Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Access Manager 6 2005Q1 Administration Guide 

Appendix A
Error Codes

This appendix provides a list of the error messages generated by Sun Java System Acceess Manager. While this list is not exhaustive, the information presented in this chapter will serve as a good starting point for common problems. The tables listed in this appendix provide the error code itself, a description and/or probable cause of the error, and describes the actions that can be taken to fix the encountered problem.

This appendix lists error codes for the following functional areas:

If you require further assistance in diagnosing errors, please contact Sun Technical Support:

http://www.sun.com/service/sunone/software/index.html

Access Manager Console Errors

The following table describes the error codes generated and displayed by the Access Manager Console.

Table A-1  Access Manager Console Errors

Error Message

Description/Probable Cause

Action

An error has occurred while deleting the following:

The object may have been removed by another user prior to being removed by the current user.

Redisplay the objects that you are trying to delete and try the operation again.

You have entered an invalid URL

This occurs if the URL for an Access Manager console window is entered incorrectly.

 

There are no entries matching the search criteria.

The parameters entered in the search window, or in the Filter fields, did not match any objects in the directory.

Run the search again with a different set of parameters

There are no attributes to display.

The selected object does not contain any editable attributes defined in its schema.

 

There is no information to display for this service.

The services viewed from the Service Configuration module do not have global or organization based attributes

 

Search size limit exceeded. Please refine your search.

The parameters specified in the search have returned more entries than are allowed to be returned

Modify the Maximum Results Returned from a Search attribute in the Administration service to a larger value. You can also modify the search parameters to be more restrictive.

Search time limit exceeded. Please refine your search.

The search for the specified parameters has taken longer than the allowed search time.

Modify the Timeout for Search attribute in the Administration service to a larger value. You can also modify the search parameters, so they are less restrictive, to return more values.

Invalid user's start location. Please contact your administrator.

The start location DN in the users entry is no longer valid

In the User Profile page, change the value of the start DN to a valid DN.

Could not create identity object. User does not have sufficient access.

 

An operation was executed by a user with insufficient permissions. The permissions a user has defined determines what operations they can perform.

 

Authentication Error Codes

The following table describes the error codes generated by the Authentication service. These errors are displayed to the user/administrator in the Authentication module.

Table A-2  Authentication Error Codes

Error Message

Description/Probable Cause

Action

authentication.already.login.

The user has already logged in and has a valid session, but there is no Success URL redirect defined.

Either logout, or set up some login success redirect URL(s) through the Access Manager Console. Use the ‘goto’ query parameter with the value as Admin Console URL.

logout.failure.

A user is unable to logout of Access Manager.

Restart the server.

uncaught_exception

An authentication Exception is thrown due to an incorrect handler

Check the Login URL for any invalid or special characters.

redirect.error

Access Manager cannot redirect to Success or Failure redirect URL.

Check the web container’s error log to see if there are any errors.

gotoLoginAfterFail

This link is generated when most errors occur. The link will send the user to the original Login URL page.

 

invalid.password

The password entered is invalid.

 

Passwords must contain at least 8 characters. Check that the password contains the appropriate amount of characters and ensure that it has not expired.

auth.failed

Authentication failed. This is the generic error message displayed in the default login failed template. The most common cause is invalid/incorrect credentials.

Enter valid and correct user name/password (the credentials required by the invoked authentication module.)

nouser.profile

No user profile was found matching the the entered user name in the given organization. This error is displayed while logging in to the Membership/Self-registration authentication module.

 

Enter your login information again. If this is your first login attempt, select New User in the login screen.

notenough.characters

The password entered does not contain enough characters. This error is displayed while logging in to the Membership/Self-registration authentication module.

The login password must contain at least 8 characters by default (this number is configurable through the Membership Authentication module).

useralready.exists

A user already exists with this name in the given organization. This error is displayed while logging in to the Membership/Self-registration authentication module.

User IDs must be unique within the organization.

uidpasswd.same

The User Name and Password fields cannot have the same value. This error is displayed while logging in to the Membership/Self-registration authentication module.

Make sure that the username and password are different.

nouser.name

No user name was entered.This error is displayed while logging in to the Membership/Self-registration authentication module.

Make sure to enter the user name.

no.password

No password was entered.This error is displayed while logging in to the Membership/Self-registration authentication module.

Make sure to enter the password.

missing.confirm.passwd

Missing the confirmation password field. This error is displayed while logging in to the Membership/Self-registration authentication module.

Make sure to enter the password in the Confirm Password field.

password.mismatch

The password and the confirm password do not match. This error is displayed while logging in to the Membership/Self-registration authentication module.

Make sure that the password and confirmation password match.

An error occurred while storing the user profile.

An error occurred while storing the user profile.This error is displayed while logging in to the Membership/Self-registration authentication module.

Make sure that the attributes and elements are valid and correct for Self Registration in the Membership.xml file.

orginactive

This organization is not active.

Activate the organization through the Access Manager console by changing the organization status from inactive to active.

internal.auth.error

Internal Authentication Error. This is a generic Authentication error which may be caused by different and multiple environmental and/or configuration issues.

 

usernot.active

The user no longer has an active status.

Activate the user through the Admin Console by changing the user status from inactive to active.

if the user is locked out by Memory Locking, restart the server.

user.not.inrole

User does not belong to the specified role. This error is displayed during role-based authentication.

Make sure that the login user belongs to the role specified for the role-based authentication.

session.timeout

The user session has timed out.

Login in again.

authmodule.denied

The specified authentication module is denied.

Make sure that the required authentication module is registered under the required organization, that the template is created and saved for the module, and that the module is selected in the Organization Authentication Modules list in the Core Authentication module.

noconfig.found

No configuration found.

Check the Authentication Configuration service for the required authentication method.

cookie.notpersistent

Persistent Cookie Username does not exist in the Persistent Cookie Domain.

 

nosuch.domain

The organization found.

Make sure that the requested organization is valid and correct.

userhasnoprofile.org

User has no profile in the specified organization.

Make sure that the user exists and is valid in the specified organization in the local Directory Server.

reqfield.missing

One of the required fields was not completed. Please make sure all required fields are entered.

Make sure that all required fields are entered.

session.max.limit

Maximum Sessions Limit Reached.

Logout and login again.

Policy Error Codes

The following table describes the error codes generated by the Policy framework and displayed in the Access Manager Console.

Table A-3  Policy Error Codes

Error Message

Description/Probable Cause

Action

illegal_character_/_in_name

Illegal character “/” in the policy name.

Make sure that the policy name does not contain the ‘/’ character.

policy_already_exists_in_org

A rule with the same name already exists.

Use a different name for policy creation.

rule_name_already_present

Another rule with the given name already exists

Use a different rule name for policy creation.

rule_already_present

A rule with the same rule value already exists.

Use a different rule value.

no_referral_can_not_create_policy

No referral exists to the organization.

In order to create policies under a sub organization, you must create a referral policy at its parent organization to indicate what resources can be referred to this sub organization.

ldap_search_exceed_size_limit

LDAP search size limit exceeded. An error occurred because the search found more than the maximum number of results.

Change the search pattern or policy configuration of the organization for the search control parameters.The Search Size Limit is located in the Policy Configuration service.

ldap_search_exceed_time_limit

LDAP search time limit exceeded. An error occurred because the search found more than the maximum number of results.

Change the search pattern or policy configuration of the organization for the search control parameters.The Search Time Limit is located in the Policy Configuration service.

ldap_invalid_password

Invalid LDAP Bind password.

The password for LDAP Bind user defined in Policy Configuration is incorrect. This leads to the inability to get an authenticated LDAP connection to perform policy operations.

app_sso_token_invalid

Application SSO token is invalid.

The server could not validate the Application SSO token. Most likely the SSO token is expired.

user_sso_token_invalid

User SSO token is invalid.

The server could not validate the User SSO token. Most likely the SSO token is expired.

property_is_not_an_Integer

Property value not an integer.

The value for this plugin's property should be an integer.

property_value_not_defined

Property value should be defined.

Provide a value for the given property.

start_ip_can_not_be_greater_than_end_ip

Start IP is larger than End IP

An attempt was made to set end IP Address to be larger than start IP Address in IP Address condition. The Start IP cannot be larger than the End IP.

start_date_can_not_be_larger_than_end_date

Start Date is larger than End Date

An attempt was made to set end Date to be larger than start Date in the policy’s Time Condition. The Start Date cannot be larger than the End Date.

policy_not_found_in_organization

Policy not found in organization. An error occurred trying to locate a non-existing policy in an organization.

Make sure that the policy exists under the specified organization.

insufficient_access_rights

User does not have sufficient access. The user does not have sufficient right to perform policy operations.

Perform policy operations with the user who has appropriate access rights.

invalid_ldap_server_host

Invalid LDAP Server host.

Change the invalid LDAP Server host that was entered in the Policy Configuration service.

amadmin Error Codes

The following table describes the error codes generated by the amadmin command line tool to Access Manager’s debug file.

Table A-4  amadmin error codes

Error Message

Code

Description/Probable Cause

Action

nocomptype

1

Too few arguments.

Make sure that the mandatory arguments (--runasdn, --password, --passwordfile, --schema, --data, and --addAttributes) and their values are supplied in the command line.

file

2

The input XML file was not found.

Check the syntax and make sure that the input XML is valid.

nodnforadmin

3

The user DN for the --runasdn value is missing.

Provide the user DN as the value for --runasdn.

noservicename

4

The service name for the --deletservice value is missing.

Provide the service name as the value for --deleteservice.

nopwdforadmin

5

The password for the --password value is missing.

Provide the password as the value for --password.

nolocalename

6

The locale name was not provided. The locale will default to en_US.

See Default Authentication Locale for a list of locales.

nofile

7

Missing XML input file.

Provide at least one input XML filename to process.

invopt

8

One or more arguments are incorrect.

Check that all arguments are valid. For a set of valid arguments, type amadmin --help.

oprfailed

9

Operation failed.

When amadmin fails, it produces more precise error codes to indicate the specific error. Refer to those error codes to evaluate the problem.

execfailed

10

Cannot process requests.

When amadmin fails, it produces more precise error codes to indicate the specific error. Refer to those error codes to evaluate the problem.

policycreatexception

12

Policy cannot be created.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

policydelexception

13

Policy cannot be deleted.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

smsdelexception

14

Service cannot be deleted.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

ldapauthfail

15

Cannot authenticate user.

Make sure the user DN and password are correct.

parserror

16

Cannot parse the input XML file.

Make sure that the XML is formatted correctly and adheres to the amAdmin.dtd.

parseiniterror

17

Cannot parse due to an application error or a parser initialization error.

Make sure that the XML is formatted correctly and adheres to the amAdmin.dtd.

parsebuilterror

18

Cannot parse because a parser with specified options cannot be built.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

ioexception

19

Cannot read the input XML file.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

fatalvalidationerror

20

Cannot parse because the XML file is not a valid file.

Check the syntax and make sure that the input XML is valid.

nonfatalvalidationerror

21

Cannot parse because the XML file is not a valid file.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

validwarn

22

XML file validation warnings for the file.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

failedToProcessXML

23

Cannot process the XML file.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

nodataschemawarning

24

Neither --data or --schema options are in the command.

Check that all arguments are valid. For a set of valid arguments, type amadmin --help.

doctyperror

25

The XML file does not follow the correct DTD.

Check the XML file for the DOCTYPE element.

statusmsg9

26

LDAP Authentication failed due to invalid DN, password, hostname, or portnumber.

Make sure the user DN and password are correct.

statusmsg13

28

Service Manager exception (SSO exception).

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

statusmsg14

29

Service Manager exception.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

statusmsg15

30

Schema file inputstream exception.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

statusmsg30

31

Policy Manager exception (SSO exception).

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

statusmsg31

32

Policy Manager exception.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

dbugerror

33

More than one debug option is specified.

Only one debug option should be specified.

loginFalied

34

Login failed.

amadmin produces exception messages to indicate the specific error. Refer to those messages to evaluate the problem.

levelerr

36

Invalid attribute value.

Check the level set for the LDAP search. It should be either SCOPE_SUB or SCOPE_ONE.

failToGetObjType

37

Error in getting object type.

Make sure that the DN in the XML file is value and contains the correct object type.

invalidOrgDN

38

Invalid organization DN.

Make sure that the DN in the XML file is valid and is an organization object.

invalidRoleDN

39

Invalid role DN.

Make sure that the DN in the XML file is valid and is a role object.

invalidStaticGroupDN

40

Invalid static group DN.

Make sure that the DN in the XML file is valid and is a static group object.

invalidPeopleContainerDN

41

Invalid people container DN.

Make sure the DN in the XML file is valid and is a people container object.

invalidOrgUnitDN

42

Invalid organizational unit DN.

Make sure that the DN in the XML file is valid and is a container object.

invalidServiceHostName

43

Invalid service host name.

Make sure that the hostname for retrieving valid sessions is correct.

subschemaexception

44

Subschema error.

Subcschema is only supported for global and organization attributes.

serviceschemaexception

45

Cannot locate service schema for service.

Make sure that the sub schema in the XML file is valid.

roletemplateexception

46

The role template can be true only if the schema type is dynamic.

Make sure that the role template in the XML file is valid.

cannotAddusersToFileredRole

47

Cannot add users to a filtered role.

Made sure that the role DN in the XML file is not a filtered role.

templateDoesNotExist

48

Template does not exist.

Make sure that the service template in the XML file is valid.

cannotAdduUersToDynamicGroup

49

Cannot add users to a dynamic group.

Made sure that the group DN in the XML file is not a dynamic group.

cannotCreatePolicyUnderContainer

50

Policies can not be created in an organization that is a child organization of a container.

Make sure that the organization in which the policy is to be created is not a child of a container.

defaultGroupContainerNotFound

51

The group container was not found.

Create a group container for the parent organization or container.

cannotRemoveUserFromFilteredRole

52

Cannot remove a user from a filtered role.

Make sure that the role DN in the XML file is not filtered role.

cannotRemoveUsersFromDynamicGroup

53

Cannot remove users from a dynamic group.

Make sure that the group DN in the XML file is not a dynamic group.

subSchemStringDoesNotExist

54

The subschema string does not exist.

Make sure that the subschema string exists in the XML file.

 

 

 

 

defaultPeopleContainerNotFound

59

You are trying to add user to an organization or container. And default people container does not exists in an organization or container.

Make sure the default people container exists.

nodefaulturlprefix

60

Default URL prefix is not found following --defaultURLPrefix argument

provide the default URL prefix accordingly.

nometaalias

61

Meta Alias is not found following --metaalias argument

provide the Meta Alias accordingly.

missingEntityName

62

Entity Name is not specified.

provide the entity name.

missingLibertyMetaInputFile

63

File name for importing meta data is missing.

provide the file name that contains meta data.

missingLibertyMetaOutputFile

64

File name for storing exported meta data is missing.

provide the file name for storing meta data.

cannotObtainMetaHandler

65

Unable to get a handler to Meta attribute. Specified user name and password may be incorrect.

ensure that user name and password are correct.

missingResourceBundleName

66

Missing resource bundle name when adding, viewing or deleting resource bundle that is store in directory server.

provide the resource bundle name

missingResourceFileName

67

Missing file name of file that contains the resource strings when adding resource bundle to directory server.

Please provide a valid file name.

failLoadLibertyMeta

68

Failed to load liberty meta to Directory Server.

Please check the meta data again before loading it again



Previous      Contents      Index      Next     

Part No: 817-7647-11.   Copyright 2005 Sun Microsystems, Inc. All rights reserved.