new realm	Click on New button in create realm page.
413	SEVERE	Creation of realm failed.	name of parent realmname of new realmerror message	Unable to create new realm due to service management SDK exception.	Look under service management log for more information.
421	INFO	Attempt to delete realm	name of parent realmname of realm to delete	Click on Delete button in realm main page.
422	INFO	Deletion of realm succeeded.	name of parent realmname of realm to delete	Click on Delete button in realm main page.
423	SEVERE	Deletion of realm failed.	name of parent realmname of realm to deleteerror message	Unable to delete realm due to service management SDK exception.	Look under service management log for more information.
431	INFO	Attempt to get attribute values of realm	name of realm	View realm profile page.
432	INFO	Getting attribute values of realm succeeded.	name of realm	View realm profile page.
433	SEVERE	Getting attribute values of realm failed.	name of realmerror message	Unable to get attribute values of realm due to service management SDK exception.	Look under service management log for more information.
441	INFO	Attempt to modify realm's profile	name of realm	Click on Save button in realm profile page.
442	INFO	Modification of realm's profile succeeded.	name of realm	Click on Save button in realm profile page.
443	SEVERE	Modification of realm's profile failed.	name of realmerror message	Unable to modify realm's profile due to service management SDK exception.	Look under service management log for more information.
501	INFO	Attempt to get delegation subjects under a realm	name of realmsearch pattern	View delegation main page.
502	INFO	Getting delegation subjects under a realm succeeded.	name of realmsearch pattern	View delegation main page.
503	SEVERE	Getting delegation subjects under a realm failed.	name of realmsearch patternerror message	Unable to get delegation subjects. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under delegation management log for more information.
504	SEVERE	Getting delegation subjects under a realm failed.	name of realmsearch patternerror message	Unable to get delegation subjects due to delegation management SDK related errors.	Look under delegation management log for more information.
511	INFO	Attempt to get privileges of delegation subject	name of realmID of delegation subject	View delegation subject profile page.
512	INFO	Getting privileges of delegation subject succeeded.	name of realmID of delegation subject	View delegation subject profile page.
513	SEVERE	Getting privileges of delegation subject failed.	name of realmID of delegation subjecterror message	Unable to get privileges of delegation subject. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under delegation management log for more information.
514	SEVERE	Getting privileges of delegation subject failed.	name of realmID of delegation subjecterror message	Unable to get privileges of delegation subject due to delegation management SDK related errors.	Look under delegation management log for more information.
521	INFO	Attempt to modify delegation privilege	name of realmID of delegation privilegeID of subject	Click on Save button in delegation subject profile page.
522	INFO	Modification of delegation privilege succeeded.	name of realmID of delegation privilegeID of subject	Click on Save button in delegation subject profile page.
523	SEVERE	Modification of delegation privilege failed.	name of realmID of delegation privilegeID of subjecterror message	Unable to modify delegation privilege. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under delegation management log for more information.
524	SEVERE	Modification of delegation privilege failed.	name of realmID of delegation privilegeID of subjecterror message	Unable to modify delegation privilege due to delegation management SDK related errors.	Look under delegation management log for more information.
601	INFO	Attempt to get data store names	name of realm	View data store main page.
602	INFO	Getting data store names succeeded.	name of realm	View data store main page.
603	SEVERE	Getting data store names failed.	name of realmerror message	Unable to get data store names. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
604	SEVERE	Getting data store names failed.	name of realmerror message	Unable to get data store names due to service management SDK exception.	Look under service management log for more information.
611	INFO	Attempt to get attribute values of identity repository	name of realmname of identity repository	View data store profile page.
612	INFO	Getting attribute values of data store succeeded.	name of realmname of identity repository	View data store profile page.
613	SEVERE	Getting attribute values of data store failed.	name of realmname of identity repositoryerror message	Unable to get attribute values of identity repository. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
614	SEVERE	Getting attribute values of data store failed.	name of realmname of identity repositoryerror message	Unable to get attribute values of data store due to service management SDK exception.	Look under service management log for more information.
621	INFO	Attempt to create identity repository	name of realmname of identity repositorytype of identity repository	Click on New button in data store creation page.
622	INFO	Creation of data store succeeded.	name of realmname of identity repositorytype of identity repository	Click on New button in data store creation page.
623	SEVERE	Creation of data store failed.	name of realmname of identity repositorytype of identity repositoryerror message	Unable to create identity repository. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
624	SEVERE	Creation data store failed.	name of realmname of identity repositorytype of identity repositoryerror message	Unable to create data store due to service management SDK exception.	Look under service management log for more information.
631	INFO	Attempt to delete identity repository	name of realmname of identity repository	Click on Delete button in data store main page.
632	INFO	Deletion of data store succeeded.	name of realmname of identity repository	Click on Delete button in data store main page.
633	SEVERE	Deletion of data store failed.	name of realmname of identity repositoryerror message	Unable to delete identity repository. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
634	SEVERE	Deletion data store failed.	name of realmname of identity repositoryerror message	Unable to delete data store due to service management SDK exception.	Look under service management log for more information.
641	INFO	Attempt to modify identity repository	name of realmname of identity repository	Click on Save button in data store profile page.
642	INFO	Modification of data store succeeded.	name of realmname of identity repository	Click on Save button in data store profile page.
643	SEVERE	Modification of data store failed.	name of realmname of identity repositoryerror message	Unable to modify identity repository. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
644	SEVERE	Modification data store failed.	name of realmname of identity repositoryerror message	Unable to modify data store due to service management SDK exception.	Look under service management log for more information.
701	INFO	Attempt to get assigned services of realm	name of realm	View realm's service main page.
702	INFO	Getting assigned services of realm succeeded.	name of realm	View realm's service main page.
703	SEVERE	Getting assigned services of realm failed.	name of realmerror message	Unable to get assigned services of realm due authentication configuration exception.	Look under authentication log for more information.
704	SEVERE	Getting assigned services of realm failed.	name of realmerror message	Unable to get assigned services of realm due to service management SDK exception.	Look under service management log for more information.
705	SEVERE	Getting assigned services of realm failed.	name of realmerror message	Unable to get assigned services of realm due to data store SDK exception.	Look under service management log for more information.
706	SEVERE	Getting assigned services of realm failed.	name of realmerror message	Unable to get assigned services of realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
711	INFO	Attempt to get assignable services of realm	name of realm	View realm's service main page.
712	INFO	Getting assignable services of realm succeeded.	name of realm	View realm's service main page.
713	SEVERE	Getting assignable services of realm failed.	name of realmerror message	Unable to get assignable services of realm due authentication configuration exception.	Look under authentication log for more information.
714	SEVERE	Getting assignable services of realm failed.	name of realmerror message	Unable to get assignable services of realm due to service management SDK exception.	Look under service management log for more information.
715	SEVERE	Getting assignable services of realm failed.	name of realmerror message	Unable to get assignable services of realm due to ID Repository management SDK exception.	Look under ID Repository management log for more information.
716	SEVERE	Getting assignable services of realm failed.	name of realmerror message	Unable to get assignable services of realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
721	INFO	Attempt to unassign service from realm	name of realmname of service	Click on Unassign button in realm's service page.
722	INFO	Unassign service from realm succeeded.	name of realmname of service	Click on Unassign button in realm's service page.
723	SEVERE	Unassign service from realm failed.	name of realmname of serviceerror message	Unable to unassign service from realm due to service management SDK exception.	Look under service management log for more information.
725	SEVERE	Unassign service from realm failed.	name of realmname of serviceerror message	Unable to unassign service from realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under data store management log for more information.
724	SEVERE	Unassign service from realm failed.	name of realmname of serviceerror message	Unable to unassign service from realm due to data store management SDK exception.	Look under data store management log for more information.
731	INFO	Attempt to assign service to realm	name of realmname of service	Click on assign button in realm's service page.
732	INFO	Assignment of service to realm succeeded.	name of realmname of service	Click on assign button in realm's service page.
733	SEVERE	Assignment of service to realm failed.	name of realmname of serviceerror message	Unable to assign service to realm due to service management SDK exception.	Look under service management log for more information.
734	SEVERE	Assignment of service to realm failed.	name of realmname of serviceerror message	Unable to assign service to realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
735	SEVERE	Assignment of service to realm failed.	name of realmname of serviceerror message	Unable to assign service to realm due to data store SDK exception.	Look under service management log for more information.
741	INFO	Attempt to get attribute values of service in realm	name of realmname of servicename of attribute schema	View realm's service profile page.
742	INFO	Getting of attribute values of service under realm succeeded.	name of realmname of servicename of attribute schema	View realm's service profile page.
743	SEVERE	Getting of attribute values of service under realm failed.	name of realmname of servicename of attribute schemaerror message	Unable to get attribute values of service due to service management SDK exception.	Look under service management log for more information.
744	INFO	Getting of attribute values of service under realm failed.	name of realmname of servicename of attribute schemaerror message	Unable to get attribute values of service due to data store SDK exception.	Look under service management log for more information.
745	SEVERE	Getting of attribute values of service under realm failed.	name of realmname of servicename of attribute schemaerror message	Unable to get attribute values of service. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
751	INFO	Attempt to modify attribute values of service in realm	name of realmname of service	Click on Save button in realm's service profile page.
752	INFO	Modification of attribute values of service under realm succeeded.	name of realmname of service	Click on Save button in realm's service profile page.
753	SEVERE	Modification of attribute values of service under realm failed.	name of realmname of serviceerror message	Unable to modify attribute values of service due to service management SDK exception.	Look under service management log for more information.
754	SEVERE	Modification of attribute values of service under realm failed.	name of realmname of serviceerror message	Unable to modify attribute values of service due to data store error.	Look under data store log for more information.
755	SEVERE	Modification of attribute values of service under realm failed.	name of realmname of serviceerror message	Unable to modify attribute values of service. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation	Look under data store log for more information.
801	INFO	Attempt to get authentication type		View authentication profile page.
802	INFO	Getting of authentication type succeeded.		View authentication profile page.
803	SEVERE	Getting of authentication type failed.	error message	Unable to get authentication type due to authentication configuration SDK exception.	Look under authentication management log for more information.
811	INFO	Attempt to get authentication instances under a realm	name of realm	View authentication profile page.
812	INFO	Getting of authentication instances under a realm succeeded.	name of realm	View authentication profile page.
813	SEVERE	Getting of authentication instances under a realm failed.	name of realmerror message	Unable to get authentication instance due to authentication configuration SDK exception.	Look under authentication management log for more information.
821	INFO	Attempt to remove authentication instances under a realm	name of realmname of authentication instance	View authentication profile page.
822	INFO	Removal of authentication instances under a realm succeeded.	name of realmname of authentication instance	View authentication profile page.
823	SEVERE	Removal of authentication instances under a realm failed.	name of realmname of authentication instance error message	Unable to remove authentication instance due to authentication configuration SDK exception.	Look under authentication management log for more information.
831	INFO	Attempt to create authentication instance under a realm	name of realmname of authentication instance type of authentication instance	Click on New button in authentication creation page.
832	INFO	Creation of authentication instance under a realm succeeded.	name of realmname of authentication instance type of authentication instance	Click on New button in authentication creation page.
833	SEVERE	Creation of authentication instance under a realm failed.	name of realmname of authentication instance type of authentication instanceerror message	Unable to create authentication instance due to authentication configuration exception.	Look under authentication configuration log for more information.
841	INFO	Attempt to modify authentication instance	name of realmname of authentication service	Click on Save button in authentication profile page.
842	INFO	Modification of authentication instance succeeded.	name of realmname of authentication service	Click on Save button in authentication profile page.
843	SEVERE	Modification of authentication instance failed.	name of realmname of authentication serviceerror message	Unable to modify authentication instance due to service management SDK exception.	Look under service anagement log for more information.
844	SEVERE	Modification of authentication instance failed.	name of realmname of authentication serviceerror message	Unable to modify authentication instance. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
851	INFO	Attempt to get authentication instance profile	name of realmname of authentication instance	View authentication instance profile page.
852	INFO	Getting of authentication instance profile succeeded.	name of realmname of authentication instance	View authentication instance profile page.
853	SEVERE	Getting of authentication instance profile failed.	name of realmname of authentication instance error message	Unable to get authentication instance profile due to authentication configuration SDK exception.	Look under authentication management log for more information.
861	INFO	Attempt to modify authentication instance profile	name of realmname of authentication instance	Click on Save button in authentication instance profile page.
862	INFO	Modification of authentication instance profile succeeded.	name of realmname of authentication instance	Click on Save button in authentication instance profile page.
863	SEVERE	Modification of authentication instance profile failed.	name of realmname of authentication instance error message	Unable to modify authentication instance profile due to authentication configuration SDK exception.	Look under authentication management log for more information.
864	SEVERE	Modification of authentication instance profile failed.	name of realmname of authentication instance error message	Unable to modify authentication instance profile due to service management SDK exception.	Look under service management log for more information.
864	SEVERE	Modification of authentication instance profile failed.	name of realmname of authentication instance error message	Unable to modify authentication instance profile. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
871	INFO	Attempt to get authentication profile under a realm	name of realm	View authentication profile under a realm page.
872	INFO	Getting authentication profile under a realm succeeded.	name of realm	View authentication profile under a realm page.
873	SEVERE	Getting authentication profile under a realm failed.	name of realmerror message	Unable to get authentication profile under a realm due to service management SDK exception.	Look under service management log for more information.
881	INFO	Attempt to get authentication configuration profile	name of realmname of authentication configuration	View authentication configuration profile page.
882	INFO	Getting authentication configuration profile succeeded.	name of realmname of authentication configuration	View authentication configuration profile page.
883	SEVERE	Getting authentication configuration profile failed.	name of realmname of authentication configuration error message	Unable to get authentication configuration profile. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
884	SEVERE	Getting authentication configuration profile failed.	name of realmname of authentication configuration error message	Unable to get authentication configuration profile due to service management SDK exception.	Look under service management log for more information.
885	SEVERE	Getting authentication configuration profile failed.	name of realmname of authentication configuration error message	Unable to get authentication configuration profile due to authentication configuration SDK exception.	Look under authentication configuration log for more information.
891	INFO	Attempt to modify authentication configuration profile	name of realmname of authentication configuration	Click on Save button in authentication configuration profile page.
892	INFO	Modification of authentication configuration profile succeeded.	name of realmname of authentication configuration	Click on Save button in authentication configuration profile page.
893	SEVERE	Modification of authentication configuration profile failed.	name of realmname of authentication configuration error message	Unable to modify authentication configuration profile. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
894	SEVERE	Modification of authentication configuration profile failed.	name of realmname of authentication configuration error message	Unable to modify authentication configuration profile due to service management SDK exception.	Look under service management log for more information.
895	SEVERE	Modification of authentication configuration profile failed.	name of realmname of authentication configuration error message	Unable to modify authentication configuration profile due to authentication configuration SDK exception.	Look under authentication configuration log for more information.
901	INFO	Attempt to create authentication configuration	name of realmname of authentication configuration	Click on New button in authentication configuration creation page.
902	INFO	Creation of authentication configuration succeeded.	name of realmname of authentication configuration	Click on New button in authentication configuration creation page.
903	SEVERE	Creation of authentication configuration failed.	name of realmname of authentication configuration error message	Unable to create authentication configuration. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
904	SEVERE	Creation of authentication configuration failed.	name of realmname of authentication configuration error message	Unable to create authentication configuration due to service management SDK exception.	Look under service management log for more information.
905	SEVERE	Creation of authentication configuration failed.	name of realmname of authentication configuration error message	Unable to create authentication configuration due to authentication configuration SDK exception.	Look under authentication configuration log for more information.
1001	INFO	Attempt to get entity descriptor names.	search pattern	View entity descriptor main page.
1002	INFO	Getting entity descriptor names succeeded	search pattern	View entity descriptor main page.
1003	SEVERE	Getting entity descriptor names failed.	search patternerror message	Unable to get entity descriptor names due to federation SDK related errors.	Look under federation log for more information.
1011	INFO	Attempt to create entity descriptor.	descriptor namedescriptor type	Click on New button in entity descriptor creation page.
1012	INFO	Creation entity descriptor succeeded	descriptor namedescriptor type	Click on New button in entity descriptor creation page.
1013	SEVERE	Creation entity descriptor failed.	descriptor namedescriptor typeerror message	Unable to create entity descriptor due to federation SDK related errors.	Look under federation log for more information.
1021	INFO	Attempt to delete entity descriptors.	descriptor names	Click on Delete button in entity descriptor main page.
1022	INFO	Deletion entity descriptors succeeded	descriptor names	Click on Delete button in entity descriptor main page.
1023	SEVERE	Deletion entity descriptors failed.	descriptor nameserror message	Unable to delete entity descriptors due to federation SDK related errors.	Look under federation log for more information.
1031	INFO	Attempt to get attribute values of an affiliate entity descriptor.	descriptor name	View affiliate entity descriptor profile page.
1032	INFO	Getting of attribute values of an affiliate entity descriptor succeeded.	descriptor name	View affiliate entity descriptor profile page.
1033	SEVERE	Getting of attribute values of an affiliate entity descriptor failed.	descriptor nameerror message	Unable to get attribute value of an affiliate entity descriptor due to federation SDK related errors.	Look under federation log for more information.
1041	INFO	Attempt to modify an affiliate entity descriptor.	descriptor name	Click on Save button of affiliate entity descriptor profile page.
1042	INFO	Modification of an affiliate entity descriptor succeeded.	descriptor name	Click on Save button of affiliate entity descriptor profile page.
1043	SEVERE	Modification of an affiliate entity descriptor failed.	descriptor nameerror message	Unable to modify an affiliate entity descriptor due to federation SDK related errors.	Look under federation log for more information.
1044	SEVERE	Modification of an affiliate entity descriptor failed.	descriptor nameerror message	Unable to modify an affiliate entity descriptor due to incorrect number format of one or more attribute values.	Look under federation log for more information.
1051	INFO	Attempt to get attribute values of an entity descriptor.	descriptor name	View entity descriptor profile page.
1052	INFO	Getting attribute values of entity descriptor succeeded.	descriptor name	View entity descriptor profile page.
1053	SEVERE	Getting attribute values of entity descriptor failed.	descriptor nameerror message	Unable to get attribute values of entity descriptor due to federation SDK related errors.	Look under federation log for more information.
1061	INFO	Attempt to modify entity descriptor.	descriptor name	Click on Save button in entity descriptor profile page.
1062	INFO	Modification of entity descriptor succeeded.	descriptor name	Click on Save button in entity descriptor profile page.
1063	SEVERE	Modification of entity descriptor failed.	descriptor nameerror message	Unable to modify entity descriptor due to federation SDK related errors.	Look under federation log for more information.
1101	INFO	Attempt to get authentication domain names.	search pattern	View authentication domain main page.
1102	INFO	Getting authentication domain names succeeded.	search pattern	View authentication domain main page.
1103	SEVERE	Getting authentication domain names failed.	search patternerror message	Unable to get authentication domain names due to federation SDK related errors.	Look under federation log for more information.
1111	INFO	Attempt to create authentication domain	name of authentication domain	Click on New button in authentication domain creation page.
1112	INFO	Creation authentication domain succeeded.	name of authentication domain	Click on New button in authentication domain creation page.
1113	SEVERE	Creation authentication domain failed.	name of authentication domainerror message	Unable to create authentication domain due to federation SDK related errors.	Look under federation log for more information.
1121	INFO	Attempt to delete authentication domains	name of authentication domains	Click on Delete button in authentication domain main page.
1122	INFO	Deletion authentication domain succeeded.	name of authentication domains	Click on Delete button in authentication domain main page.
1123	SEVERE	Deletion authentication domain failed.	name of authentication domainserror message	Unable to delete authentication domain due to federation SDK related errors.	Look under federation log for more information.
1131	INFO	Attempt to get authentication domain's attribute values	name of authentication domain	View authentication domain profile page.
1132	INFO	Getting attribute values of authentication domain succeeded.	name of authentication domain	View authentication domain profile page.
1133	SEVERE	Getting attribute values of authentication domain failed.	name of authentication domainserror message	Unable to get attribute values of authentication domain due to federation SDK related errors.	Look under federation log for more information.
1141	INFO	Attempt to modify authentication domain	name of authentication domain	Click on Save button in authentication domain profile page.
1142	INFO	Modification authentication domain succeeded.	name of authentication domain	Click on Save button in authentication domain profile page.
1143	SEVERE	Modification authentication domain failed.	name of authentication domainerror message	Unable to modify authentication domain due to federation SDK related errors.	Look under federation log for more information.
1151	INFO	Attempt to get all provider names		View authentication domain profile page.
1152	INFO	Getting all provider names succeeded.		View authentication domain profile page.
1153	SEVERE	Getting all provider names failed.	error message	Unable to get all provider names due to federation SDK related errors.	Look under federation log for more information.
1161	INFO	Attempt to get provider names under a authentication domain	name of authentication domain	View authentication domain profile page.
1162	INFO	Getting provider names under authentication domain succeeded.	name of authentication domain	View authentication domain profile page.
1163	SEVERE	Getting provider names under authentication domain failed.	name of authentication domainerror message	Unable to get provider names under authentication domain due to federation SDK related errors.	Look under federation log for more information.
1171	INFO	Attempt to add providers to an authentication domain	name of authentication domainname of providers	Click on Save button in provider assignment page.
1172	INFO	Addition of provider to an authentication domain succeeded.	name of authentication domainname of providers	Click on Save button in provider assignment page.
1173	SEVERE	Addition of provider to an authentication domain failed.	name of authentication domainname of providers error message	Unable to add provider to authentication domain due to federation SDK related errors.	Look under federation log for more information.
1181	INFO	Attempt to remove providers from authentication domain	name of authentication domainname of providers	Click on Save button in provider assignment page.
1182	INFO	Deletion of providers from authentication domain succeeded.	name of authentication domainname of providers	Click on Save button in provider assignment page.
1183	SEVERE	Deletion of provider from authentication domain failed.	name of authentication domainname of providers error message	Unable to remove provider from authentication domain due to federation SDK related errors.	Look under federation log for more information.
1301	INFO	Attempt to create provider	name of providerrole of providertype of provider	Click on Save button in provider assignment page.
1302	INFO	Creation of providers succeeded.	name of providerrole of providertype of provider	Click on Save button in provider assignment page.
1303	SEVERE	Creation of provider failed.	name of providerrole of providertype of provider error message	Unable to create provider due to federation SDK related errors.	Look under federation log for more information.
1303	SEVERE	Creation of provider failed.	name of providerrole of providertype of provider error message	Unable to create provider due to federation SDK related errors.	Look under federation log for more information.
1304	SEVERE	Creation of provider failed.	name of providerrole of providertype of provider error message	Unable to create provider because Administration Console cannot find the appropriate methods to set values for this provider.	This is a web application error. Please contact Sun Support for assistant.
1311	INFO	Attempt to get attribute values for provider	name of providerrole of providertype of provider	View provider profile page.
1312	INFO	Getting attribute values of providers succeeded.	name of providerrole of providertype of provider	View provider profile page.
1321	INFO	Attempt to get handler to provider	name of providerrole of provider	View provider profile page.
1322	INFO	Getting handler to provider succeeded.	name of providerrole of provider	View provider profile page.
1323	SEVERE	Getting handler to provider failed.	name of providerrole of providererror message	Unable to get handler to provider due to federation SDK related errors.	Look under federation log for more information.
1331	INFO	Attempt to modify provider	name of providerrole of provider	Click on Save button in provider profile page.
1332	INFO	Modification of provider succeeded.	name of providerrole of provider	Click on Save button in provider profile page.
1333	SEVERE	Modification of provider failed.	name of providerrole of providererror message	Unable to modify provider due to federation SDK related errors.	Look under federation log for more information.
1334	SEVERE	Modification of provider failed.	name of providerrole of providererror message	Unable to modify provider because Administration Console cannot find the appropriate methods to set values for this provider.	This is a web application error. Please contact Sun Support for assistant.
1341	INFO	Attempt to delete provider	name of providerrole of provider	Click on delete provider button in provider profile page.
1342	INFO	Deletion of provider succeeded.	name of providerrole of provider	Click on delete provider button in provider profile page.
1343	SEVERE	Deletion of provider failed.	name of providerrole of providererror message	Unable to delete provider due to federation SDK related errors.	Look under federation log for more information.
1351	INFO	Attempt to get prospective trusted provider	name of providerrole of provider	View add trusted provider page.
1352	INFO	Getting of prospective trusted provider succeeded.	name of providerrole of provider	View add trusted provider page.
1353	SEVERE	Getting of prospective trusted provider failed.	name of providerrole of providererror message	Unable to get prospective trusted provider due to federation SDK related errors.	Look under federation log for more information.
2001	INFO	Attempt to get attribute values of schema type of a service schema	name of servicename of schema typename of attribute schemas	View service profile page.
2002	INFO	Getting attribute values of schema type of a service schema succeeded.	name of servicename of schema typename of attribute schemas	View service profile page.
2003	SEVERE	Getting attribute values of schema type of a service schema failed.	name of servicename of schema typename of attribute schemaserror message	Unable to get attribute values of schema type of a service schema. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
2004	SEVERE	Getting attribute values of schema type of a service schema failed.	name of servicename of schema typename of attribute schemaserror message	Unable to get attribute values of schema type of a service schema due to service management SDK related errors.	Look under service management log for more information.
2005	INFO	Getting attribute values of schema type of a service schema failed.	name of servicename of schema typename of attribute schemas	View service profile page.	Need no action on this event. Console attempts to get a schema from a service but schema does not exist.
2011	INFO	Attempt to get attribute values of attribute schema of a schema type of a service schema	name of servicename of schema typename of attribute schemas	View service profile page.
2012	INFO	Getting attribute values of attribute schema of a schema type of a service schema succeeded.	name of servicename of schema typename of attribute schemas	View service profile page.
2013	SEVERE	Getting attribute values of attribute schema of a schema type of a service schema failed.	name of servicename of schema typename of attribute schemaserror message	Unable to get attribute values of schema type of a service schema. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
2014	SEVERE	Getting attribute values of attribute schema of a schema type of a service schema failed.	name of servicename of schema typename of attribute schemaserror message	Unable to get attribute values of schema type of a service schema due to service management SDK related errors.	Look under service management log for more information.
2021	INFO	Attempt to modify attribute values of attribute schema of a schema type of a service schema	name of servicename of schema typename of attribute schemas	Click on Save button in service profile page.
2022	INFO	Modification attribute values of attribute schema of a schema type of a service schema succeeded.	name of servicename of schema typename of attribute schemas	Click on Save button in service profile page.
2023	SEVERE	Modification attribute values of attribute schema of a schema type of a service schema failed.	name of servicename of schema typename of attribute schemaserror message	Unable to modify attribute values of schema type of a service schema. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under service management log for more information.
2024	SEVERE	Modification attribute values of attribute schema of a schema type of a service schema failed.	name of servicename of schema typename of attribute schemaserror message	Unable to modify attribute values of schema type of a service schema due to service management SDK related errors.	Look under service management log for more information.
2501	INFO	Attempt to get device names of client detection service	name of profilename of stylesearch pattern	View client profile page.
2502	INFO	Getting device names of client detection service succeeded.	name of profilename of stylesearch pattern	View client profile page.
2511	INFO	Attempt to delete client in client detection service	type of client	Click on client type delete hyperlink page.
2512	INFO	Deletion of client in client detection service succeeded.	type of client	Click on client type delete hyperlink page.
2513	SEVERE	Deletion of client in client detection service failed.	type of clienterror message	Unable to delete client due to client detection SDK related errors.	Look under client detection management log for more information.
2521	INFO	Attempt to create client in client detection service	type of client	Click on New button in Client Creation Page.
2522	INFO	Creation of client in client detection service succeeded.	type of client	Click on New button in Client Creation Page.
2523	SEVERE	Creation of client in client detection service failed.	type of clienterror message	Unable to create client due to client detection SDK related errors.	Look under client detection management log for more information.
2524	INFO	Creation of client in client detection service failed.	type of clienterror message	Unable to create client because client type is invalid.	Check the client type again before creation.
2531	INFO	Attempt to get client profile in client detection service	type of clientclassification	View client profile page.
2532	INFO	Getting of client profile in client detection service succeeded.	type of clientclassification	View client profile page.
2541	INFO	Attempt to modify client profile in client detection service	type of client	Click on Save button client profile page.
2542	INFO	Modification of client profile in client detection service succeeded.	type of client	Click on Save button client profile page.
2543	SEVERE	Modification of client profile in client detection service failed.	type of clienterror message	Unable to modify client profile due to client detection SDK related errors.	Look under client detection management log for more information.
3001	INFO	Attempt to get current sessions	name of serversearch pattern	View session main page.
3002	INFO	Getting of current sessions succeeded.	name of serversearch pattern	View session main page.
3003	SEVERE	Getting of current sessions failed.	name of servername of realmerror message	Unable to get current sessions due to session SDK exception.	Look under session management log for more information.
3011	INFO	Attempt to invalidate session	name of serverID of session	Click on Invalidate button in session main page.
3012	INFO	Invalidation of session succeeded.	name of serverID of session	Click on Invalidate button in session main page.
3013	SEVERE	Invalidation of session failed.	name of serverID of sessionerror message	Unable to invalidate session due to session SDK exception.	Look under session management log for more information.
10001	INFO	Attempt to search for containers from an organization	DN of organizationsearch pattern	Click on Search button in Organization's containers page.
10002	INFO	Searching for containers from an organization succeeded.	DN of organizationsearch pattern	Click on Search button in Organization's containers page.
10003	SEVERE	Searching for containers from an organization failed.	DN of organizationsearch patternerror message	Unable to search for containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10004	SEVERE	Searching for containers from an organization failed.	DN of organizationsearch patternerror message	Unable to search for containers due to access management SDK exception.	Look under access management SDK log for more information.
10011	INFO	Attempt to search for containers from a container	DN of containersearch pattern	Click on Search button in Container's sub containers page.
10012	INFO	Searching for containers from a container succeeded.	DN of containersearch pattern	Click on Search button in Container's sub containers page.
10013	SEVERE	Searching for containers from a container failed.	DN of containersearch patternerror message	Unable to search for containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10014	SEVERE	Searching for containers from a container failed.	DN of containersearch patternerror message	Unable to search for containers due to access management SDK exception.	Look under access management SDK log for more information.
10021	INFO	Attempt to create containers under an organization	DN of organizationName of container	Click on New button in Container Creation page.
10022	INFO	Creation of container under an organization succeeded.	DN of organizationName of container	Click on New button in Container Creation page.
10023	SEVERE	Creation of container under an organization failed.	DN of organizationName of containererror message	Unable to create container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10024	SEVERE	Creation of container under an organization failed.	DN of organizationName of containererror message	Unable to create container due to access management SDK exception.	Look under access management SDK log for more information.
10031	INFO	Attempt to create containers under an container	DN of containerName of container	Click on New button in Container Creation page.
10032	INFO	Creation of container under an container succeeded.	DN of containerName of container	Click on New button in Container Creation page.
10033	SEVERE	Creation of container under an container failed.	DN of containerName of containererror message	Unable to create container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10034	SEVERE	Creation of container under an container failed.	DN of containerName of containererror message	Unable to create container due to access management SDK exception.	Look under access management SDK log for more information.
10041	INFO	Attempt to get assigned services to container	DN of container	View Container's service profile page.
10042	INFO	Getting assigned services to container succeeded.	DN of container	View Container's service profile page.
10043	SEVERE	Getting assigned services to container failed.	DN of containererror message	Unable to get services assigned to container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10044	SEVERE	Getting assigned services to container failed.	DN of containererror message	Unable to get services assigned to container due to access management SDK exception.	Look under access management SDK log for more information.
10101	INFO	Attempt to get service template under an organization	DN of organizationName of serviceType of template	View Organization's service profile page.
10102	INFO	Getting service template under an organization succeeded.	DN of organizationName of serviceType of template	View Organization's service profile page.
10103	SEVERE	Getting service template under an organization failed.	DN of organizationName of serviceType of template error message	Unable to get service template. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10104	SEVERE	Getting service template under an organization failed.	DN of organizationName of serviceType of template error message	Unable to get service template due to access management SDK exception.	Look under access management SDK log for more information.
10111	INFO	Attempt to get service template under a container	DN of containerName of serviceType of template	View container's service profile page.
10112	INFO	Getting service template under a container succeeded.	DN of containerName of serviceType of template	View container's service profile page.
10113	SEVERE	Getting service template under a container failed.	DN of containerName of serviceType of template error message	Unable to get service template. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10114	SEVERE	Getting service template under a container failed.	DN of containerName of serviceType of template error message	Unable to get service template due to access management SDK exception.	Look under access management SDK log for more information.
10121	INFO	Attempt to delete directory object	Name of object	Click on Delete button in object main page.
10122	INFO	Deletion of directory object succeeded.	Name of object	Click on Delete button in object main page.
10123	SEVERE	Deletion of directory object failed.	Name of objecterror message	Unable to delete directory object. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10124	SEVERE	Deletion of directory object failed.	Name of objecterror message	Unable to delete directory object due to access management SDK exception.	Look under access management SDK log for more information.
10131	INFO	Attempt to modify directory object	DN of object	Click on object profile page.
10132	INFO	Modification of directory object succeeded.	DN of object	Click on object profile page.
10133	SEVERE	Modification of directory object failed.	DN of objecterror message	Unable to modify directory object due to access management SDK exception.	Look under access management SDK log for more information.
10141	INFO	Attempt to delete service from organization	DN of organizationName of service	Click on unassign button in organization's service page.
10142	INFO	Deletion of service from organization succeeded.	DN of organizationName of service	Click on unassign button in organization's service page.
10143	SEVERE	Deletion of service from organization failed.	DN of organizationName of serviceerror message	Unable to delete service. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10144	SEVERE	Deletion of service from organization failed.	DN of organizationName of serviceerror message	Unable to delete service due to access management SDK exception.	Look under access management SDK log for more information.
10151	INFO	Attempt to delete service from container	DN of containerName of service	Click on unassign button in container's service page.
10152	INFO	Deletion of service from container succeeded.	DN of containerName of service	Click on unassign button in container's service page.
10153	SEVERE	Deletion of service from container failed.	DN of containerName of serviceerror message	Unable to delete service. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10154	SEVERE	Deletion of service from container failed.	DN of containerName of serviceerror message	Unable to delete service due to access management SDK exception.	Look under access management SDK log for more information.
10201	INFO	Attempt to serch for group containers under organization	DN of organizationSearch pattern	Click on Search button in organization's group containers page.
10202	INFO	Searching for group containers under organization succeeded.	DN of organizationSearch pattern	Click on Search button in organization's group containers page.
10203	SEVERE	Searching for group containers under organization failed.	DN of organizationSearch patternerror message	Unable to search group containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10204	SEVERE	Searching for group containers under organization failed.	DN of organizationSearch patternerror message	Unable to search group containers due to access management SDK exception.	Look under access management SDK log for more information.
10211	INFO	Attempt to serch for group containers under container	DN of containerSearch pattern	Click on Search button in container's group containers page.
10212	INFO	Searching for group containers under container succeeded.	DN of containerSearch pattern	Click on Search button in container's group containers page.
10213	SEVERE	Searching for group containers under container failed.	DN of containerSearch patternerror message	Unable to search group containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10214	SEVERE	Searching for group containers under container failed.	DN of containerSearch patternerror message	Unable to search group containers due to access management SDK exception.	Look under access management SDK log for more information.
10221	INFO	Attempt to search for group containers under group container	DN of group containerSearch pattern	Click on Search button in group container's group containers page.
10222	INFO	Searching for group containers under group container succeeded.	DN of group containerSearch pattern	Click on Search button in group container's group containers page.
10223	SEVERE	Searching for group containers under group container failed.	DN of group containerSearch patternerror message	Unable to search group containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10224	SEVERE	Searching for group containers under group container failed.	DN of group containerSearch patternerror message	Unable to search group containers due to access management SDK exception.	Look under access management SDK log for more information.
10231	INFO	Attempt to create group container in organization	DN of organizationName of group container	Click on New button in group container creation page.
10232	INFO	Creation of group container under organization succeeded.	DN of organizationName of group container	Click on New button in group container creation page.
10233	SEVERE	Creation of group container under organization failed.	DN of organizationName of group containererror message	Unable to create group container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10234	SEVERE	Creation of group container under organization failed.	DN of organizationName of group containererror message	Unable to create group container due to access management SDK exception.	Look under access management SDK log for more information.
10241	INFO	Attempt to create group container in container	DN of containerName of group container	Click on New button in group container creation page.
10242	INFO	Creation of group container under container succeeded.	DN of containerName of group container	Click on New button in group container creation page.
10243	SEVERE	Creation of group container under container failed.	DN of containerName of group containererror message	Unable to create group container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10244	SEVERE	Creation of group container under container failed.	DN of containerName of group containererror message	Unable to create group container due to access management SDK exception.	Look under access management SDK log for more information.
10251	INFO	Attempt to create group container in group container	DN of group containerName of group container	Click on New button in group container creation page.
10252	INFO	Creation of group container under group container succeeded.	DN of group containerName of group container	Click on New button in group container creation page.
10253	SEVERE	Creation of group container under group container failed.	DN of group containerName of group container error message	Unable to create group container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10254	SEVERE	Creation of group container under group container failed.	DN of group containerName of group container error message	Unable to create group container due to access management SDK exception.	Look under access management SDK log for more information.
10301	INFO	Attempt to search groups under organization	DN of organizationsearch pattern	Click on Search button in organization's group page.
10302	INFO	Searching for groups under organization succeeded.	DN of organizationsearch pattern	Click on Search button in organization's group page.
10303	SEVERE	Searching for groups under organization failed.	DN of organizationsearch patternerror message	Unable to search for groups. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10304	SEVERE	Searching for groups under organization failed.	DN of organizationsearch patternerror message	Unable to search groups due to access management SDK exception.	Look under access management SDK log for more information.
10311	INFO	Attempt to search groups under container	DN of containersearch pattern	Click on Search button in container's group page.
10312	INFO	Searching for groups under container succeeded.	DN of containersearch pattern	Click on Search button in container's group page.
10313	SEVERE	Searching for groups under container failed.	DN of containersearch patternerror message	Unable to search for groups. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10314	SEVERE	Searching for groups under container failed.	DN of containersearch patternerror message	Unable to search groups due to access management SDK exception.	Look under access management SDK log for more information.
10321	INFO	Attempt to search groups under static group	DN of static groupsearch pattern	Click on Search button in static group's group page.
10322	INFO	Searching for groups under static group succeeded.	DN of static groupsearch pattern	Click on Search button in static group's group page.
10323	SEVERE	Searching for groups under static group failed.	DN of static groupsearch patternerror message	Unable to search for groups. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10324	SEVERE	Searching for groups under static group failed.	DN of static groupsearch patternerror message	Unable to search groups due to access management SDK exception.	Look under access management SDK log for more information.
10331	INFO	Attempt to search groups under dynamic group	DN of dynamic groupsearch pattern	Click on Search button in dynamic group's group page.
10332	INFO	Searching for groups under dynamic group succeeded.	DN of dynamic groupsearch pattern	Click on Search button in dynamic group's group page.
10333	SEVERE	Searching for groups under dynamic group failed.	DN of dynamic groupsearch patternerror message	Unable to search for groups. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10334	SEVERE	Searching for groups under dynamic group failed.	DN of dynamic groupsearch patternerror message	Unable to search groups due to access management SDK exception.	Look under access management SDK log for more information.
10341	INFO	Attempt to search groups under assignable dynamic group	DN of assignable dynamic groupsearch pattern	Click on Search button in assignable dynamic group's group page.
10342	INFO	Searching for groups under assignable dynamic group succeeded.	DN of assignable dynamic groupsearch pattern	Click on Search button in assignable dynamic group's group page.
10343	SEVERE	Searching for groups under assignable dynamic group failed.	DN of assignable dynamic groupsearch pattern error message	Unable to search for groups. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10344	SEVERE	Searching for groups under assignable dynamic group failed.	DN of assignable dynamic groupsearch pattern error message	Unable to search groups due to access management SDK exception.	Look under access management SDK log for more information.
10351	INFO	Attempt to create group under organization	DN of organizationName of group	Click on New button in group creation page.
10352	INFO	Creation of groups under organization succeeded.	DN of organizationName of group	Click on New button in group creation page.
10353	SEVERE	Creation of group under organization failed.	DN of organizationName of grouperror message	Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10354	SEVERE	Creation of group under organization failed.	DN of organizationName of grouperror message	Unable to create group due to access management SDK exception.	Look under access management SDK log for more information.
10361	INFO	Attempt to create group under container	DN of containerName of group	Click on New button in group creation page.
10362	INFO	Creation of groups under container succeeded.	DN of containerName of group	Click on New button in group creation page.
10363	SEVERE	Creation of group under container failed.	DN of containerName of grouperror message	Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10364	SEVERE	Creation of group under container failed.	DN of containerName of grouperror message	Unable to create group due to access management SDK exception.	Look under access management SDK log for more information.
10371	INFO	Attempt to create group under group container	DN of group containerName of group	Click on New button in group creation page.
10372	INFO	Creation of groups under group container succeeded.	DN of group containerName of group	Click on New button in group creation page.
10373	SEVERE	Creation of group under group container failed.	DN of group containerName of grouperror message	Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10374	SEVERE	Creation of group under group container failed.	DN of group containerName of grouperror message	Unable to create group due to access management SDK exception.	Look under access management SDK log for more information.
10381	INFO	Attempt to create group under dynamic group	DN of dynamic groupName of group	Click on New button in group creation page.
10382	INFO	Creation of groups under dynamic group succeeded.	DN of dynamic groupName of group	Click on New button in group creation page.
10383	SEVERE	Creation of group under dynamic group failed.	DN of dynamic groupName of grouperror message	Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10384	SEVERE	Creation of group under dynamic group failed.	DN of dynamic groupName of grouperror message	Unable to create group due to access management SDK exception.	Look under access management SDK log for more information.
10391	INFO	Attempt to create group under static group	DN of static groupName of group	Click on New button in group creation page.
10392	INFO	Creation of groups under static group succeeded.	DN of static groupName of group	Click on New button in group creation page.
10393	SEVERE	Creation of group under static group failed.	DN of static groupName of grouperror message	Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10394	SEVERE	Creation of group under static group failed.	DN of static groupName of grouperror message	Unable to create group due to access management SDK exception.	Look under access management SDK log for more information.
10401	INFO	Attempt to create group under assignable dynamic group	DN of assignable dynamic groupName of group	Click on New button in group creation page.
10402	INFO	Creation of groups under assignable dynamic group succeeded.	DN of assignable dynamic groupName of group	Click on New button in group creation page.
10403	SEVERE	Creation of group under assignable dynamic group failed.	DN of assignable dynamic groupName of grouperror message	Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10404	SEVERE	Creation of group under assignable dynamic group failed.	DN of assignable dynamic groupName of grouperror message	Unable to create group due to access management SDK exception.	Look under access management SDK log for more information.
10411	INFO	Attempt to modify group	DN of group	Click on Save button in group profile page.
10412	INFO	Modification of groups succeeded.	DN of group	Click on Save button in group profile page.
10414	SEVERE	Modification of group failed.	DN of assignable dynamic groupName of grouperror message	Unable to modify group due to access management SDK exception.	Look under access management SDK log for more information.
10421	INFO	Attempt to search for users in group	DN of groupSearch pattern	View group's user page.
10422	INFO	Searching for users in group succeeded.	DN of groupSearch pattern	View group's user page.
10423	SEVERE	Searching for users in group failed.	DN of groupSearch patternerror message	Unable to search for users. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10424	SEVERE	Searching for users in group failed.	DN of groupSearch patternerror message	Unable to search for users due to access management SDK exception.	Look under access management SDK log for more information.
10431	INFO	Attempt to get nested groups	DN of group	View group's members page.
10432	INFO	Getting nested groups succeeded.	DN of group	View group's members page.
10433	SEVERE	Getting nested groups failed.	DN of grouperror message	Unable to get nested group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10434	SEVERE	Getting nested groups failed.	DN of grouperror message	Unable to get nested group due to access management SDK exception.	Look under access management SDK log for more information.
10441	INFO	Attempt to remove nested groups	DN of groupDN of nested groups	Click on remove button in group's members page.
10442	INFO	Removal of nested groups succeeded.	DN of groupDN of nested groups	Click on remove button in group's members page.
10443	SEVERE	Removal of nested groups failed.	DN of groupDN of nested groupserror message	Unable to remove nested group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10444	SEVERE	Removal of nested groups failed.	DN of groupDN of nested groupserror message	Unable to remove nested group due to access management SDK exception.	Look under access management SDK log for more information.
10451	INFO	Attempt to remove users from group	DN of groupDN of users	Click on remove button in group's members page.
10452	INFO	Removal of users from group succeeded.	DN of groupDN of users	Click on remove button in group's members page.
10453	SEVERE	Removal of users from group failed.	DN of groupDN of userserror message	Unable to remove users. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10454	SEVERE	Removal of users from group failed.	DN of groupDN of userserror message	Unable to remove users due to access management SDK exception.	Look under access management SDK log for more information.
10501	INFO	Attempt to search people containers in organization	DN of organizationSearch pattern	View organization's people containers page.
10502	INFO	Searching of people containers in organization succeeded.	DN of organizationSearch pattern	View organization's people containers page.
10503	SEVERE	Searching of people containers in organization failed.	DN of organizationSearch patternerror message	Unable to search for people containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10504	SEVERE	Searching of people containers in organization failed.	DN of organizationSearch patternerror message	Unable to search for people containers due to access management SDK exception.	Look under access management SDK log for more information.
10511	INFO	Attempt to search people containers in container	DN of containerSearch pattern	View container's people containers page.
10512	INFO	Searching of people containers in container succeeded.	DN of containerSearch pattern	View container's people containers page.
10513	SEVERE	Searching of people containers in container failed.	DN of containerSearch patternerror message	Unable to search for people containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10514	SEVERE	Searching of people containers in container failed.	DN of containerSearch patternerror message	Unable to search for people containers due to access management SDK exception.	Look under access management SDK log for more information.
10521	INFO	Attempt to search people containers in people container	DN of people containerSearch pattern	View people container's people containers page.
10522	INFO	Searching of people containers in people container succeeded.	DN of people containerSearch pattern	View people container's people containers page.
10523	SEVERE	Searching of people containers in people container failed.	DN of people containerSearch patternerror message	Unable to search for people containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10524	SEVERE	Searching of people containers in people container failed.	DN of people containerSearch patternerror message	Unable to search for people containers due to access management SDK exception.	Look under access management SDK log for more information.
10531	INFO	Attempt to create people container in organization	DN of organizationName of people container	Click on New button in people container creation page.
10532	INFO	Creation of people containers in organization succeeded.	DN of organizationName of people container	Click on New button in people container creation page.
10533	SEVERE	Creation of people container in organization failed.	DN of organizationName of people containererror message	Unable to create for people containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10534	SEVERE	Creation of people container in organization failed.	DN of organizationName of people containererror message	Unable to create for people container due to access management SDK exception.	Look under access management SDK log for more information.
10541	INFO	Attempt to create people container in container	DN of containerName of people container	Click on New button in people container creation page.
10542	INFO	Creation of people container in container succeeded.	DN of containerName of people container	Click on New button in people container creation page.
10543	SEVERE	Creation of people container in container failed.	DN of containerName of people containererror message	Unable to create for people container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10544	SEVERE	Creation of people container in container failed.	DN of containerName of people containererror message	Unable to create for people container due to access management SDK exception.	Look under access management SDK log for more information.
10551	INFO	Attempt to create people container in people container	DN of people containerName of people container	Click on New button in people container creation page.
10552	INFO	Creation of people container in people container succeeded.	DN of people containerName of people container	Click on New button in people container creation page.
10553	SEVERE	Creation of people container in people container failed.	DN of people containerName of people container error message	Unable to create for people container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10554	SEVERE	Creation of people container in people container failed.	DN of people containerName of people container error message	Unable to create for people container due to access management SDK exception.	Look under access management SDK log for more information.
10601	INFO	Attempt to get assigned services to an organization	DN of organization	View organization's service profile page.
10602	INFO	Getting of assigned services to organization succeeded.	DN of organization	View organization's service profile page.
10603	SEVERE	Getting of assigned services to organization failed.	DN of organizationerror message	Unable to get assigned services. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10604	SEVERE	Getting of assigned services to organization failed.	DN of organizationerror message	Unable to get assigned services due to access management SDK exception.	Look under access management SDK log for more information.
10611	INFO	Attempt to remove services from an organization	DN of organizationName of service	Click on unassign button in organization's service profile page.
10612	INFO	Removal of services from organization succeeded.	DN of organizationName of service	Click on unassign button in organization's service profile page.
10613	SEVERE	Removal of services from organization failed.	DN of organizationName of serviceerror message	Unable to remove services. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10614	SEVERE	Removal of services from organization failed.	DN of organizationName of serviceerror message	Unable to remove services due to access management SDK exception.	Look under access management SDK log for more information.
10621	INFO	Attempt to search organization in an organization	DN of organizationSearch pattern	View organization's sub organization page.
10622	INFO	Searching for organization in an organization succeeded.	DN of organizationSearch pattern	View organization's sub organization page.
10623	SEVERE	Searching for organization in an organization failed.	DN of organizationSearch patternerror message	Unable to search for organizations. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10624	SEVERE	Searching for organization in an organization failed.	DN of organizationSearch patternerror message	Unable to search for organizations due to access management SDK exception.	Look under access management SDK log for more information.
10631	INFO	Attempt to modify organization	DN of organization	Click on Save button in organization profile page.
10632	INFO	Modificaition of organization succeeded.	DN of organization	Click on Save button in organization profile page.
10633	SEVERE	Modificaition of organization failed.	DN of organizationerror message	Unable to modify organization. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10634	SEVERE	Modificaition of organization failed.	DN of organizationerror message	Unable to modify organization due to access management SDK exception.	Look under access management SDK log for more information.
10641	INFO	Attempt to create organization in an organization	DN of organizationName of new organization	Click on New button in organization creation page.
10642	INFO	Creation of organization in an organization succeeded.	DN of organizationName of new organization	Click on New button in organization creation page.
10643	SEVERE	Creation of organization in an organization failed.	DN of organizationName of new organizationerror message	Unable to create organization. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10644	SEVERE	Creation of organization in an organization failed.	DN of organizationName of new organizationerror message	Unable to create organization due to access management SDK exception.	Look under access management SDK log for more information.
10651	INFO	Attempt to get attribute values of an organization	DN of organization	View organization profile page.
10652	INFO	Getting of attribute values of an organization succeeded.	DN of organization	View organization profile page.
10653	SEVERE	Getting of attribute values of an organization failed.	DN of organizationerror message	Unable to get attribute values of organization. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10654	SEVERE	Getting of attribute values of an organization failed.	DN of organizationerror message	Unable to get attribute values of organization due to access management SDK exception.	Look under access management SDK log for more information.
10661	INFO	Attempt to add service to an organization	DN of organizationName of service	Click on assign button in organization's service page.
10662	INFO	Addition of service to an organization succeeded.	DN of organizationName of service	Click on assign button in organization's service page.
10663	SEVERE	Addition of service to an organization failed.	DN of organizationName of serviceerror message	Unable to add service to organization. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10664	SEVERE	Addition of service to an organization failed.	DN of organizationName of serviceerror message	Unable to add service to organization due to access management SDK exception.	Look under access management SDK log for more information.
10701	INFO	Attempt to remove users from role	DN of roleName of users	Click on remove button in role's user page.
10702	INFO	Removal of users from role succeeded.	DN of roleName of users	Click on remove button in role's user page.
10703	SEVERE	Removal of users from role failed.	DN of roleName of userserror message	Unable to remove users. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10704	SEVERE	Removal of users from role failed.	DN of roleName of userserror message	Unable to remove users due to access management SDK exception.	Look under access management SDK log for more information.
10711	INFO	Attempt to get attribute values of role	DN of role	View role profile page.
10712	INFO	Getting attribute values of rolesucceeded.	DN of role	View role profile page.
10713	SEVERE	Getting attribute values of role failed.	DN of roleerror message	Unable to get attribute values. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10714	SEVERE	Getting attribute values of role failed.	DN of roleerror message	Unable to get attribute values due to access management SDK exception.	Look under access management SDK log for more information.
10721	INFO	Attempt to modify role	DN of role	Click on Save button in role profile page.
10722	INFO	Modification of role succeeded.	DN of role	Click on Save button in role profile page.
10723	SEVERE	Modification of role failed.	DN of roleerror message	Unable to modify role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10724	SEVERE	Modification of role failed.	DN of roleerror message	Unable to modify role due to access management SDK exception.	Look under access management SDK log for more information.
10731	INFO	Attempt to getting members in role	DN of roleSearch pattern	View role's members page.
10732	INFO	Getting members in role succeeded.	DN of roleSearch pattern	View role's members page.
10733	SEVERE	Getting members in role failed.	DN of roleSearch patternerror message	Unable to getting members. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10734	SEVERE	Getting members in role failed.	DN of roleSearch patternerror message	Unable to getting members due to access management SDK exception.	Look under access management SDK log for more information.
10741	INFO	Attempt to getting roles in organization	DN of roleSearch pattern	View organization's roles page.
10742	INFO	Getting roles in organization succeeded.	DN of roleSearch patternView role's members page.	View organization's roles page.
10743	SEVERE	Getting roles in organization failed.	DN of roleSearch patternerror message	Unable to getting roles. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10744	SEVERE	Getting roles in organization failed.	DN of roleSearch patternerror message	Unable to getting roles due to access management SDK exception.	Look under access management SDK log for more information.
10751	INFO	Attempt to getting roles in container	DN of roleSearch pattern	View container's roles page.
10752	INFO	Getting roles in container succeeded.	DN of roleSearch patternView role's members page.	View container's roles page.
10753	SEVERE	Getting roles in container failed.	DN of roleSearch patternerror message	Unable to getting roles. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10754	SEVERE	Getting roles in container failed.	DN of roleSearch patternerror message	Unable to getting roles due to access management SDK exception.	Look under access management SDK log for more information.
10761	INFO	Attempt to creating roles in container	DN of containerName of role	Click on New button in roles creation page.
10762	INFO	Creation of roles in container succeeded.	DN of containerName of role	Click on New button in roles creation page.
10763	SEVERE	Creation of roles in container failed.	DN of containerName of role	Unable to create role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10764	SEVERE	Creation of role in container failed.	DN of containerName of roleerror message	Unable to create role due to access management SDK exception.	Look under access management SDK log for more information.
10771	INFO	Attempt to creating roles in organization	DN of organizationName of role	Click on New button in roles creation page.
10772	INFO	Creation of roles in organization succeeded.	DN of organizationName of role	Click on New button in roles creation page.
10773	SEVERE	Creation of roles in organization failed.	DN of organizationName of role	Unable to create role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10774	SEVERE	Creation of role in organization failed.	DN of organizationName of roleerror message	Unable to create role due to access management SDK exception.	Look under access management SDK log for more information.
10781	INFO	Attempt to get assigned services in role	DN of role	View role's service page.
10782	INFO	Getting of assigned services in role succeeded.	DN of role	View role's service page.
10783	SEVERE	Getting of assigned services in role failed.	DN of roleerror message	Unable to get services in role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10784	SEVERE	Getting of assigned services in role failed.	DN of roleerror message	Unable to get services in role due to access management SDK exception.	Look under access management SDK log for more information.
10791	INFO	Attempt to remove service from role	DN of roleName of service	Click on unassign button in role's service page.
10792	INFO	Removal of service from role succeeded.	DN of roleName of service	Click on unassign button in role's service page.
10793	SEVERE	Removal of service from role failed.	DN of roleName of serviceerror message	Unable to remove service from role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10794	SEVERE	Removal of service from role failed.	DN of roleName of serviceerror message	Unable to remove service from role due to access management SDK exception.	Look under access management SDK log for more information.
10801	INFO	Attempt to add service to role	DN of roleName of service	Click on assign button in role's service page.
10802	INFO	Addition of service to role succeeded.	DN of roleName of service	Click on assign button in role's service page.
10803	SEVERE	Addition of service to role failed.	DN of roleName of serviceerror message	Unable to add service to role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10804	SEVERE	Addition of service to role failed.	DN of roleName of serviceerror message	Unable to add service to role due to access management SDK exception.	Look under access management SDK log for more information.
10901	INFO	Attempt to get assigned role of user	DN of user	View user's role page.
10902	INFO	Getting of assigned role of user succeeded.	DN of user	View user's role page.
10903	SEVERE	Getting of assigned role of user failed.	DN of usererror message	Unable to get assigned roles. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10904	SEVERE	Getting of assigned role of user failed.	DN of userName of serviceerror message	Unable to get assigned roles due to access management SDK exception.	Look under access management SDK log for more information.
10911	INFO	Attempt to remove role from user	DN of userDN of role	Click on delete button in user's role page.
10912	INFO	Removal of role from user succeeded.	DN of userDN of role	Click on delete button in user's role page.
10913	SEVERE	Removal of role from user failed.	DN of userDN of roleerror message	Unable to remove role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10914	SEVERE	Removal of role from user failed.	DN of userDN of roleName of service error message	Unable to remove role due to access management SDK exception.	Look under access management SDK log for more information.
10921	INFO	Attempt to add role to user	DN of userDN of role	Click on add button in user's role page.
10922	INFO	Addition of role to user succeeded.	DN of userDN of role	Click on add button in user's role page.
10923	SEVERE	Addition of role to user failed.	DN of userDN of roleerror message	Unable to add role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10924	SEVERE	Addition of role to user failed.	DN of userDN of roleName of service error message	Unable to add role due to access management SDK exception.	Look under access management SDK log for more information.
10931	INFO	Attempt to get assigned services of user	DN of user	View user's services page.
10932	INFO	Getting assigned services of user succeeded.	DN of user	View user's services page.
10933	SEVERE	Getting assigned services of user failed.	DN of usererror message	Unable to get services. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10934	SEVERE	Getting assigned services of user failed.	DN of usererror message	Unable to get services due to access management SDK exception.	Look under access management SDK log for more information.
10941	INFO	Attempt to remove service from user	DN of userName of service	Click on remove button in user's services page.
10942	INFO	Removal of service from user succeeded.	DN of userName of service	Click on remove button in user's services page.
10943	SEVERE	Removal of service from user failed.	DN of userName of serviceerror message	Unable to remove services. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10944	SEVERE	Removal of service from user failed.	DN of userName of serviceerror message	Unable to remove services due to access management SDK exception.	Look under access management SDK log for more information.
10951	INFO	Attempt to search for user in an organization	DN of organizationSearch pattern	View organization's user page.
10952	INFO	Searching for user in organization succeeded.	DN of organizationSearch pattern	View organization's user page.
10953	SEVERE	Searching for user in organization failed.	DN of organizationSearch patternerror message	Unable to search for user. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10954	SEVERE	Searching for user in organization failed.	DN of organizationSearch patternerror message	Unable to search for user due to access management SDK exception.	Look under access management SDK log for more information.
10961	INFO	Attempt to modify user	DN of user	Click on Save button in user profile page.
10962	INFO	Modification of user profile succeeded.	DN of user	Click on Save button in user profile page.
10963	SEVERE	Modification of user profile failed.	DN of usererror message	Unable to modify user. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10964	SEVERE	Modification of user profile failed.	DN of usererror message	Unable to modify user due to access management SDK exception.	Look under access management SDK log for more information.
10971	INFO	Attempt to create user	DN of people containerName of user	Click on Add button in user creation page.
10972	INFO	Creation of user succeeded.	DN of people containerName of user	Click on Add button in user creation page.
10973	SEVERE	Creation of user failed.	DN of people containerName of usererror message	Unable to create user. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10974	SEVERE	Creation of user failed.	DN of people containerName of usererror message	Unable to create user due to access management SDK exception.	Look under access management SDK log for more information.
10981	INFO	Attempt to get attribute values of user	DN of user	View user profile page.
10982	INFO	Getting attribute values of user succeeded.	DN of user	View user profile page.
10983	SEVERE	Getting attribute values of user failed.	DN of usererror message	Unable to get attribute values . It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10984	SEVERE	Getting attribute values of user failed.	DN of usererror message	Unable to get attribute values due to access management SDK exception.	Look under access management SDK log for more information.
10991	INFO	Attempt to add service to user	DN of userName of service	Click on add button in user's service page.
10992	INFO	Addition of service to user succeeded.	DN of userName of service	Click on add button in user's service page.
10993	SEVERE	Addition of service to user failed.	DN of userName of serviceerror message	Unable to add service. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
10994	SEVERE	Addition of service to user failed.	DN of userName of serviceerror message	Unable to add service due to access management SDK exception.	Look under access management SDK log for more information.
11001	INFO	Attempt to get assigned groups of user	DN of user	View user's group page.
11002	INFO	Getting of assigned group of user succeeded.	DN of user	View user's group page.
11003	SEVERE	Getting of assigned group of user failed.	DN of usererror message	Unable to get assigned group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
11004	SEVERE	Getting of assigned group of user failed.	DN of usererror message	Unable to get assigned group due to access management SDK exception.	Look under access management SDK log for more information.
11011	INFO	Attempt to remove group from user	DN of userDN of group	Click on remove button in user's group page.
11012	INFO	Removal of group from user succeeded.	DN of userDN of group	Click on remove button in user's group page.
11013	SEVERE	Removal of group from user failed.	DN of userDN of grouperror message	Unable to remove group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
11014	SEVERE	Removal of group from user failed.	DN of userDN of grouperror message	Unable to remove group due to access management SDK exception.	Look under access management SDK log for more information.
11021	INFO	Attempt to add group to user	DN of userDN of group	Click on add button in user's group page.
11022	INFO	Addition of group to user succeeded.	DN of userDN of group	Click on add button in user's group page.
11023	SEVERE	Addition of group to user failed.	DN of userDN of grouperror message	Unable to add group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation.	Look under access management SDK log for more information.
11024	SEVERE	Addition of group to user failed.	DN of userDN of grouperror message	Unable to add group due to access management SDK exception.	Look under access management SDK log for more information.

Table C–4 Log Reference for Federation


Id	Log Level	Description	Data	Triggers	Actions
1	INFO	Authetication Domain Creation	authentication domain name	Created Authentication Domain
2	INFO	Authentication Domain Deletion	authentication domain name	Deleted Authentication Domain
3	INFO	Modify Authentication Domain	authentication domain name	Modified Authentication Domain
4	INFO	Remote Provider Creation	provider id	Created Remote Provider
5	INFO	Hosted Provider Creation	provider id	Created Hosted Provider
6	INFO	Deleted Affliation	affliation id	Deleted Affiliation
7	INFO	Delete Entity	entity id	Deleted Entity
8	INFO	Deleted Provider	provider id	Deleted Provider
9	INFO	Modify Entity	entity id	Modified Entity
10	INFO	Modify Affliation	affliation id	Modified Affliation
11	INFO	Modify Provider	provider id	Modified Provider
12	INFO	Create Entity	entity id	Created Entity
13	INFO	Create Affiliation	affliation id	Created Affiliation
14	INFO	Write Account Federation Info	user DNfederation info keyfederation info value	Acccount Federation Info with key was added to user
15	INFO	Remove Account Federation Info	user DNprovider idexisting federation info key	Account federation info with key and provider ID was removed from user
16	FINER	Create Assertion	assertion id or string	Assertion Created
17	INFO	Liberty is not enabled.	message	Liberty is not enabled. Cannot process request.	Login to Adminstration Console to enable Federation Management in the Admin Coonsole Service.
18	INFO	Logout Request processing failed.	message	Logout Request processing failed
19	INFO	Termination request processing failed	message	Termination request processing failed
20	INFO	Failed in creating SOAP URL End point.	soap end point url	Failed in creating SOAP URL End point
21	INFO	Mismatched AuthType and the protocol (based on SOAPUrl).	protocolauthentication type	AuthType and the protocol (based on SOAPUrl) do not match.
22	INFO	Wrong Authentication type	authentication type	Wrong Authentication type
23	FINER	SAML SOAP Receiver URL	soap url	SAML SOAP Receiver URL
24	INFO	SOAP Response is Invalid	message	SOAP Response is Invalid.
25	INFO	Assertion is invalid	message	This Assertion is invalid
26	INFO	Single SignOn Failed	message	Single SignOn Failed
27	INFO	Redirect to URL after granting access.	redirect url	Redirecting to URL after granting access.
28	INFO	Authentication Response is missing	message	Authentication Response not found
29	INFO	Account Federation Failed	message	Account Federation Failed
30	INFO	SSOToken Generation Failed	message	Failed to generate SSOToken
31	INFO	Authentication Response is invalid	invalid authentication response	Authentication Response is invalid
32	INFO	Authentication Request processing failed	message	Authentication Request processing failed.
33	INFO	Signature Verification Failed.	message	Signature Verification Failed.
34	FINER	Created SAML Response	saml response	Created SAML Response
35	FINER	Redirect URL	redirect url	Redirect to :
36	INFO	Common Domain Service Information not found	message	Common Domain Service Information not found.
37	INFO	Provider is not trusted	provider id	Provider is not trusted.
38	INFO	Authentication Request is invalid	message	Authentication Request is invalid
39	INFO	Account Federation Information not found for user	user name	Account Federation Information not found for user :
40	INFO	User not found.	user name	User not found.
41	INFO	Logout profile not supported.	logout profile	Logout profile not supported.	Verify metadata is correct.
42	INFO	Logout is successful.	user name	Logout is successful.
43	INFO	Logout failed to redirect due to incorrect URL.	message	Logout failed to redirect due to incorrect URL.
44	INFO	Logout request not formed properly.	user name	Logout request not formed properly.
45	INFO	Failed to get Pre/Logout handler.	logout url	Failed to get Pre/Logout handler.
46	INFO	Single logout failed.	user name	Single logout failed.
47	INFO	Failed to create SPProvidedNameIdentifier.	message	Failed to create SPProvidedNameIdentifier.
48	INFO	Invalid Signature.	message	Invalid Signature.
49	INFO	Federation Termination failed.	user name	Federation Termination failed. Cannot update account.
50	FINER	Federation Termination succeeded.	userDN	Federation Termination succeeded. User account updated.
51	INFO	Response is Invalid	saml response	SAML Response is Invalid.
52	INFO	Invalid Provider Registration.	provider id	Invalid Provider.

Table C–5 Log Reference for Liberty


Id	Log Level	Description	Data	Triggers
1	INFO	Unable to process SASL Request	message idauthentication mechanismauthorization idadvisory authentication id	Unable to process SASL Request.
2	INFO	SASL Response Ok	message idauthentication mechanismauthorization idadvisory authentication id	SASL Response Ok.
3	INFO	Return SASL Authenticaton Response	message idauthentication mechanismauthorization idadvisory authentication id	Returned SASL Response , continue Authentication.
4	INFO	User not found in Data store	user name	User not found in Data store
5	INFO	User found in Data Store	user name	User found in Data Store
6	INFO	Cannot locate user from resourceID	resourceID	Cannot locate user from resourceID
7	INFO	Successfully updated user profile	user name	Successfully updated user profile
8	INFO	UnAuthorized. Failed to Query Personal Profile Service	resource id	Failed to Query Personal Profile Service
9	INFO	Interaction Failed	resource id	Interaction with Personal Profile Service Failed
10	INFO	Successfully queried PP Service	resource id	Personal Profile Service Query Succeeded
11	INFO	Modify Failure	resource id	Failed to modify Personal Profile Service
12	INFO	Modify Success	resource id	Personal Profile Service Successfully modified.
13	INFO	Interaction Successful	successful interaction message	Successful interaction with Personal Profile Service
14	INFO	Sending Message	request message id	Sending SOAP Request Message to WSP.
15	INFO	Returning Response Message	response message idrequest message id	Returning Response Message for SOAP Request.
16	INFO	Resending Message	message id	Resending SOAP Request Message to WSP
17	INFO	Interaction manager redirecting user agent to interaction service	request message id	Interaction manager redirecting user agent to interaction service
18	INFO	Interaction manager returning response element	message idreference message idcache entry status	Interaction manager returning response element
19	INFO	Interaction query presented to user agent	message id	Interaction query presented to user agent
20	INFO	User agent responded to interaction query	message id	User agent responded to interaction query
21	INFO	User agent redirected back to SP	message id	User agent redirected back to SP
22	INFO	Webservices Success	message idhandler key	Webservices success.
23	INFO	Webservices Failure	error message	Webservices Failure.

Table C–6 Log Reference for Policy


Id	Log Level	Description	Data	Triggers	Actions
1	INFO	Evaluating policy succeeded	policy namerealm nameservice type name resource nameaction namespolicy decision	Evaluating policy.
2	INFO	Getting protected policy resources succeeded	principal nameresource nameprotecting policies	Getting protected policy resources.
3	INFO	Creating policy in a realm succeeded	policy namerealm name	Creating policy in a realm.
4	INFO	Modifying policy in a realm succeeded	policy namerealm name	Modifying policy in a realm.
5	INFO	Removing policy from a realm succeeded	policy namerealm name	Removing policy from a realm.
6	INFO	Policy already exists in the realm	policy namerealm name	Creating policy in the realm.
7	INFO	Creating policy in a realm failed	policy namerealm name	Creating policy in a realm.	Check if the user has privilege to create a policy in the realm.
8	INFO	Replacing policy in a realm failed	policy namerealm name	Replacing policy in a realm.	Check if the user has privilege to replace a policy in the realm.
81	INFO	Did not replace policy - A diifferent policy with the new name already exists in the realm	new policy namerealm name	Replacing policy in a realm
9	INFO	Removing policy from a realm failed	policy namerealm name	Removing policy from a realm.	Check if the user has privilege to remove a policy from the realm.
10	INFO	Computing policy decision by an administrator succeeded	admin nameprincipal nameresource name policy decision	Computing policy decision by an administrator.
11	INFO	Computing policy decision by an administrator ignoring subjects succeeded	admin nameresource namepolicy decision	Computing policy decision by an administrator ignoring subjects.

Table C–7 Log Reference for SAML


Id	Log Level	Description	Data	Triggers	Actions
1	INFO	New assertion created	message idAssertion ID or Assertion if log level is LL_FINER	Browser Artifact ProfileBrowser POST Profile Create Assertion ArtifactAuthentication Query Attribute QueryAuthorization Decision Query
2	INFO	New assertion artifact created	message idAssertion ArtifactID of the Assertion corresponding to the Artifact	Browser Artifact ProfileCreating Assertion Artifact
3	FINE	Assertion artifact removed from map	message idAssertion Artifact	SAML Artifact QueryAssertion artifact expires
4	FINE	Assertion removed from map	message idAssertion ID	SAML Artifact QueryAssertion expires
5	INFO	Access right by assertion artifact verified	message idAssertion Artifact	SAML Artifact Query
6	INFO	Authentication type configured and the actual SOAP protocol do not match.	message id	SAML SOAP Query	Login to console, go to Federation, then SAML, edit the Trusted Partners Configuration, check the selected Authentication Type field, make sure it matches the protocol specified in SOAP URL field.
7	INFO	Invalid authentication type	message id	SAML SOAP Query	Login to console, go to Federation, then SAML, edit the Trusted Partners Configuration, select one of the values for Authentication Type field, then save.
8	FINE	Remote SOAP receiver URL	message idSOAP Receiver URL	SAML SOAP Query
9	INFO	No assertion present in saml response	message idSAML Response	SAML Artifact Query	Contact remote partner on what's wrong
10	INFO	Number of assertions in SAML response does not equal to number of artifacts in SAML request.	message idSAML Response	SAML Artifact Query	Contact remote partner on what's wrong
11	INFO	Artifact to be sent to remote partner	message idSAML Artifact	SAML Artifact Query
12	INFO	Wrong SOAP URL in trusted partner configuration	message id	SAML Artifact Query	Login to console, go to Federation, then SAML, edit the Trusted Partners Configuration, enter value for SOAP URL field, then save.
13	FINE	SAML Artifact Query SOAP request	message idSAML Artifact Query message	SAML Artifact Query
14	INFO	No reply from remote SAML SOAP Receiver	message id	SAML Artifact Query	Check remote partner on what's wrong
15	FINE	SAML Artifact Query response	message idSAML Artifact Query response message	SAML Artifact Query
16	INFO	No SAML response inside SOAP response	message id	SAML Artifact Query	Check remote partner on what's wrong
17	INFO	XML signature for SAML response is not valid	message id	SAML Artifact Query	Check remote partner on what's wrong on XML digital signature
18	INFO	Error in getting SAML response status code	message id	SAML Artifact Query	Check remote partner on what's wrong on response status code
19	INFO	TARGET parameter is missing from the request	message id	SAML Artifact ProfileSAML POST Profile	Add "TARGET=target_url" as query parameter in the request
20	INFO	Redirection URL in SAML artifact source site	message idtargetredirection URL SAML response message in case of POST profile and log level is LL_FINER	SAML Artifact Profile sourceSAML POST Profile source
21	INFO	The specified target site is forbidden	message idtarget URL	SAML Artifact Profile sourceSAML POST Profile source	TARGET URL specified in the request is not handled by any trusted partner, check your TARGET url, make sure it matches one of the Target URL configured in trusted partner sites
22	INFO	Failed to create single-sign-on token	message id	SAML Artifact Profile destinationSAML POST Profile destination	Authentication component failed to create SSO token, please check authentication log and debug for more details
23	INFO	Single sign on successful, access to target is granted	message idResponse message in case of POST profile and log levele is LL_FINER or higher	SAML Artifact Profile destinationSAML POST Profile destination
24	INFO	Null servlet request or response	message id	SAML Artifact ProfileSAML POST Profile	Check web container error log for details
25	INFO	Missing SAML response in POST body	message id	SAML POST Profile destination	Check with remote SAML partner to see why SAML response object is missing from HTTP POST body
26	INFO	Error in response message	message id	SAML POST Profile destination	Unable to convert encoded POST body attribute to SAML Response object, check with remote SAML partner to see if there is any error in the SAML response create, for example, encoding error, invalid response sub-element etc.
27	INFO	Response is not valid	message id	SAML POST Profile destination	recipient attribute in SAML response does not match this site's POST profile URLResponse status code is not success
28	INFO	Failed to get an instance of the message factory	message id	SAML SOAP Receiver init	Check your SOAP factory property(javax.xml.soap.MessageFactory) to make sure it is using a valid SOAP factory implementation
29	INFO	Received Request from an untrusted site	message idRemote site Hostname or IP Address	SAML SOAP Queries	Login to console, go to Federation, then SAML service, edit the Trusted Partners Configuration, check the Host List field, make sure remote host/IP is one the values. In case of SSL with client auth, make sure Host List contains the client certificate alias of the remote site.
30	INFO	Invalid request from remote partner site	message id and request hostname/IP addressreturn response	SAML SOAP Queries	Check with administrator of remote partner site
31	FINE	Request message from partner site	message id and request hostname/IP addressrequest xml	SAML SOAP Queries
32	INFO	Failed to build response due to internal server error	message id	SAML SOAP Queries	Check debug message to see why it is failing, for example, cannot create response status, major/minor version error, etc.
33	INFO	Sending SAML response to partner site	message idSAML response or response id	SAML SOAP Queries
32	INFO	Failed to build SOAP fault response body	message id	SAML SOAP Queries	Check debug message to see why it is failing, for example, unable to create SOAP fault, etc.

Table C–8 Log Reference for Session


Id	Log Level	Description	Data	Triggers
1	INFO	Session is Created	User ID	User is authenticated.
2	INFO	Session has idle timedout	User ID	User session idle for long time.
3	INFO	Session has Expired	User ID	User session has reached its maximun time limit.
4	INFO	User has Logged out	User ID	User has logged out of the system.
5	INFO	Session is Reactivated	User ID	User session state is active.
6	INFO	Session is Destroyed	User ID	User session is destroyed and cannot be referenced.
7	INFO	Session's property is changed.	User ID	User changed session's unprotected property.
8	INFO	Session received Unknown Event	User ID	Unknown session event
9	INFO	Attempt to set protected property	User ID	Attempt to set protected property
10	INFO	User's session quota has been exhausted.	User ID	Session quota exhausted
11	INFO	Session database used for session failover and session constraint is not available.	User ID	Unable to reach the session database.
12	INFO	Session database is back online.	User ID	Session database is back online.
13	INFO	The total number of valid sessions hosted on the AM server has reached the max limit.	User ID	Session max limit reached.

Appendix D Error Codes

This appendix provides a list of the error messages generated by Access Manager. While this list is not exhaustive, the information presented in this chapter will serve as a good starting point for common problems. The tables listed in this appendix provide the error code itself, a description and/or probable cause of the error, and describes the actions that can be taken to fix the encountered problem.

This appendix lists error codes for the following functional areas:

If you require further assistance in diagnosing errors, please contact Sun Technical Support:

http://www.sun.com/service/sunone/software/index.html

Access Manager Console Errors

The following table describes the error codes generated and displayed by the Access Manager Console.

Table D–1 Access Manager Console Errors


Error Message	Description/Probable Cause	Action
An error has occurred while deleting the following:	The object may have been removed by another user prior to being removed by the current user.	Redisplay the objects that you are trying to delete and try the operation again.
You have entered an invalid URL	This occurs if the URL for an Access Manager console window is entered incorrectly.
There are no entries matching the search criteria.	The parameters entered in the search window, or in the Filter fields, did not match any objects in the directory.	Run the search again with a different set of parameters
There are no attributes to display.	The selected object does not contain any editable attributes defined in its schema.
There is no information to display for this service.	The services viewed from the Service Configuration module do not have global or organization based attributes
Search size limit exceeded. Please refine your search.	The parameters specified in the search have returned more entries than are allowed to be returned	Modify the Maximum Results Returned from a Search attribute in the Administration service to a larger value. You can also modify the search parameters to be more restrictive.
Search time limit exceeded. Please refine your search.	The search for the specified parameters has taken longer than the allowed search time.	Modify the Timeout for Search attribute in the Administration service to a larger value. You can also modify the search parameters, so they are less restrictive, to return more values.
Invalid user’s start location. Please contact your administrator.	The start location DN in the users entry is no longer valid	In the User Profile page, change the value of the start DN to a valid DN.
Could not create identity object. User does not have sufficient access.	An operation was executed by a user with insufficient permissions. The permissions a user has defined determines what operations they can perform.

Authentication Error Codes

The following table describes the error codes generated by the Authentication service. These errors are displayed to the user/administrator in the Authentication module.

Table D–2 Authentication Error Codes


Error Message	Description/Probable Cause	Action
authentication.already.login.	The user has already logged in and has a valid session, but there is no Success URL redirect defined.	Either logout, or set up some login success redirect URL(s) through the Access Manager Console. Use the ”goto’ query parameter with the value as Admin Console URL.
logout.failure.	A user is unable to logout of Access Manager.	Restart the server.
uncaught_exception	An authentication Exception is thrown due to an incorrect handler	Check the Login URL for any invalid or special characters.
redirect.error	Access Manager cannot redirect to Success or Failure redirect URL.	Check the web container’s error log to see if there are any errors.
gotoLoginAfterFail	This link is generated when most errors occur. The link will send the user to the original Login URL page.
invalid.password	The password entered is invalid.	Passwords must contain at least 8 characters. Check that the password contains the appropriate amount of characters and ensure that it has not expired.
auth.failed	Authentication failed. This is the generic error message displayed in the default login failed template. The most common cause is invalid/incorrect credentials.	Enter valid and correct user name/password (the credentials required by the invoked authentication module.)
nouser.profile	No user profile was found matching the the entered user name in the given organization. This error is displayed while logging in to the Membership/Self-registration authentication module.	Enter your login information again. If this is your first login attempt, select New User in the login screen.
notenough.characters	The password entered does not contain enough characters. This error is displayed while logging in to the Membership/Self-registration authentication module.	The login password must contain at least 8 characters by default (this number is configurable through the Membership Authentication module).
useralready.exists	A user already exists with this name in the given organization. This error is displayed while logging in to the Membership/Self-registration authentication module.	User IDs must be unique within the organization.
uidpasswd.same	The User Name and Password fields cannot have the same value. This error is displayed while logging in to the Membership/Self-registration authentication module.	Make sure that the username and password are different.
nouser.name	No user name was entered.This error is displayed while logging in to the Membership/Self-registration authentication module.	Make sure to enter the user name.
no.password	No password was entered.This error is displayed while logging in to the Membership/Self-registration authentication module.	Make sure to enter the password.
missing.confirm.passwd	Missing the confirmation password field. This error is displayed while logging in to the Membership/Self-registration authentication module.	Make sure to enter the password in the Confirm Password field.
password.mismatch	The password and the confirm password do not match. This error is displayed while logging in to the Membership/Self-registration authentication module.	Make sure that the password and confirmation password match.
An error occurred while storing the user profile.	An error occurred while storing the user profile.This error is displayed while logging in to the Membership/Self-registration authentication module.	Make sure that the attributes and elements are valid and correct for Self Registration in the `Membership.xml` file.
orginactive	This organization is not active.	Activate the organization through the Access Manager console by changing the organization status from `inactive` to `active`.
internal.auth.error	Internal Authentication Error. This is a generic Authentication error which may be caused by different and multiple environmental and/or configuration issues.
usernot.active	The user no longer has an active status.	Activate the user through the Admin Console by changing the user status from `inactive` to `active`. if the user is locked out by Memory Locking, restart the server.
user.not.inrole	User does not belong to the specified role. This error is displayed during role-based authentication.	Make sure that the login user belongs to the role specified for the role-based authentication.
session.timeout	The user session has timed out.	Login in again.
authmodule.denied	The specified authentication module is denied.	Make sure that the required authentication module is registered under the required organization, that the template is created and saved for the module, and that the module is selected in the Organization Authentication Modules list in the Core Authentication module.
noconfig.found	No configuration found.	Check the Authentication Configuration service for the required authentication method.
cookie.notpersistent	Persistent Cookie Username does not exist in the Persistent Cookie Domain.
nosuch.domain	The organization found.	Make sure that the requested organization is valid and correct.
userhasnoprofile.org	User has no profile in the specified organization.	Make sure that the user exists and is valid in the specified organization in the local Directory Server.
reqfield.missing	One of the required fields was not completed. Please make sure all required fields are entered.	Make sure that all required fields are entered.
session.max.limit	Maximum Sessions Limit Reached.	Logout and login again.

Policy Error Codes

The following table describes the error codes generated by the Policy framework and displayed in the Access Manager Console.

Table D–3 Policy Error Codes


Error Message	Description/Probable Cause	Action
illegal_character_/_in_name	Illegal character “/” in the policy name.	Make sure that the policy name does not contain the ”/’ character.
policy_already_exists_in_org	A rule with the same name already exists.	Use a different name for policy creation.
rule_name_already_present	Another rule with the given name already exists	Use a different rule name for policy creation.
rule_already_present	A rule with the same rule value already exists.	Use a different rule value.
no_referral_can_not_create_policy	No referral exists to the organization.	In order to create policies under a sub organization, you must create a referral policy at its parent organization to indicate what resources can be referred to this sub organization.
ldap_search_exceed_size_limit	LDAP search size limit exceeded. An error occurred because the search found more than the maximum number of results.	Change the search pattern or policy configuration of the organization for the search control parameters.The Search Size Limit is located in the Policy Configuration service.
ldap_search_exceed_time_limit	LDAP search time limit exceeded. An error occurred because the search found more than the maximum number of results.	Change the search pattern or policy configuration of the organization for the search control parameters.The Search Time Limit is located in the Policy Configuration service.
ldap_invalid_password	Invalid LDAP Bind password.	The password for LDAP Bind user defined in Policy Configuration is incorrect. This leads to the inability to get an authenticated LDAP connection to perform policy operations.
app_sso_token_invalid	Application SSO token is invalid.	The server could not validate the Application SSO token. Most likely the SSO token is expired.
user_sso_token_invalid	User SSO token is invalid.	The server could not validate the User SSO token. Most likely the SSO token is expired.
property_is_not_an_Integer	Property value not an integer.	The value for this plugin’s property should be an integer.
property_value_not_defined	Property value should be defined.	Provide a value for the given property.
start_ip_can_not_be_greater_than_end_ip	Start IP is larger than End IP	An attempt was made to set end IP Address to be larger than start IP Address in IP Address condition. The Start IP cannot be larger than the End IP.
start_date_can_not_be_larger_than_end_date	Start Date is larger than End Date	An attempt was made to set end Date to be larger than start Date in the policy’s Time Condition. The Start Date cannot be larger than the End Date.
policy_not_found_in_organization	Policy not found in organization. An error occurred trying to locate a non-existing policy in an organization.	Make sure that the policy exists under the specified organization.
insufficient_access_rights	User does not have sufficient access. The user does not have sufficient right to perform policy operations.	Perform policy operations with the user who has appropriate access rights.
invalid_ldap_server_host	Invalid LDAP Server host.	Change the invalid LDAP Server host that was entered in the Policy Configuration service.

amadmin Error Codes

The following table describes the error codes generated by the amadmin command line tool to Access Manager’s debug file.

Table D–4 amadmin error codes


Error Message	Code	Description/Probable Cause	Action
nocomptype	1	Too few arguments.	Make sure that the mandatory arguments (`--runasdn`, `--password`, `--passwordfile`, `--schema`, `--data`, and `--addAttributes`) and their values are supplied in the command line.
file	2	The input XML file was not found.	Check the syntax and make sure that the input XML is valid.
nodnforadmin	3	The user DN for the `--runasdn` value is missing.	Provide the user DN as the value for `--runasdn`.
noservicename	4	The service name for the `--deletservice` value is missing.	Provide the service name as the value for `--deleteservice`.
nopwdforadmin	5	The password for the `--password` value is missing.	Provide the password as the value for `--password`.
nolocalename	6	The locale name was not provided. The locale will default to en_US.	See the Online Help for a list of locales.
nofile	7	Missing XML input file.	Provide at least one input XML filename to process.
invopt	8	One or more arguments are incorrect.	Check that all arguments are valid. For a set of valid arguments, type `amadmin --hel`p.
oprfailed	9	Operation failed.	When `amadmin` fails, it produces more precise error codes to indicate the specific error. Refer to those error codes to evaluate the problem.
execfailed	10	Cannot process requests.	When `amadmin` fails, it produces more precise error codes to indicate the specific error. Refer to those error codes to evaluate the problem.
policycreatexception	12	Policy cannot be created.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
policydelexception	13	Policy cannot be deleted.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
smsdelexception	14	Service cannot be deleted.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
ldapauthfail	15	Cannot authenticate user.	Make sure the user DN and password are correct.
parserror	16	Cannot parse the input XML file.	Make sure that the XML is formatted correctly and adheres to the `amAdmin.dtd` .
parseiniterror	17	Cannot parse due to an application error or a parser initialization error.	Make sure that the XML is formatted correctly and adheres to the `amAdmin.dtd` .
parsebuilterror	18	Cannot parse because a parser with specified options cannot be built.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
ioexception	19	Cannot read the input XML file.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
fatalvalidationerror	20	Cannot parse because the XML file is not a valid file.	Check the syntax and make sure that the input XML is valid.
nonfatalvalidationerror	21	Cannot parse because the XML file is not a valid file.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
validwarn	22	XML file validation warnings for the file.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
failedToProcessXML	23	Cannot process the XML file.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
nodataschemawarning	24	Neither `--data` or `--schema` options are in the command.	Check that all arguments are valid. For a set of valid arguments, type `amadmin --hel`p.
doctyperror	25	The XML file does not follow the correct DTD.	Check the XML file for the `DOCTYPE` element.
statusmsg9	26	LDAP Authentication failed due to invalid DN, password, hostname, or portnumber.	Make sure the user DN and password are correct.
statusmsg13	28	Service Manager exception (SSO exception).	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
statusmsg14	29	Service Manager exception.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
statusmsg15	30	Schema file inputstream exception.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
statusmsg30	31	Policy Manager exception (SSO exception).	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
statusmsg31	32	Policy Manager exception.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
dbugerror	33	More than one debug option is specified.	Only one debug option should be specified.
loginFalied	34	Login failed.	`amadmin` produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.
levelerr	36	Invalid attribute value.	Check the level set for the LDAP search. It should be either `SCOPE_SUB` or `SCOPE_ONE`.
failToGetObjType	37	Error in getting object type.	Make sure that the DN in the XML file is value and contains the correct object type.
invalidOrgDN	38	Invalid organization DN.	Make sure that the DN in the XML file is valid and is an organization object.
invalidRoleDN	39	Invalid role DN.	Make sure that the DN in the XML file is valid and is a role object.
invalidStaticGroupDN	40	Invalid static group DN.	Make sure that the DN in the XML file is valid and is a static group object.
invalidPeopleContainerDN	41	Invalid people container DN.	Make sure the DN in the XML file is valid and is a people container object.
invalidOrgUnitDN	42	Invalid organizational unit DN.	Make sure that the DN in the XML file is valid and is a container object.
invalidServiceHostName	43	Invalid service host name.	Make sure that the hostname for retrieving valid sessions is correct.
subschemaexception	44	Subschema error.	Subcschema is only supported for global and organization attributes.
serviceschemaexception	45	Cannot locate service schema for service.	Make sure that the sub schema in the XML file is valid.
roletemplateexception	46	The role template can be true only if the schema type is dynamic.	Make sure that the role template in the XML file is valid.
cannotAddusersToFileredRole	47	Cannot add users to a filtered role.	Made sure that the role DN in the XML file is not a filtered role.
templateDoesNotExist	48	Template does not exist.	Make sure that the service template in the XML file is valid.
cannotAdduUersToDynamicGroup	49	Cannot add users to a dynamic group.	Made sure that the group DN in the XML file is not a dynamic group.
cannotCreatePolicyUnderContainer	50	Policies can not be created in an organization that is a child organization of a container.	Make sure that the organization in which the policy is to be created is not a child of a container.
defaultGroupContainerNotFound	51	The group container was not found.	Create a group container for the parent organization or container.
cannotRemoveUserFromFilteredRole	52	Cannot remove a user from a filtered role.	Make sure that the role DN in the XML file is not filtered role.
cannotRemoveUsersFromDynamicGroup	53	Cannot remove users from a dynamic group.	Make sure that the group DN in the XML file is not a dynamic group.
subSchemStringDoesNotExist	54	The subschema string does not exist.	Make sure that the subschema string exists in the XML file.

defaultPeopleContainerNotFound	59	You are trying to add user to an organization or container. And default people container does not exists in an organization or container.	Make sure the default people container exists.
nodefaulturlprefix	60	Default URL prefix is not found following --defaultURLPrefix argument	provide the default URL prefix accordingly.
nometaalias	61	Meta Alias is not found following --metaalias argument	provide the Meta Alias accordingly.
missingEntityName	62	Entity Name is not specified.	provide the entity name.
missingLibertyMetaInputFile	63	File name for importing meta data is missing.	provide the file name that contains meta data.
missingLibertyMetaOutputFile	64	File name for storing exported meta data is missing.	provide the file name for storing meta data.
cannotObtainMetaHandler	65	Unable to get a handler to Meta attribute. Specified user name and password may be incorrect.	ensure that user name and password are correct.
missingResourceBundleName	66	Missing resource bundle name when adding, viewing or deleting resource bundle that is store in directory server.	provide the resource bundle name
missingResourceFileName	67	Missing file name of file that contains the resource strings when adding resource bundle to directory server.	Please provide a valid file name.
failLoadLibertyMeta	68	Failed to load liberty meta to Directory Server.	Please check the meta data again before loading it again

Previous: Part IV Command Line Reference

Part V Appendixes

Appendix A AMConfig.properties File

About the AMConfig.properties File

Access Manager Console

Access Manager Server Installation

am.util

amSDK

Application Server Installation

Authentication

Certificate Database

Cookies

Debugging

Directory Server Installation

Event Connection

Global Services Management

Helper Daemons

Identity Federation

JSS Proxy

LDAP Connection

Liberty Alliance Interactions

Logging Service

Logging Properties You Can Add to AMConfig.properties

Naming Service

Notification Service

Policy Agents

Policy Client API

Profile Service

Replication

SAML Service

Security

Session Service

SMTP

Statistics Service

Appendix B serverconfig.xml File

Overview

Proxy User

Example B–1 Proxy User In serverconfig.xml

Admin User

Example B–2 Admin User In serverconfig.xml

server-config Definition Type Document

iPlanetDataAccessLayer Element

ServerGroup Element

Server Element

User Element

DirDN Element

DirPassword Element

BaseDN Element

MiscConfig Element

Example B–3 serverconfig.xml

Failover Or Multimaster Configuration

Example B–4 Configured Failover in serverconfig.xml

Appendix C Log File Reference

Appendix D Error Codes

Access Manager Console Errors

Authentication Error Codes

Policy Error Codes

amadmin Error Codes

About the `AMConfig.properties` File