HTTP Status Codes
The following are the generic HTTP statuses for the ActivID AS OpenID API when an error is returned.
| Code | Label | Applicability | Description |
|---|---|---|---|
|
400 |
BAD REQUEST |
GET, POST, PUT, DELETE |
Request cannot be parsed, is syntactically incorrect, or violates schema |
|
401 |
UNAUTHORIZED |
GET, POST, PUT, DELETE |
Authorization failure. The authorization header is invalid or missing |
|
403 |
FORBIDDEN |
GET, POST, PUT, DELETE |
Operation is not allowed based on the supplied authorization |
|
404 |
NOT FOUND |
GET, POST, PUT, DELETE |
Specified resource (such as user) or endpoint does not exist |
|
409 |
CONFLICT |
POST, PUT, DELETE |
The specified version number does not match the resource's latest version number or ActivID AS refused to create a new, duplicate resource |
|
500 |
INTERNAL SERVER ERROR |
GET, POST, PUT, DELETE |
An internal server error has occurred |
HID Error Reason Codes
These reason codes for hid_error correspond to the error codes of the API's ErrorConstants object.
| Code | Description |
|---|---|
|
0 |
A technical error has occurred |
|
100 |
A technical error has occurred in an authentication or authentication manager adapter |
|
1000 |
A parameter was null |
|
1001 |
An authenticator status parameter is not one of the allowed values |
|
1002 |
A parameter value greater than zero was not provided |
|
1003 |
A parameter value greater than or equal to zero was not provided |
|
1005 |
During UP Authentication, either the username or usercode should be specified, but not both |
|
1006 |
A parameter was of an invalid format |
|
1007 |
Date parameters are in an invalid order (for example, start date after end date) |
|
1008 |
A parameter is too long |
|
1009 |
A value has been specified for a parameter that is not supported |
|
1010 |
A parameter representing a numeric value is too large (positive or negative) to be converted into a number |
|
1011 |
Either a specific channel, or all channels should be specified, but not both |
|
1012 |
A parameter cannot be both audited and not-audited |
|
1013 |
During adding a device, either the expiry date or never expires should be specified, but not both |
|
1014 |
When requesting manual synchronization of a device, either the clock or the counter must be specified |
|
1015 |
A device issuance request status parameter is not one of the allowed values |
|
1016 |
The device authentication request should have a usercode or device search criteria |
|
1017 |
Illegal authentication mode |
|
1018 |
The security domain is invalid |
|
1019 |
The adapter type is invalid |
|
1020 |
The adapter type is invalid |
|
1021 |
The adapter type is invalid |
|
1022 |
Either a specific Asset set, or all Asset sets should be specified, but not both |
|
1023 |
Either a specific AuthenticationTypeCode, or all AuthenticationTypes should be specified, but not both |
|
1024 |
Invalid LDAP mapping |
|
1025 |
Either a specific AssetGroupCode, or allAssetGroupCode should be specified, but not both |
|
1026 |
User status is invalid |
|
1027 |
Transaction Type is invalid |
|
1028 |
Resource Type is invalid |
| 1029 |
Device import failed due to invalid parameter |
|
1030 |
STM device activation failed due to invalid parameter |
|
1031 |
Manual Synchronization failed because the device counter was set to a value lower than the current one |
|
1032 |
Manual Synchronization failed because the device counter delta is superior than max delta |
|
1033 |
Adapter creation failed because an adapter already exists with this name and code for the specified type |
|
1034 |
An invalid algorithm was found |
|
1036 |
Error while reading the import device file due to a wrong parameter:
|
|
1100 |
An authentication type with this code already exists |
|
1101 |
A channel with this code already exists |
|
1102 |
A UP authenticator of this authentication type, with this usercode (external reference), already exists |
|
1103 |
A UP authenticator of this authentication type, with this username (login), already exists |
|
1104 |
An MD prompt with this code already exists |
|
1105 |
An MD authenticator of this authentication type, with this usercode (external reference), already exists |
|
1106 |
An asset with this code already exists |
|
1107 |
An asset group with this code already exists |
|
1108 |
An asset set with this code already exists |
|
1109 |
A function set with this code already exists |
|
1110 |
A transaction with this code already exists |
|
1111 |
A transaction set with this code already exists |
|
1112 |
An attribute type with this code already exists |
|
1113 |
A user (sub)group with this code already exists |
|
1114 |
A user with this code already exists |
|
1115 |
A user group transaction set privilege with this user subgroup and transaction set already exists |
|
1116 |
A transaction set item with this transaction already exists in the transaction set |
|
1117 |
A function set item with this function already exists in the function set |
|
1118 |
A user group function set privilege with this user subgroup and function set already exists |
|
1119 |
A user group asset set transaction set privilege with this user subgroup, asset set and transaction set, already exists |
|
1120 |
A user group asset group function set privilege with this user subgroup, asset group and function set, already exists |
|
1160 |
A device with this device type and serial number already exists |
|
1161 |
A credential with this credential code already exists |
|
1166 |
Defines the error code for a duplicate datasource entity |
|
1167 |
Defines the error code for a duplicate radiusServer entity |
|
1168 |
Defines the error code for a duplicate RealmProxy Policy entity |
|
1169 |
Defines the error code for a duplicate RequestFailurePolicy entity |
|
1170 |
A device type with this code already exists |
|
1171 |
Defines the error code for a duplicate AuthProfile entity |
|
1172 |
AssetGroup already assigned to the Transaction set Defines the error code for a duplicate assigning of AssetGroup to transactionSet |
|
1173 |
Defines the error code for a duplicate ChannelAuthProfile entity |
|
1174 |
Defines the error code overlap datasource |
|
1175 |
Defines the error code overlap client addresses of the gate policy |
|
1180 |
A role with this code already exists |
|
1190 |
DEPRECATED Defined the error code for a duplicate user role |
|
1191 |
A role function set privilege with this role and function set already exists |
|
1192 |
A role transaction set privilege with this role and transaction set already exists |
|
1193 |
An authenticator with this usercode and authentication type already exists |
|
1200 |
A user with the specified code (external reference) could not be found |
|
1201 |
A user (sub)group with the specified code could not be found |
|
1202 |
An asset with the specified code could not be found |
|
1203 |
An asset group with the specified code could not be found |
|
1204 |
An authentication type with the specified code could not be found |
|
1205 |
A UP authenticator with the specified code could not be found |
|
1206 |
An MD authenticator with the specified code could not be found |
|
1207 |
A MD Group with the specified code could not be found |
|
1208 |
An MD answer with the specified code could not be found |
|
1209 |
A channel with the specified code could not be found |
|
1210 |
An MD prompt with the specified code could not be found |
|
1211 |
An asset set with the specified code could not be found |
|
1212 |
An authenticator manager adapter with the specified code could not be found |
|
1213 |
An audit record with the specified ID could not be found |
|
1260 |
A device type with the specified code could not be found |
|
1261 |
A device with the specified ID could not be found |
|
1263 |
A session transfer type with the specified code could not be found |
|
1270 |
An authenticator could not be found |
|
1280 |
A reset password batch with the specified ID could not be found |
|
1281 |
A transaction set with the specified code could not be found |
|
1282 |
A transaction (item) with the specified code could not be found |
|
1283 |
A function set with the specified code could not be found |
|
1284 |
A function with the specified code could not be found |
|
1285 |
A function set item with the specified code could not be found |
|
1286 |
A transaction set item with the specified code could not be found |
|
1287 |
A user group transaction set privilege with the specified ID could not be found |
|
1288 |
A user group asset set transaction set privilege with the specified ID could not be found |
|
1289 |
A user group asset group function set privilege with the specified ID could not be found |
|
1290 |
A role function set privilege with the specified code ID not be found |
|
1291 |
A role transaction set privilege with the specified ID could not be found |
|
1292 |
A role with the specified code could not be found |
|
1293 |
A user role assignment could not be found |
|
1294 |
A user transaction privilege with the specified ID could not be found |
|
1295 |
A credential with the specified ID could not be found |
|
1296 |
A credential type with the specified ID could not be found |
|
1297 |
A status category with specified search criteria could not be found |
|
1298 |
A status with specified search criteria could not be found |
|
1299 |
A status transition with specified search criteria could not be found |
|
1300 |
An asset cannot be added to an asset set because they have different asset groups |
|
1301 |
RADIUS Server could not be found |
|
1302 |
RealmProxy Policy could not be found |
|
1303 |
RequestFailurePolicy could not be found |
|
1304 |
ChannelAuthorizationPolicy could not be found |
|
1305 |
ChannelAuthorizationPolicy could not be found |
|
1306 |
Dictionary Code could not be found |
|
1307 |
AssetGroup to Transaction set mapping could not be found |
|
1308 |
Datasource could not be found |
|
1309 |
An Asset set item could not be found |
|
1310 |
Email Address or template could not be found |
|
1311 |
Device issuance request could not be found |
|
1312 |
Organization could not be found |
|
1313 |
No Organization adapter could be found |
|
1314 |
Pseudonymization Token could not be found |
|
1400 |
No function privilege to call this method |
|
1500 |
Insufficient MD answers were provided to create the MD authenticator |
|
1501 |
The MD answer provided is not associated with the MD authenticator (MD group) |
|
1600 |
The authentication type only allows seeded authentication |
|
1601 |
The authentication type only allows unseeded authentication |
|
1602 |
The number of password/answer seed characters provided does not match the number of seed positions provided |
|
1603 |
The number of password/answer seed characters provided is insufficient for authentication |
|
1604 |
The seed positions provided are not unique |
|
1605 |
The number of seed positions requested is greater than the minimum length constraint |
|
1700 |
An invalid channel was found during authentication |
|
1701 |
An invalid channel was found for this authentication type |
|
1900 |
The session is invalid |
|
1901 |
The session does not exist |
|
1902 |
The session has timed out |
|
1903 |
The session has expired |
|
1904 |
The session has an invalid user associated with it |
|
1905 |
An authentication of the specified authentication type does not exist within the session |
|
1906 |
The session contains too many authentication occurrences |
|
200 |
A technical error has occurred in the Activ Kernel |
|
2000 |
The number of allowed (failed) attempts to change the password has been exceeded |
|
2001 |
An expired password change was attempted on a password that had not expired |
|
2100 |
A constraint violation has occurred (for example, when creating an authenticator with an invalid password or MD answer) |
|
2200 |
No longer used |
|
2201 |
The configurer card was not present |
|
2202 |
The configurer card is faulty |
|
2203 |
No longer used |
|
2204 |
The card is not a configurer card |
|
2205 |
No longer used |
|
2206 |
The card label is not in the form config.username |
|
2207 |
No longer used |
|
2208 |
The card was not recognized |
|
2209 |
No longer used |
|
300 |
A technical error has occurred within Core Security |
|
3000 |
The user subgroup cannot be deleted, because it contains child user subgroup(s) |
|
3001 |
The user subgroup cannot be deleted, because it contains users |
|
3002 |
The user subgroup cannot be moved, because the target parent group is a child of the subgroup |
|
3003 |
The parent of the user subgroup cannot be updated |
|
3004 |
The user group cannot be moved because it is a root group |
|
3006 |
The user subgroup cannot be moved because the target parent group does not belong to the subgroup's root group hierarchy |
|
3007 |
Cannot change user attribute types for a subgroup |
|
3200 |
An attribute type with the specified code could not be found |
|
3201 |
A credential could not be found |
|
3202 |
An adapter could not be found |
|
3203 |
A delivery provider could not be found |
|
400 |
A technical error has while getting the CheckBefore Attributes for RADIUS |
|
4000 |
The asset group or asset set contains assets |
|
4001 |
The asset group contains an asset set |
|
500 |
A technical error has occurred while validating the profile attribute type for RADIUS |
|
5000 |
The form is missing one or more required MD answers |
|
5001 |
A form with status ISSUED of this form type, already exists for this user |
|
5003 |
There was one or more problems with a user's authenticators when submitting a form |
|
5100 |
The user does not have any attributes |
|
5101 |
The user does not have a mandatory attribute |
|
5106 |
The user for a password reset request could not be found |
|
5107 |
A password cannot be generated because a minimum or maximum length constraint of an authentication type has not been set |
|
5108 |
Unable to reset password, the specified authentication type is not username password |
|
5109 |
Unable to reset password, the specified authentication type does not specify a valid two-way key |
|
5150 |
Mandatory encryption parameters for the specified authentication type are missing |
|
5151 |
The specified authentication type is not of class UP |
|
5200 |
A base authentication type cannot be dependent on itself |
|
5201 |
The session does not contain an authentication for the required base authentication type |
|
5202 |
Authentication type code is used by system, user cannot create an authentication type with same code |
|
5203 |
Direct User does not have valid authentication type to perform this indirect authentication |
|
5204 |
Trying to do direct authentication with authentication type that supports only indirect authentication |
|
5300 |
A cloned authenticator cannot be of the same authentication type |
|
5301 |
A cloned authenticator cannot be of an authentication type with a different adapter code |
|
5400 |
The specified session transfer code length is outside the minimum and maximum limits for the specified session transfer type code |
|
5401 |
The specified session transfer 'from' datetime is in the past |
|
5402 |
The specified session transfer code is not yet valid |
|
5403 |
The specified session transfer code has expired |
|
5404 |
The specified session transfer code has already been received |
|
5405 |
No unique session transfer code could be generated |
|
5406 |
The specified session transfer code does not exist |
|
5407 |
The specified session transfer code is link to a session with too high risk score |
|
600 |
A technical error has occurred in the LDAP |
|
6001 |
When creating an authentication type, the number of prompts required for creation, was greater than the actual number of prompts in the MD group |
|
6002 |
The number of prompts required for display does not match with supplied promts or prompts required for creation/authentication |
|
6003 |
When creating an authentication type, the number of prompts required for authentication, was greater than the actual number of prompts in the MD group |
|
6004 |
The password has expired but can be reset |
|
6005 |
The authenticator status is invalid |
|
6006 |
The AuthenticationType class type is incompatible |
|
6007 |
The old password is invalid |
|
6008 |
User group not authorized |
|
601 |
LDAP return size limit exception occurred |
|
602 |
LDAP lookthrough size limit exception occurred |
|
6050 |
The device search criteria do not uniquely identify device |
|
6051 |
The device is bound to a different user than the one specified |
|
6052 |
The automatic synchronization method is not supported |
|
6054 |
The start date is not before the expiry date |
|
6055 |
The manual synchronization method is not supported |
|
6056 |
The create unlock code method is not supported |
|
6057 |
The synchronization request contains incompatible information |
|
6058 |
There was no active device on the authenticator |
|
6059 |
Device does not support soft PIN |
|
6060 |
Soft PIN is too short |
|
6061 |
Soft PIN is too long |
|
6062 |
Soft PIN position is invalid |
|
6063 |
Status value is invalid |
|
6064 |
Status value is not a valid initial status |
|
6065 |
Device assignment failed |
|
6066 |
Request Device failed |
|
6067 |
Device Activation failed |
|
6068 |
Reached maximum number of SoftTokens for this device type |
|
6069 |
Reached maximum number of SoftTokens for this device type |
|
6070 |
Certificate has expired |
|
6071 |
Certificate is not yet valid |
|
6072 |
Unsupported certificate |
|
6073 |
Unable to verify certificate |
|
6074 |
Unable to download CRL |
|
6075 |
Unsupported CRL |
|
6076 |
Unable to verify CRL |
|
6077 |
Invalid certificate path |
|
6078 |
Certificate is revoked |
|
6100 |
The device does not support asynchronous authentication |
|
6101 |
The device does not support synchronous authentication |
|
6102 |
A challenge has not previously been issued for this device |
|
6104 |
The counter (ATC) on the device has reached its max value |
|
6105 |
A user defined challenge is expected, but has not been provided |
|
6200 |
No active Authenticator was found for dynamic Authenticator Selection get Challenge Request |
|
6201 |
No active Authenticator was found for dynamic Authenticator Selection Device Authentication Request |
|
6202 |
No active Authenticator was found for dynamic Authenticator Selection UP Authentication Request |
|
6203 |
For dynamic Authenticator Selection, the usercode should be specified, it cannot be NULL |
|
7000 |
A circular transaction dependency cannot be configured |
|
7001 |
A self dependent transaction cannot be configured |
|
7002 |
The transaction is a dependent transaction for another transaction(s) |
|
7003 |
The number of authorizations required must be zero or greater |
|
7004 |
The secondary transaction code must be specified |
|
7400 |
The specified user already has the specified role |
|
7500 |
Unable to delete the transaction set as a role transaction set privilege refers to it |
|
7501 |
Unable to delete the function set as a role function set privilege refers to it |
|
7502 |
Unable to delete the asset set as a role transaction set privilege refers to it |
|
7503 |
Unable to delete the asset group as a role function set privilege refers to it |
|
7504 |
Unable to delete the function set as a function set privilege refers to it |
|
7505 |
Unable to delete the function set as an asset group function set privilege refers to it |
|
7506 |
Unable to delete the transaction set as a user subgroup transaction set privilege refers to it |
|
7507 |
Unable to delete the transaction set as a user subgroup asset set transaction set privilege refers to it |
|
7508 |
Unable to delete the transaction set as a user transaction set privilege refers to it |
|
7509 |
Unable to delete the role as a user refers to it |
|
7510 |
Unable to delete the channel as an authentication type refers to it |
|
7511 |
Unable to delete channel as there is an unspecified constraint violation because a privilege may refer to it |
|
7512 |
Unable to delete the attribute type as a user attribute refers to it |
|
7513 |
Unable to delete the device type as a device refers to it |
|
7514 |
Unable to delete the device as it is assigned to a user |
|
7516 |
Unable to delete RequestFailurePolicy as it is used by one or more channels |
|
7517 |
Unable to delete the datasource as a user refers to it |
|
7518 |
Unable to delete Authorization Profile due to an existing ChannelAuthorizationProfile reference to it |
|
7519 |
Unable to delete a user attribute due to an existing LDAP attribute reference to it |
|
7520 |
Unable to delete an authentication type as something refers to it |
|
7521 |
The specified user does not have the specified role |
|
7522 |
Unable to delete a user attribute due to existing user type reference to it |
|
7523 |
Unable to delete role as it is bound to one or more user repositories |
|
8000 |
The user already has the maximum number of roles allowed |
|
8800 |
EntityId or EntityType is null in the exterAuditRequest |
|
900 |
A technical error has occurred in STM Integration |
|
9000 |
No license was found for the feature |
|
9001 |
License for feature has expired, please contact you vendor to purchase new licenses |
|
9002 |
Invalid license |
|
9003 |
Audit Tokenization is not enabled |
|
9004 |
User is not deleted so it cannot be forgotten |
|
9005 |
Adapter cannot be deleted as it is referenced by a channel |
|
9006 |
Configured function set to update does not exist |
|
9007 |
Configured function set to update is not set up correctly |
|
9008 |
Maximum number of roles has been reached |
| 9009 | UserType is SCIM_FED but there is no datasource with matching provisioningAgent |
| 9010 | OCSP or CRL internal error |
| 9011 | User is bound to a datasource that does not match this session |
| 9012 | Security Group is bound to a datasource that does not match this session |
| 9013 | Security Group is not bound to a datasource |
| 9014 | Cannot add a non SCIM_FED User to a security group bound to a datasource |
| 9015 | Client is bound to a datasource |
|
910 |
Invalid serial number |
|
920 |
Soft token activation failed |
|
930 |
The Soft token activation failed |
|
940 |
The Soft token activation failed |
|
950 |
The authentication failed |
|
951 |
A technical error has occurred while activating a push-based HID Approve device |
HID Failure Reason Codes
These reason codes for hid_failure correspond to the error codes of the API's AuthenticationResponseConstants object.
| Code | Description |
|---|---|
|
31 |
It is required to provide amount and currency for asynchronous EMV cap authentication of EMV cards with IAF=1 |
|
12 |
The authentication code length does not match the requested authentication length of characters |
|
1 |
The authenticator is disabled |
|
0 |
The authenticator could not be found |
|
7 |
The authenticator is not yet valid |
|
22 |
The challenge has expired |
|
17 |
The challenge does not match that issued for the token |
|
30 |
It is required to provide challenge for asynchronous authentication |
|
4 |
There is a primary block for this channel |
|
6 |
There is a primary and secondary block for this channel |
|
5 |
There is a secondary block for this channel |
|
20 |
The device is not valid |
|
33 |
The conversion of EMV SDB to EMV NVP format failed |
|
36 |
The credential type does not support asynchronous authentication |
|
35 |
The credential type does not support synchronous authentication |
|
40 |
Unsupported LDAP authentication mode LDAP authentication only supports synchronous authentication mode |
|
34 |
Failed to provide the required PKI_CHALLENGE_SIGNATURE parameter for Asynchronous PKI Certificate authentication |
|
18 |
An incorrect response was provided |
|
26 |
The amount value for EMV cap verification is invalid It must not have decimal character and it should be a numeric value |
|
27 |
The currency code for EMV cap verification is invalid |
|
32 |
The Cryptogram Version Number (CVN) for EMV card is invalid Supported CVN values are [0xC8, 0xC9, 0x0A, 0x0E] |
|
25 |
The EMV card data is invalid |
|
28 |
The Master Key Label for EMV card is invalid |
|
2 |
The successive failed authentication count reached the disable threshold |
|
3 |
The maximum number of usages has been reached |
|
29 |
The maximum value of ATC is reached |
|
9 |
An MD answer does not match |
|
14 |
Insufficient MD answers were provided |
|
23 |
No valid credentials were found |
|
19 |
The password's maximum usage has been reached |
|
13 |
The password does not match |
|
45 |
The user is disabled |
|
15 |
The user was not found |
|
24 |
The software PIN was wrong |
|
-1 |
The value is not defined (available) |
|
46 |
The Activation Code has expired |
|
47 |
The Activation Code has reached its threshold |
|
54 |
The score has not been retrieved |
|
55 |
The authentication code is not allowed by configuration |
|
49 |
The challenge has not been found |
|
59 |
The check before action failed |
|
48 |
The user already has an open session |
|
50 |
The OOB secret generation has failed |
|
58 |
Specific RMS parameters are missing |
|
41 |
The OTP matched |
|
42 |
The OTP did not match |
|
43 |
The PIN matched |
|
44 |
The PIN did not match |
|
56 |
For the second step authentication, no session transfer has been found |
|
57 |
The second step authentication user does not match |
|
53 |
The block threshold has been reached |
|
52 |
The reject threshold has been reached |
|
51 |
The step-up threshold has been reached |
|
39 |
Hashed password authentication is unsuccessful |
HID Response Codes
These response codes correspond to the codes of the API's AuthenticationResponseConstants object.
| Code | Description |
|---|---|
|
2 |
The authentication failed |
|
1 |
The authentication succeeded |
