19.2 Messages starting with KDCGF

This section describes the messages between KDCGF0001 and KDCGF9999, which are output by the Web service security functionality.

Messages starting with KDCGF are output in SOAPFault format. A SOAPFault format message has the following four components:

(FaultCode)

In FaultCode, a FaultCode is output. The FaultCode consists of a name space URI and a local part. To the name space URI part of the FaultCode of a message starting with KDCGF, {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd} is output. To the local part, a character string indicating the cause of the error is output.

The value of FaultCode can be obtained in the following ways:

• Server side

  For SOAP 1.1, FaultCode can be obtained from the faultcode element of a SOAP Fault message.

  For SOAP 1.2, FaultCode can be obtained from the soapenv12:Value element included in the soapenv12:Subcode element (which is a child element of the soapenv12:Code element) of a SOAP Fault message. The value of the soapenv12:Value element of the soapenv12:Code element is soapenv12:Sender.

• Client side

  FaultCode can be obtained by using the C4Fault class provided by the SOAP Communication Infrastructure or the javax.xml.ws.soap.SOAPFaultException class provided by the JAX-WS functionality.

(FaultString)

In FaultString, a message ID or message text is output. For the meaning of message IDs, see 19.1 Message description format.

FaultString can be obtained in the following ways:

• Server side

  For SOAP 1.1, FaultString can be obtained from the faultString element of a SOAP Fault message.

  For SOAP 1.2, FaultString can be obtained from the soapenv12:Text element of the soapenv12:Reason element of a SOAP Fault message.

• Client side

  FaultString can be obtained by using the C4Fault class provided by the SOAP Communication Infrastructure or the javax.xml.ws.soap.SOAPFaultException class provided by the JAX-WS functionality.

(FaultActor)

In FaultActor, the actor that generated the Fault is output.

FaultActor can be obtained in the following ways:

• Server side

  For SOAP 1.1, FaultActor can be obtained from the faultactor element of a SOAP Fault message.

  For SOAP 1.2, FaultActor can be obtained from the soapenv12:Role element of a SOAP Fault message.

• Client side

  FaultActor can be obtained by use of the C4Fault class provided by the SOAP Communication Infrastructure or the javax.xml.ws.soap.SOAPFaultException class provided by the JAX-WS functionality.

(FaultDetails)

In FaultDetails, details of the Fault are output.

FaultDetails can be obtained in the following ways:

• Server side

  For SOAP 1.1, FaultDetails can be obtained from the detail element of a SOAP Fault message.

  For SOAP 1.2, FaultDetails can be obtained from the soapenv12:Detail element of a SOAP Fault message.

• Client side

  FaultDetails can be obtained by use of the C4Fault class provided by the SOAP Communication Infrastructure or the javax.xml.ws.soap.SOAPFaultException class provided by the JAX-WS functionality.

• KDCGF0001-E

  FaultCode:

  {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UnsupportedSecurityToken

  FaultString: KDCGF0001-E An unsupported security token was specified. (location = the-location-where-the-event-occurred)

  FaultActor: None

  FaultDetails: None

  (Meaning)

  An unsupported security token element has been used in the-location-where-the-event-occurred. The following information is output to the-location-where-the-event-occurred:

  • Server: An error occurred in a message received at server side.

  • Client: An error occurred in a message received on the client side.

  (Cause)

  The error might be due to one of the following causes:

  • The EncodingType attribute of the BinarySecurityToken element is specified, but the attribute value is not http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary.

  • The ValueType attribute of the BinarySecurityToken element is specified, but the attribute value is not http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3.

  • The EncodingType attribute is specified in the KeyIdentifier element, but the attribute value is not http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary.

  • The ValueType attribute is specified in the KeyIdentifier element, but the attribute value is not http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier.

  • The ValueType attribute is specified in the WS-Security Reference element, but the attribute value is not http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3.

  • A non-Reference or non-KeyIdentifier element is specified in a child element of the WS-Security SecurityTokenReference element.

  • An XML encryption Reference element is specified in a child element of the WS-Security Security element.

  (Action)

  Check with the sender of the message to see whether the sender has sent a SOAP message containing one of the errors indicated in Cause.

• KDCGF0002-E

  FaultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}UnsupportedAlgorithm

  FaultString: KDCGF0002-E An unsupported signature or encryption algorithm was specified. (location = the-location-where-the-event-occurred)

  FaultActor: None

  FaultDetails: None

  (Meaning)

  An unsupported signature or encryption algorithm has been used in the-location-where-the-event-occurred. The following information is output to the-location-where-the-event-occurred:

  • Server: An error occurred in a message received at server side.

  • Client: An error occurred in a message received on the client side.

  (Cause)

  The error might be due to one of the following causes:

  • An unsupported algorithm is specified in the Algorithm attribute of the Canonicalization element.

  • An unsupported algorithm is specified in the Algorithm attribute of the SignatureMethod element.

  • An unsupported algorithm is specified in the Algorithm attribute of the Transform element.

  • An algorithm that is not set in the Web service security policy definition file is specified in the Algorithm attribute of the Canonicalization element.

  • An algorithm that is not set in the Web service security policy definition file is specified in the Algorithm attribute of the SignatureMethod element.

  • An algorithm that is not set in the Web service security policy definition file is specified in the Algorithm attribute of the Transform element.

  • An unsupported algorithm is specified in the Algorithm attribute of the XML encryption EncryptionMethod element.

  • An algorithm that is not set in the Web service security policy definition file is specified in the Algorithm attribute of the XML encryption EncryptionMethod element.

  (Action)

  Check with the sender of the message to see whether the sender has sent a SOAP message containing one of the errors indicated in Cause. Alternatively, check the Web service security policy definition file for incorrect settings.

• KDCGF0003-E

  FaultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}InvalidSecurity

  FaultString: KDCGF0003-E An error occurred during security header processing. (location = the-location-where-the-event-occurred)

  FaultActor: None

  FaultDetails: None

  (Meaning)

  An error occurred in the security header of the-location-where-the-event-occurred. The following information is output to the-location-where-the-event-occurred:

  • Server: An error occurred in a message received at server side.

  • Client: An error occurred in a message received on the client side.

  (Cause)

  The error might be due to one of the following causes:

  • A Created element request is specified in the Timestamp element within the Web service security policy definition file, but the received SOAP message contains no Created element.

  • An Expires element request is specified in the Timestamp element within the Web service security policy definition file, but the received SOAP message contains no Expires element.

  • The Created and Expires elements in the received SOAP message have different xsd:dateTime values in the ValueType attribute.

  • An element (Created, Expires, BinarySecurityToken, or KeyIdentifier element) that requires a value has no value.

  • A BinarySecurityToken element request is specified in the Web service security policy definition file, but the received SOAP message contains no BinarySecurityToken element.

  • The Reference element has no URI attribute.

  • No value is set in the URI attribute of the Reference element.

  • A SOAP body signature request is specified in the Web service security policy definition file, but the SOAP body of the received SOAP message has no signature.

  • An encrypted SOAP message has no KeyInfo element.

  • A key specified in the KeyName element of an encrypted SOAP message is not defined in the Web service security functionality definition file.

  • A SOAP body element encryption request is specified in the Web service security policy definition file, but the SOAP body of the received SOAP message has no encrypted element.

  • A received SOAP message contains ID attributes that have the same attribute value.

  • The Name and My_role attributes of the ReceiverPortConfig element in the Web service security policy definition file have no corresponding setting in the Web service security functionality definition file.

  (Action)

  Check with the sender of the message to see whether the sender has sent a SOAP message containing one of the errors indicated in Cause. Alternatively, check the Web service security policy definition file for incorrect settings.

• KDCGF0004-E

  FaultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}InvalidSecurityToken

  FaultString: KDCGF0004-E An invalid security token was specified. (location = the-location-where-the-event-occurred)

  FaultActor: None

  FaultDetails: None

  (Meaning)

  An invalid security token has been used for the-location-where-the-event-occurred. The following information is output to the-location-where-the-event-occurred:

  • Server: An error occurred in a message received at server side.

  • Client: An error occurred in a message received on the client side.

  (Cause)

  The error might be due to one of the following causes:

  • The BinarySecurityToken element has no ValueType attribute.

  • Verification of BinarySecurityToken elements in received SOAP messages using the certificate file defined in the Web service security policy definition file always fails.

  (Action)

  Check with the sender of the message to see whether the sender has sent a SOAP message containing one of the errors indicated in Cause. Alternatively, check the Web service security policy definition file for incorrect settings.

• KDCGF0005-E

  FaultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}FailedAuthentication

  FaultString: KDCGF0005-E A security token could not be authenticated or authorized. (location = the-location-where-the-event-occurred)

  FaultActor: None

  FaultDetails: None

  (Meaning)

  The security token in the-location-where-the-event-occurred cannot be authenticated or authorized. The following information is output to the-location-where-the-event-occurred:

  • Server: An error occurred in a message received at server side.

  • Client: An error occurred in a message received on the client side.

  (Cause)

  See the Cause item for KDCGJ0001-E in the manual uCosminexus Application Server Messages.

  (Action)

  See the Action item for KDCGJ0001-E in the manual uCosminexus Application Server Messages.

• KDCGF0006-E

  FaultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}FailedCheck

  FaultString: KDCGF0006-E A signature or decryption was invalid. (location = the-location-where-the-event-occurred)

  FaultActor: None

  FaultDetails: None

  (Meaning)

  A signature or encryption in the-location-where-the-event-occurred is invalid. The following information is output to the-location-where-the-event-occurred:

  • Server: An error occurred in a message received at server side.

  • Client: An error occurred in a message received on the client side.

  (Cause)

  The error might be due to one of the following causes:

  • A received SOAP message has an invalid signature.

  • A received SOAP message is incorrectly encrypted.

  (Action)

  Check with the sender of the message to see whether the sender has sent a SOAP message containing one of the errors indicated in Cause.

• KDCGF0007-E

  FaultCode: {http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd}SecurityTokenUnavailable

  FaultString: KDCGF0007-E A referenced security token cannot be found. (location = the-location-where-the-event-occurred)

  FaultActor: None

  FaultDetails: None

  (Meaning)

  The referenced security token element could not be found in a SOAP message received at the-location-where-the-event-occurred. The following information is output to the-location-where-the-event-occurred:

  • Server: An error occurred in a message received at server side.

  • Client: An error occurred in a message received on the client side.

  (Cause)

  • A BinarySecurityToken element specified in the WS-Security Reference element was not found.

  • An X.509 certificate with a subject key identifier specified in the WS-Security KeyIdentifier element was not found in the key store file specified in the VerificationKeyStore element within the Web service security functionality definition file.

  (Action)

  Check with the sender of the message to see whether the sender has sent a SOAP message containing one of the errors indicated in Cause.

To Page Top