This is part five of the Sun Java System Access Manager 7 2005Q4 Administration Guide contains error code listings and file reference. This section contains the following appendixes:
AMConfig.properties is the main configuration file for Access Manager. You can configure some, but not all, of the properties in this file. This chapter provides descriptions of properties contained in AMConfig.properties, default property values, and instructions for modifying values that can be changed without rendering Access Manager unusable.
This chapter contains the following sections:
At installation, AMConfig.properties is located in the following directory: etc/opt/SUNWam/config.
AMConfig.properties contains one property per line, and each property has a corresponding value. Properties and values are case-sensitive. Lines that begin with the characters slash and asterisk (/*) are comments, and comments are ignored by the application. Comments end with a last line that contains the closing characters asterisk and slash (*/).
After you modify properties in AMConfig.properties, you must restart Access Manager to activate the changes.
com.iplanet.am.console.deploymentDescriptor
Value is set during installation. Example: /amconsole
com.iplanet.am.console.host
Value is set during installation. Example: hostName.domain.Name.com
com.iplanet.am.console.port
Value is set during installation. Example: 80
com.iplanet.am.console.protocol
Value is set during installation. Example: http
com.iplanet.am.install.basedir
This is a READ-ONLY property. Do not modify the property value.
Value is set during installation. Example: /opt/SUNWam/web-src/services/WEB-INF
com.iplanet.am.install.vardir
This is a READ-ONLY property. Do not modify the property value.
Value is set during installation. Example: /var/opt/SUNWam
com.iplanet.am.installdir
This is a READ-ONLY property. Do not modify the property value.
Value is set during installation. Example: /opt/SUNWam
com.iplanet.am.jdk.path
Value is set during installation. Example: /usr/jdk/entsys-j2se
com.iplanet.am.locale
Value is set during installation. Example: en_US
com.iplanet.am.server.host
Value is set during installation. Example: hostName.domainName.com
com.iplanet.am.server.port
Value is set during installation. Example: 80
com.iplanet.am.server.protocol
Value is set during installation. Example: http
com.iplanet.am.version
Value is set during installation. Example: 7 2005Q4
com.sun.identity.server.fqdnMap[ ]
Enables Access Manager Authentication service to take corrective action when a user types an incorrect URL . This is useful, for example, when a user specifies a partial hostname or uses an IP address to access protected resources.
The syntax of this property represents invalid FQDN values mapped to their corresponding valid counterparts. The property uses the following form: com.sun.identity.server.fqdnMap[invalid-name]=valid—name . In this example, invalid-name is a possible invalid FQDN host name that may be used by the user, and the valid—name is the FQDN host name the filter will redirect the user to. If overlapping values for the same invalid FQDN exist, the application may become inaccessible. Using an invalid value for this property can also result in the application becoming inaccessible. You can use this property to map multiple host names. This is useful when the applications hosted on a server are accessible by multiple host names.
You can use this property to configure Access Manager so that no corrective action is taken for certain hostname URLs. This is useful, for example, when it is required that no corrective action such as a redirect be used for users who access the application resources by using the raw IP address.
You can specify a map entry such as: com.sun.identity.server.fqdnMap[IP]=IP .
You can specify any number of such properties may as long as they are valid properties and conform to the requirements described above. Examples: com.sun.identity.server.fqdnMap[isserver]=isserver.mydomain.comcom.sun.identity.server.fqdnMap[isserver.mydomain]=isserver.mydomain.com com.sun.identity.server.fqdnMap[IP address]=isserver.mydomain.com
com.iplanet.am.util.xml.validating
Default value is no. Determines if validation is required when parsing XML documents using the Access Manager XMLUtils class. This property is in effect only when value for the com.iplanet.services.debug.level property is set to warning or message. Allowable values are yes and no. The XML document validation is turned on only if the value for this property yes, and if value for com.iplanet.services.debug.level property is set to warning or message.
Each SDK cache entry stores a set of AMObject attributes values for a user.
com.iplanet.am.sdk.cache.maxSize
Default value is 10000. Specifies the size of the SDK cache when caching is enabled. Use an integer greater than 0, or the default size (10000 users) will be used.
com.iplanet.am.sdk.userEntryProcessingImpl
This property specifies a plug-in which implements the com.iplanet.am.sdk.AMUserEntryProcessed interface to perform some post-processing for user create, delete and modify operations. The property if used should specify the fully qualified class name which implements the above interface.
com.iplanet.am.sdk.caching.enabled
Setting this to true enables caching, and setting this to false disables caching. The default is false.
com.iplanet.am.iASConfig
Value is set during installation. Example: APPSERVERDEPLOYMENT
This property is used to determine if Access Manager is running on iPlanet Application Server.
com.sun.identity.auth.cookieName
Default value is AMAuthCookie. Specifies the cookie name used by Authentication Service to set the session handler ID during the authentication process. Once this process is completed (success or failure), this cookie is cleared or removed.
com.sun.identity.authentication.ocsp.responder.nickname
Value is set during installation. The Certificate Authority (CA) certificate nick name for that responder. Example: Certificate Manager - sun. If set, the CA certificate must be presented in the Web Server's certificate database.
com.sun.identity.authentication.ocsp.responder.url
Value is set during installation. Example: http://ocsp.sun.com/ocsp
Specifies the global OCSP responder URL for this instance. If the OCSP responder URL is set, the OCSP responder nick name must also be set. Otherwise both will be ignored. If both are not set, the OCSP responder URL presented in user's certificate will be used for OCSP validation. If the OCSP responder URL is not presented in user's certificate, then no OCSP validation will be performed.
com.sun.identity.authentication.ocspCheck
Default value is true. The global parameter to enable or disable OCSP checking. If this value is false, the OCSP feature in the Certificate Authentication module type cannot be used. .
com.sun.identity.authentication.special.users
Value is set during installation. Example: cn=dsameuser,ou=DSAME Users,o=AMRoot|cn=amService-UrlAccessAgent,ou=DSAME Users,o=AMRoot
Identifies the special user or users for this Access Manager authentication component. This user is used by the Client APIs to authenticate remote applications to the Access Manager server using the full user DN. The user will always be authenticated against the local directory server. Multiple values of this special user DN are separated by the pipe character (|). Use of this property is restricted to Authentication component only.
com.sun.identity.authentication.super.user
Value is set during installation. Example: uid=amAdmin,ou=People,o=AMRoot
Identifies the super user for this Access Manager instance. This user must use LDAP to log in, and must use the full DN. The user is always authenticated against the local Directory Server.
com.sun.identity.authentication.uniqueCookieDomain
Used to set the cookie domain for the above cookie name. This Cookie domain should be set such that it covers all the instances of the CDC (Cross Domain Controller) services installed in the network. For example,.example.com if all instances of Access Manager are within the domain example.com.
com.sun.identity.authentication.uniqueCookieName
Default value is sunIdentityServerAuthNServer. Specifies the cookie name set to the Access Manager server host URL when Access Manager is running against Session Cookie hijacking.
com.iplanet.am.auth.ldap.createUserAttrList
Specifies a list of user attributes that contain values that will be retrieved from an external Directory Server during LDAP Authentication when the Authentication Service is configured to dynamically create users. The new user created in the local Directory Server will have the values for attributes which have been retrieved from external Directory Server.
Example: attribute1, attribute2, attribute3
Set these properties to initialize the JSS Socket Factory when iPlanet Web Server is configured for SSL.
com.iplanet.am.admin.cli.certdb.dir
Value is set during installation. Example: /opt/SUNWwbsvr/alias
Specifies certificate database path.
com.iplanet.am.admin.cli.certdb.passfile
Value is set during installation. Example: /etc/opt/SUNWam/config/.wtpass
Specifies certificate database password file.
com.iplanet.am.admin.cli.certdb.prefix
Value is set during installation. Example: https-hostName.domainName.com-hostName-
Specifies certificate database prefix.
com.iplanet.am.cookie.encode
This property allows Access Manager to URLencode the cookie value which converts characters to ones that are understandable by HTTP.
Value is set during installation. Example: false
com.iplanet.am.cookie.name
Default value is iPlanetDirectoryPro. Cookie name used by Authentication Service to set the valid session handler ID. The value of this cookie name is used to retrieve the valid session information.
com.iplanet.am.cookie.secure
Allows the Access Manager cookie to be set in a secure mode in which the browser will only return the cookie when a secure protocol such as HTTP(s) is used.
Default value is false.
com.iplanet.am.console.remote
Value is set during installation. Example: false
Determines whether the console is installed on a remote machine, or is installed on a local machine and will be used by authentication console.
com.iplanet.am.pcookie.name
Specifies the cookie name for a persistent cookie. A persistent cookie continues to exist after the browser window is closed. This enables a user to log in with a new browser session without having to reauthenticate. Default value is DProPCookie.
com.sun.identity.cookieRewritingInPath
Default value is true. This property is read by the Authentication Service when Access Manager is configured to run in cookieless mode. The property specifies that the cookie needs to be rewritten as extra path information in the URL using this form: protocol://server:port/uri;cookiename=cookieValue?queryString. If this property is not specified, then the cookie will be written as part of the query string.
com.sun.identity.enableUniqueSSOTokenCookie
Default value is false. Indicates that Access Manager is running against Session Cookie hijacking when the value is set to true.
com.iplanet.services.debug.directory
Specifies the output directory where debug files will be created. Value is set during installation. Example: /var/opt/SUNWam/debug
com.iplanet.services.debug.level
Specifies debug level. Default value is error. Possible values are:
No debug file is created.
Only error messages are logged.
Only warning messages are logged.
Error, warning, and informational messages are logged.
com.iplanet.am.defaultOrg
Value is set at installation. Example: o=AMRoot
Specifies the top-level realm or organization in the Access Manager information tree.
com.iplanet.am.directory.host
Value is set during installation. Example: DirectoryServerHost.domainName.com
Specifies fully-qualified host name of the Directory Server.
com.iplanet.am.directory.port
Value is set during installation. Example: 389
Specifies the Directory Server port number .
com.iplanet.am.directory.ssl.enabled
Default value is false. Indicates if Security Socket Layer (SSL) is enabled.
com.iplanet.am.domaincomponent
Value is set during installation. Example: o=AMRoot
Specifies the domain component (dc) attribute for the Access Manager information tree.
com.iplanet.am.rootsuffix
Value is set during installation. Example: o=AMRoot
com.iplanet.am.event.connection.delay.between.retries
Default value is 3000. Specifies the delay in milliseconds between retries to re-establish the Event Service connections.
com.iplanet.am.event.connection.ldap.error.codes.retries
Default values are 80,81,91. Specifies the LDAP exception error codes for which retries to re-establish Event Service connections will trigger.
com.iplanet.am.event.connection.num.retries
Default value is 3. Specifies the number of attempts made to successfully re-establish the Event Service connections.
com.sun.am.event.connection.idle.timeout
Default value is 0. Specifies the number of minutes after which the persistent searches will be restarted.
This property is used when a load balancer or firewall is between the policy agents and the Directory Server, and the persistent search connections are dropped when TCP idle timeoutoccurs. The property value should be lower than the load balancer or firewall TCP timeout. This ensures that the persistent searches are restarted before the connections are dropped. A value of 0 indicates that searches will not be restarted. Only the connections that are timed out will be reset.
com.iplanet.am.service.secret
Value is set during installation. Example: AQICPX9e1cxSxB2RSy1WG1+O4msWpt/6djZl
com.iplanet.am.services.deploymentDescriptor
Value is set during installation. Example: /amserver
com.iplanet.services.comm.server.pllrequest.maxContentLength
Default value is 16384 or 16k. Specifies the maximum content-length for an HttpRequest that Access Manager will accept.
com.iplanet.services.configpath
Value is set during installation. Example: /etc/opt/SUNWam/config
com.iplanet.am.daemons
Default value is unix securid. Description
securidHelper.ports
Default value is 58943. This property takes a space-separated list and is used for the SecurID authentication module and helpers.
unixHelper.ipaddrs
Value is set during installation. Specifies a list of IP addresses to be read by the amserverscript and passed to the UNIX helper when starting the helper. This property can contain a list of space-separated trusted IP Addresses in IPv4 format.
unixHelper.port
Default value is 58946. Used in the UNIX Authentication module type.
com.sun.identity.federation.alliance.cache.enabled
Default value is true. If true, federation metadata will be cached internally.
com.sun.identity.federation.fedCookieName
Default value is fedCookie. Specifies the name of the Federation Services cookie.
com.sun.identity.federation.proxyfinder
Default value is com.sun.identity.federation.services.FSIDPProxyImpl. Defines the implementation for finding a preferred identity provider to be proxied.
com.sun.identity.federation.services.signingOn
Default value is false. Specifies the level of signature verification for Liberty requests and responses.
Liberty requests and responses will be signed when sent, and Liberty requests and responses that are received will be verified for signature validity.
Liberty requests and responses that are sent and received will not be verified for signature.
Liberty requests and responses will be signed or verified only if required by the Federation profiles.
com.sun.identity.password.deploymentDescriptor
Value is set during installation. Example: /ampassword
com.sun.identity.policy.Policy.policy_evaluation_weights
Default value is 10:10:10. Indicates the proportional processing cost to evaluate a policy subject, rule, and condition. The values specified influence the order in which the subject, rule, and condition of a policy are evaluated. The value is expressed using three integers which represent a subject, a rule, and a condition. The values are delimited by a colon (:) to indicate the proportional processing cost to evaluate a policy subject, rule, and condition.
com.sun.identity.session.application.maxCacheTime
Default value is 3. Specifies the maximum number of minutes for caching time for Application Sessions. By default, the cache does not expire unless this property is enabled.
com.sun.identity.sm.ldap.enableProxy
Default value is false. Specifies the Proxy Server to use for a connection. Set to true if LDAPProxy is supported by the backend storage. If true, use the Proxy Server for connection If false, no proxy is used for connection.
com.sun.identity.webcontainer
Value is set during installation. Example: WEB_CONTAINER
Specifies the name of the of the web container. Although the servlet or JSPs are not web container dependent, Access Manager uses the servlet 2.3 API request.setCharacterEncoding() to correctly decode incoming non English characters. These APIs will not work if Access Manager is deployed on Sun Java System Web Server 6.1. Access Manager uses the gx_charset mechanism to correctly decode incoming data in Sun Java System Web Server versions 6.1 and S1AS7.0. Possible values BEA6.1, BEA 8.1, IBM5.1 or IAS7.0. If the web container is Sun Java System Web Server, the tag is not replaced.
These properties identify the value for SSL ApprovalCallback. If the checkSubjectAltName or resolveIPAddress feature is enabled, you must create cert7.db and key3.db with the prefix value ofcom.iplanet.am.admin.cli.certdb.prefix in the com.iplanet.am.admin.cli.certdb.dirdirectory. Then restart Access Manager .
com.iplanet.am.jssproxy.checkSubjectAltName
Default value is false. When enabled, a server certificate includes the Subject Alternative Name (SubjectAltName) extension, and Access Manager checks all name entries in the extension. If one of the names in the SubjectAltName extension is the same as the server FQDN, Access Manager continues the SSL handshaking. To enable this property, set it to a comma separated list of trusted FQDNs. For example: com.iplanet.am.jssproxy.checkSubjectAltName= amserv1.example.com,amserv2.example.com
com.iplanet.am.jssproxy.resolveIPAddress
Default value is false.
com.iplanet.am.jssproxy.trustAllServerCerts
Default value is false. If enabled (true), Access Manager ignores all certificate-related issues such as a name conflict and continues the SSL handshaking. To prevent a possible security risk, enable this property only for testing purposes, or when the enterprise network is tightly controlled. Avoid enabling this property if a security risk might occur (for example, if a server connects to a server in a different network).
com.iplanet.am.jssproxy.SSLTrustHostListIf set, Access Manager checks the Platform Server list against the server host that is being accessed. If the server FQDNs of the two servers in the Platform Server list match, Access Manager continues the SSL handshaking. Use the following syntax to set the property:
com.iplanet.am.jssproxy.SSLTrustHostList = fqdn_am_server1 ,fqdn_am_server2, fqdn_am_server3
com.sun.identity.jss.donotInstallAtHighestPriority
Default value is false. Determines if JSS will be added with highest priority to JCE. Set to true if other JCE providers should be used for digital signatures and encryptions.
com.iplanet.am.ldap.connection.delay.between.retries
Default is 1000. Specifies the number milliseconds between retries.
com.iplanet.am.ldap.connection.ldap.error.codes.retries
Default values are 80,81,91. Specifies the LDAPException error codes for which retries to re-establish the LDAP connection will trigger.
com.iplanet.am.ldap.connection.num.retries
Default value is 3. Specifies the number of attempts made to successfully re-establish the LDAP connection.
com.sun.identity.liberty.interaction.htmlStyleSheetLocation
Value is set during installation. Example: /opt/SUNWam/lib/is-html.xsl
Specifies path to style sheet that renders the interaction page in HTML.
com.sun.identity.liberty.interaction.wmlStyleSheetLocation
Value is set during installation. Example: /opt/SUNWam/lib/is-wml.xsl
Specifies path to style sheet that renders the interaction page in WML.
com.sun.identity.liberty.interaction.wscSpecifiedInteractionChoice
Default value isinteractIfNeeded. Indicates whether a web service consumer participates in an interaction. Allowed values are:
Interacts only if required. Also used if an invalid value is specified.
No interaction.
No interaction for data.
com.sun.identity.liberty.interaction.wscSpecifiedMaxInteractionTime
Default value is 80. Web service consumer's preference on the acceptable duration for interaction. The value is expressed in seconds. The default value is used if the value is not specified or if a non-integer value is specified.
com.sun.identity.liberty.interaction.wscWillEnforceHttpsCheck
The default value is yes. Indicates whether a web service consumer enforces the requirement that a request redirected to a URL uses HTTPS. Valid values are yes and no. The case is ignored. The Liberty specification requires the value to be yes. If no value is specified, the default value is used.
com.sun.identity.liberty.interaction.wscWillInlcudeUserInteractionHeader
Default value is yes. If not value is specified, the default value is used. Indicates whether a web service consumer includes userInteractionHeader. Allowable values are yes and no. The case is ignored.
com.sun.identity.liberty.interaction.wscWillRedirect
Default value is yes. Indicates whether the web service consumer redirects user for interaction. Valid values are yes and no. If not value is specified, the default value is used.
com.sun.identity.liberty.interaction.wspRedirectHandler
Value is set during installation. Example: http://hostName.domainName.com:portNumber/amserver/WSPRedirectHandler
Specifies the URL WSPRedirectHandlerServlet uses to handle Liberty WSF WSP-resource owner interactions based on user agent redirects. This should be running in the same JVM where the Liberty service provider is running.
com.sun.identity.liberty.interaction.wspRedirectTime
Default is 30. Web service provider's expected duration for interaction. Expressed in seconds. If the value is not specified, or if the value is a non-integer, the default value is used.
com.sun.identity.liberty.interaction.wspWillEnforceHttpsCheck
Default value is yes. If no value is specified, the default value is used. Indicates whether the web service consumer enforces the requirement that returnToURLuse HTTPS. Valid values are yes and no. (case ignored) the Liberty specification requires the value to be yes.
com.sun.identity.liberty.interaction.
wspWillEnforceReturnToHostEqualsRequestHost
The Liberty specification requires the value to be yes. Indicates whether the web service consumer enforces that returnToHost and requestHost are the same. Valid values areyes and no.
com.sun.identity.liberty.interaction.wspWillRedirect
Default is yes. If no value is specified, the default value is used. Indicates whether a web service provider redirects the user for interaction. Valid values are yes and no. Case is ignored.
com.sun.identity.liberty.interaction.wspWillRedirectForData
Default value is yes. If no value is specified, the default value is used. Indicates whether the web service provider redirects the user for interaction for data. Valid values are yes and no. Case is ignored.
com.sun.identity.liberty.ws.interaction.enable
Default value is false.
com.sun.identity.liberty.ws.jaxb.namespacePrefixMappingList
Default value is
=S=http://schemas.xmlsoap.org/soap/envelope/|sb=urn:liberty:sb:2003-08 |pp=urn:liberty:id-sis-pp:2003-08|ispp=http://www.sun.com/identity/ liberty/pp|is=urn:liberty:is:2003-08 |
. Specifies the namespace prefix mapping used when marshalling a JAXB content tree to a DOM tree. The syntax is prefix=namespace|prefix=namespace|...
com.sun.identity.liberty.ws.jaxb.packageList
Specifies JAXB package list used when constructing JAXBContext. Each package must be separated by a colon (:).
com.sun.identity.liberty.ws.security.TokenProviderImpl
Default value is com.sun.identity.liberty.ws.security.AMSecurityTokenProviderDescription.
com.sun.identity.liberty.ws.soap.certalias
Value is set during installation. Client certificate alias that will be used in SSL connection for Liberty SOAP Binding.
com.sun.identity.liberty.ws.soap.messageIDCacheCleanupInterval
Default value is 60000. Specifies the number of milliseconds to elapse before cache cleanup events begin. Each message is stored in a cache with its ownmessageID to avoid duplicate messages. When a message's current time less the received time exceeds thestaleTimeLimit value, the message is removed from the cache.
com.sun.identity.liberty.ws.soap.staleTimeLimit
Default value is 300000. Determines if a message is stale and thus no longer trustworthy. If the message timestamp is earlier than the current timestamp by the specified number of milliseconds, the message the considered to be stale.
com.sun.identity.liberty.ws.soap.supportedActors
Default value is http://schemas.xmlsoap.org/soap/actor/next. Specifies supported SOAP actors. Each actor must be separated by a pipe character (|).
com.sun.identity.liberty.ws.ta.certalias
Value is set during installation. Specifies certificate alias for the trusted authority that will be used to sign SAML or SAML. BEARER token of response message.
com.sun.identity.liberty.ws.wsc.certalias
Value is set during installation. Specifies default certificate alias for issuing web service security token for this web service client.
com.sun.identity.liberty.ws.ta.certalias
Value is set during installation. Specifies certificate alias for trusted authority that will be used to sign SAML or SAML. BEARER token of response message.
com.sun.identity.liberty.ws.trustedca.certaliases
Value is set during installation.
Specifies certificate aliases for trusted CA. SAML or SAML BEARER token of incoming request. Message must be signed by a trusted CA in this list. The syntax is cert alias 1[:issuer 1]|cert alias 2[:issuer 2]|..... Example: myalias1:myissuer1|myalias2|myalias3:myissuer3. The value issuer is used when the token doesn't have a KeyInfo inside the signature. The issuer of the token must be in this list, and the corresponding certificate alias will be used to verify the signature. If KeyInfo exists, the keystore must contain a certificate alias that matches the KeyInfo and the certificate alias must be in this list.
com.sun.identity.liberty.ws.security.TokenProviderImpl
Value is set during installation. Specifies implementation for security token provider.
com.sun.identity.saml.removeassertion
Default value is true. A flag to indicate if de-referenced assertions should be removed from the cache. Applies to assertions that were created associated with artifacts, and have been de-referenced.
com.iplanet.am.logstatus
Specifies whether logging is turned on (ACTIVE) or off (INACTIVE). Value is set to ACTIVE during installation.
You can configure the degree of detail to be contained in a specific log file by adding attributes to the AMConfig.properties file. Use the following format:
iplanet-am-logging.logfileName.level=java.util.logging.Level where logfileName is the name of a log file for an Access Manager service (see table 1), andjava.util.logging.Level is an allowable attribute value . Access Manager services log at the INFO level. SAML and Identity Federation services also log at more detailed levels (FINE, FINER, FINEST). Example:
iplanet-am-logging.amSSO.access.level=FINER
Logging to a particular log file can also be turned off. Example:
iplanet-am-logging.amConsole.access.evel=OFF
Table A–1 Access Manager Log Files
Log File Name |
Records Logged |
---|---|
amAdmin.access |
Successful amadmin command-line events |
amAdmin.error |
amadmin command-line error events |
amAuthLog.access |
Access Manager Policy Agent related events. See the Note following this table. |
amAuthentication.access |
Successful authentication events |
amAuthentication.error |
Authentication failures |
amConsole.access |
Console events |
amConsole.error |
Console error events. |
amFederation.access |
Successful Federation events. |
amFederation.error |
Federation error events. |
amPolicy.access |
Storage of policy allow events |
amPolicy.error |
Storage of policy deny events |
amSAML.access |
Successful SAML events |
amSAML.error |
SAME error events |
amLiberty.access |
Successful Liberty events |
amLiberty.error |
Liberty error events |
amSSO.access |
Single sign-on creation and destruction |
amSSO.error |
Single sign-on error events |
The amAuthLog filename is determined by the Policy Agent properties in AMAgent.properties. For Web Policy Agents, the property is com.sun.am.policy.agents.config.remote.log. For J2EE Policy Agents, the property is com.sun.identity.agents.config.remote.logfile. The default is amAuthLog.host.domain.port, where host.domain is the fully-qualified host name of the host running the Policy Agent web server, and where port is the port number of that web server. If you have multiple Policy Agents deployed, you can have multiple instances of this file. The property com.sun.identity.agents.config.audit.accesstype (for both Web and J2EE Agents) determines what data is logged remotely. The logged data can include policy allows, policy denies, both allows and denies, or neither allows nor denies.
com.iplanet.am.naming.failover.url
This property is no longer being used in Access Manager 7.0.
com.iplanet.am.naming.url
Value is set during installation. Example: http://hostName.domainName.com:portNumber/amserver/namingservice
Specifies the naming service URL to use.
Use the following keys to configure the notification thread pool.
com.iplanet.am.notification.threadpool.size
Default value is 10. Defines the size of the pool by specifying the total number of threads.
com.iplanet.am.notification.threadpool.threshold
Default value is 100. Specifies the maximum task queue length.
When a notification task comes in, it is sent to the task queue for processing. If the queue reaches the maximum length, further incoming requests will be rejected along with a ThreadPoolException, until the queue has a vacancy.
com.iplanet.am.notification.url
Value is set during installation. Example: http://hostName.domainName.com:portNumber/amserver/notificationservice
com.iplanet.am.policy.agents.url.deploymentDescriptor
Value is set during installation. Example: AGENT_DEPLOY_URI
com.sun.identity.agents.app.username
Default value is UrlAccessAgent. Specifies the username to use for the Application authentication module.
com.sun.identity.agents.cache.size
Default value is 1000. Specifies the size of the resource result cache. The cache is created on the server where the policy agent is installed.
com.sun.identity.agents.header.attributes
Default values are cn,ou,o,mail,employeenumber,c. Specifies the policy attributes to be returned by the policy evaluator. Uses the form a[,...]. In this example, a is the attribute in the data store to be fetched.
com.sun.identity.agents.logging.level
Default value is NONE. Controls the granularity of the Policy Client API logging level. The default value is NONE. Possible values are:
Logs access allowed requests.
Logs access denied requests.
Logs both access allowed and access denied requests.
Logs no requests.
com.sun.identity.agents.notification.enabled
Default value is false. Enables or disables notifications for the Policy Client API.
com.sun.identity.agents.notification.url
Used by the policy client SDK to register policy change notifications. A mis-configuration of this property will result in policy notifications being disabled.
com.sun.identity.agents.polling.interval
Default value is 3. Specifies the polling interval which is the number of minutes after which an entry is dropped from the Client APIs cache.
com.sun.identity.agents.resource.caseSensitive
Default value is false. Description
Indicates whether case sensitive is turned on or off during policy evaluation.
com.sun.identity.agents.true.value
Indicates the true value of a policy action. This value can be ignored if the application does not need to access the PolicyEvaluator.isAllowed method. This value signifies how a policy decision from Access Manager should be interpreted. Default value is allow.
com.sun.identity.agents.resource.comparator.class
Default value is com.sun.identity.policy.plugins.URLResourceName
Specifies the resource comparison class name. Available implementation classes are: com.sun.identity.policy.plugins.PrefixResourceName and com.sun.identity.policy.plugins.URLResourceName.
com.sun.identity.agents.resource.delimiter
Default value is a backslash (/). Specifies the delimiter for the resource name.
com.sun.identity.agents.resource.wildcard
Default value is *. Specifies the wildcard for the resource name.
com.sun.identity.agents.server.log.file.name
Default value is amRemotePolicyLog. Specifies the name of the log file to use for logging messages to Access Manager. Only the name of the file is needed. The directory of the file is determined other Access Manager configuration settings.
com.sun.identity.agents.use.wildcard
Default value is true. Indicates whether to use a wildcard for resource name comparison.
com.sun.identity.policy.client.booleanActionValues
iPlanetAMWebAgentService|POST|allow|deny
Default value is iPlanetAMWebAgentService|GET|allow|deny:.
Specifies Boolean action values for policy action names. Uses the form serviceName|actionName|trueValue|falseValue. Values for action names are delimited by a colon (:).
com.sun.identity.policy.client.cacheMode
Default value is self. Specifies cache mode for the client policy evaluator. Valid values are subtree and self. If set to subtree, the policy evaluator obtains policy decisions from the server for all the resources from the root of resource actually requested. If set to self, the policy evaluator gets the policy decision from the server only for the resource actually requested.
com.sun.identity.policy.client.clockSkew
Adjusts for time difference between the policy client machine and the policy server. If this property does not exist, and if the policy agent time differs from the policy server time, you occasionally see and incorrect policy decision. You must run a time-syncing service to keep the time on the policy server and on the policy client as close as possible. Use this property to adjust for the small time difference regardless of running time syncing service. Clock skew in seconds = agentTime - serverTime . Comment the property out on the policy server. Uncomment the line and set the appropriate value on the policy client machine or the machine running the policy agent agent-server clock skew (in seconds).
com.sun.identity.policy.client.resourceComparators=
serviceType=iPlanetAMWebAgentService|class=
Specifies ResourceComparators to be used for different service names. Copy the value from the Access Manager console. Go to Service Configuration > PolicyConfiguration > Global:ResourceComparator. Concatenate multiple values from Access Manager using a colon (: ) as the delimiter.
com.sun.identity.policy.plugins.URLResourceName|wildcard
Default value is *|delimiter=/|caseSensitive=trueDescription
com.iplanet.am.profile.host
This property is no longer used in Access Manager 7. It is provided only for backward compatibility. Value is set during installation. Example: hostName.domainName.com
com.iplanet.am.profile.port
This property is no longer used in Access Manager 7. It is provided only for backward compatibility. Value is set during installation. Example: 80
Use the following keys to configure replication setup.
com.iplanet.am.replica.delay.between.retries
Default value is 1000. Specifies the number of milliseconds between retries.
com.iplanet.am.replica.num.retries
Default value is 0. Specifies the number of times to retry.
com.sun.identity.saml.assertion.version
Default value is 1.1. Specifies default SAML version used. Possible values are 1.0 or 1.1.
com.sun.identity.saml.checkcert
Default value is on. Flag for checking the certificate embedded in the KeyInfo against the certificates in the keystore. Certificates in the keystore are specified by the com.sun.identity.saml.xmlsig.keystore property. Possible values are: on|off. If the flag is "on", * the certification must be presented in the keystore for * XML signature validation. If the flag is "off", skip * the presence checking. */
Certification must be presented in the keystore for XML signature validation
Skips the presence checking.
com.sun.identity.saml.protocol.version
Default value is 1.1. Specifies default SAML version used. Possible values are 1.0 or 1.1.
com.sun.identity.saml.removeassertion
com.sun.identity.saml.request.maxContentLength
Default value is 16384. Specifies the maximum content-length for an HTTP Request that will be used in SAML.
com.sun.identity.saml.xmlsig.certalias
Default value is test. Description
com.sun.identity.saml.xmlsig.keypass
Value is set during installation. Example: /etc/opt/SUNWam/config/.keypass
Specifies the path to the SAML XML key password file.
com.sun.identity.saml.xmlsig.keystore
Value is set during installation. Example: /etc/opt/SUNWam/config/keystore.jks
Specifies the path to the SAML XML keystore password file.
com.sun.identity.saml.xmlsig.storepass
Value is set during installation. Example: /etc/opt/SUNWam/config/.storepass
Specifies the path to the SAML XML key storepass file.
com.iplanet.security.encryptor
Default value is com.iplanet.services.util.JSSEncryption. Specifies the encrypting class implementation. Available classes are: com.iplanet.services.util.JCEEncryption and com.iplanet.services.util.JSSEncryption.
com.iplanet.security.SecureRandomFactoryImpl
Default value is com.iplanet.am.util.JSSSecureRandomFactoryImpl. Specifies the factory class name for SecureRandomFactory. Available implementation classes are: com.iplanet.am.util.JSSSecureRandomFactoryImpl which uses JSS, and com.iplanet.am.util.SecureRandomFactoryImpl which uses pure Java.
com.iplanet.security.SSLSocketFactoryImpl
Default value is com.iplanet.services.ldap.JSSSocketFactory. Specifies the factory class name for LDAPSocketFactory. Available classes are: com.iplanet.services.ldap.JSSSocketFactory which uses JSS, and netscape.ldap.factory.JSSESocketFactory which uses pure Java.
com.sun.identity.security.checkcaller
Default value is false. Enables or disables Java security manager permissions check for Access Manager. Disabled by default. If enabled, then you should make appropriate changes to the Java policy file of the container in which Access Manager is deployed. This way, Access Manager JAR files can be trusted for performing sensitive operations. For more information, see the Java API Reference (Javadoc) entry for com.sun.identity.security.
am.encryption.pwd
Value is set during installation. Example: dSB9LkwPCSoXfIKHVMhIt3bKgibtsggd
Specifies the key used to encrypt and decrypt passwords.
com.iplanet.am.clientIPCheckEnabled
Default value is false. Specifies whether or not the IP address of the client is checked in all SSOToken creations or validations.
com.iplanet.am.session.client.polling.enable
This is a READ-ONLY property. Do not modify the property value.
Default value is false. Enables client-side session polling. Please note that the session polling mode and the session notification mode are mutually exclusive. If the polling mode is enabled, the session notification is automatically turned off, and vice versa.
com.iplanet.am.session.client.polling.period
Default value is 180. Specifies number of seconds in a polling period.
com.iplanet.am.session.httpSession.enabled
Default value is true. Enables or disables USING httpSession.
com.iplanet.am.session.invalidsessionmaxtime
Default value is 10. Specifies the number of minutes after which the invalid session will be removed from the session table if it is created and the user does not login. This value should always be greater than the timeout value in the Authentication module properties file.
com.iplanet.am.session.maxSessions
Default value is 5000. Specify the maximum number of allowable concurrent sessions.
Login sends a Maximum Sessions error if the maximum concurrent sessions value exceeds this number.
com.iplanet.am.session.purgedelay
Default value is 60. Specifies the number of minutes to delay the purge session operation.
After a session times out, this is an extended time period during which the session continues to reside in the session server. This property is used by the client application to check if the session has timed out through SSO APIs. At the end of this extended time period, the session is destroyed. The session is not sustained during the extended time period if the user logs out or if the session is explicitly destroyed by an Access Manager component. The session is in the INVALID state during this extended period.
com.sun.am.session.caseInsensitiveDN
Default value is true. Compares the Agent DN. If the value is false, the comparison is case-sensitive.
com.sun.am.session.enableHostLookUp
Default value is false. Enables or disables host lookup during session logging.
com.iplanet.am.smtphost
Default value is localhost. Specifies the mail server host.
com.iplanet.am.smtpport
Default value is 25. Specifies the mail server port.
com.iplanet.am.stats.interval
Default value is 60. Specifies number of minutes to elapse between statistics logging. Minimum is 5 seconds to avoid CPU saturation. Access Manager assumes any value less than 5 seconds to be 5 seconds.
com.iplanet.services.stats.directory
Value is set during installation. Example: /var/opt/SUNWam/stats Specifies directory where debug files are created.
com.iplanet.services.stats.state
Default value is file. Specifies location of statistics log. Possible values are:
No statistics are logged.
Statistics are written to a file under the specified directory.
Statistics are written into Web Server log files.
The file serverconfig.xml provides configuration information for Sun Java™ System Access Manager regarding the Directory Server that is used as its data store. This chapter explains the elements of the file and how to configure it for failover, how can you have multiple instances, how can you un-deploy the console and remove console files from a server. It contains the following sections:
serverconfig.xml is located in / AccessManager-base /SUNWam/config/ums. It contains the parameters used by the Identity SDK to establish the LDAP connection pool to Directory Server. No other function of the product uses this file. Two users are defined in this file: user1 is a Directory Server proxy user and user2 is the Directory Server administrator.
The Proxy User can take on any user’s privileges (for example, the organization administrator or an end user). The connection pool is created with connections bound to the proxy user. Access Manager creates a proxy user with the DN of cn=puser,ou=DSAME Users,dc=example,dc=com. This user is used for all queries made to Directory Server. It benefits from a proxy user ACI already configured in the Directory Server and, therefore, can perform actions on behalf of a user when necessary. It maintains an open connection through which all queries are passed (retrieval of service configurations, organization information, etc.). The proxy user password is always encrypted. Proxy User illustrates where the encrypted password is located in serverconfig.xml .
<User name="User1" type="proxy"> <DirDN> cn=puser,ou=DSAME Users,dc=example,dc=com </DirDN> <DirPassword> AQICkc3qIrCeZrpexyeoL4cdeXih4vv9aCZZ </DirPassword> </User> |
dsameuser is used for binding purposes when the Access Manager SDK performs operations on Directory Server that are not linked to a particular user (for example, retrieving service configuration information). Proxy User performs these operations on behalf of dsameuser, but a bind must first validate the dsameuser credentials. During installation, Access Manager creates cn=dsameuser,ou=DSAME Users,dc=example,dc=com . Proxy User illustrates where the encrypted dsameuser password is found in serverconfig.xml .
<User name="User2" type="admin"> <DirDN> cn=dsameuser,ou=DSAME Users,dc=example,dc=com </DirDN> <DirPassword> AQICkc3qIrCeZrpexyeoL4cdeXih4vv9aCZZ </DirPassword> </User> |
server-config.dtd defines the structure for serverconfig.xml . It is located in AccessManager-base /SUNWam/dtd. This section defines the main elements of the DTD. MiscConfig Element is an example of the serverconfig.xml file.
iPlanetDataAccessLayer is the root element. It allows for the definition of multiple server groups per XML file. Its immediate sub-element is the ServerGroup Element. It contains no attributes.
ServerGroup defines a pointer to one or more directory servers. They can be master servers or replica servers. The sub-elements that qualify the ServerGroup include Server Element, User Element, BaseDN Element and MiscConfig Element. The XML attributes of ServerGroup are the name of the server group, and minConnPool and maxConnPool which define the minimum (1) and maximum (10) connections that can be opened for the LDAP connection pool. More than one defined ServerGroup element is not supported.
Access Manager uses a connection pool to access Directory Server. All connections are opened when Access Manager starts and are not closed. They are reused.
Server defines a specific Directory Server instance. It contains no sub-elements. The required XML attributes of Server are a user-friendly name for the server, the host name, the port number on which the Directory Server runs, and the type of LDAP connection that must be opened (either simple or SSL).
For an example of automatic failover using the Server element, see Failover Or Multimaster Configuration.
User contains sub-elements that define the user configured for the Directory Server instance. The sub-elements that qualify User include DirDN and DirPassword. It’s required XML attributes are the name of the user, and the type of user. The values for type identify the user’s privileges and the type of connection that will be opened to the Directory Serverinstance. Options include:
auth—defines a user authenticated to Directory Server.
proxy—defines a Directory Server proxy user. See Proxy User for more information.
rebind—defines a user with credentials that can be used to rebind.
admin—defines a user with Directory Server administrative privileges. See Admin User for more information.
DirDN contains the LDAP Distinguished Name of the defined user.
DirPassword contains the defined user’s encrypted password.
It is important that passwords and encryption keys are kept consistent throughout the deployment. For example, the passwords defined in this element are also stored in Directory Server. If the password is to be changed in one place, it must be updated in both places. Additionally, this password is encrypted. If the encryption key defined in the am.encryption.pwd property is changed, all passwords in serverconfig.xml must be re-encrypted using ampassword --encrypt password. .
BaseDN defines the base Distinguished Name for the server group. It contains no sub-elements and no XML attributes.
MiscConfig is a placeholder for defining any LDAP JDK features like cache size. It contains no sub-elements. It’s required XML attributes are the name of the feature and its defined value.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <!-- Copyright (c) 2002 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. --> <iPlanetDataAccessLayer> <ServerGroup name="default" minConnPool="1" maxConnPool="10"> <Server name="Server1" host=" ishost.domain_name" port="389" type="SIMPLE" /> <User name="User1" type="proxy"> <DirDN> cn=puser,ou=DSAME Users,dc=example,dc=com </DirDN> <DirPassword> AQICkc3qIrCeZrpexyeoL4cdeXih4vv9aCZZ </DirPassword> </User> <User name="User2" type="admin"> <DirDN> cn=dsameuser,ou=DSAME Users,dc=example,dc=com </DirDN> <DirPassword> AQICkc3qIrCeZrpexyeoL4cdeXih4vv9aCZZ </DirPassword> </User> <BaseDN> dc=example,dc=com </BaseDN> </ServerGroup> </iPlanetDataAccessLayer> |
Access Manager allows automatic failover to any Directory Server defined as a ServerGroup ElementServer Element in serverconfig.xml. More than one server can be configured for failover purposes or multimasters. If the first configured server goes down, the second configured server will takeover. Failover Or Multimaster Configuration illustrates serverconfig.xml with automatic failover configuration.
<?xml version="1.0" encoding="ISO-8859-1" standalone="yes"?> <!-- PROPRIETARY/CONFIDENTIAL. Use of this product is subject to license terms. Copyright 2002 Sun Microsystems, Inc. All rights reserved. --> <iPlanetDataAccessLayer> <ServerGroup name="default" minConnPool="1" maxConnPool="10"> <Server name="Server1" host=" amhost1.domain_name" port="389" type="SIMPLE" /> <Server name="Server2" host=" amhost2.domain_name" port="389" type="SIMPLE" /> <Server name="Server3" host=" amhost3.domain_name" port="390" type="SIMPLE" /> <User name="User1" type="proxy"> <DirDN> cn=puser,ou=DSAME Users,dc=example,dc=com </DirDN> <DirPassword> AQIC5wM2LY4Sfcy+AQBQxghVwhBE92i78cqf </DirPassword> </User> <User name="User2" type="admin"> <DirDN> cn=dsameuser,ou=DSAME Users,dc=example,dc=com </DirDN> <DirPassword> AQIC5wM2LY4Sfcy+AQBQxghVwhBE92i78cqf </DirPassword> </User> <BaseDN> o=isp </BaseDN> </ServerGroup> </iPlanetDataAccessLayer> |
This appendix lists the possible log files for each area of Access Manager functionality. The tables in this appendix document the following log file items:
Id — The log identification number.
Log Level — The Log Level attribute for the message.
Description — A description of the logging message.
Data — The data type to which the message pertains.
Triggers — Reason for the log file message.
Actions — Actions for you to take to gain more information.
Definitions and locations and of the log files are described in the Sun Java System Access Manager 7 2005Q4 Technical Overview.
Table C–1 Log Reference for amAdmin Command line utility
Id |
Log Level |
Description |
Data |
Triggers |
Actions |
---|---|---|---|---|---|
1 |
INFO |
Unsuccessful login for user. |
user id |
Unsuccessful login for user. | |
2 TEST |
INFO |
ADMINEXCEPTION Received |
element nameerror message |
Received ADMINEXCEPTION while processing Admin request(s). |
Look in amAdmin debug file for more information. |
3 |
INFO |
Session destroyed |
name of user |
Session destroyed. | |
11 |
INFO |
Service Schema Loaded |
schema name |
Successfully loaded service schema. | |
12 |
INFO |
Service deleted |
service name |
Successfully deleted service. | |
13 |
INFO |
Attributes Added |
attribute name |
Attributes successfully added. | |
21 |
INFO |
There are no policies for this service |
service name |
Delete Policy Rule Flag specified, but service has no policies. | |
22 |
INFO |
Policy Schema for Service not found |
service name |
Delete Policy Rule Flag specified, but could not find the policy schema for the service | |
23 |
INFO |
Deleting Policies For Service |
service name |
Deleting Service with Delete Policy Rule Flag specified. | |
24 |
INFO |
Done Deleting Policies For Service |
service name |
Deleting Service with Delete Policy Rule Flag specified. | |
25 |
INFO |
Created Policy in Organization |
policy nameorganization DN |
Created Policy in Organization DN. | |
26 |
INFO |
Deleted Policy from Organization |
policy nameorganization DN |
Deleted Policy from Organization DN. | |
31 |
INFO |
Add Resource Bundle of Locale to Directory Server |
resource bundle nameresource locale |
Resource Bundle of Locale successfully stored in Directory Server. | |
32 |
INFO |
Add Default Resource Bundle to Directory Server |
resource bundle name |
Default Resource Bundle successfully stored in Directory Server. | |
33 |
INFO |
Deleted Resource Bundle of Locale from Directory Server |
resource bundle nameresource locale |
Successfully deleted Resource Bundle of Locale from Directory Server. | |
34 |
INFO |
Deleted Default Resource Bundle of Locale from Directory Server |
resource bundle name |
Successfully deleted default Resource Bundle from Directory Server. | |
41 |
INFO |
Modified Service Schema of service |
name of service |
Successfully modified Service Schema of service. | |
42 |
INFO |
Deleted Service Sub Schema of service |
name of sub schemaname of service |
Successfully deleted service sub schema of service. | |
43 |
INFO |
Added Service Sub Schema to service. |
name of service |
Successfully added service sub schema to service. | |
44 |
INFO |
Added Sub Configuration to service. |
name of sub configurationname of service |
Successfully added sub configuration to service. | |
45 |
INFO |
Modified Sub Configuration of service |
name of sub configurationname of service |
Successfully modified sub configuration of service. | |
46 |
INFO |
Deleted Sub Configuration of service |
name of sub configurationname of service |
Successfully deleted sub configuration of service. | |
47 |
INFO |
Deleted all Service Configurations of service. |
name of service |
Successfully deleted all service configurations of service. | |
91 |
INFO |
Modify Service SubConfiguration in Organization |
subconfiguration nameservice nameorganization DN |
Successfully Modified Service SubConfiguration in Organization. | |
92 |
INFO |
Added Service SubConfiguration in Organization |
subconfiguration nameservice nameorganization DN |
Successfully Added Service Sub Configuration in Organization. | |
93 |
INFO |
Deleted Service SubConfiguration in Organization |
subconfiguration nameservice nameorganization DN |
Successfully Deleted Service Sub Configuration in Organization. | |
94 |
INFO |
Created remote provider in organization |
provider nameorganization DN |
Successfully created remote provider in organization. | |
95 |
INFO |
Modified remote provider in organization |
provider nameorganization DN |
Successfully modified remote provider in organization. | |
96 |
INFO |
Modified hosted provider in organization |
provider nameorganization DN |
Successfully modified hosted provider in organization. | |
97 |
INFO |
Created hosted provider in organization |
provider nameorganization DN |
Successfully created hosted provider in organization. |
Look under identity repository log for more information. |
98 |
INFO |
Deleted Remote Provider in organization |
provider nameorganization DN |
Successfully Deleted Remote Provider in organization. | |
99 |
INFO |
Created Authentication Domain in organization |
name of circle of trustorganization DN |
Successfully Created Authentication Domain in 0rganization. | |
100 |
INFO |
Deleted Authentication Domain in organization. |
name of circle of trustorganization DN |
Successfully Deleted Authentication Domain in 0rganization. | |
101 |
INFO |
Modified Authentication Domain in organization. |
name of circle of trustorganization DN |
Successfully Modified Authentication Domain in organization. | |
102 |
INFO |
Attempt to modify service template |
DN of service template |
Attempted to modify service template. | |
103 |
INFO |
Modified service template |
DN of service template |
Successfully modified service template. | |
104 |
INFO |
Attempt to remove service template |
DN of service template |
Attempted to remove service template. | |
105 |
INFO |
Removed service template |
DN of service template |
Successfully removed service template. | |
106 |
INFO |
Attempt to add service template |
DN of service template |
Attempted to add service template. | |
107 |
INFO |
Added service template |
DN of service template |
Successfully added service template. | |
108 |
INFO |
Attempt to add nested groups to group |
name of group to addDN of containing group |
Attempted to add nested groups to group. | |
109 |
INFO |
Added nested groups to group |
name of group to addDN of containing group |
Successfully added nested groups to group. | |
110 |
INFO |
Attempt to add user to group or role |
name of usertarget group or role |
Attempted to add user to group or role. | |
111 |
INFO |
Added user to group or role |
name of usertarget group or role |
Successfully added user to group or role. | |
112 |
INFO |
Attempt to create entity. |
DN of entity |
Attempted to Create entity. | |
113 |
INFO |
Created entity. |
localized name of entityDN of entity |
Created entity. | |
114 |
INFO |
Attempt to create role |
role DN |
Attempted to create role. | |
115 |
INFO |
Created role |
name of role |
Created role. | |
116 |
INFO |
Attempt to create group container |
name of group container |
Attempted to create group container. | |
117 |
INFO |
Create group container |
name of group container |
Created group container. | |
118 |
INFO |
Attempt to create group. |
name of group |
Attempted to create group. | |
119 |
INFO |
Create group. |
name of group |
Created group. | |
120 |
INFO |
Attempt to create people container. |
DN of people container |
Attempted to create people container. | |
121 |
INFO |
Create people container. |
DN of people container |
Created people container. | |
122 |
INFO |
Attempt to create service template in organization or role |
name of service templatename of organization or role |
Attempted to create service template in organization or role. | |
123 |
INFO |
Create service template in organization or role |
name of service templatename of organization or role |
Created service template in organization or role. | |
124 |
INFO |
Attempt to create container |
name of container |
Attempted to create container. | |
125 |
INFO |
Create container |
name of container |
Created container. | |
126 |
INFO |
Attempt to create user. |
name of user |
Attempted to create user. | |
127 |
INFO |
Create user. |
name of user |
Created user. | |
128 |
INFO |
Attempt to delete entity. |
DN of entity |
Attempted to delete entity. | |
129 |
INFO |
Delete entity. |
localized name of entityDN of entity |
Deleted entity. | |
130 |
INFO |
Attempt to delete people container |
DN of people container |
Attempted to delete people container. | |
131 |
INFO |
Delete people container |
DN of people container |
Deleted people container. | |
132 |
INFO |
Attempt to delete role |
name of role |
Attempted to delete role. | |
133 |
INFO |
Delete role |
name of role |
Deleted role. | |
134 |
INFO |
Attempt to delete service template in organization |
name of service templatename of organization |
Attempted to delete service template in organization. | |
135 |
INFO |
Delete service template in organization |
name of service templatename of organization |
Deleted service template in organization. | |
136 |
INFO |
Attempt to delete container. |
name of container |
Attempted to delete container. | |
137 |
INFO |
Delete container. |
name of container |
Deleted container. | |
138 |
INFO |
Attempt to modify entity |
localized name of entityDN of entity |
Attempted to modify entity. | |
139 |
INFO |
Modify entity |
localized name of entityDN of entity |
Modified entity. | |
140 |
INFO |
Attempt to modify people container. |
DN of people container |
Attempted to modify people container. | |
141 |
INFO |
Modify people container. |
DN of people container |
Modified people container. | |
142 |
INFO |
Attempt to modify container. |
name of container |
Attempted to modify container. | |
143 |
INFO |
Modify container. |
name of container |
Modified container. | |
144 |
INFO |
Attempt to register service under organization. |
name of servicename of organization |
Attempted to register service under organization | |
145 |
INFO |
Register service under organization. |
name of servicename of organization |
Registered service under organization | |
146 |
INFO |
Attempt to unregister service under organization. |
name of servicename of organization |
Attempted to unregister service under organization | |
147 |
INFO |
Unregister service under organization. |
name of servicename of organization |
Unregistered service under organization | |
148 |
INFO |
Attempt to modify group. |
name of group |
Attempted to modify group | |
149 |
INFO |
Modify group. |
name of group |
Modified group | |
150 |
INFO |
Attempt to remove nested group from group. |
name of nested groupname of group |
Attempted to remove nested group from group. | |
151 |
INFO |
Remove nested group from group. |
name of nested groupname of group |
Removed nested group from group. | |
152 |
INFO |
Attempt to delete group |
name of group |
Attempted to delete group. | |
153 |
INFO |
Delete group |
name of group |
Deleted group. | |
154 |
INFO |
Attempt to remove a user from a Role |
name of username of role |
Attempted to remove a user from a Role. | |
155 |
INFO |
Remove a user from a Role |
name of username of role |
Removed a user from a Role. | |
156 |
INFO |
Attempt to remove a user from a Group |
name of username of group |
Attempted to remove a user from a Group. | |
157 |
INFO |
Remove a user from a Group |
name of username of group |
Removed a user from a Group. | |
201 |
INFO |
Attempt to add an Identity to an Identity in a Realm |
name of identity to addtype of identity to add name of identity to add totype of identity to add to name of realm |
Attempted to add an Identity to an Identity in a Realm. | |
202 |
INFO |
Add an Identity to an Identity in a Realm |
name of identity to addtype of identity to add name of identity to add totype of identity to add to name of realm |
Added an Identity to an Identity in a Realm. | |
203 |
INFO |
Attempt to assign service to an identity in a realm. |
name of servicename of identitytype of identity name of realm |
Attempted to assign service to an identity in a realm. | |
204 |
INFO |
Assign service to an identity in a realm. |
name of servicename of identitytype of identity name of realm |
Assigned service to an identity in a realm. | |
205 |
INFO |
Attempt to create identities of a type in a realm. |
type of identityname of realm |
Attempted to create identities of a type in a realm. | |
206 |
INFO |
Create identities of a type in a realm. |
type of identityname of realm |
Created identities of a type in a realm. | |
207 |
INFO |
Attempt to create identity of a type in a realm. |
name of identitytype of identityname of realm |
Attempted to create identity of a type in a realm. | |
208 |
INFO |
Create identity of a type in a realm. |
name of identitytype of identityname of realm |
Created identity of a type in a realm. | |
209 |
INFO |
Attempt to delete identity of a type in a realm |
name of identitytype of identityname of realm |
Attempted to delete identity of a type in a realm. | |
210 |
INFO |
Delete identity of a type in a realm |
name of identitytype of identityname of realm |
Deleted identity of a type in a realm. | |
211 |
INFO |
Attempt to modify a service for an Identity in a Realm |
name of servicetype of identityname of identity name of realm |
Attempted to modify a service for an Identity in a Realm. | |
212 |
INFO |
Modify a service for an Identity in a Realm |
name of servicetype of identityname of identity name of realm |
Modified a service for an Identity in a Realm. | |
213 |
INFO |
Attempt to remove an Identity from an Identity in a Realm |
name of identity to removetype of identity to remove name of identity to remove fromtype of identity to remove from name of realm |
Attempted to remove an Identity from an Identity in a Realm. | |
214 |
INFO |
Remove an Identity from an Identity in a Realm |
name of identity to removetype of identity to remove name of identity to remove fromtype of identity to remove from name of realm |
Removed an Identity from an Identity in a Realm. | |
215 |
INFO |
Attempt to set Service Attributes for an Identity in a Realm |
name of servicetype of identityname of identity name of realm |
Attempted to set Service Attributes for an Identity in a Realm. | |
216 |
INFO |
Set Service Attributes for an Identity in a Realm |
name of servicetype of identityname of identity name of realm |
Set Service Attributes for an Identity in a Realm. | |
217 |
INFO |
Attempt to unassign a service from an Identity in a Realm |
name of servicetype of identityname of identity name of realm |
Attempted to unassign a service from an Identity in a Realm. | |
218 |
INFO |
Unassign a service from an Identity in a Realm |
name of servicetype of identityname of identity name of realm |
Unassigned a service from an Identity in a Realm. | |
219 |
INFO |
Attempt to create organization |
name of organization |
Attempted to create an organization. | |
220 |
INFO |
Create organization |
name of organization |
Created an organization. | |
221 |
INFO |
Attempt to delete sub organization. |
name of sub organization |
Attempted to delete sub organization. | |
222 |
INFO |
Delete sub organization. |
name of sub organization |
Deleted sub organization. | |
223 |
INFO |
Attempt to modify role |
name of role |
Attempted to modify role. | |
224 |
INFO |
Modify role |
name of role |
Modified role. | |
225 |
INFO |
Attempt to modify sub organization. |
name of sub organization |
Attempted to modify sub organization. | |
226 |
INFO |
Modify sub organization. |
name of sub organization |
Modified sub organization. | |
227 |
INFO |
Attempt to delete user. |
name of user |
Attempted to delete user. | |
228 |
INFO |
Delete user. |
name of user |
Deleted user. | |
229 |
INFO |
Attempt to modify user. |
name of user |
Attempted to modify user. | |
230 |
INFO |
Modify user. |
name of user |
Modified user. | |
231 |
INFO |
Attempt to add values to a Service Attribute in a Realm. |
name of attributename of servicename of realm |
Attempted to add values to a Service Attribute in a Realm. | |
232 |
INFO |
Add values to a Service Attribute in a Realm. |
name of attributename of servicename of realm |
Added values to a Service Attribute in a Realm. | |
233 |
INFO |
Attempt to assign a Service to a Realm |
name of servicename of realm |
Attempted to assign a Service to a Realm. | |
234 |
INFO |
Assign a Service to a Realm |
name of servicename of realm |
Assigned a Service to a Realm. | |
235 |
INFO |
Attempt to create a Realm |
name of realm createdname of parent realm |
Attempted to create a Realm. | |
236 |
INFO |
Create a Realm |
name of realm createdname of parent realm |
Created a Realm. | |
237 |
INFO |
Delete Realm. |
recursive or notname of realm deleted |
Deleted Realm. | |
238 |
INFO |
Delete Realm. |
recursive or notname of realm deleted |
Deleted Realm. | |
239 |
INFO |
Attempt to modify a service in a Realm. |
name of servicename of realm |
Attempted to modify a service in a Realm. | |
240 |
INFO |
Modify a service in a Realm. |
name of servicename of realm |
Modified a service in a Realm. | |
241 |
INFO |
Attempt to remove an attribute from a service in a Realm |
name of attributename of servicename of realm |
Attempted to remove an attribute from a service in a Realm. | |
242 |
INFO |
Remove an attribute from a service in a Realm |
name of attributename of servicename of realm |
Removed an attribute from a service in a Realm. | |
243 |
INFO |
Attempt to remove values from a service's attribute in a Realm |
name of attributename of servicename of realm |
Attempted to remove values from a service's attribute in a Realm. | |
244 |
INFO |
Remove values from a service's attribute in a Realm |
name of attributename of servicename of realm |
Removed values from a service's attribute in a Realm. | |
245 |
INFO |
Attempt to set attributes for a service in a Realm. |
name of servicename of realm |
Attempted to set attributes for a service in a Realm. | |
246 |
INFO |
Set attributes for a service in a Realm. |
name of servicename of realm |
Set attributes for a service in a Realm. | |
247 |
INFO |
Attempt to unassign a service from a Realm. |
name of servicename of realm |
Attempted to unassign a service from a Realm. | |
248 |
INFO |
Unassign a service from a Realm. |
name of servicename of realm |
Unassigned a service from a Realm. | |
249 |
INFO |
Attempt to assign a Service to an Organization Configuration |
name of servicename of realm |
Attempted to assign a Service to an Organization Configuration. | |
250 |
INFO |
Assign a Service to an Organization Configuration |
name of servicename of realm |
Assigned a Service to an Organization Configuration. | |
251 |
INFO |
Assign a Service to an Organization Configuration Not Done |
name of servicename of realm |
Assigned a Service to an Organization Configuration, but the service is not one of the org config's assignable services. | |
252 |
INFO |
Assign a Service to a Realm Not Done |
name of servicename of realm |
Assigned a Service to a Realm, but the service is not one of the realm's assignable services. | |
253 |
INFO |
Attempt to unassign a service from an Organization Configuration. |
name of servicename of realm |
Attempted to unassign a service from an Organization Configuration. | |
254 |
INFO |
Unassign a service from an Organization Configuration. |
name of servicename of realm |
Unassigned a service from an Organization Configuration. | |
255 |
INFO |
Unassign a service not in the Organization Configuration or Realm. |
name of servicename of realm |
Requested to unassign a service not in the Organization Configuration or Realm. | |
256 |
INFO |
Attempt to modify a service in an Organization Configuration. |
name of servicename of realm |
Attempted to modify a service in an Organization Configuration. | |
257 |
INFO |
Modify a service in an Organization Configuration. |
name of servicename of realm |
Modified a service in an Organization Configuration. | |
258 |
INFO |
Modify a service not in the Organization Configuration or Realm. |
name of servicename of realm |
Attempted to modify a service not in the Organization Configuration or Realm. |
Table C–2 Log Reference for Authentication
Id |
Log Level |
Description |
Data |
Triggers |
Actions |
---|---|---|---|---|---|
100 |
INFO |
Authentication is Successful |
message |
User authenticated with valid credentials | |
101 |
INFO |
User based authentication is successful |
messageauthentication typeuser name |
User authenticated with valid credentials | |
102 |
INFO |
Role based authentication is successful |
messageauthentication typerole name |
User belonging to role authenticated with valid credentials | |
103 |
INFO |
Service based authentication is successful |
messageauthentication typeservice name |
User authenticated with valid credentials to a configured service under realm | |
104 |
INFO |
Authentication level based authentication is successful |
messageauthentication typeauthentication level value |
User authenticated with valid credentials to one or more authentication modules having authentication level value greater than or equal to specified authentication level | |
105 |
INFO |
Module based authentication is successful |
messageauthentication typemodule name |
User authenticated with valid credentials to authentication module under realm | |
200 |
INFO |
Authentication Failed |
error message |
Incorrect/invalid credentials presentedUser locked out/not active |
Enter correct/valid credentials to required authentication module |
201 |
INFO |
Authentication Failed |
error message |
Invalid credentials entered. |
Enter the correct password. |
202 |
INFO |
Authentication Failed |
error message |
Named Configuration (Auth Chain) does not exist. |
Create and configure a named config for this org. |
203 |
INFO |
Authentication Failed |
error message |
No user profile found for this user. |
User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly. |
204 |
INFO |
Authentication Failed |
error message |
This user is not active. |
Activate the user. |
205 |
INFO |
Authentication Failed |
error message |
Max number of failure attempts exceeded. User is Locked out. |
Contact system administrator. |
206 |
INFO |
Authentication Failed |
error message |
User account has expired. |
Contact system administrator. |
207 |
INFO |
Authentication Failed |
error message |
Login timed out. |
Try to login again. |
208 |
INFO |
Authentication Failed |
error message |
Authentication module is denied. |
Configure this module or use some other module. |
209 |
INFO |
Authentication Failed |
error message |
Limit for maximum number of allowed session has been reached. |
Logout of a session or increase the limit. |
210 |
INFO |
Authentication Failed |
error message |
Org/Realm does not exists. |
Use a valid Org/Realm. |
211 |
INFO |
Authentication Failed |
error message |
Org/Realm is not active. |
Activate the Org/Realm. |
212 |
INFO |
Authentication Failed |
error message |
Cannot create a session. |
Ensure that session service is configured and maxsession is not reached. |
213 |
INFO |
User based authentication failed |
error messageauthentication typeuser name |
No authentication configuration (chain of one or more authentication modules) configured for userIncorrect/invalid credentials presented User locked out/not active |
Configure authentication configuration (chain of one or more authentication modules) for userEnter correct/valid credentials to required authentication module |
214 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based Auth. Invalid credentials entered. |
Enter the correct password. |
215 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
Named Configuration (Auth Chain) does not exist for this user |
Create and configure a named config for this user |
216 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based Auth. No user profile found for this user. |
User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly. |
217 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based Auth. This user is not active. |
Activate the user. |
218 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based Auth. Max number of failure attempts exceeded. User is Locked out. |
Contact system administrator. |
219 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based Auth. User account has expired. |
Contact system administrator. |
220 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based Auth. Login timed out. |
Try to login again. |
221 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based Auth. Authentication module is denied. |
Configure this module or use some other module. |
222 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based auth. Limit for maximum number of allowed session has been reached. |
Logout of a session or increase the limit. |
223 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based auth. Org/Realm does not exists. |
Use a valid Org/Realm. |
224 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based auth. Org/Realm is not active. |
Activate the Org/Realm. |
225 |
INFO |
Authentication Failed |
error messageauthentication typeuser name |
User based auth. Cannot create a session. |
Ensure that session service is configured and maxsession is not reached. |
226 |
INFO |
Role based authentication failed |
error messageauthentication typerole name |
No authentication configuration (chain of one or more authentication modules) configured for roleIncorrect/invalid credentials presented User does not belong to this roleUser locked out/not active |
Configure authentication configuration (chain of one or more authentication modules) for roleEnter correct/valid credentials to required authentication moduleAssign this role to the authenticating user |
227 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based Auth. Invalid credentials entered. |
Enter the correct password. |
228 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Named Configuration (Auth Chain) does not exist for this role. |
Create and configure a named config for this role. |
229 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based Auth. No user profile found for this user. |
User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly. |
230 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based Auth. This user is not active. |
Activate the user. |
231 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based Auth. Max number of failure attempts exceeded. User is Locked out. |
Contact system administrator. |
232 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based Auth. User account has expired. |
Contact system administrator. |
233 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based Auth. Login timed out. |
Try to login again. |
234 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based Auth. Authentication module is denied. |
Configure this module or use some other module. |
235 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based auth. Limit for maximum number of allowed session has been reached. |
Logout of a session or increase the limit. |
236 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based auth. Org/Realm does not exists. |
Use a valid Org/Realm. |
237 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based auth. Org/Realm is not active. |
Activate the Org/Realm. |
238 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based auth. Cannot create a session. |
Ensure that session service is configured and maxsession is not reached. |
239 |
INFO |
Authentication Failed |
error messageauthentication typerole name |
Role based auth. User does not belong to this role. |
Add the user to this role. |
240 |
INFO |
Service based authentication failed |
error messageauthentication typeservice name |
No authentication configuration (chain of one or more authentication modules) configured for serviceIncorrect/invalid credentials presented User locked out/not active |
Configure authentication configuration (chain of one or more authentication modules) for serviceEnter correct/valid credentials to required authentication module |
241 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based Auth. Invalid credentials entered. |
Enter the correct password. |
242 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Named Configuration (Auth Chain) does not exist with this service name. |
Create and configure a named config. |
243 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based Auth. No user profile found for this user. |
User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly. |
244 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based Auth. This user is not active. |
Activate the user. |
245 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based Auth. Max number of failure attempts exceeded. User is Locked out. |
Contact system administrator. |
246 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based Auth. User account has expired. |
Contact system administrator. |
247 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based Auth. Login timed out. |
Try to login again. |
248 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based Auth. Authentication module is denied. |
Configure this module or use some other module. |
249 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based Auth. Service does not exist. |
Please use only valid Service. |
250 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based auth. Limit for maximum number of allowed session has been reached. |
Logout of a session or increase the limit. |
251 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based auth. Org/Realm does not exists. |
Use a valid Org/Realm. |
252 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based auth. Org/Realm is not active. |
Activate the Org/Realm. |
253 |
INFO |
Authentication Failed |
error messageauthentication typeservice name |
Service based auth. Cannot create a session. |
Ensure that session service is configured and maxsession is not reached. |
254 |
INFO |
Authentication level based authentication failed |
error messageauthentication typeauthentication level value |
There are no authentication module(s) having authentication level value greater than or equal to specified authentication level Incorrect/invalid credentials presented to one or more authentication modules having authentication level greater than or equal to specified authentication levelUser locked out/not active |
Configure one or more authentication modules having authentication level value greater than or equal to required authentication levelEnter correct/valid credentials to one or more authentication modules having authentication level greater than or equal to specified authentication level |
255 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based Auth. Invalid credentials entered. |
Enter the correct password. |
256 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based Auth. No Auth Configuration available. |
Create an auth configuration. |
257 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based Auth. No user profile found for this user. |
User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly. |
258 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based Auth. This user is not active. |
Activate the user. |
259 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based Auth. Max number of failure attempts exceeded. User is Locked out. |
Contact system administrator. |
260 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based Auth. User account has expired. |
Contact system administrator. |
261 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based Auth. Login timed out. |
Try to login again. |
262 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based Auth. Authentication module is denied. |
Configure this module or use some other module. |
263 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based Auth. Invalid Authg Level. |
Please specify valid auth level. |
264 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based auth. Limit for maximum number of allowed session has been reached. |
Logout of a session or increase the limit. |
265 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based auth. Org/Realm does not exists. |
Use a valid Org/Realm. |
266 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based auth. Org/Realm is not active. |
Activate the Org/Realm. |
267 |
INFO |
Authentication Failed |
error messageauthentication typeauthentication level value |
Level based auth. Cannot create a session. |
Ensure that session service is configured and maxsession is not reached. |
268 |
INFO |
Module based authentication failed |
error messageauthentication typemodule name |
Module is not registered/configured under realmIncorrect/invalid credentials presentedUser locked out/not active |
Register/configure authentication module under realmEnter correct/valid credentials to authentication module |
269 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based Auth. Invalid credentials entered. |
Enter the correct password. |
270 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based Auth. No user profile found for this user. |
User does not exist in the datastore plugin configured and hence configure the datastore plugin for this realm/org correctly. |
271 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based Auth. This user is not active. |
Activate the user. |
272 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based Auth. Max number of failure attempts exceeded. User is Locked out. |
Contact system administrator. |
273 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based Auth. User account has expired. |
Contact system administrator. |
274 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based Auth. Login timed out. |
Try to login again. |
275 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based Auth. Authentication module is denied. |
Configure this module or use some other module. |
276 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based auth. Limit for maximum number of allowed session has been reached. |
Logout of a session or increase the limit. |
277 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based auth. Org/Realm does not exists. |
Use a valid Org/Realm. |
278 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based auth. Org/Realm is not active. |
Activate the Org/Realm. |
279 |
INFO |
Authentication Failed |
error messageauthentication typemodule name |
Module based auth. Cannot create a session. |
Ensure that session service is configured and maxsession is not reached. |
300 |
INFO |
User logout is Successful |
message |
User logged out | |
301 |
INFO |
User logout is successful from user based authentication |
messageauthentication typeuser name |
User logged out | |
302 |
INFO |
User logout is successful from role based authentication |
messageauthentication typerole name |
User belonging to this role logged out | |
303 |
INFO |
User logout is successful from service based authentication |
messageauthentication typeservice name |
User logged out of a configured service under realm | |
304 |
INFO |
User logout is successful from authentication level based authentication |
messageauthentication typeauthentication level value |
User logged out of one or more authentication modules having authentication level value greater than or equal to specified authentication level | |
305 |
INFO |
User logout is successful from module based authentication |
messageauthentication typemodule name |
User logged out of authentication module under realm |
Table C–3 Log Reference for the Access Manager Console
Id |
Log Level |
Description |
Data |
Triggers |
Actions |
---|---|---|---|---|---|
1 |
INFO |
Attempt to create Identity |
identity nameidentity typerealm name |
Click on create button in Realm Creation Page. | |
2 |
INFO |
Creation of Identity succeeded. |
identity nameidentity typerealm name |
Click on create button in Realm Creation Page. | |
3 |
SEVERE |
Creation of Identity failed |
identity nameidentity typerealm name error message |
Unable to create an identity under a realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
4 |
SEVERE |
Creation of Identity failed |
identity nameidentity typerealm name error message |
Unable to create an identity under a realm due to data store error. |
Look under data store log for more information. |
11 |
INFO |
Attempt to search for Identities |
base realmidentity typesearch pattern search size limitsearch time limit |
Click on Search button in identity search view. | |
12 |
INFO |
Searching for Identities succeeded |
base realmidentity typesearch pattern search size limitsearch time limit |
Click on Search button in identity search view. | |
13 |
SEVERE |
Searching for identities failed |
identity nameidentity typerealm name error message |
Unable to perform search operation on identities under a realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
14 |
SEVERE |
Searching for identities failed |
identity nameidentity typerealm name error message |
Unable to perform search operation on identities under a realm due to data store error. |
Look under data store log for more information. |
21 |
INFO |
Attempt to read attribute values of an identity |
identity namename of attributes |
View identity profile view. | |
22 |
INFO |
Reading of attribute values of an identity succeeded |
identity namename of attributes |
View identity profile view. | |
23 |
SEVERE |
Reading of attribute values of an identity failed |
identity namename of attributeserror message |
Unable to read attribute values of an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
24 |
SEVERE |
Reading of attribute values of an identity failed |
identity namename of attributeserror message |
Unable to read attribute values of an identity due to data store error. |
Look under data store log for more information. |
25 |
SEVERE |
Reading of attribute values of an identity failed |
identity namename of attributeserror message |
Unable to read attribute values of an identity due to exception service manager API. |
Look under service manage log for more information. |
31 |
INFO |
Attempt to modify attribute values of an identity |
identity namename of attributes |
Click on Save button in identity profile view. | |
32 |
INFO |
Modification of attribute values of an identity succeeded |
identity namename of attributes |
Click on Save button in identity profile view. | |
33 |
SEVERE |
Modification of attribute values of an identity failed |
identity namename of attributeserror message |
Unable to modify attribute values of an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
34 |
SEVERE |
Modification of attribute values of an identity failed |
identity namename of attributeserror message |
Unable to modify attribute values of an identity due to data store error. |
Look under data store log for more information. |
41 |
INFO |
Attempt to delete identities |
realm namename of identities to be deleted |
Click on Delete button in identity search view. | |
42 |
INFO |
Deletion of identities succeeded |
realm namename of identities to be deleted |
Click on Delete button in identity search view. | |
43 |
SEVERE |
Deletion of identities failed |
realm namename of identities to be deletederror message |
Unable to delete identities. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
44 |
SEVERE |
Deletion of identities failed |
realm namename of identities to be deletederror message |
Unable to delete identities due to data store error. |
Look under data store log for more information. |
51 |
INFO |
Attempt to read identity's memberships information |
name of identitymembership identity type |
View membership page of an identity. | |
52 |
INFO |
Reading of identity's memberships information succeeded |
name of identitymembership identity type |
View membership page of an identity. | |
53 |
SEVERE |
Reading of identity's memberships information failed. |
name of identitymembership identity typeerror message |
Unable to read identity's memberships information. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
54 |
SEVERE |
Reading of identity's memberships information failed. |
name of identitymembership identity typeerror message |
Unable to read identity's memberships information due to data store error. |
Look under data store log for more information. |
61 |
INFO |
Attempt to read identity's members information |
name of identitymembers identity type |
View members page of an identity. | |
62 |
INFO |
Reading of identity's members information succeeded |
name of identitymembers identity type |
View members page of an identity. | |
63 |
SEVERE |
Reading of identity's members information failed. |
name of identitymember identity typeerror message |
Unable to read identity's members information. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
64 |
SEVERE |
Reading of identity's members information failed. |
name of identitymember identity typeerror message |
Unable to read identity's members information due to data store error. |
Look under data store log for more information. |
71 |
INFO |
Attempt to add member to an identity |
name of identityname of identity to be added. |
Select members to be added to an identity. | |
72 |
INFO |
Addition of member to an identity succeeded |
name of identityname of identity added. |
Select members to be added to an identity. | |
73 |
SEVERE |
Addition of member to an identity failed. |
name of identityname of identity to be added. error message |
Unable to add member to an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
74 |
SEVERE |
Addition of member to an identity failed. |
name of identityname of identity to be added. error message |
Unable to add member to an identity due to data store error. |
Look under data store log for more information. |
81 |
INFO |
Attempt to remove member from an identity |
name of identityname of identity to be removed. |
Select members to be removed from an identity. | |
82 |
INFO |
Removal of member from an identity succeeded |
name of identityname of identity removed. |
Select members to be removed from an identity. | |
83 |
SEVERE |
Removal of member to an identity failed. |
name of identityname of identity to be removed. error message |
Unable to remove member from an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
84 |
SEVERE |
Removal of member from an identity failed. |
name of identityname of identity to be removed. error message |
Unable to remove member to an identity due to data store error. |
Look under data store log for more information. |
91 |
INFO |
Attempt to read assigned service names of an identity |
name of identity |
Click on Add button in service assignment view of an identity. | |
92 |
INFO |
Reading assigned service names of an identity succeeded |
name of identity |
Click on Add button in service assignment view of an identity. | |
93 |
SEVERE |
Reading assigned service names of an identity failed. |
name of identityerror message |
Unable to read assigned service names of an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
94 |
SEVERE |
Reading assigned service names of an identity failed. |
name of identityerror message |
Unable to read assigned service names of an identity due to data store error. |
Look under data store log for more information. |
101 |
INFO |
Attempt to read assignable service names of an identity |
name of identity |
View the services page of an identity. | |
102 |
INFO |
Reading assignable service names of an identity succeeded |
name of identity |
View the services page of an identity. | |
103 |
SEVERE |
Reading assignable service names of an identity failed. |
name of identityerror message |
Unable to read assignable service names of an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
104 |
SEVERE |
Reading assignable service names of an identity failed. |
name of identityerror message |
Unable to read assignable service names of an identity due to data store error. |
Look under data store log for more information. |
111 |
INFO |
Attempt to assign a service to an identity |
name of identityname of service |
Click Add button of service view of an identity. | |
112 |
INFO |
Assignment of service to an identity succeeded |
name of identityname of service |
Click Add button of service view of an identity. | |
113 |
SEVERE |
Assignment of service to an identity failed. |
name of identityname of serviceerror message |
Unable to assign service to an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
114 |
SEVERE |
Assignment of service to an identity failed. |
name of identityname of serviceerror message |
Unable to assign service to an identity due to data store error. |
Look under data store log for more information. |
121 |
INFO |
Attempt to unassign a service from an identity |
name of identityname of service |
Click Remove button in service view of an identity. | |
122 |
INFO |
Unassignment of service to an identity succeeded |
name of identityname of service |
Click Remove button in service view of an identity. | |
123 |
SEVERE |
Unassignment of service from an identity failed. |
name of identityname of serviceerror message |
Unable to unassign service from an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
124 |
SEVERE |
Unassignment of service from an identity failed. |
name of identityname of serviceerror message |
Unable to unassign service from an identity due to data store error. |
Look under data store log for more information. |
131 |
INFO |
Attempt to read service attribute values of an identity |
name of identityname of service |
View service profile view of an identity. | |
132 |
INFO |
Reading of service attribute values of an identity succeeded |
name of identityname of service |
View service profile view of an identity. | |
133 |
SEVERE |
Reading of service attribute values of an identity failed. |
name of identityname of serviceerror message |
Unable to read service attribute values of an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation |
Look under data store log for more information. |
134 |
SEVERE |
Reading of service attribute values of an identity failed. |
name of identityname of serviceerror message |
Unable to read service attribute values of an identity due to data store error. |
Look under data store log for more information. |
141 |
INFO |
Attempt to write service attribute values to an identity |
name of identityname of service |
Click on Save button in service profile view of an identity. | |
142 |
INFO |
Writing of service attribute values to an identity succeeded |
name of identityname of service |
Click on Save button in service profile view of an identity. | |
143 |
SEVERE |
Writing of service attribute values to an identity failed. |
name of identityname of serviceerror message |
Unable to write service attribute values to an identity. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store log for more information. |
144 |
SEVERE |
Writing of service attribute values to an identity failed. |
name of identityname of serviceerror message |
Unable to write service attribute values to an identity due to data store error. |
Look under data store log for more information. |
201 |
INFO |
Attempt to read all global service default attribute values |
name of service |
View global configuration view of a service. | |
202 |
INFO |
Reading of all global service default attribute values succeeded |
name of service |
View global configuration view of a service. | |
203 |
INFO |
Attempt to read global service default attribute values |
name of servicename of attribute |
View global configuration view of a service. | |
204 |
INFO |
Reading of global service default attribute values succeeded |
name of servicename of attribute |
View global configuration view of a service. | |
205 |
INFO |
Reading of global service default attribute values failed |
name of servicename of attribute |
View global configuration view of a service. |
Look under service management log for more information. |
211 |
INFO |
Attempt to write global service default attribute values |
name of servicename of attribute |
Click on Save button in global configuration view of a service. | |
212 |
INFO |
Writing of global service default attribute values succeeded |
name of servicename of attribute |
Click on Save button in global configuration view of a service. | |
213 |
SEVERE |
Writing of global service default attribute values failed. |
name of servicename of attributeerror message |
Unable to write global service default attribute values. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
214 |
SEVERE |
Writing of global service default attribute values failed. |
name of servicename of attributeerror message |
Unable to write service default attribute values due to service management error. |
Look under service management log for more information. |
221 |
INFO |
Attempt to get sub configuration names |
name of servicename of base global sub configuration |
View a global service view of which its service has sub schema. | |
222 |
INFO |
Reading of global sub configuration names succeeded |
name of servicename of base global sub configuration |
View a global service view of which its service has sub schema. | |
223 |
SEVERE |
Reading of global sub configuration names failed. |
name of servicename of base global sub configuration error message |
Unable to get global sub configuration names. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
224 |
SEVERE |
Reading of global sub configuration names failed. |
name of servicename of base global sub configuration error message |
Unable to get global sub configuration names due to service management error. |
Look under service management log for more information. |
231 |
INFO |
Attempt to delete sub configuration |
name of servicename of base global sub configuration name of sub configuration to be deleted |
Click on delete selected button in global service profile view. | |
232 |
INFO |
Deletion of sub configuration succeeded |
name of servicename of base global sub configuration name of sub configuration to be deleted |
Click on delete selected button in global service profile view. | |
233 |
SEVERE |
Deletion of sub configuration failed. |
name of servicename of base global sub configuration name of sub configuration to be deletederror message |
Unable to delete sub configuration. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
234 |
SEVERE |
Deletion of sub configuration failed. |
name of servicename of base global sub configuration name of sub configuration to be deletederror message |
Unable to delete sub configuration due to service management error. |
Look under service management log for more information. |
241 |
INFO |
Attempt to create sub configuration |
name of servicename of base global sub configuration name of sub configuration to be createdname of sub schema to be created |
Click on add button in create sub configuration view. | |
242 |
INFO |
Creation of sub configuration succeeded |
name of servicename of base global sub configuration name of sub configuration to be createdname of sub schema to be created |
Click on add button in create sub configuration view. | |
243 |
SEVERE |
Creation of sub configuration failed. |
name of servicename of base global sub configuration name of sub configuration to be createdname of sub schema to be createderror message |
Unable to create sub configuration. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
244 |
SEVERE |
Creation of sub configuration failed. |
name of servicename of base global sub configuration name of sub configuration to be createdname of sub schema to be createderror message |
Unable to create sub configuration due to service management error. |
Look under service management log for more information. |
251 |
INFO |
Reading of sub configuration's attribute values succeeded |
name of servicename of sub configuration |
View sub configuration profile view. | |
261 |
INFO |
Attempt to write sub configuration's attribute values |
name of servicename of sub configuration |
Click on save button in sub configuration profile view. | |
262 |
INFO |
Writing of sub configuration's attribute values succeeded |
name of servicename of sub configuration |
Click on save button in sub configuration profile view. | |
263 |
SEVERE |
Writing of sub configuration's attribute value failed. |
name of servicename of sub configurationerror message |
Unable to write sub configuration's attribute values. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
264 |
SEVERE |
Writing of sub configuration's attribute value failed. |
name of servicename of sub configurationerror message |
Unable to write sub configuration's attribute value due to service management error. |
Look under service management log for more information. |
301 |
INFO |
Attempt to get policy names under a realm. |
name of realm |
View policy main page. | |
302 |
INFO |
Getting policy names under a realm succeeded |
name of realm |
View policy main page. | |
303 |
SEVERE |
Getting policy names under a realm failed. |
name of realmerror message |
Unable to get policy names under a realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under policy log for more information. |
304 |
SEVERE |
Getting policy names under a realm failed. |
name of realmerror message |
Unable to get policy names under a realm due to policy SDK related errors. |
Look under policy log for more information. |
311 |
INFO |
Attempt to create policy under a realm. |
name of realmname of policy |
Click on New button in policy creation page. | |
312 |
INFO |
Creation of policy succeeded |
name of realmname of policy |
Click on New button in policy creation page. | |
313 |
SEVERE |
Creation of policy failed. |
name of realmname of policyerror message |
Unable to create policy under a realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under policy log for more information. |
314 |
SEVERE |
Creation of policy failed. |
name of realmname of policyerror message |
Unable to create policy under a realm due to policy SDK related errors. |
Look under policy log for more information. |
321 |
INFO |
Attempt to modify policy. |
name of realmname of policy |
Click on Save button in policy profile page. | |
322 |
INFO |
Modification of policy succeeded |
name of realmname of policy |
Click on Save button in policy profile page. | |
323 |
SEVERE |
Modification of policy failed. |
name of realmname of policyerror message |
Unable to modify policy under a realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under policy log for more information. |
324 |
SEVERE |
Modification of policy failed. |
name of realmname of policyerror message |
Unable to modify policy due to policy SDK related errors. |
Look under policy log for more information. |
331 |
INFO |
Attempt to delete policy. |
name of realmnames of policies |
Click on Delete button in policy main page. | |
332 |
INFO |
Deletion of policy succeeded |
name of realmname of policies |
Click on Delete button in policy main page. | |
333 |
SEVERE |
Deletion of policy failed. |
name of realmname of policieserror message |
Unable to delete policy. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under policy log for more information. |
334 |
SEVERE |
Deletion of policy failed. |
name of realmname of policieserror message |
Unable to delete policy due to policy SDK related errors. |
Look under policy log for more information. |
401 |
INFO |
Attempt to get realm names |
name of parent realm |
View realm main page. | |
402 |
INFO |
Getting realm names succeeded. |
name of parent realm |
View realm main page. | |
403 |
SEVERE |
Getting realm names failed. |
name of parent realmerror message |
Unable to get realm names due to service management SDK exception. |
Look under service management log for more information. |
411 |
INFO |
Attempt to create realm |
name of parent realmname of new realm |
Click on New button in create realm page. | |
412 |
INFO |
Creation of realm succeeded. |
name of parent realmname of new realm |
Click on New button in create realm page. | |
413 |
SEVERE |
Creation of realm failed. |
name of parent realmname of new realmerror message |
Unable to create new realm due to service management SDK exception. |
Look under service management log for more information. |
421 |
INFO |
Attempt to delete realm |
name of parent realmname of realm to delete |
Click on Delete button in realm main page. | |
422 |
INFO |
Deletion of realm succeeded. |
name of parent realmname of realm to delete |
Click on Delete button in realm main page. | |
423 |
SEVERE |
Deletion of realm failed. |
name of parent realmname of realm to deleteerror message |
Unable to delete realm due to service management SDK exception. |
Look under service management log for more information. |
431 |
INFO |
Attempt to get attribute values of realm |
name of realm |
View realm profile page. | |
432 |
INFO |
Getting attribute values of realm succeeded. |
name of realm |
View realm profile page. | |
433 |
SEVERE |
Getting attribute values of realm failed. |
name of realmerror message |
Unable to get attribute values of realm due to service management SDK exception. |
Look under service management log for more information. |
441 |
INFO |
Attempt to modify realm's profile |
name of realm |
Click on Save button in realm profile page. | |
442 |
INFO |
Modification of realm's profile succeeded. |
name of realm |
Click on Save button in realm profile page. | |
443 |
SEVERE |
Modification of realm's profile failed. |
name of realmerror message |
Unable to modify realm's profile due to service management SDK exception. |
Look under service management log for more information. |
501 |
INFO |
Attempt to get delegation subjects under a realm |
name of realmsearch pattern |
View delegation main page. | |
502 |
INFO |
Getting delegation subjects under a realm succeeded. |
name of realmsearch pattern |
View delegation main page. | |
503 |
SEVERE |
Getting delegation subjects under a realm failed. |
name of realmsearch patternerror message |
Unable to get delegation subjects. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under delegation management log for more information. |
504 |
SEVERE |
Getting delegation subjects under a realm failed. |
name of realmsearch patternerror message |
Unable to get delegation subjects due to delegation management SDK related errors. |
Look under delegation management log for more information. |
511 |
INFO |
Attempt to get privileges of delegation subject |
name of realmID of delegation subject |
View delegation subject profile page. | |
512 |
INFO |
Getting privileges of delegation subject succeeded. |
name of realmID of delegation subject |
View delegation subject profile page. | |
513 |
SEVERE |
Getting privileges of delegation subject failed. |
name of realmID of delegation subjecterror message |
Unable to get privileges of delegation subject. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under delegation management log for more information. |
514 |
SEVERE |
Getting privileges of delegation subject failed. |
name of realmID of delegation subjecterror message |
Unable to get privileges of delegation subject due to delegation management SDK related errors. |
Look under delegation management log for more information. |
521 |
INFO |
Attempt to modify delegation privilege |
name of realmID of delegation privilegeID of subject |
Click on Save button in delegation subject profile page. | |
522 |
INFO |
Modification of delegation privilege succeeded. |
name of realmID of delegation privilegeID of subject |
Click on Save button in delegation subject profile page. | |
523 |
SEVERE |
Modification of delegation privilege failed. |
name of realmID of delegation privilegeID of subjecterror message |
Unable to modify delegation privilege. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under delegation management log for more information. |
524 |
SEVERE |
Modification of delegation privilege failed. |
name of realmID of delegation privilegeID of subjecterror message |
Unable to modify delegation privilege due to delegation management SDK related errors. |
Look under delegation management log for more information. |
601 |
INFO |
Attempt to get data store names |
name of realm |
View data store main page. | |
602 |
INFO |
Getting data store names succeeded. |
name of realm |
View data store main page. | |
603 |
SEVERE |
Getting data store names failed. |
name of realmerror message |
Unable to get data store names. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
604 |
SEVERE |
Getting data store names failed. |
name of realmerror message |
Unable to get data store names due to service management SDK exception. |
Look under service management log for more information. |
611 |
INFO |
Attempt to get attribute values of identity repository |
name of realmname of identity repository |
View data store profile page. | |
612 |
INFO |
Getting attribute values of data store succeeded. |
name of realmname of identity repository |
View data store profile page. | |
613 |
SEVERE |
Getting attribute values of data store failed. |
name of realmname of identity repositoryerror message |
Unable to get attribute values of identity repository. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
614 |
SEVERE |
Getting attribute values of data store failed. |
name of realmname of identity repositoryerror message |
Unable to get attribute values of data store due to service management SDK exception. |
Look under service management log for more information. |
621 |
INFO |
Attempt to create identity repository |
name of realmname of identity repositorytype of identity repository |
Click on New button in data store creation page. | |
622 |
INFO |
Creation of data store succeeded. |
name of realmname of identity repositorytype of identity repository |
Click on New button in data store creation page. | |
623 |
SEVERE |
Creation of data store failed. |
name of realmname of identity repositorytype of identity repositoryerror message |
Unable to create identity repository. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
624 |
SEVERE |
Creation data store failed. |
name of realmname of identity repositorytype of identity repositoryerror message |
Unable to create data store due to service management SDK exception. |
Look under service management log for more information. |
631 |
INFO |
Attempt to delete identity repository |
name of realmname of identity repository |
Click on Delete button in data store main page. | |
632 |
INFO |
Deletion of data store succeeded. |
name of realmname of identity repository |
Click on Delete button in data store main page. | |
633 |
SEVERE |
Deletion of data store failed. |
name of realmname of identity repositoryerror message |
Unable to delete identity repository. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
634 |
SEVERE |
Deletion data store failed. |
name of realmname of identity repositoryerror message |
Unable to delete data store due to service management SDK exception. |
Look under service management log for more information. |
641 |
INFO |
Attempt to modify identity repository |
name of realmname of identity repository |
Click on Save button in data store profile page. | |
642 |
INFO |
Modification of data store succeeded. |
name of realmname of identity repository |
Click on Save button in data store profile page. | |
643 |
SEVERE |
Modification of data store failed. |
name of realmname of identity repositoryerror message |
Unable to modify identity repository. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
644 |
SEVERE |
Modification data store failed. |
name of realmname of identity repositoryerror message |
Unable to modify data store due to service management SDK exception. |
Look under service management log for more information. |
701 |
INFO |
Attempt to get assigned services of realm |
name of realm |
View realm's service main page. | |
702 |
INFO |
Getting assigned services of realm succeeded. |
name of realm |
View realm's service main page. | |
703 |
SEVERE |
Getting assigned services of realm failed. |
name of realmerror message |
Unable to get assigned services of realm due authentication configuration exception. |
Look under authentication log for more information. |
704 |
SEVERE |
Getting assigned services of realm failed. |
name of realmerror message |
Unable to get assigned services of realm due to service management SDK exception. |
Look under service management log for more information. |
705 |
SEVERE |
Getting assigned services of realm failed. |
name of realmerror message |
Unable to get assigned services of realm due to data store SDK exception. |
Look under service management log for more information. |
706 |
SEVERE |
Getting assigned services of realm failed. |
name of realmerror message |
Unable to get assigned services of realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
711 |
INFO |
Attempt to get assignable services of realm |
name of realm |
View realm's service main page. | |
712 |
INFO |
Getting assignable services of realm succeeded. |
name of realm |
View realm's service main page. | |
713 |
SEVERE |
Getting assignable services of realm failed. |
name of realmerror message |
Unable to get assignable services of realm due authentication configuration exception. |
Look under authentication log for more information. |
714 |
SEVERE |
Getting assignable services of realm failed. |
name of realmerror message |
Unable to get assignable services of realm due to service management SDK exception. |
Look under service management log for more information. |
715 |
SEVERE |
Getting assignable services of realm failed. |
name of realmerror message |
Unable to get assignable services of realm due to ID Repository management SDK exception. |
Look under ID Repository management log for more information. |
716 |
SEVERE |
Getting assignable services of realm failed. |
name of realmerror message |
Unable to get assignable services of realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
721 |
INFO |
Attempt to unassign service from realm |
name of realmname of service |
Click on Unassign button in realm's service page. | |
722 |
INFO |
Unassign service from realm succeeded. |
name of realmname of service |
Click on Unassign button in realm's service page. | |
723 |
SEVERE |
Unassign service from realm failed. |
name of realmname of serviceerror message |
Unable to unassign service from realm due to service management SDK exception. |
Look under service management log for more information. |
725 |
SEVERE |
Unassign service from realm failed. |
name of realmname of serviceerror message |
Unable to unassign service from realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under data store management log for more information. |
724 |
SEVERE |
Unassign service from realm failed. |
name of realmname of serviceerror message |
Unable to unassign service from realm due to data store management SDK exception. |
Look under data store management log for more information. |
731 |
INFO |
Attempt to assign service to realm |
name of realmname of service |
Click on assign button in realm's service page. | |
732 |
INFO |
Assignment of service to realm succeeded. |
name of realmname of service |
Click on assign button in realm's service page. | |
733 |
SEVERE |
Assignment of service to realm failed. |
name of realmname of serviceerror message |
Unable to assign service to realm due to service management SDK exception. |
Look under service management log for more information. |
734 |
SEVERE |
Assignment of service to realm failed. |
name of realmname of serviceerror message |
Unable to assign service to realm. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
735 |
SEVERE |
Assignment of service to realm failed. |
name of realmname of serviceerror message |
Unable to assign service to realm due to data store SDK exception. |
Look under service management log for more information. |
741 |
INFO |
Attempt to get attribute values of service in realm |
name of realmname of servicename of attribute schema |
View realm's service profile page. | |
742 |
INFO |
Getting of attribute values of service under realm succeeded. |
name of realmname of servicename of attribute schema |
View realm's service profile page. | |
743 |
SEVERE |
Getting of attribute values of service under realm failed. |
name of realmname of servicename of attribute schemaerror message |
Unable to get attribute values of service due to service management SDK exception. |
Look under service management log for more information. |
744 |
INFO |
Getting of attribute values of service under realm failed. |
name of realmname of servicename of attribute schemaerror message |
Unable to get attribute values of service due to data store SDK exception. |
Look under service management log for more information. |
745 |
SEVERE |
Getting of attribute values of service under realm failed. |
name of realmname of servicename of attribute schemaerror message |
Unable to get attribute values of service. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
751 |
INFO |
Attempt to modify attribute values of service in realm |
name of realmname of service |
Click on Save button in realm's service profile page. | |
752 |
INFO |
Modification of attribute values of service under realm succeeded. |
name of realmname of service |
Click on Save button in realm's service profile page. | |
753 |
SEVERE |
Modification of attribute values of service under realm failed. |
name of realmname of serviceerror message |
Unable to modify attribute values of service due to service management SDK exception. |
Look under service management log for more information. |
754 |
SEVERE |
Modification of attribute values of service under realm failed. |
name of realmname of serviceerror message |
Unable to modify attribute values of service due to data store error. |
Look under data store log for more information. |
755 |
SEVERE |
Modification of attribute values of service under realm failed. |
name of realmname of serviceerror message |
Unable to modify attribute values of service. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation |
Look under data store log for more information. |
801 |
INFO |
Attempt to get authentication type |
View authentication profile page. | ||
802 |
INFO |
Getting of authentication type succeeded. |
View authentication profile page. | ||
803 |
SEVERE |
Getting of authentication type failed. |
error message |
Unable to get authentication type due to authentication configuration SDK exception. |
Look under authentication management log for more information. |
811 |
INFO |
Attempt to get authentication instances under a realm |
name of realm |
View authentication profile page. | |
812 |
INFO |
Getting of authentication instances under a realm succeeded. |
name of realm |
View authentication profile page. | |
813 |
SEVERE |
Getting of authentication instances under a realm failed. |
name of realmerror message |
Unable to get authentication instance due to authentication configuration SDK exception. |
Look under authentication management log for more information. |
821 |
INFO |
Attempt to remove authentication instances under a realm |
name of realmname of authentication instance |
View authentication profile page. | |
822 |
INFO |
Removal of authentication instances under a realm succeeded. |
name of realmname of authentication instance |
View authentication profile page. | |
823 |
SEVERE |
Removal of authentication instances under a realm failed. |
name of realmname of authentication instance error message |
Unable to remove authentication instance due to authentication configuration SDK exception. |
Look under authentication management log for more information. |
831 |
INFO |
Attempt to create authentication instance under a realm |
name of realmname of authentication instance type of authentication instance |
Click on New button in authentication creation page. | |
832 |
INFO |
Creation of authentication instance under a realm succeeded. |
name of realmname of authentication instance type of authentication instance |
Click on New button in authentication creation page. | |
833 |
SEVERE |
Creation of authentication instance under a realm failed. |
name of realmname of authentication instance type of authentication instanceerror message |
Unable to create authentication instance due to authentication configuration exception. |
Look under authentication configuration log for more information. |
841 |
INFO |
Attempt to modify authentication instance |
name of realmname of authentication service |
Click on Save button in authentication profile page. | |
842 |
INFO |
Modification of authentication instance succeeded. |
name of realmname of authentication service |
Click on Save button in authentication profile page. | |
843 |
SEVERE |
Modification of authentication instance failed. |
name of realmname of authentication serviceerror message |
Unable to modify authentication instance due to service management SDK exception. |
Look under service anagement log for more information. |
844 |
SEVERE |
Modification of authentication instance failed. |
name of realmname of authentication serviceerror message |
Unable to modify authentication instance. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
851 |
INFO |
Attempt to get authentication instance profile |
name of realmname of authentication instance |
View authentication instance profile page. | |
852 |
INFO |
Getting of authentication instance profile succeeded. |
name of realmname of authentication instance |
View authentication instance profile page. | |
853 |
SEVERE |
Getting of authentication instance profile failed. |
name of realmname of authentication instance error message |
Unable to get authentication instance profile due to authentication configuration SDK exception. |
Look under authentication management log for more information. |
861 |
INFO |
Attempt to modify authentication instance profile |
name of realmname of authentication instance |
Click on Save button in authentication instance profile page. | |
862 |
INFO |
Modification of authentication instance profile succeeded. |
name of realmname of authentication instance |
Click on Save button in authentication instance profile page. | |
863 |
SEVERE |
Modification of authentication instance profile failed. |
name of realmname of authentication instance error message |
Unable to modify authentication instance profile due to authentication configuration SDK exception. |
Look under authentication management log for more information. |
864 |
SEVERE |
Modification of authentication instance profile failed. |
name of realmname of authentication instance error message |
Unable to modify authentication instance profile due to service management SDK exception. |
Look under service management log for more information. |
864 |
SEVERE |
Modification of authentication instance profile failed. |
name of realmname of authentication instance error message |
Unable to modify authentication instance profile. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
871 |
INFO |
Attempt to get authentication profile under a realm |
name of realm |
View authentication profile under a realm page. | |
872 |
INFO |
Getting authentication profile under a realm succeeded. |
name of realm |
View authentication profile under a realm page. | |
873 |
SEVERE |
Getting authentication profile under a realm failed. |
name of realmerror message |
Unable to get authentication profile under a realm due to service management SDK exception. |
Look under service management log for more information. |
881 |
INFO |
Attempt to get authentication configuration profile |
name of realmname of authentication configuration |
View authentication configuration profile page. | |
882 |
INFO |
Getting authentication configuration profile succeeded. |
name of realmname of authentication configuration |
View authentication configuration profile page. | |
883 |
SEVERE |
Getting authentication configuration profile failed. |
name of realmname of authentication configuration error message |
Unable to get authentication configuration profile. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
884 |
SEVERE |
Getting authentication configuration profile failed. |
name of realmname of authentication configuration error message |
Unable to get authentication configuration profile due to service management SDK exception. |
Look under service management log for more information. |
885 |
SEVERE |
Getting authentication configuration profile failed. |
name of realmname of authentication configuration error message |
Unable to get authentication configuration profile due to authentication configuration SDK exception. |
Look under authentication configuration log for more information. |
891 |
INFO |
Attempt to modify authentication configuration profile |
name of realmname of authentication configuration |
Click on Save button in authentication configuration profile page. | |
892 |
INFO |
Modification of authentication configuration profile succeeded. |
name of realmname of authentication configuration |
Click on Save button in authentication configuration profile page. | |
893 |
SEVERE |
Modification of authentication configuration profile failed. |
name of realmname of authentication configuration error message |
Unable to modify authentication configuration profile. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
894 |
SEVERE |
Modification of authentication configuration profile failed. |
name of realmname of authentication configuration error message |
Unable to modify authentication configuration profile due to service management SDK exception. |
Look under service management log for more information. |
895 |
SEVERE |
Modification of authentication configuration profile failed. |
name of realmname of authentication configuration error message |
Unable to modify authentication configuration profile due to authentication configuration SDK exception. |
Look under authentication configuration log for more information. |
901 |
INFO |
Attempt to create authentication configuration |
name of realmname of authentication configuration |
Click on New button in authentication configuration creation page. | |
902 |
INFO |
Creation of authentication configuration succeeded. |
name of realmname of authentication configuration |
Click on New button in authentication configuration creation page. | |
903 |
SEVERE |
Creation of authentication configuration failed. |
name of realmname of authentication configuration error message |
Unable to create authentication configuration. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
904 |
SEVERE |
Creation of authentication configuration failed. |
name of realmname of authentication configuration error message |
Unable to create authentication configuration due to service management SDK exception. |
Look under service management log for more information. |
905 |
SEVERE |
Creation of authentication configuration failed. |
name of realmname of authentication configuration error message |
Unable to create authentication configuration due to authentication configuration SDK exception. |
Look under authentication configuration log for more information. |
1001 |
INFO |
Attempt to get entity descriptor names. |
search pattern |
View entity descriptor main page. | |
1002 |
INFO |
Getting entity descriptor names succeeded |
search pattern |
View entity descriptor main page. | |
1003 |
SEVERE |
Getting entity descriptor names failed. |
search patternerror message |
Unable to get entity descriptor names due to federation SDK related errors. |
Look under federation log for more information. |
1011 |
INFO |
Attempt to create entity descriptor. |
descriptor namedescriptor type |
Click on New button in entity descriptor creation page. | |
1012 |
INFO |
Creation entity descriptor succeeded |
descriptor namedescriptor type |
Click on New button in entity descriptor creation page. | |
1013 |
SEVERE |
Creation entity descriptor failed. |
descriptor namedescriptor typeerror message |
Unable to create entity descriptor due to federation SDK related errors. |
Look under federation log for more information. |
1021 |
INFO |
Attempt to delete entity descriptors. |
descriptor names |
Click on Delete button in entity descriptor main page. | |
1022 |
INFO |
Deletion entity descriptors succeeded |
descriptor names |
Click on Delete button in entity descriptor main page. | |
1023 |
SEVERE |
Deletion entity descriptors failed. |
descriptor nameserror message |
Unable to delete entity descriptors due to federation SDK related errors. |
Look under federation log for more information. |
1031 |
INFO |
Attempt to get attribute values of an affiliate entity descriptor. |
descriptor name |
View affiliate entity descriptor profile page. | |
1032 |
INFO |
Getting of attribute values of an affiliate entity descriptor succeeded. |
descriptor name |
View affiliate entity descriptor profile page. | |
1033 |
SEVERE |
Getting of attribute values of an affiliate entity descriptor failed. |
descriptor nameerror message |
Unable to get attribute value of an affiliate entity descriptor due to federation SDK related errors. |
Look under federation log for more information. |
1041 |
INFO |
Attempt to modify an affiliate entity descriptor. |
descriptor name |
Click on Save button of affiliate entity descriptor profile page. | |
1042 |
INFO |
Modification of an affiliate entity descriptor succeeded. |
descriptor name |
Click on Save button of affiliate entity descriptor profile page. | |
1043 |
SEVERE |
Modification of an affiliate entity descriptor failed. |
descriptor nameerror message |
Unable to modify an affiliate entity descriptor due to federation SDK related errors. |
Look under federation log for more information. |
1044 |
SEVERE |
Modification of an affiliate entity descriptor failed. |
descriptor nameerror message |
Unable to modify an affiliate entity descriptor due to incorrect number format of one or more attribute values. |
Look under federation log for more information. |
1051 |
INFO |
Attempt to get attribute values of an entity descriptor. |
descriptor name |
View entity descriptor profile page. | |
1052 |
INFO |
Getting attribute values of entity descriptor succeeded. |
descriptor name |
View entity descriptor profile page. | |
1053 |
SEVERE |
Getting attribute values of entity descriptor failed. |
descriptor nameerror message |
Unable to get attribute values of entity descriptor due to federation SDK related errors. |
Look under federation log for more information. |
1061 |
INFO |
Attempt to modify entity descriptor. |
descriptor name |
Click on Save button in entity descriptor profile page. | |
1062 |
INFO |
Modification of entity descriptor succeeded. |
descriptor name |
Click on Save button in entity descriptor profile page. | |
1063 |
SEVERE |
Modification of entity descriptor failed. |
descriptor nameerror message |
Unable to modify entity descriptor due to federation SDK related errors. |
Look under federation log for more information. |
1101 |
INFO |
Attempt to get authentication domain names. |
search pattern |
View authentication domain main page. | |
1102 |
INFO |
Getting authentication domain names succeeded. |
search pattern |
View authentication domain main page. | |
1103 |
SEVERE |
Getting authentication domain names failed. |
search patternerror message |
Unable to get authentication domain names due to federation SDK related errors. |
Look under federation log for more information. |
1111 |
INFO |
Attempt to create authentication domain |
name of authentication domain |
Click on New button in authentication domain creation page. | |
1112 |
INFO |
Creation authentication domain succeeded. |
name of authentication domain |
Click on New button in authentication domain creation page. | |
1113 |
SEVERE |
Creation authentication domain failed. |
name of authentication domainerror message |
Unable to create authentication domain due to federation SDK related errors. |
Look under federation log for more information. |
1121 |
INFO |
Attempt to delete authentication domains |
name of authentication domains |
Click on Delete button in authentication domain main page. | |
1122 |
INFO |
Deletion authentication domain succeeded. |
name of authentication domains |
Click on Delete button in authentication domain main page. | |
1123 |
SEVERE |
Deletion authentication domain failed. |
name of authentication domainserror message |
Unable to delete authentication domain due to federation SDK related errors. |
Look under federation log for more information. |
1131 |
INFO |
Attempt to get authentication domain's attribute values |
name of authentication domain |
View authentication domain profile page. | |
1132 |
INFO |
Getting attribute values of authentication domain succeeded. |
name of authentication domain |
View authentication domain profile page. | |
1133 |
SEVERE |
Getting attribute values of authentication domain failed. |
name of authentication domainserror message |
Unable to get attribute values of authentication domain due to federation SDK related errors. |
Look under federation log for more information. |
1141 |
INFO |
Attempt to modify authentication domain |
name of authentication domain |
Click on Save button in authentication domain profile page. | |
1142 |
INFO |
Modification authentication domain succeeded. |
name of authentication domain |
Click on Save button in authentication domain profile page. | |
1143 |
SEVERE |
Modification authentication domain failed. |
name of authentication domainerror message |
Unable to modify authentication domain due to federation SDK related errors. |
Look under federation log for more information. |
1151 |
INFO |
Attempt to get all provider names |
View authentication domain profile page. | ||
1152 |
INFO |
Getting all provider names succeeded. |
View authentication domain profile page. | ||
1153 |
SEVERE |
Getting all provider names failed. |
error message |
Unable to get all provider names due to federation SDK related errors. |
Look under federation log for more information. |
1161 |
INFO |
Attempt to get provider names under a authentication domain |
name of authentication domain |
View authentication domain profile page. | |
1162 |
INFO |
Getting provider names under authentication domain succeeded. |
name of authentication domain |
View authentication domain profile page. | |
1163 |
SEVERE |
Getting provider names under authentication domain failed. |
name of authentication domainerror message |
Unable to get provider names under authentication domain due to federation SDK related errors. |
Look under federation log for more information. |
1171 |
INFO |
Attempt to add providers to an authentication domain |
name of authentication domainname of providers |
Click on Save button in provider assignment page. | |
1172 |
INFO |
Addition of provider to an authentication domain succeeded. |
name of authentication domainname of providers |
Click on Save button in provider assignment page. | |
1173 |
SEVERE |
Addition of provider to an authentication domain failed. |
name of authentication domainname of providers error message |
Unable to add provider to authentication domain due to federation SDK related errors. |
Look under federation log for more information. |
1181 |
INFO |
Attempt to remove providers from authentication domain |
name of authentication domainname of providers |
Click on Save button in provider assignment page. | |
1182 |
INFO |
Deletion of providers from authentication domain succeeded. |
name of authentication domainname of providers |
Click on Save button in provider assignment page. | |
1183 |
SEVERE |
Deletion of provider from authentication domain failed. |
name of authentication domainname of providers error message |
Unable to remove provider from authentication domain due to federation SDK related errors. |
Look under federation log for more information. |
1301 |
INFO |
Attempt to create provider |
name of providerrole of providertype of provider |
Click on Save button in provider assignment page. | |
1302 |
INFO |
Creation of providers succeeded. |
name of providerrole of providertype of provider |
Click on Save button in provider assignment page. | |
1303 |
SEVERE |
Creation of provider failed. |
name of providerrole of providertype of provider error message |
Unable to create provider due to federation SDK related errors. |
Look under federation log for more information. |
1303 |
SEVERE |
Creation of provider failed. |
name of providerrole of providertype of provider error message |
Unable to create provider due to federation SDK related errors. |
Look under federation log for more information. |
1304 |
SEVERE |
Creation of provider failed. |
name of providerrole of providertype of provider error message |
Unable to create provider because Administration Console cannot find the appropriate methods to set values for this provider. |
This is a web application error. Please contact Sun Support for assistant. |
1311 |
INFO |
Attempt to get attribute values for provider |
name of providerrole of providertype of provider |
View provider profile page. | |
1312 |
INFO |
Getting attribute values of providers succeeded. |
name of providerrole of providertype of provider |
View provider profile page. | |
1321 |
INFO |
Attempt to get handler to provider |
name of providerrole of provider |
View provider profile page. | |
1322 |
INFO |
Getting handler to provider succeeded. |
name of providerrole of provider |
View provider profile page. | |
1323 |
SEVERE |
Getting handler to provider failed. |
name of providerrole of providererror message |
Unable to get handler to provider due to federation SDK related errors. |
Look under federation log for more information. |
1331 |
INFO |
Attempt to modify provider |
name of providerrole of provider |
Click on Save button in provider profile page. | |
1332 |
INFO |
Modification of provider succeeded. |
name of providerrole of provider |
Click on Save button in provider profile page. | |
1333 |
SEVERE |
Modification of provider failed. |
name of providerrole of providererror message |
Unable to modify provider due to federation SDK related errors. |
Look under federation log for more information. |
1334 |
SEVERE |
Modification of provider failed. |
name of providerrole of providererror message |
Unable to modify provider because Administration Console cannot find the appropriate methods to set values for this provider. |
This is a web application error. Please contact Sun Support for assistant. |
1341 |
INFO |
Attempt to delete provider |
name of providerrole of provider |
Click on delete provider button in provider profile page. | |
1342 |
INFO |
Deletion of provider succeeded. |
name of providerrole of provider |
Click on delete provider button in provider profile page. | |
1343 |
SEVERE |
Deletion of provider failed. |
name of providerrole of providererror message |
Unable to delete provider due to federation SDK related errors. |
Look under federation log for more information. |
1351 |
INFO |
Attempt to get prospective trusted provider |
name of providerrole of provider |
View add trusted provider page. | |
1352 |
INFO |
Getting of prospective trusted provider succeeded. |
name of providerrole of provider |
View add trusted provider page. | |
1353 |
SEVERE |
Getting of prospective trusted provider failed. |
name of providerrole of providererror message |
Unable to get prospective trusted provider due to federation SDK related errors. |
Look under federation log for more information. |
2001 |
INFO |
Attempt to get attribute values of schema type of a service schema |
name of servicename of schema typename of attribute schemas |
View service profile page. | |
2002 |
INFO |
Getting attribute values of schema type of a service schema succeeded. |
name of servicename of schema typename of attribute schemas |
View service profile page. | |
2003 |
SEVERE |
Getting attribute values of schema type of a service schema failed. |
name of servicename of schema typename of attribute schemaserror message |
Unable to get attribute values of schema type of a service schema. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
2004 |
SEVERE |
Getting attribute values of schema type of a service schema failed. |
name of servicename of schema typename of attribute schemaserror message |
Unable to get attribute values of schema type of a service schema due to service management SDK related errors. |
Look under service management log for more information. |
2005 |
INFO |
Getting attribute values of schema type of a service schema failed. |
name of servicename of schema typename of attribute schemas |
View service profile page. |
Need no action on this event. Console attempts to get a schema from a service but schema does not exist. |
2011 |
INFO |
Attempt to get attribute values of attribute schema of a schema type of a service schema |
name of servicename of schema typename of attribute schemas |
View service profile page. | |
2012 |
INFO |
Getting attribute values of attribute schema of a schema type of a service schema succeeded. |
name of servicename of schema typename of attribute schemas |
View service profile page. | |
2013 |
SEVERE |
Getting attribute values of attribute schema of a schema type of a service schema failed. |
name of servicename of schema typename of attribute schemaserror message |
Unable to get attribute values of schema type of a service schema. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
2014 |
SEVERE |
Getting attribute values of attribute schema of a schema type of a service schema failed. |
name of servicename of schema typename of attribute schemaserror message |
Unable to get attribute values of schema type of a service schema due to service management SDK related errors. |
Look under service management log for more information. |
2021 |
INFO |
Attempt to modify attribute values of attribute schema of a schema type of a service schema |
name of servicename of schema typename of attribute schemas |
Click on Save button in service profile page. | |
2022 |
INFO |
Modification attribute values of attribute schema of a schema type of a service schema succeeded. |
name of servicename of schema typename of attribute schemas |
Click on Save button in service profile page. | |
2023 |
SEVERE |
Modification attribute values of attribute schema of a schema type of a service schema failed. |
name of servicename of schema typename of attribute schemaserror message |
Unable to modify attribute values of schema type of a service schema. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under service management log for more information. |
2024 |
SEVERE |
Modification attribute values of attribute schema of a schema type of a service schema failed. |
name of servicename of schema typename of attribute schemaserror message |
Unable to modify attribute values of schema type of a service schema due to service management SDK related errors. |
Look under service management log for more information. |
2501 |
INFO |
Attempt to get device names of client detection service |
name of profilename of stylesearch pattern |
View client profile page. | |
2502 |
INFO |
Getting device names of client detection service succeeded. |
name of profilename of stylesearch pattern |
View client profile page. | |
2511 |
INFO |
Attempt to delete client in client detection service |
type of client |
Click on client type delete hyperlink page. | |
2512 |
INFO |
Deletion of client in client detection service succeeded. |
type of client |
Click on client type delete hyperlink page. | |
2513 |
SEVERE |
Deletion of client in client detection service failed. |
type of clienterror message |
Unable to delete client due to client detection SDK related errors. |
Look under client detection management log for more information. |
2521 |
INFO |
Attempt to create client in client detection service |
type of client |
Click on New button in Client Creation Page. | |
2522 |
INFO |
Creation of client in client detection service succeeded. |
type of client |
Click on New button in Client Creation Page. | |
2523 |
SEVERE |
Creation of client in client detection service failed. |
type of clienterror message |
Unable to create client due to client detection SDK related errors. |
Look under client detection management log for more information. |
2524 |
INFO |
Creation of client in client detection service failed. |
type of clienterror message |
Unable to create client because client type is invalid. |
Check the client type again before creation. |
2531 |
INFO |
Attempt to get client profile in client detection service |
type of clientclassification |
View client profile page. | |
2532 |
INFO |
Getting of client profile in client detection service succeeded. |
type of clientclassification |
View client profile page. | |
2541 |
INFO |
Attempt to modify client profile in client detection service |
type of client |
Click on Save button client profile page. | |
2542 |
INFO |
Modification of client profile in client detection service succeeded. |
type of client |
Click on Save button client profile page. | |
2543 |
SEVERE |
Modification of client profile in client detection service failed. |
type of clienterror message |
Unable to modify client profile due to client detection SDK related errors. |
Look under client detection management log for more information. |
3001 |
INFO |
Attempt to get current sessions |
name of serversearch pattern |
View session main page. | |
3002 |
INFO |
Getting of current sessions succeeded. |
name of serversearch pattern |
View session main page. | |
3003 |
SEVERE |
Getting of current sessions failed. |
name of servername of realmerror message |
Unable to get current sessions due to session SDK exception. |
Look under session management log for more information. |
3011 |
INFO |
Attempt to invalidate session |
name of serverID of session |
Click on Invalidate button in session main page. | |
3012 |
INFO |
Invalidation of session succeeded. |
name of serverID of session |
Click on Invalidate button in session main page. | |
3013 |
SEVERE |
Invalidation of session failed. |
name of serverID of sessionerror message |
Unable to invalidate session due to session SDK exception. |
Look under session management log for more information. |
10001 |
INFO |
Attempt to search for containers from an organization |
DN of organizationsearch pattern |
Click on Search button in Organization's containers page. | |
10002 |
INFO |
Searching for containers from an organization succeeded. |
DN of organizationsearch pattern |
Click on Search button in Organization's containers page. | |
10003 |
SEVERE |
Searching for containers from an organization failed. |
DN of organizationsearch patternerror message |
Unable to search for containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10004 |
SEVERE |
Searching for containers from an organization failed. |
DN of organizationsearch patternerror message |
Unable to search for containers due to access management SDK exception. |
Look under access management SDK log for more information. |
10011 |
INFO |
Attempt to search for containers from a container |
DN of containersearch pattern |
Click on Search button in Container's sub containers page. | |
10012 |
INFO |
Searching for containers from a container succeeded. |
DN of containersearch pattern |
Click on Search button in Container's sub containers page. | |
10013 |
SEVERE |
Searching for containers from a container failed. |
DN of containersearch patternerror message |
Unable to search for containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10014 |
SEVERE |
Searching for containers from a container failed. |
DN of containersearch patternerror message |
Unable to search for containers due to access management SDK exception. |
Look under access management SDK log for more information. |
10021 |
INFO |
Attempt to create containers under an organization |
DN of organizationName of container |
Click on New button in Container Creation page. | |
10022 |
INFO |
Creation of container under an organization succeeded. |
DN of organizationName of container |
Click on New button in Container Creation page. | |
10023 |
SEVERE |
Creation of container under an organization failed. |
DN of organizationName of containererror message |
Unable to create container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10024 |
SEVERE |
Creation of container under an organization failed. |
DN of organizationName of containererror message |
Unable to create container due to access management SDK exception. |
Look under access management SDK log for more information. |
10031 |
INFO |
Attempt to create containers under an container |
DN of containerName of container |
Click on New button in Container Creation page. | |
10032 |
INFO |
Creation of container under an container succeeded. |
DN of containerName of container |
Click on New button in Container Creation page. | |
10033 |
SEVERE |
Creation of container under an container failed. |
DN of containerName of containererror message |
Unable to create container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10034 |
SEVERE |
Creation of container under an container failed. |
DN of containerName of containererror message |
Unable to create container due to access management SDK exception. |
Look under access management SDK log for more information. |
10041 |
INFO |
Attempt to get assigned services to container |
DN of container |
View Container's service profile page. | |
10042 |
INFO |
Getting assigned services to container succeeded. |
DN of container |
View Container's service profile page. | |
10043 |
SEVERE |
Getting assigned services to container failed. |
DN of containererror message |
Unable to get services assigned to container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10044 |
SEVERE |
Getting assigned services to container failed. |
DN of containererror message |
Unable to get services assigned to container due to access management SDK exception. |
Look under access management SDK log for more information. |
10101 |
INFO |
Attempt to get service template under an organization |
DN of organizationName of serviceType of template |
View Organization's service profile page. | |
10102 |
INFO |
Getting service template under an organization succeeded. |
DN of organizationName of serviceType of template |
View Organization's service profile page. | |
10103 |
SEVERE |
Getting service template under an organization failed. |
DN of organizationName of serviceType of template error message |
Unable to get service template. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10104 |
SEVERE |
Getting service template under an organization failed. |
DN of organizationName of serviceType of template error message |
Unable to get service template due to access management SDK exception. |
Look under access management SDK log for more information. |
10111 |
INFO |
Attempt to get service template under a container |
DN of containerName of serviceType of template |
View container's service profile page. | |
10112 |
INFO |
Getting service template under a container succeeded. |
DN of containerName of serviceType of template |
View container's service profile page. | |
10113 |
SEVERE |
Getting service template under a container failed. |
DN of containerName of serviceType of template error message |
Unable to get service template. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10114 |
SEVERE |
Getting service template under a container failed. |
DN of containerName of serviceType of template error message |
Unable to get service template due to access management SDK exception. |
Look under access management SDK log for more information. |
10121 |
INFO |
Attempt to delete directory object |
Name of object |
Click on Delete button in object main page. | |
10122 |
INFO |
Deletion of directory object succeeded. |
Name of object |
Click on Delete button in object main page. | |
10123 |
SEVERE |
Deletion of directory object failed. |
Name of objecterror message |
Unable to delete directory object. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10124 |
SEVERE |
Deletion of directory object failed. |
Name of objecterror message |
Unable to delete directory object due to access management SDK exception. |
Look under access management SDK log for more information. |
10131 |
INFO |
Attempt to modify directory object |
DN of object |
Click on object profile page. | |
10132 |
INFO |
Modification of directory object succeeded. |
DN of object |
Click on object profile page. | |
10133 |
SEVERE |
Modification of directory object failed. |
DN of objecterror message |
Unable to modify directory object due to access management SDK exception. |
Look under access management SDK log for more information. |
10141 |
INFO |
Attempt to delete service from organization |
DN of organizationName of service |
Click on unassign button in organization's service page. | |
10142 |
INFO |
Deletion of service from organization succeeded. |
DN of organizationName of service |
Click on unassign button in organization's service page. | |
10143 |
SEVERE |
Deletion of service from organization failed. |
DN of organizationName of serviceerror message |
Unable to delete service. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10144 |
SEVERE |
Deletion of service from organization failed. |
DN of organizationName of serviceerror message |
Unable to delete service due to access management SDK exception. |
Look under access management SDK log for more information. |
10151 |
INFO |
Attempt to delete service from container |
DN of containerName of service |
Click on unassign button in container's service page. | |
10152 |
INFO |
Deletion of service from container succeeded. |
DN of containerName of service |
Click on unassign button in container's service page. | |
10153 |
SEVERE |
Deletion of service from container failed. |
DN of containerName of serviceerror message |
Unable to delete service. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10154 |
SEVERE |
Deletion of service from container failed. |
DN of containerName of serviceerror message |
Unable to delete service due to access management SDK exception. |
Look under access management SDK log for more information. |
10201 |
INFO |
Attempt to serch for group containers under organization |
DN of organizationSearch pattern |
Click on Search button in organization's group containers page. | |
10202 |
INFO |
Searching for group containers under organization succeeded. |
DN of organizationSearch pattern |
Click on Search button in organization's group containers page. | |
10203 |
SEVERE |
Searching for group containers under organization failed. |
DN of organizationSearch patternerror message |
Unable to search group containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10204 |
SEVERE |
Searching for group containers under organization failed. |
DN of organizationSearch patternerror message |
Unable to search group containers due to access management SDK exception. |
Look under access management SDK log for more information. |
10211 |
INFO |
Attempt to serch for group containers under container |
DN of containerSearch pattern |
Click on Search button in container's group containers page. | |
10212 |
INFO |
Searching for group containers under container succeeded. |
DN of containerSearch pattern |
Click on Search button in container's group containers page. | |
10213 |
SEVERE |
Searching for group containers under container failed. |
DN of containerSearch patternerror message |
Unable to search group containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10214 |
SEVERE |
Searching for group containers under container failed. |
DN of containerSearch patternerror message |
Unable to search group containers due to access management SDK exception. |
Look under access management SDK log for more information. |
10221 |
INFO |
Attempt to search for group containers under group container |
DN of group containerSearch pattern |
Click on Search button in group container's group containers page. | |
10222 |
INFO |
Searching for group containers under group container succeeded. |
DN of group containerSearch pattern |
Click on Search button in group container's group containers page. | |
10223 |
SEVERE |
Searching for group containers under group container failed. |
DN of group containerSearch patternerror message |
Unable to search group containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10224 |
SEVERE |
Searching for group containers under group container failed. |
DN of group containerSearch patternerror message |
Unable to search group containers due to access management SDK exception. |
Look under access management SDK log for more information. |
10231 |
INFO |
Attempt to create group container in organization |
DN of organizationName of group container |
Click on New button in group container creation page. | |
10232 |
INFO |
Creation of group container under organization succeeded. |
DN of organizationName of group container |
Click on New button in group container creation page. | |
10233 |
SEVERE |
Creation of group container under organization failed. |
DN of organizationName of group containererror message |
Unable to create group container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10234 |
SEVERE |
Creation of group container under organization failed. |
DN of organizationName of group containererror message |
Unable to create group container due to access management SDK exception. |
Look under access management SDK log for more information. |
10241 |
INFO |
Attempt to create group container in container |
DN of containerName of group container |
Click on New button in group container creation page. | |
10242 |
INFO |
Creation of group container under container succeeded. |
DN of containerName of group container |
Click on New button in group container creation page. | |
10243 |
SEVERE |
Creation of group container under container failed. |
DN of containerName of group containererror message |
Unable to create group container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10244 |
SEVERE |
Creation of group container under container failed. |
DN of containerName of group containererror message |
Unable to create group container due to access management SDK exception. |
Look under access management SDK log for more information. |
10251 |
INFO |
Attempt to create group container in group container |
DN of group containerName of group container |
Click on New button in group container creation page. | |
10252 |
INFO |
Creation of group container under group container succeeded. |
DN of group containerName of group container |
Click on New button in group container creation page. | |
10253 |
SEVERE |
Creation of group container under group container failed. |
DN of group containerName of group container error message |
Unable to create group container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10254 |
SEVERE |
Creation of group container under group container failed. |
DN of group containerName of group container error message |
Unable to create group container due to access management SDK exception. |
Look under access management SDK log for more information. |
10301 |
INFO |
Attempt to search groups under organization |
DN of organizationsearch pattern |
Click on Search button in organization's group page. | |
10302 |
INFO |
Searching for groups under organization succeeded. |
DN of organizationsearch pattern |
Click on Search button in organization's group page. | |
10303 |
SEVERE |
Searching for groups under organization failed. |
DN of organizationsearch patternerror message |
Unable to search for groups. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10304 |
SEVERE |
Searching for groups under organization failed. |
DN of organizationsearch patternerror message |
Unable to search groups due to access management SDK exception. |
Look under access management SDK log for more information. |
10311 |
INFO |
Attempt to search groups under container |
DN of containersearch pattern |
Click on Search button in container's group page. | |
10312 |
INFO |
Searching for groups under container succeeded. |
DN of containersearch pattern |
Click on Search button in container's group page. | |
10313 |
SEVERE |
Searching for groups under container failed. |
DN of containersearch patternerror message |
Unable to search for groups. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10314 |
SEVERE |
Searching for groups under container failed. |
DN of containersearch patternerror message |
Unable to search groups due to access management SDK exception. |
Look under access management SDK log for more information. |
10321 |
INFO |
Attempt to search groups under static group |
DN of static groupsearch pattern |
Click on Search button in static group's group page. | |
10322 |
INFO |
Searching for groups under static group succeeded. |
DN of static groupsearch pattern |
Click on Search button in static group's group page. | |
10323 |
SEVERE |
Searching for groups under static group failed. |
DN of static groupsearch patternerror message |
Unable to search for groups. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10324 |
SEVERE |
Searching for groups under static group failed. |
DN of static groupsearch patternerror message |
Unable to search groups due to access management SDK exception. |
Look under access management SDK log for more information. |
10331 |
INFO |
Attempt to search groups under dynamic group |
DN of dynamic groupsearch pattern |
Click on Search button in dynamic group's group page. | |
10332 |
INFO |
Searching for groups under dynamic group succeeded. |
DN of dynamic groupsearch pattern |
Click on Search button in dynamic group's group page. | |
10333 |
SEVERE |
Searching for groups under dynamic group failed. |
DN of dynamic groupsearch patternerror message |
Unable to search for groups. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10334 |
SEVERE |
Searching for groups under dynamic group failed. |
DN of dynamic groupsearch patternerror message |
Unable to search groups due to access management SDK exception. |
Look under access management SDK log for more information. |
10341 |
INFO |
Attempt to search groups under assignable dynamic group |
DN of assignable dynamic groupsearch pattern |
Click on Search button in assignable dynamic group's group page. | |
10342 |
INFO |
Searching for groups under assignable dynamic group succeeded. |
DN of assignable dynamic groupsearch pattern |
Click on Search button in assignable dynamic group's group page. | |
10343 |
SEVERE |
Searching for groups under assignable dynamic group failed. |
DN of assignable dynamic groupsearch pattern error message |
Unable to search for groups. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10344 |
SEVERE |
Searching for groups under assignable dynamic group failed. |
DN of assignable dynamic groupsearch pattern error message |
Unable to search groups due to access management SDK exception. |
Look under access management SDK log for more information. |
10351 |
INFO |
Attempt to create group under organization |
DN of organizationName of group |
Click on New button in group creation page. | |
10352 |
INFO |
Creation of groups under organization succeeded. |
DN of organizationName of group |
Click on New button in group creation page. | |
10353 |
SEVERE |
Creation of group under organization failed. |
DN of organizationName of grouperror message |
Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10354 |
SEVERE |
Creation of group under organization failed. |
DN of organizationName of grouperror message |
Unable to create group due to access management SDK exception. |
Look under access management SDK log for more information. |
10361 |
INFO |
Attempt to create group under container |
DN of containerName of group |
Click on New button in group creation page. | |
10362 |
INFO |
Creation of groups under container succeeded. |
DN of containerName of group |
Click on New button in group creation page. | |
10363 |
SEVERE |
Creation of group under container failed. |
DN of containerName of grouperror message |
Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10364 |
SEVERE |
Creation of group under container failed. |
DN of containerName of grouperror message |
Unable to create group due to access management SDK exception. |
Look under access management SDK log for more information. |
10371 |
INFO |
Attempt to create group under group container |
DN of group containerName of group |
Click on New button in group creation page. | |
10372 |
INFO |
Creation of groups under group container succeeded. |
DN of group containerName of group |
Click on New button in group creation page. | |
10373 |
SEVERE |
Creation of group under group container failed. |
DN of group containerName of grouperror message |
Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10374 |
SEVERE |
Creation of group under group container failed. |
DN of group containerName of grouperror message |
Unable to create group due to access management SDK exception. |
Look under access management SDK log for more information. |
10381 |
INFO |
Attempt to create group under dynamic group |
DN of dynamic groupName of group |
Click on New button in group creation page. | |
10382 |
INFO |
Creation of groups under dynamic group succeeded. |
DN of dynamic groupName of group |
Click on New button in group creation page. | |
10383 |
SEVERE |
Creation of group under dynamic group failed. |
DN of dynamic groupName of grouperror message |
Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10384 |
SEVERE |
Creation of group under dynamic group failed. |
DN of dynamic groupName of grouperror message |
Unable to create group due to access management SDK exception. |
Look under access management SDK log for more information. |
10391 |
INFO |
Attempt to create group under static group |
DN of static groupName of group |
Click on New button in group creation page. | |
10392 |
INFO |
Creation of groups under static group succeeded. |
DN of static groupName of group |
Click on New button in group creation page. | |
10393 |
SEVERE |
Creation of group under static group failed. |
DN of static groupName of grouperror message |
Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10394 |
SEVERE |
Creation of group under static group failed. |
DN of static groupName of grouperror message |
Unable to create group due to access management SDK exception. |
Look under access management SDK log for more information. |
10401 |
INFO |
Attempt to create group under assignable dynamic group |
DN of assignable dynamic groupName of group |
Click on New button in group creation page. | |
10402 |
INFO |
Creation of groups under assignable dynamic group succeeded. |
DN of assignable dynamic groupName of group |
Click on New button in group creation page. | |
10403 |
SEVERE |
Creation of group under assignable dynamic group failed. |
DN of assignable dynamic groupName of grouperror message |
Unable to create group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10404 |
SEVERE |
Creation of group under assignable dynamic group failed. |
DN of assignable dynamic groupName of grouperror message |
Unable to create group due to access management SDK exception. |
Look under access management SDK log for more information. |
10411 |
INFO |
Attempt to modify group |
DN of group |
Click on Save button in group profile page. | |
10412 |
INFO |
Modification of groups succeeded. |
DN of group |
Click on Save button in group profile page. | |
10414 |
SEVERE |
Modification of group failed. |
DN of assignable dynamic groupName of grouperror message |
Unable to modify group due to access management SDK exception. |
Look under access management SDK log for more information. |
10421 |
INFO |
Attempt to search for users in group |
DN of groupSearch pattern |
View group's user page. | |
10422 |
INFO |
Searching for users in group succeeded. |
DN of groupSearch pattern |
View group's user page. | |
10423 |
SEVERE |
Searching for users in group failed. |
DN of groupSearch patternerror message |
Unable to search for users. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10424 |
SEVERE |
Searching for users in group failed. |
DN of groupSearch patternerror message |
Unable to search for users due to access management SDK exception. |
Look under access management SDK log for more information. |
10431 |
INFO |
Attempt to get nested groups |
DN of group |
View group's members page. | |
10432 |
INFO |
Getting nested groups succeeded. |
DN of group |
View group's members page. | |
10433 |
SEVERE |
Getting nested groups failed. |
DN of grouperror message |
Unable to get nested group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10434 |
SEVERE |
Getting nested groups failed. |
DN of grouperror message |
Unable to get nested group due to access management SDK exception. |
Look under access management SDK log for more information. |
10441 |
INFO |
Attempt to remove nested groups |
DN of groupDN of nested groups |
Click on remove button in group's members page. | |
10442 |
INFO |
Removal of nested groups succeeded. |
DN of groupDN of nested groups |
Click on remove button in group's members page. | |
10443 |
SEVERE |
Removal of nested groups failed. |
DN of groupDN of nested groupserror message |
Unable to remove nested group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10444 |
SEVERE |
Removal of nested groups failed. |
DN of groupDN of nested groupserror message |
Unable to remove nested group due to access management SDK exception. |
Look under access management SDK log for more information. |
10451 |
INFO |
Attempt to remove users from group |
DN of groupDN of users |
Click on remove button in group's members page. | |
10452 |
INFO |
Removal of users from group succeeded. |
DN of groupDN of users |
Click on remove button in group's members page. | |
10453 |
SEVERE |
Removal of users from group failed. |
DN of groupDN of userserror message |
Unable to remove users. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10454 |
SEVERE |
Removal of users from group failed. |
DN of groupDN of userserror message |
Unable to remove users due to access management SDK exception. |
Look under access management SDK log for more information. |
10501 |
INFO |
Attempt to search people containers in organization |
DN of organizationSearch pattern |
View organization's people containers page. | |
10502 |
INFO |
Searching of people containers in organization succeeded. |
DN of organizationSearch pattern |
View organization's people containers page. | |
10503 |
SEVERE |
Searching of people containers in organization failed. |
DN of organizationSearch patternerror message |
Unable to search for people containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10504 |
SEVERE |
Searching of people containers in organization failed. |
DN of organizationSearch patternerror message |
Unable to search for people containers due to access management SDK exception. |
Look under access management SDK log for more information. |
10511 |
INFO |
Attempt to search people containers in container |
DN of containerSearch pattern |
View container's people containers page. | |
10512 |
INFO |
Searching of people containers in container succeeded. |
DN of containerSearch pattern |
View container's people containers page. | |
10513 |
SEVERE |
Searching of people containers in container failed. |
DN of containerSearch patternerror message |
Unable to search for people containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10514 |
SEVERE |
Searching of people containers in container failed. |
DN of containerSearch patternerror message |
Unable to search for people containers due to access management SDK exception. |
Look under access management SDK log for more information. |
10521 |
INFO |
Attempt to search people containers in people container |
DN of people containerSearch pattern |
View people container's people containers page. | |
10522 |
INFO |
Searching of people containers in people container succeeded. |
DN of people containerSearch pattern |
View people container's people containers page. | |
10523 |
SEVERE |
Searching of people containers in people container failed. |
DN of people containerSearch patternerror message |
Unable to search for people containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10524 |
SEVERE |
Searching of people containers in people container failed. |
DN of people containerSearch patternerror message |
Unable to search for people containers due to access management SDK exception. |
Look under access management SDK log for more information. |
10531 |
INFO |
Attempt to create people container in organization |
DN of organizationName of people container |
Click on New button in people container creation page. | |
10532 |
INFO |
Creation of people containers in organization succeeded. |
DN of organizationName of people container |
Click on New button in people container creation page. | |
10533 |
SEVERE |
Creation of people container in organization failed. |
DN of organizationName of people containererror message |
Unable to create for people containers. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10534 |
SEVERE |
Creation of people container in organization failed. |
DN of organizationName of people containererror message |
Unable to create for people container due to access management SDK exception. |
Look under access management SDK log for more information. |
10541 |
INFO |
Attempt to create people container in container |
DN of containerName of people container |
Click on New button in people container creation page. | |
10542 |
INFO |
Creation of people container in container succeeded. |
DN of containerName of people container |
Click on New button in people container creation page. | |
10543 |
SEVERE |
Creation of people container in container failed. |
DN of containerName of people containererror message |
Unable to create for people container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10544 |
SEVERE |
Creation of people container in container failed. |
DN of containerName of people containererror message |
Unable to create for people container due to access management SDK exception. |
Look under access management SDK log for more information. |
10551 |
INFO |
Attempt to create people container in people container |
DN of people containerName of people container |
Click on New button in people container creation page. | |
10552 |
INFO |
Creation of people container in people container succeeded. |
DN of people containerName of people container |
Click on New button in people container creation page. | |
10553 |
SEVERE |
Creation of people container in people container failed. |
DN of people containerName of people container error message |
Unable to create for people container. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10554 |
SEVERE |
Creation of people container in people container failed. |
DN of people containerName of people container error message |
Unable to create for people container due to access management SDK exception. |
Look under access management SDK log for more information. |
10601 |
INFO |
Attempt to get assigned services to an organization |
DN of organization |
View organization's service profile page. | |
10602 |
INFO |
Getting of assigned services to organization succeeded. |
DN of organization |
View organization's service profile page. | |
10603 |
SEVERE |
Getting of assigned services to organization failed. |
DN of organizationerror message |
Unable to get assigned services. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10604 |
SEVERE |
Getting of assigned services to organization failed. |
DN of organizationerror message |
Unable to get assigned services due to access management SDK exception. |
Look under access management SDK log for more information. |
10611 |
INFO |
Attempt to remove services from an organization |
DN of organizationName of service |
Click on unassign button in organization's service profile page. | |
10612 |
INFO |
Removal of services from organization succeeded. |
DN of organizationName of service |
Click on unassign button in organization's service profile page. | |
10613 |
SEVERE |
Removal of services from organization failed. |
DN of organizationName of serviceerror message |
Unable to remove services. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10614 |
SEVERE |
Removal of services from organization failed. |
DN of organizationName of serviceerror message |
Unable to remove services due to access management SDK exception. |
Look under access management SDK log for more information. |
10621 |
INFO |
Attempt to search organization in an organization |
DN of organizationSearch pattern |
View organization's sub organization page. | |
10622 |
INFO |
Searching for organization in an organization succeeded. |
DN of organizationSearch pattern |
View organization's sub organization page. | |
10623 |
SEVERE |
Searching for organization in an organization failed. |
DN of organizationSearch patternerror message |
Unable to search for organizations. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10624 |
SEVERE |
Searching for organization in an organization failed. |
DN of organizationSearch patternerror message |
Unable to search for organizations due to access management SDK exception. |
Look under access management SDK log for more information. |
10631 |
INFO |
Attempt to modify organization |
DN of organization |
Click on Save button in organization profile page. | |
10632 |
INFO |
Modificaition of organization succeeded. |
DN of organization |
Click on Save button in organization profile page. | |
10633 |
SEVERE |
Modificaition of organization failed. |
DN of organizationerror message |
Unable to modify organization. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10634 |
SEVERE |
Modificaition of organization failed. |
DN of organizationerror message |
Unable to modify organization due to access management SDK exception. |
Look under access management SDK log for more information. |
10641 |
INFO |
Attempt to create organization in an organization |
DN of organizationName of new organization |
Click on New button in organization creation page. | |
10642 |
INFO |
Creation of organization in an organization succeeded. |
DN of organizationName of new organization |
Click on New button in organization creation page. | |
10643 |
SEVERE |
Creation of organization in an organization failed. |
DN of organizationName of new organizationerror message |
Unable to create organization. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10644 |
SEVERE |
Creation of organization in an organization failed. |
DN of organizationName of new organizationerror message |
Unable to create organization due to access management SDK exception. |
Look under access management SDK log for more information. |
10651 |
INFO |
Attempt to get attribute values of an organization |
DN of organization |
View organization profile page. | |
10652 |
INFO |
Getting of attribute values of an organization succeeded. |
DN of organization |
View organization profile page. | |
10653 |
SEVERE |
Getting of attribute values of an organization failed. |
DN of organizationerror message |
Unable to get attribute values of organization. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10654 |
SEVERE |
Getting of attribute values of an organization failed. |
DN of organizationerror message |
Unable to get attribute values of organization due to access management SDK exception. |
Look under access management SDK log for more information. |
10661 |
INFO |
Attempt to add service to an organization |
DN of organizationName of service |
Click on assign button in organization's service page. | |
10662 |
INFO |
Addition of service to an organization succeeded. |
DN of organizationName of service |
Click on assign button in organization's service page. | |
10663 |
SEVERE |
Addition of service to an organization failed. |
DN of organizationName of serviceerror message |
Unable to add service to organization. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10664 |
SEVERE |
Addition of service to an organization failed. |
DN of organizationName of serviceerror message |
Unable to add service to organization due to access management SDK exception. |
Look under access management SDK log for more information. |
10701 |
INFO |
Attempt to remove users from role |
DN of roleName of users |
Click on remove button in role's user page. | |
10702 |
INFO |
Removal of users from role succeeded. |
DN of roleName of users |
Click on remove button in role's user page. | |
10703 |
SEVERE |
Removal of users from role failed. |
DN of roleName of userserror message |
Unable to remove users. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10704 |
SEVERE |
Removal of users from role failed. |
DN of roleName of userserror message |
Unable to remove users due to access management SDK exception. |
Look under access management SDK log for more information. |
10711 |
INFO |
Attempt to get attribute values of role |
DN of role |
View role profile page. | |
10712 |
INFO |
Getting attribute values of rolesucceeded. |
DN of role |
View role profile page. | |
10713 |
SEVERE |
Getting attribute values of role failed. |
DN of roleerror message |
Unable to get attribute values. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10714 |
SEVERE |
Getting attribute values of role failed. |
DN of roleerror message |
Unable to get attribute values due to access management SDK exception. |
Look under access management SDK log for more information. |
10721 |
INFO |
Attempt to modify role |
DN of role |
Click on Save button in role profile page. | |
10722 |
INFO |
Modification of role succeeded. |
DN of role |
Click on Save button in role profile page. | |
10723 |
SEVERE |
Modification of role failed. |
DN of roleerror message |
Unable to modify role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10724 |
SEVERE |
Modification of role failed. |
DN of roleerror message |
Unable to modify role due to access management SDK exception. |
Look under access management SDK log for more information. |
10731 |
INFO |
Attempt to getting members in role |
DN of roleSearch pattern |
View role's members page. | |
10732 |
INFO |
Getting members in role succeeded. |
DN of roleSearch pattern |
View role's members page. | |
10733 |
SEVERE |
Getting members in role failed. |
DN of roleSearch patternerror message |
Unable to getting members. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10734 |
SEVERE |
Getting members in role failed. |
DN of roleSearch patternerror message |
Unable to getting members due to access management SDK exception. |
Look under access management SDK log for more information. |
10741 |
INFO |
Attempt to getting roles in organization |
DN of roleSearch pattern |
View organization's roles page. | |
10742 |
INFO |
Getting roles in organization succeeded. |
DN of roleSearch patternView role's members page. |
View organization's roles page. | |
10743 |
SEVERE |
Getting roles in organization failed. |
DN of roleSearch patternerror message |
Unable to getting roles. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10744 |
SEVERE |
Getting roles in organization failed. |
DN of roleSearch patternerror message |
Unable to getting roles due to access management SDK exception. |
Look under access management SDK log for more information. |
10751 |
INFO |
Attempt to getting roles in container |
DN of roleSearch pattern |
View container's roles page. | |
10752 |
INFO |
Getting roles in container succeeded. |
DN of roleSearch patternView role's members page. |
View container's roles page. | |
10753 |
SEVERE |
Getting roles in container failed. |
DN of roleSearch patternerror message |
Unable to getting roles. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10754 |
SEVERE |
Getting roles in container failed. |
DN of roleSearch patternerror message |
Unable to getting roles due to access management SDK exception. |
Look under access management SDK log for more information. |
10761 |
INFO |
Attempt to creating roles in container |
DN of containerName of role |
Click on New button in roles creation page. | |
10762 |
INFO |
Creation of roles in container succeeded. |
DN of containerName of role |
Click on New button in roles creation page. | |
10763 |
SEVERE |
Creation of roles in container failed. |
DN of containerName of role |
Unable to create role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10764 |
SEVERE |
Creation of role in container failed. |
DN of containerName of roleerror message |
Unable to create role due to access management SDK exception. |
Look under access management SDK log for more information. |
10771 |
INFO |
Attempt to creating roles in organization |
DN of organizationName of role |
Click on New button in roles creation page. | |
10772 |
INFO |
Creation of roles in organization succeeded. |
DN of organizationName of role |
Click on New button in roles creation page. | |
10773 |
SEVERE |
Creation of roles in organization failed. |
DN of organizationName of role |
Unable to create role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10774 |
SEVERE |
Creation of role in organization failed. |
DN of organizationName of roleerror message |
Unable to create role due to access management SDK exception. |
Look under access management SDK log for more information. |
10781 |
INFO |
Attempt to get assigned services in role |
DN of role |
View role's service page. | |
10782 |
INFO |
Getting of assigned services in role succeeded. |
DN of role |
View role's service page. | |
10783 |
SEVERE |
Getting of assigned services in role failed. |
DN of roleerror message |
Unable to get services in role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10784 |
SEVERE |
Getting of assigned services in role failed. |
DN of roleerror message |
Unable to get services in role due to access management SDK exception. |
Look under access management SDK log for more information. |
10791 |
INFO |
Attempt to remove service from role |
DN of roleName of service |
Click on unassign button in role's service page. | |
10792 |
INFO |
Removal of service from role succeeded. |
DN of roleName of service |
Click on unassign button in role's service page. | |
10793 |
SEVERE |
Removal of service from role failed. |
DN of roleName of serviceerror message |
Unable to remove service from role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10794 |
SEVERE |
Removal of service from role failed. |
DN of roleName of serviceerror message |
Unable to remove service from role due to access management SDK exception. |
Look under access management SDK log for more information. |
10801 |
INFO |
Attempt to add service to role |
DN of roleName of service |
Click on assign button in role's service page. | |
10802 |
INFO |
Addition of service to role succeeded. |
DN of roleName of service |
Click on assign button in role's service page. | |
10803 |
SEVERE |
Addition of service to role failed. |
DN of roleName of serviceerror message |
Unable to add service to role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10804 |
SEVERE |
Addition of service to role failed. |
DN of roleName of serviceerror message |
Unable to add service to role due to access management SDK exception. |
Look under access management SDK log for more information. |
10901 |
INFO |
Attempt to get assigned role of user |
DN of user |
View user's role page. | |
10902 |
INFO |
Getting of assigned role of user succeeded. |
DN of user |
View user's role page. | |
10903 |
SEVERE |
Getting of assigned role of user failed. |
DN of usererror message |
Unable to get assigned roles. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10904 |
SEVERE |
Getting of assigned role of user failed. |
DN of userName of serviceerror message |
Unable to get assigned roles due to access management SDK exception. |
Look under access management SDK log for more information. |
10911 |
INFO |
Attempt to remove role from user |
DN of userDN of role |
Click on delete button in user's role page. | |
10912 |
INFO |
Removal of role from user succeeded. |
DN of userDN of role |
Click on delete button in user's role page. | |
10913 |
SEVERE |
Removal of role from user failed. |
DN of userDN of roleerror message |
Unable to remove role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10914 |
SEVERE |
Removal of role from user failed. |
DN of userDN of roleName of service error message |
Unable to remove role due to access management SDK exception. |
Look under access management SDK log for more information. |
10921 |
INFO |
Attempt to add role to user |
DN of userDN of role |
Click on add button in user's role page. | |
10922 |
INFO |
Addition of role to user succeeded. |
DN of userDN of role |
Click on add button in user's role page. | |
10923 |
SEVERE |
Addition of role to user failed. |
DN of userDN of roleerror message |
Unable to add role. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10924 |
SEVERE |
Addition of role to user failed. |
DN of userDN of roleName of service error message |
Unable to add role due to access management SDK exception. |
Look under access management SDK log for more information. |
10931 |
INFO |
Attempt to get assigned services of user |
DN of user |
View user's services page. | |
10932 |
INFO |
Getting assigned services of user succeeded. |
DN of user |
View user's services page. | |
10933 |
SEVERE |
Getting assigned services of user failed. |
DN of usererror message |
Unable to get services. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10934 |
SEVERE |
Getting assigned services of user failed. |
DN of usererror message |
Unable to get services due to access management SDK exception. |
Look under access management SDK log for more information. |
10941 |
INFO |
Attempt to remove service from user |
DN of userName of service |
Click on remove button in user's services page. | |
10942 |
INFO |
Removal of service from user succeeded. |
DN of userName of service |
Click on remove button in user's services page. | |
10943 |
SEVERE |
Removal of service from user failed. |
DN of userName of serviceerror message |
Unable to remove services. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10944 |
SEVERE |
Removal of service from user failed. |
DN of userName of serviceerror message |
Unable to remove services due to access management SDK exception. |
Look under access management SDK log for more information. |
10951 |
INFO |
Attempt to search for user in an organization |
DN of organizationSearch pattern |
View organization's user page. | |
10952 |
INFO |
Searching for user in organization succeeded. |
DN of organizationSearch pattern |
View organization's user page. | |
10953 |
SEVERE |
Searching for user in organization failed. |
DN of organizationSearch patternerror message |
Unable to search for user. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10954 |
SEVERE |
Searching for user in organization failed. |
DN of organizationSearch patternerror message |
Unable to search for user due to access management SDK exception. |
Look under access management SDK log for more information. |
10961 |
INFO |
Attempt to modify user |
DN of user |
Click on Save button in user profile page. | |
10962 |
INFO |
Modification of user profile succeeded. |
DN of user |
Click on Save button in user profile page. | |
10963 |
SEVERE |
Modification of user profile failed. |
DN of usererror message |
Unable to modify user. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10964 |
SEVERE |
Modification of user profile failed. |
DN of usererror message |
Unable to modify user due to access management SDK exception. |
Look under access management SDK log for more information. |
10971 |
INFO |
Attempt to create user |
DN of people containerName of user |
Click on Add button in user creation page. | |
10972 |
INFO |
Creation of user succeeded. |
DN of people containerName of user |
Click on Add button in user creation page. | |
10973 |
SEVERE |
Creation of user failed. |
DN of people containerName of usererror message |
Unable to create user. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10974 |
SEVERE |
Creation of user failed. |
DN of people containerName of usererror message |
Unable to create user due to access management SDK exception. |
Look under access management SDK log for more information. |
10981 |
INFO |
Attempt to get attribute values of user |
DN of user |
View user profile page. | |
10982 |
INFO |
Getting attribute values of user succeeded. |
DN of user |
View user profile page. | |
10983 |
SEVERE |
Getting attribute values of user failed. |
DN of usererror message |
Unable to get attribute values . It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10984 |
SEVERE |
Getting attribute values of user failed. |
DN of usererror message |
Unable to get attribute values due to access management SDK exception. |
Look under access management SDK log for more information. |
10991 |
INFO |
Attempt to add service to user |
DN of userName of service |
Click on add button in user's service page. | |
10992 |
INFO |
Addition of service to user succeeded. |
DN of userName of service |
Click on add button in user's service page. | |
10993 |
SEVERE |
Addition of service to user failed. |
DN of userName of serviceerror message |
Unable to add service. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
10994 |
SEVERE |
Addition of service to user failed. |
DN of userName of serviceerror message |
Unable to add service due to access management SDK exception. |
Look under access management SDK log for more information. |
11001 |
INFO |
Attempt to get assigned groups of user |
DN of user |
View user's group page. | |
11002 |
INFO |
Getting of assigned group of user succeeded. |
DN of user |
View user's group page. | |
11003 |
SEVERE |
Getting of assigned group of user failed. |
DN of usererror message |
Unable to get assigned group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
11004 |
SEVERE |
Getting of assigned group of user failed. |
DN of usererror message |
Unable to get assigned group due to access management SDK exception. |
Look under access management SDK log for more information. |
11011 |
INFO |
Attempt to remove group from user |
DN of userDN of group |
Click on remove button in user's group page. | |
11012 |
INFO |
Removal of group from user succeeded. |
DN of userDN of group |
Click on remove button in user's group page. | |
11013 |
SEVERE |
Removal of group from user failed. |
DN of userDN of grouperror message |
Unable to remove group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
11014 |
SEVERE |
Removal of group from user failed. |
DN of userDN of grouperror message |
Unable to remove group due to access management SDK exception. |
Look under access management SDK log for more information. |
11021 |
INFO |
Attempt to add group to user |
DN of userDN of group |
Click on add button in user's group page. | |
11022 |
INFO |
Addition of group to user succeeded. |
DN of userDN of group |
Click on add button in user's group page. | |
11023 |
SEVERE |
Addition of group to user failed. |
DN of userDN of grouperror message |
Unable to add group. It may be the single sign on token of the user has expired; or the user does not have permission to perform this operation. |
Look under access management SDK log for more information. |
11024 |
SEVERE |
Addition of group to user failed. |
DN of userDN of grouperror message |
Unable to add group due to access management SDK exception. |
Look under access management SDK log for more information. |
Table C–4 Log Reference for Federation
Id |
Log Level |
Description |
Data |
Triggers |
Actions |
---|---|---|---|---|---|
1 |
INFO |
Authetication Domain Creation |
authentication domain name |
Created Authentication Domain | |
2 |
INFO |
Authentication Domain Deletion |
authentication domain name |
Deleted Authentication Domain | |
3 |
INFO |
Modify Authentication Domain |
authentication domain name |
Modified Authentication Domain | |
4 |
INFO |
Remote Provider Creation |
provider id |
Created Remote Provider | |
5 |
INFO |
Hosted Provider Creation |
provider id |
Created Hosted Provider | |
6 |
INFO |
Deleted Affliation |
affliation id |
Deleted Affiliation | |
7 |
INFO |
Delete Entity |
entity id |
Deleted Entity | |
8 |
INFO |
Deleted Provider |
provider id |
Deleted Provider | |
9 |
INFO |
Modify Entity |
entity id |
Modified Entity | |
10 |
INFO |
Modify Affliation |
affliation id |
Modified Affliation | |
11 |
INFO |
Modify Provider |
provider id |
Modified Provider | |
12 |
INFO |
Create Entity |
entity id |
Created Entity | |
13 |
INFO |
Create Affiliation |
affliation id |
Created Affiliation | |
14 |
INFO |
Write Account Federation Info |
user DNfederation info keyfederation info value |
Acccount Federation Info with key was added to user | |
15 |
INFO |
Remove Account Federation Info |
user DNprovider idexisting federation info key |
Account federation info with key and provider ID was removed from user | |
16 |
FINER |
Create Assertion |
assertion id or string |
Assertion Created | |
17 |
INFO |
Liberty is not enabled. |
message |
Liberty is not enabled. Cannot process request. |
Login to Adminstration Console to enable Federation Management in the Admin Coonsole Service. |
18 |
INFO |
Logout Request processing failed. |
message |
Logout Request processing failed | |
19 |
INFO |
Termination request processing failed |
message |
Termination request processing failed | |
20 |
INFO |
Failed in creating SOAP URL End point. |
soap end point url |
Failed in creating SOAP URL End point | |
21 |
INFO |
Mismatched AuthType and the protocol (based on SOAPUrl). |
protocolauthentication type |
AuthType and the protocol (based on SOAPUrl) do not match. | |
22 |
INFO |
Wrong Authentication type |
authentication type |
Wrong Authentication type | |
23 |
FINER |
SAML SOAP Receiver URL |
soap url |
SAML SOAP Receiver URL | |
24 |
INFO |
SOAP Response is Invalid |
message |
SOAP Response is Invalid. | |
25 |
INFO |
Assertion is invalid |
message |
This Assertion is invalid | |
26 |
INFO |
Single SignOn Failed |
message |
Single SignOn Failed | |
27 |
INFO |
Redirect to URL after granting access. |
redirect url |
Redirecting to URL after granting access. | |
28 |
INFO |
Authentication Response is missing |
message |
Authentication Response not found | |
29 |
INFO |
Account Federation Failed |
message |
Account Federation Failed | |
30 |
INFO |
SSOToken Generation Failed |
message |
Failed to generate SSOToken | |
31 |
INFO |
Authentication Response is invalid |
invalid authentication response |
Authentication Response is invalid | |
32 |
INFO |
Authentication Request processing failed |
message |
Authentication Request processing failed. | |
33 |
INFO |
Signature Verification Failed. |
message |
Signature Verification Failed. | |
34 |
FINER |
Created SAML Response |
saml response |
Created SAML Response | |
35 |
FINER |
Redirect URL |
redirect url |
Redirect to : | |
36 |
INFO |
Common Domain Service Information not found |
message |
Common Domain Service Information not found. | |
37 |
INFO |
Provider is not trusted |
provider id |
Provider is not trusted. | |
38 |
INFO |
Authentication Request is invalid |
message |
Authentication Request is invalid | |
39 |
INFO |
Account Federation Information not found for user |
user name |
Account Federation Information not found for user : | |
40 |
INFO |
User not found. |
user name |
User not found. | |
41 |
INFO |
Logout profile not supported. |
logout profile |
Logout profile not supported. |
Verify metadata is correct. |
42 |
INFO |
Logout is successful. |
user name |
Logout is successful. | |
43 |
INFO |
Logout failed to redirect due to incorrect URL. |
message |
Logout failed to redirect due to incorrect URL. | |
44 |
INFO |
Logout request not formed properly. |
user name |
Logout request not formed properly. | |
45 |
INFO |
Failed to get Pre/Logout handler. |
logout url |
Failed to get Pre/Logout handler. | |
46 |
INFO |
Single logout failed. |
user name |
Single logout failed. | |
47 |
INFO |
Failed to create SPProvidedNameIdentifier. |
message |
Failed to create SPProvidedNameIdentifier. | |
48 |
INFO |
Invalid Signature. |
message |
Invalid Signature. | |
49 |
INFO |
Federation Termination failed. |
user name |
Federation Termination failed. Cannot update account. | |
50 |
FINER |
Federation Termination succeeded. |
userDN |
Federation Termination succeeded. User account updated. | |
51 |
INFO |
Response is Invalid |
saml response |
SAML Response is Invalid. | |
52 |
INFO |
Invalid Provider Registration. |
provider id |
Invalid Provider. |
Table C–5 Log Reference for Liberty
Id |
Log Level |
Description |
Data |
Triggers |
Actions |
---|---|---|---|---|---|
1 |
INFO |
Unable to process SASL Request |
message idauthentication mechanismauthorization idadvisory authentication id |
Unable to process SASL Request. | |
2 |
INFO |
SASL Response Ok |
message idauthentication mechanismauthorization idadvisory authentication id |
SASL Response Ok. | |
3 |
INFO |
Return SASL Authenticaton Response |
message idauthentication mechanismauthorization idadvisory authentication id |
Returned SASL Response , continue Authentication. | |
4 |
INFO |
User not found in Data store |
user name |
User not found in Data store | |
5 |
INFO |
User found in Data Store |
user name |
User found in Data Store | |
6 |
INFO |
Cannot locate user from resourceID |
resourceID |
Cannot locate user from resourceID | |
7 |
INFO |
Successfully updated user profile |
user name |
Successfully updated user profile | |
8 |
INFO |
UnAuthorized. Failed to Query Personal Profile Service |
resource id |
Failed to Query Personal Profile Service | |
9 |
INFO |
Interaction Failed |
resource id |
Interaction with Personal Profile Service Failed | |
10 |
INFO |
Successfully queried PP Service |
resource id |
Personal Profile Service Query Succeeded | |
11 |
INFO |
Modify Failure |
resource id |
Failed to modify Personal Profile Service | |
12 |
INFO |
Modify Success |
resource id |
Personal Profile Service Successfully modified. | |
13 |
INFO |
Interaction Successful |
successful interaction message |
Successful interaction with Personal Profile Service | |
14 |
INFO |
Sending Message |
request message id |
Sending SOAP Request Message to WSP. | |
15 |
INFO |
Returning Response Message |
response message idrequest message id |
Returning Response Message for SOAP Request. | |
16 |
INFO |
Resending Message |
message id |
Resending SOAP Request Message to WSP | |
17 |
INFO |
Interaction manager redirecting user agent to interaction service |
request message id |
Interaction manager redirecting user agent to interaction service | |
18 |
INFO |
Interaction manager returning response element |
message idreference message idcache entry status |
Interaction manager returning response element | |
19 |
INFO |
Interaction query presented to user agent |
message id |
Interaction query presented to user agent | |
20 |
INFO |
User agent responded to interaction query |
message id |
User agent responded to interaction query | |
21 |
INFO |
User agent redirected back to SP |
message id |
User agent redirected back to SP | |
22 |
INFO |
Webservices Success |
message idhandler key |
Webservices success. | |
23 |
INFO |
Webservices Failure |
error message |
Webservices Failure. |
Table C–6 Log Reference for Policy
Id |
Log Level |
Description |
Data |
Triggers |
Actions |
---|---|---|---|---|---|
1 |
INFO |
Evaluating policy succeeded |
policy namerealm nameservice type name resource nameaction namespolicy decision |
Evaluating policy. | |
2 |
INFO |
Getting protected policy resources succeeded |
principal nameresource nameprotecting policies |
Getting protected policy resources. | |
3 |
INFO |
Creating policy in a realm succeeded |
policy namerealm name |
Creating policy in a realm. | |
4 |
INFO |
Modifying policy in a realm succeeded |
policy namerealm name |
Modifying policy in a realm. | |
5 |
INFO |
Removing policy from a realm succeeded |
policy namerealm name |
Removing policy from a realm. | |
6 |
INFO |
Policy already exists in the realm |
policy namerealm name |
Creating policy in the realm. | |
7 |
INFO |
Creating policy in a realm failed |
policy namerealm name |
Creating policy in a realm. |
Check if the user has privilege to create a policy in the realm. |
8 |
INFO |
Replacing policy in a realm failed |
policy namerealm name |
Replacing policy in a realm. |
Check if the user has privilege to replace a policy in the realm. |
81 |
INFO |
Did not replace policy - A diifferent policy with the new name already exists in the realm |
new policy namerealm name |
Replacing policy in a realm | |
9 |
INFO |
Removing policy from a realm failed |
policy namerealm name |
Removing policy from a realm. |
Check if the user has privilege to remove a policy from the realm. |
10 |
INFO |
Computing policy decision by an administrator succeeded |
admin nameprincipal nameresource name policy decision |
Computing policy decision by an administrator. | |
11 |
INFO |
Computing policy decision by an administrator ignoring subjects succeeded |
admin nameresource namepolicy decision |
Computing policy decision by an administrator ignoring subjects. |
Table C–7 Log Reference for SAML
Id |
Log Level |
Description |
Data |
Triggers |
Actions |
---|---|---|---|---|---|
1 |
INFO |
New assertion created |
message idAssertion ID or Assertion if log level is LL_FINER |
Browser Artifact ProfileBrowser POST Profile Create Assertion ArtifactAuthentication Query Attribute QueryAuthorization Decision Query | |
2 |
INFO |
New assertion artifact created |
message idAssertion ArtifactID of the Assertion corresponding to the Artifact |
Browser Artifact ProfileCreating Assertion Artifact | |
3 |
FINE |
Assertion artifact removed from map |
message idAssertion Artifact |
SAML Artifact QueryAssertion artifact expires | |
4 |
FINE |
Assertion removed from map |
message idAssertion ID |
SAML Artifact QueryAssertion expires | |
5 |
INFO |
Access right by assertion artifact verified |
message idAssertion Artifact |
SAML Artifact Query | |
6 |
INFO |
Authentication type configured and the actual SOAP protocol do not match. |
message id |
SAML SOAP Query |
Login to console, go to Federation, then SAML, edit the Trusted Partners Configuration, check the selected Authentication Type field, make sure it matches the protocol specified in SOAP URL field. |
7 |
INFO |
Invalid authentication type |
message id |
SAML SOAP Query |
Login to console, go to Federation, then SAML, edit the Trusted Partners Configuration, select one of the values for Authentication Type field, then save. |
8 |
FINE |
Remote SOAP receiver URL |
message idSOAP Receiver URL |
SAML SOAP Query | |
9 |
INFO |
No assertion present in saml response |
message idSAML Response |
SAML Artifact Query |
Contact remote partner on what's wrong |
10 |
INFO |
Number of assertions in SAML response does not equal to number of artifacts in SAML request. |
message idSAML Response |
SAML Artifact Query |
Contact remote partner on what's wrong |
11 |
INFO |
Artifact to be sent to remote partner |
message idSAML Artifact |
SAML Artifact Query | |
12 |
INFO |
Wrong SOAP URL in trusted partner configuration |
message id |
SAML Artifact Query |
Login to console, go to Federation, then SAML, edit the Trusted Partners Configuration, enter value for SOAP URL field, then save. |
13 |
FINE |
SAML Artifact Query SOAP request |
message idSAML Artifact Query message |
SAML Artifact Query | |
14 |
INFO |
No reply from remote SAML SOAP Receiver |
message id |
SAML Artifact Query |
Check remote partner on what's wrong |
15 |
FINE |
SAML Artifact Query response |
message idSAML Artifact Query response message |
SAML Artifact Query | |
16 |
INFO |
No SAML response inside SOAP response |
message id |
SAML Artifact Query |
Check remote partner on what's wrong |
17 |
INFO |
XML signature for SAML response is not valid |
message id |
SAML Artifact Query |
Check remote partner on what's wrong on XML digital signature |
18 |
INFO |
Error in getting SAML response status code |
message id |
SAML Artifact Query |
Check remote partner on what's wrong on response status code |
19 |
INFO |
TARGET parameter is missing from the request |
message id |
SAML Artifact ProfileSAML POST Profile |
Add "TARGET=target_url" as query parameter in the request |
20 |
INFO |
Redirection URL in SAML artifact source site |
message idtargetredirection URL SAML response message in case of POST profile and log level is LL_FINER |
SAML Artifact Profile sourceSAML POST Profile source | |
21 |
INFO |
The specified target site is forbidden |
message idtarget URL |
SAML Artifact Profile sourceSAML POST Profile source |
TARGET URL specified in the request is not handled by any trusted partner, check your TARGET url, make sure it matches one of the Target URL configured in trusted partner sites |
22 |
INFO |
Failed to create single-sign-on token |
message id |
SAML Artifact Profile destinationSAML POST Profile destination |
Authentication component failed to create SSO token, please check authentication log and debug for more details |
23 |
INFO |
Single sign on successful, access to target is granted |
message idResponse message in case of POST profile and log levele is LL_FINER or higher |
SAML Artifact Profile destinationSAML POST Profile destination | |
24 |
INFO |
Null servlet request or response |
message id |
SAML Artifact ProfileSAML POST Profile |
Check web container error log for details |
25 |
INFO |
Missing SAML response in POST body |
message id |
SAML POST Profile destination |
Check with remote SAML partner to see why SAML response object is missing from HTTP POST body |
26 |
INFO |
Error in response message |
message id |
SAML POST Profile destination |
Unable to convert encoded POST body attribute to SAML Response object, check with remote SAML partner to see if there is any error in the SAML response create, for example, encoding error, invalid response sub-element etc. |
27 |
INFO |
Response is not valid |
message id |
SAML POST Profile destination |
recipient attribute in SAML response does not match this site's POST profile URLResponse status code is not success |
28 |
INFO |
Failed to get an instance of the message factory |
message id |
SAML SOAP Receiver init |
Check your SOAP factory property(javax.xml.soap.MessageFactory) to make sure it is using a valid SOAP factory implementation |
29 |
INFO |
Received Request from an untrusted site |
message idRemote site Hostname or IP Address |
SAML SOAP Queries |
Login to console, go to Federation, then SAML service, edit the Trusted Partners Configuration, check the Host List field, make sure remote host/IP is one the values. In case of SSL with client auth, make sure Host List contains the client certificate alias of the remote site. |
30 |
INFO |
Invalid request from remote partner site |
message id and request hostname/IP addressreturn response |
SAML SOAP Queries |
Check with administrator of remote partner site |
31 |
FINE |
Request message from partner site |
message id and request hostname/IP addressrequest xml |
SAML SOAP Queries | |
32 |
INFO |
Failed to build response due to internal server error |
message id |
SAML SOAP Queries |
Check debug message to see why it is failing, for example, cannot create response status, major/minor version error, etc. |
33 |
INFO |
Sending SAML response to partner site |
message idSAML response or response id |
SAML SOAP Queries | |
32 |
INFO |
Failed to build SOAP fault response body |
message id |
SAML SOAP Queries |
Check debug message to see why it is failing, for example, unable to create SOAP fault, etc. |
Table C–8 Log Reference for Session
Id |
Log Level |
Description |
Data |
Triggers |
Actions |
---|---|---|---|---|---|
1 |
INFO |
Session is Created |
User ID |
User is authenticated. | |
2 |
INFO |
Session has idle timedout |
User ID |
User session idle for long time. | |
3 |
INFO |
Session has Expired |
User ID |
User session has reached its maximun time limit. | |
4 |
INFO |
User has Logged out |
User ID |
User has logged out of the system. | |
5 |
INFO |
Session is Reactivated |
User ID |
User session state is active. | |
6 |
INFO |
Session is Destroyed |
User ID |
User session is destroyed and cannot be referenced. | |
7 |
INFO |
Session's property is changed. |
User ID |
User changed session's unprotected property. | |
8 |
INFO |
Session received Unknown Event |
User ID |
Unknown session event | |
9 |
INFO |
Attempt to set protected property |
User ID |
Attempt to set protected property | |
10 |
INFO |
User's session quota has been exhausted. |
User ID |
Session quota exhausted | |
11 |
INFO |
Session database used for session failover and session constraint is not available. |
User ID |
Unable to reach the session database. | |
12 |
INFO |
Session database is back online. |
User ID |
Session database is back online. | |
13 |
INFO |
The total number of valid sessions hosted on the AM server has reached the max limit. |
User ID |
Session max limit reached. |
This appendix provides a list of the error messages generated by Access Manager. While this list is not exhaustive, the information presented in this chapter will serve as a good starting point for common problems. The tables listed in this appendix provide the error code itself, a description and/or probable cause of the error, and describes the actions that can be taken to fix the encountered problem.
This appendix lists error codes for the following functional areas:
If you require further assistance in diagnosing errors, please contact Sun Technical Support:
http://www.sun.com/service/sunone/software/index.html
The following table describes the error codes generated and displayed by the Access Manager Console.
Table D–1 Access Manager Console Errors
Error Message |
Description/Probable Cause |
Action |
---|---|---|
An error has occurred while deleting the following: |
The object may have been removed by another user prior to being removed by the current user. |
Redisplay the objects that you are trying to delete and try the operation again. |
You have entered an invalid URL |
This occurs if the URL for an Access Manager console window is entered incorrectly. | |
There are no entries matching the search criteria. |
The parameters entered in the search window, or in the Filter fields, did not match any objects in the directory. |
Run the search again with a different set of parameters |
There are no attributes to display. |
The selected object does not contain any editable attributes defined in its schema. | |
There is no information to display for this service. |
The services viewed from the Service Configuration module do not have global or organization based attributes | |
Search size limit exceeded. Please refine your search. |
The parameters specified in the search have returned more entries than are allowed to be returned |
Modify the Maximum Results Returned from a Search attribute in the Administration service to a larger value. You can also modify the search parameters to be more restrictive. |
Search time limit exceeded. Please refine your search. |
The search for the specified parameters has taken longer than the allowed search time. |
Modify the Timeout for Search attribute in the Administration service to a larger value. You can also modify the search parameters, so they are less restrictive, to return more values. |
Invalid user’s start location. Please contact your administrator. |
The start location DN in the users entry is no longer valid |
In the User Profile page, change the value of the start DN to a valid DN. |
Could not create identity object. User does not have sufficient access. |
An operation was executed by a user with insufficient permissions. The permissions a user has defined determines what operations they can perform. |
The following table describes the error codes generated by the Authentication service. These errors are displayed to the user/administrator in the Authentication module.
Table D–2 Authentication Error Codes
Error Message |
Description/Probable Cause |
Action |
---|---|---|
authentication.already.login. |
The user has already logged in and has a valid session, but there is no Success URL redirect defined. |
Either logout, or set up some login success redirect URL(s) through the Access Manager Console. Use the ”goto’ query parameter with the value as Admin Console URL. |
logout.failure. |
A user is unable to logout of Access Manager. |
Restart the server. |
uncaught_exception |
An authentication Exception is thrown due to an incorrect handler |
Check the Login URL for any invalid or special characters. |
redirect.error |
Access Manager cannot redirect to Success or Failure redirect URL. |
Check the web container’s error log to see if there are any errors. |
gotoLoginAfterFail |
This link is generated when most errors occur. The link will send the user to the original Login URL page. | |
invalid.password |
The password entered is invalid. |
Passwords must contain at least 8 characters. Check that the password contains the appropriate amount of characters and ensure that it has not expired. |
auth.failed |
Authentication failed. This is the generic error message displayed in the default login failed template. The most common cause is invalid/incorrect credentials. |
Enter valid and correct user name/password (the credentials required by the invoked authentication module.) |
nouser.profile |
No user profile was found matching the the entered user name in the given organization. This error is displayed while logging in to the Membership/Self-registration authentication module. |
Enter your login information again. If this is your first login attempt, select New User in the login screen. |
notenough.characters |
The password entered does not contain enough characters. This error is displayed while logging in to the Membership/Self-registration authentication module. |
The login password must contain at least 8 characters by default (this number is configurable through the Membership Authentication module). |
useralready.exists |
A user already exists with this name in the given organization. This error is displayed while logging in to the Membership/Self-registration authentication module. |
User IDs must be unique within the organization. |
uidpasswd.same |
The User Name and Password fields cannot have the same value. This error is displayed while logging in to the Membership/Self-registration authentication module. |
Make sure that the username and password are different. |
nouser.name |
No user name was entered.This error is displayed while logging in to the Membership/Self-registration authentication module. |
Make sure to enter the user name. |
no.password |
No password was entered.This error is displayed while logging in to the Membership/Self-registration authentication module. |
Make sure to enter the password. |
missing.confirm.passwd |
Missing the confirmation password field. This error is displayed while logging in to the Membership/Self-registration authentication module. |
Make sure to enter the password in the Confirm Password field. |
password.mismatch |
The password and the confirm password do not match. This error is displayed while logging in to the Membership/Self-registration authentication module. |
Make sure that the password and confirmation password match. |
An error occurred while storing the user profile. |
An error occurred while storing the user profile.This error is displayed while logging in to the Membership/Self-registration authentication module. |
Make sure that the attributes and elements are valid and correct for Self Registration in the Membership.xml file. |
orginactive |
This organization is not active. |
Activate the organization through the Access Manager console by changing the organization status from inactive to active. |
internal.auth.error |
Internal Authentication Error. This is a generic Authentication error which may be caused by different and multiple environmental and/or configuration issues. | |
usernot.active |
The user no longer has an active status. |
Activate the user through the Admin Console by changing the user status from inactive to active. if the user is locked out by Memory Locking, restart the server. |
user.not.inrole |
User does not belong to the specified role. This error is displayed during role-based authentication. |
Make sure that the login user belongs to the role specified for the role-based authentication. |
session.timeout |
The user session has timed out. |
Login in again. |
authmodule.denied |
The specified authentication module is denied. |
Make sure that the required authentication module is registered under the required organization, that the template is created and saved for the module, and that the module is selected in the Organization Authentication Modules list in the Core Authentication module. |
noconfig.found |
No configuration found. |
Check the Authentication Configuration service for the required authentication method. |
cookie.notpersistent |
Persistent Cookie Username does not exist in the Persistent Cookie Domain. | |
nosuch.domain |
The organization found. |
Make sure that the requested organization is valid and correct. |
userhasnoprofile.org |
User has no profile in the specified organization. |
Make sure that the user exists and is valid in the specified organization in the local Directory Server. |
reqfield.missing |
One of the required fields was not completed. Please make sure all required fields are entered. |
Make sure that all required fields are entered. |
session.max.limit |
Maximum Sessions Limit Reached. |
Logout and login again. |
The following table describes the error codes generated by the Policy framework and displayed in the Access Manager Console.
Table D–3 Policy Error Codes
Error Message |
Description/Probable Cause |
Action |
---|---|---|
illegal_character_/_in_name |
Illegal character “/” in the policy name. |
Make sure that the policy name does not contain the ”/’ character. |
policy_already_exists_in_org |
A rule with the same name already exists. |
Use a different name for policy creation. |
rule_name_already_present |
Another rule with the given name already exists |
Use a different rule name for policy creation. |
rule_already_present |
A rule with the same rule value already exists. |
Use a different rule value. |
no_referral_can_not_create_policy |
No referral exists to the organization. |
In order to create policies under a sub organization, you must create a referral policy at its parent organization to indicate what resources can be referred to this sub organization. |
ldap_search_exceed_size_limit |
LDAP search size limit exceeded. An error occurred because the search found more than the maximum number of results. |
Change the search pattern or policy configuration of the organization for the search control parameters.The Search Size Limit is located in the Policy Configuration service. |
ldap_search_exceed_time_limit |
LDAP search time limit exceeded. An error occurred because the search found more than the maximum number of results. |
Change the search pattern or policy configuration of the organization for the search control parameters.The Search Time Limit is located in the Policy Configuration service. |
ldap_invalid_password |
Invalid LDAP Bind password. |
The password for LDAP Bind user defined in Policy Configuration is incorrect. This leads to the inability to get an authenticated LDAP connection to perform policy operations. |
app_sso_token_invalid |
Application SSO token is invalid. |
The server could not validate the Application SSO token. Most likely the SSO token is expired. |
user_sso_token_invalid |
User SSO token is invalid. |
The server could not validate the User SSO token. Most likely the SSO token is expired. |
property_is_not_an_Integer |
Property value not an integer. |
The value for this plugin’s property should be an integer. |
property_value_not_defined |
Property value should be defined. |
Provide a value for the given property. |
start_ip_can_not_be_greater_than_end_ip |
Start IP is larger than End IP |
An attempt was made to set end IP Address to be larger than start IP Address in IP Address condition. The Start IP cannot be larger than the End IP. |
start_date_can_not_be_larger_than_end_date |
Start Date is larger than End Date |
An attempt was made to set end Date to be larger than start Date in the policy’s Time Condition. The Start Date cannot be larger than the End Date. |
policy_not_found_in_organization |
Policy not found in organization. An error occurred trying to locate a non-existing policy in an organization. |
Make sure that the policy exists under the specified organization. |
insufficient_access_rights |
User does not have sufficient access. The user does not have sufficient right to perform policy operations. |
Perform policy operations with the user who has appropriate access rights. |
invalid_ldap_server_host |
Invalid LDAP Server host. |
Change the invalid LDAP Server host that was entered in the Policy Configuration service. |
The following table describes the error codes generated by the amadmin command line tool to Access Manager’s debug file.
Table D–4 amadmin error codes
Error Message |
Code |
Description/Probable Cause |
Action |
---|---|---|---|
nocomptype |
1 |
Too few arguments. |
Make sure that the mandatory arguments (--runasdn, --password, --passwordfile, --schema, --data, and --addAttributes) and their values are supplied in the command line. |
file |
2 |
The input XML file was not found. |
Check the syntax and make sure that the input XML is valid. |
nodnforadmin |
3 |
The user DN for the --runasdn value is missing. |
Provide the user DN as the value for --runasdn. |
noservicename |
4 |
The service name for the --deletservice value is missing. |
Provide the service name as the value for --deleteservice. |
nopwdforadmin |
5 |
The password for the --password value is missing. |
Provide the password as the value for --password. |
nolocalename |
6 |
The locale name was not provided. The locale will default to en_US. |
See the Online Help for a list of locales. |
nofile |
7 |
Missing XML input file. |
Provide at least one input XML filename to process. |
invopt |
8 |
One or more arguments are incorrect. |
Check that all arguments are valid. For a set of valid arguments, type amadmin --help. |
oprfailed |
9 |
Operation failed. |
When amadmin fails, it produces more precise error codes to indicate the specific error. Refer to those error codes to evaluate the problem. |
execfailed |
10 |
Cannot process requests. |
When amadmin fails, it produces more precise error codes to indicate the specific error. Refer to those error codes to evaluate the problem. |
policycreatexception |
12 |
Policy cannot be created. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
policydelexception |
13 |
Policy cannot be deleted. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
smsdelexception |
14 |
Service cannot be deleted. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
ldapauthfail |
15 |
Cannot authenticate user. |
Make sure the user DN and password are correct. |
parserror |
16 |
Cannot parse the input XML file. |
Make sure that the XML is formatted correctly and adheres to the amAdmin.dtd . |
parseiniterror |
17 |
Cannot parse due to an application error or a parser initialization error. |
Make sure that the XML is formatted correctly and adheres to the amAdmin.dtd . |
parsebuilterror |
18 |
Cannot parse because a parser with specified options cannot be built. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
ioexception |
19 |
Cannot read the input XML file. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
fatalvalidationerror |
20 |
Cannot parse because the XML file is not a valid file. |
Check the syntax and make sure that the input XML is valid. |
nonfatalvalidationerror |
21 |
Cannot parse because the XML file is not a valid file. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
validwarn |
22 |
XML file validation warnings for the file. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
failedToProcessXML |
23 |
Cannot process the XML file. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
nodataschemawarning |
24 |
Neither --data or --schema options are in the command. |
Check that all arguments are valid. For a set of valid arguments, type amadmin --help. |
doctyperror |
25 |
The XML file does not follow the correct DTD. |
Check the XML file for the DOCTYPE element. |
statusmsg9 |
26 |
LDAP Authentication failed due to invalid DN, password, hostname, or portnumber. |
Make sure the user DN and password are correct. |
statusmsg13 |
28 |
Service Manager exception (SSO exception). |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
statusmsg14 |
29 |
Service Manager exception. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
statusmsg15 |
30 |
Schema file inputstream exception. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
statusmsg30 |
31 |
Policy Manager exception (SSO exception). |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
statusmsg31 |
32 |
Policy Manager exception. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
dbugerror |
33 |
More than one debug option is specified. |
Only one debug option should be specified. |
loginFalied |
34 |
Login failed. |
amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem. |
levelerr |
36 |
Invalid attribute value. |
Check the level set for the LDAP search. It should be either SCOPE_SUB or SCOPE_ONE. |
failToGetObjType |
37 |
Error in getting object type. |
Make sure that the DN in the XML file is value and contains the correct object type. |
invalidOrgDN |
38 |
Invalid organization DN. |
Make sure that the DN in the XML file is valid and is an organization object. |
invalidRoleDN |
39 |
Invalid role DN. |
Make sure that the DN in the XML file is valid and is a role object. |
invalidStaticGroupDN |
40 |
Invalid static group DN. |
Make sure that the DN in the XML file is valid and is a static group object. |
invalidPeopleContainerDN |
41 |
Invalid people container DN. |
Make sure the DN in the XML file is valid and is a people container object. |
invalidOrgUnitDN |
42 |
Invalid organizational unit DN. |
Make sure that the DN in the XML file is valid and is a container object. |
invalidServiceHostName |
43 |
Invalid service host name. |
Make sure that the hostname for retrieving valid sessions is correct. |
subschemaexception |
44 |
Subschema error. |
Subcschema is only supported for global and organization attributes. |
serviceschemaexception |
45 |
Cannot locate service schema for service. |
Make sure that the sub schema in the XML file is valid. |
roletemplateexception |
46 |
The role template can be true only if the schema type is dynamic. |
Make sure that the role template in the XML file is valid. |
cannotAddusersToFileredRole |
47 |
Cannot add users to a filtered role. |
Made sure that the role DN in the XML file is not a filtered role. |
templateDoesNotExist |
48 |
Template does not exist. |
Make sure that the service template in the XML file is valid. |
cannotAdduUersToDynamicGroup |
49 |
Cannot add users to a dynamic group. |
Made sure that the group DN in the XML file is not a dynamic group. |
cannotCreatePolicyUnderContainer |
50 |
Policies can not be created in an organization that is a child organization of a container. |
Make sure that the organization in which the policy is to be created is not a child of a container. |
defaultGroupContainerNotFound |
51 |
The group container was not found. |
Create a group container for the parent organization or container. |
cannotRemoveUserFromFilteredRole |
52 |
Cannot remove a user from a filtered role. |
Make sure that the role DN in the XML file is not filtered role. |
cannotRemoveUsersFromDynamicGroup |
53 |
Cannot remove users from a dynamic group. |
Make sure that the group DN in the XML file is not a dynamic group. |
subSchemStringDoesNotExist |
54 |
The subschema string does not exist. |
Make sure that the subschema string exists in the XML file. |
defaultPeopleContainerNotFound |
59 |
You are trying to add user to an organization or container. And default people container does not exists in an organization or container. |
Make sure the default people container exists. |
nodefaulturlprefix |
60 |
Default URL prefix is not found following --defaultURLPrefix argument |
provide the default URL prefix accordingly. |
nometaalias |
61 |
Meta Alias is not found following --metaalias argument |
provide the Meta Alias accordingly. |
missingEntityName |
62 |
Entity Name is not specified. |
provide the entity name. |
missingLibertyMetaInputFile |
63 |
File name for importing meta data is missing. |
provide the file name that contains meta data. |
missingLibertyMetaOutputFile |
64 |
File name for storing exported meta data is missing. |
provide the file name for storing meta data. |
cannotObtainMetaHandler |
65 |
Unable to get a handler to Meta attribute. Specified user name and password may be incorrect. |
ensure that user name and password are correct. |
missingResourceBundleName |
66 |
Missing resource bundle name when adding, viewing or deleting resource bundle that is store in directory server. |
provide the resource bundle name |
missingResourceFileName |
67 |
Missing file name of file that contains the resource strings when adding resource bundle to directory server. |
Please provide a valid file name. |
failLoadLibertyMeta |
68 |
Failed to load liberty meta to Directory Server. |
Please check the meta data again before loading it again |