Skip to main content
Version: 7.2402.x.x RR

Error handling

Operation failures are indicated by SOAP faults. There are two types of SOAP faults:

  • BusinessFault: The operation could not be completed successfully because of a logical error (e.g., a malformed query or a password policy violation). A BusinessException will be thrown. The elements of BusinessException are described in the table below.
  • TechnicalFault: The operation could not be completed due to a technical failure (e.g., a database query timeout). A TechnicalException will be thrown. The elements of TechnicalException are described in the table below.
TypeElementsDescription
BusinessExceptionmessageA specific textual message describing the business error that occurred.
reasonA reason code according to the table, which can be evaluated and handled automatically by the client.
elementIndexThis element is returned for bulk operations only, e.g., deleteCredentials(). It denotes the index of the erroneous entry. Note: first entry has index 0.
TechnicalExceptionmessageA textual message describing the technical error that occurred.

Reason codes

The table lists the existing reason codes. Reason codes give a rather general idea of the problem. Detailed information is usually printed along with the reason code. All reason codes start with error.. In the table below, this prefix has been suppressed for the sake of simplicity.

Reason code (without prefix error.)Description
addIdmToApplDataroomIt is not possible to add the nevisIDM to a data room.
applDataroomDeniedPermission denied due to application data room restriction.
archiveCredentialDeniedPermission denied because the credential cannot be archived.
assignDisabledUnitPermission denied because tried to assign a disabled unit to a profile or another unit (as subunit).
assignProfilelessUnitPermission denied because tried to assign a profileless unit to a profile.
assignSubunitAsParentIt is impossible to assign a parent unit as subunit to one of its subunits (cyclic relation).
attrAccessForbiddenPermission to attribute (or to modify the attribute) denied.
certificateExistsThe same certificate has been registered for another user. The certificate can only be assigned to a single user.
certificatePolicyViolatedThe certificate policy has been violated.
clientDataroomDeniedPermission denied due to client data room restriction.
combinedDataroomDeniedPermission denied due to data room restrictions: The user does not have the combined data room authorization.
credentialNotActiveA credential is not active, not valid anymore or not yet valid.
CredTypeClientPolicyViolatedA credential type that is not allowed according to the corresponding client policy has been selected.
CredTypeUnitPolicyViolatedA credential type that is not allowed according to the corresponding unit policy has been selected.
deleteDefaultEntityIt was not possible to delete an entity because it was the default entity. Define another entity as default first, then execute the removal again.
dimensionNotMatchThe OpenOffice template and the card dimension of an OTP credential do not match.
duplicateEmailUniqueness constraint of e-mail address has been violated.
duplicateMobileUniqueness constraint of mobile number has been violated.
duplicateNameUniqueness constraint of a name attribute has been violated.
duplicateValueThe uniqueness constraint of some attribute has been violated.
enterpriseRolesDisabledThe enterprise role feature is not enabled.
eRoleDataroomDeniedPermission denied due to enterprise role data room restriction.
filesystemIOIO fault related to file system operations, e.g., read or write permission missing.
history.norecordNo history record found for the object.
identifierPolicyViolatedThe identifier (ID) violated the policy (certain characters are prohibited in identifier strings).
inconsistentClientAssignmentAn inconsistency between a client and an assigned object (authorization, application, etc.) has been discovered.
inconsistentDataGeneric reason for inconsistent data in nevisIDM database.
insufficientFineGrainedRightsPermission denied because the user does not have sufficient fine-grained permissions.
insufficientRightsFunctionPermission denied because the user does not have sufficient permissions.
invalidConfigThe configuration is not valid.
invalidDataGeneric reason for invalid data in nevisIDM.
invalidDateThe date does not have a valid format.
invalidDateIntervalThe data interval is not valid.
invalidParameterThe input parameter is not valid, e.g., the format was not correct.
kerberosExistsThe user already has a Kerberos credential (only one per user is allowed).
loginIdGeneratorFailedThe login ID generator was unable to generate a new login ID.
mailModuleGeneric failure occurred in the e-mail module.
missingMandatoryPlaceholderOne or more mandatory placeholders in the template could not be resolved.
missingReferenceDataReference data nevisIDM requires was not found in the nevisIDM database.
mobileCannotBeDeletedIf a user has an mTAN credential, but one tries to remove the user's mobile number, this reason code is used.
mobileCannotBeDeletedOccurs if the mobile number of a user is deleted that has an mTAN credential.
mobileMissingThe SMS sending failed because the user's mobile number is not set.
mobileSignatureExistsThe user already has a mobile signature credential (only one per user is allowed).
modifyArchivedCredentialPermission denied because archived credentials cannot be modified anymore.
modifyArchivedProfilePermission denied because archived profiles cannot be modified anymore.
modifyArchivedUserPermission denied because archived users cannot be modified anymore.
modifyExtIdPermission denied because external IDs cannot be modified.
modifyLoginIdPermission denied because the user's login ID cannot be modified.
modifyReadonlyDataAttempted to modify read-only data.
msisdnFormatFormat of MSISDN is not valid.
msspIdentifierMissingThe MSSP identifier is missing in the mobile signature credential and no default value is set in the policy configuration.
mTanExistsThe user already has an mTAN credential (only one per user is allowed).
nocertcredIf a certificate upload should be performed, the user needs an empty certificate credential first.
noClientFoundThe client was not found because it was not or incorrectly specified.
noDefaultUnitInClientDefault unit of the client could not be found or was not defined.
nomobileThe user has no mobile, or the number is not a valid mobile number.
norecordNo record was found and at least one was expected.
noSmtpConnectionThe SMTP server configured in the credential policies or in the configuration is not available.
noTemplateNo template was found.
nullParameterThe input parameter is not valid, e.g., it was "null" but should have a value.
oathSecretIsSharedThe secret sharing for the OATH credential failed because the secret had been shared already.
passwordChangeDeadlineExceededPassword change deadline exceeded.
passwordExistsThe user already has a password credential (only one password credential per user is allowed).
pcyconf.invalidParamValueThe defined parameter value in the policy configuration is not valid.
pcyconf.missingParamA mandatory parameter in the policy configuration is missing.
pcyconf.missingProfilePolicyProfile policy is missing.
pcyconf.multipleClientPolicyMore than one client policy for the same client exists.
pessimisticLockingFailurePessimistic locking was not enough to handle the concurrency.
policyViolationThe policy configuration is violated.
potentialPrivilegeEscalationPermission denied due to privilege escalation constraints.
profilelessFlagCannotBeSetPermission denied because tried to set the profileless flag to a unit with profiles.
property.regexinvThe property's regular expression is not valid.
property.stringregexThe property value did not match the property's regular expression.
propertyUniquenessViolatedProperty value violated uniqueness constraints (depend on the property definition).
propety.stringmaxlenProperty value lengths exceed max. lengths defined for the property.
PUKexistsThe user already has a PUK credential (only one per user is allowed).
pwdPolicyViolatedOne or more password policy constraints have been violated.
qrCodeGenerationFailedThe QR code generation for the OATH credential failed due to a technical problem.
recordDeletedThe record has already (concurrently) been deleted.
referenceDataChangeDeniedPermission denied because read-only reference data cannot be modified.
safewordExistsThe user already has a safeword credential (only one per user is allowed).
samlAttributeFormatFormat of a SAML federation attribute is not valid. The value of the SAML federation attributes must match the regular expression set in the SAML federation policy.
securidExistsThe user already has a SecurID credential (only one per user is allowed).
securityQuestionsExistsThe user already has a security question credential (only one per user is allowed).
securityQuestionsMaxReachedThe security question reached the maximum reveal, success or failure number. Therefore, it cannot be used for authentication anymore.
tableTypeMismatchThe OTP card challenge format does not match the provided template.
techUser.oneProfileTechnical users can only have one profile.
tempStrongPasswordExistsThe user already has a temporary strong password credential (only one per user is allowed).
ticketExistsThe user already has a ticket credential (only one per user is allowed).
tooManyOTPCardsThe user has too many OTP credentials. The user may have at most two (during the OTP renewal process).
tooManySearchResultsThe query returned too many search results. This may occur to protect nevisIDM against performance intensive actions, or because a defined limitation for queries has been exceeded.
undeletedDependenciesDeleting a certain object is not possible because there are still subobjects/dependencies that have to be deleted first.
unitDataroomDeniedPermission denied due to unit data room restriction.
urlTicket.invalidFormatUnable to decode URLTicket string.
URLTicketExistsThe user already has a URL ticket credential (only one per user is allowed).
urlTicketMissingURLPrefixThe URL prefix is not set for the URL ticket. Without it, the URL ticket cannot be created.
userEmailFormatThe user's e-mail address is not valid.
userEmailNullThe user's e-mail address is mandatory but was "null".
userFirstNameNullThe user's first name is mandatory but was "null".
userMobileNullThe user's mobile number is mandatory but was "null".
userNameNullThe user's name is mandatory but was "null".
userPhoneFormatFormat of user's phone, fax or mobile number is not valid.
vascoExistsThe user already has a Vasco Digipass token credential (only one per user is allowed).