Web Agent Error Codes

The agent attempted to authenticate a user but the request failed due to an unknown error. The Cams webagent trace log and/or a Cams policy server trace log (for the associated security domain) should contain additional information. Contact customer support for assistance.

The agent is not configured with the required service to execute authentication requests. Contact customer support for assistance.

An HTTP request was received by an agent for the URI used to authenticate users, but it was not an HTTP "POST" request.

Query or POST parameter cams_security_domain is invalid

An authentication request was received by a Cams agent, but the required cams_security_domain parameter is missing, empty, or invalid. The probable cause is a dynamic login page that does not appropriately store the Cams cams_security_domain provided to it by an agent when it prompts the user to authenticate. NOTE: The login page should receive this value as a query parameter and store it in a hidden field named cams_security_domain. When the associated HTML form is posted during authentication, this parameter will be sent. See the Cams Web Agent Guide section on Dynamic HTML Pages for more information.

An authentication request was received by a Cams agent, but the required cams_login_config parameter is missing, empty, or invalid. The probable cause is a dynamic login page that does not appropriately store the Cams cams_login_config provided to it by an agent when it prompts the user to authenticate. NOTE: The login page should receive this value as a query parameter and store it in a hidden field named cams_login_config. When the associated HTML form is posted during authentication, this parameter will be sent. See the Cams Web Agent Guide section on Dynamic HTML Pages for more information.

The access control rule protecting the login page has denied access by requiring the user to be authenticated. Unless the login page can be presented to the user, however, authentication cannot occur. In general, a configuration error like the following will be present in the applicable security domain's access control policy:

...
<permission desc="Cams login, error, and denied pages" actions="">
   <resource-pattern id="*://*:*/cams/*"/>
   <acr-ref id="require authentication"/>
</permission>
...

<auth-acr id="cams administrator rule">
   <role-constraint>
      <role-name>everyone</role-name>
      <role-class>com.cafesoft.cams.auth.CSRolePrincipal</role-class>
   </role-constraint>
</auth-acr>

Assuming in this case that the Cams login page is at URL:

https://www.myhost.com/cams/login.jsp

the access control policy will deny access unless the user is authenticated. The web agent will attempt to redirect the user's browser to the login page, but access will once again be denied by the access control policy. This case is trapped in Cams web agents to avoid "infinite redirections" to the login page and error 5005 is reported in the cams-webagent.log file. To fix the problem, either grant access to the Cams login page or limit access to it using an IP address-base rule.

Access control failed

The agent attempted to execute an access control check, but it failed due to an unknown error. The Cams webagent trace log and/or a Cams policy server trace log (for the associated security domain) should contain additional information. Contact customer support for assistance.

The agent is not configured with the required service to execute access control checks. Contact customer support for assistance.

Invalid resource request type

The Cams agent made an access control request for an unknown resource type. Cams web agents make access control requests for resources of type "http". Contact customer support for assistance.

The user was redirected to the Cams web agent access denied page, but was denied access to the page. In general, the access control policy for the Cams security domain protecting the registered access denied page should unconditionally grant access to the page. See the Cams Web Agent Guide section on Dynamic HTML Pages and setting appropriate permissions.

Access to the error page was denied

The user was redirected to the Cams web agent error page, but was denied access to the page. In general, the access control policy for the Cams security domain protecting the registered error page should unconditionally grant access to the page. See the Cams Web Agent Guide section on Dynamic HTML Pages and setting appropriate permissions.

The agent's attempt to access an authenticated user's session failed due to an error in the Cams session access service. Contact customer support for assistance.

The agent is not configured with the required service to access authenticated user sessions. Contact customer support for assistance.

General transport error

An error occurred when attempting the communicate with the Cams policy server. Contact customer support for assistance.

Session control failed

The agent's attempt to logout the user failed due to an error in the Cams session control service. Contact customer support for assistance.

Could not find the SessionControlService

The agent is not configured with the required service to logout users. Contact customer support for assistance.

Could not logout user because session id is null

The agent received a request to logout a user, but no session identifier was provided. Probable cause is that the user attempted to logout when not currently logged in or the logout page did not specify a valid cams_security_domain query parameter (which indicates the Cams security domain from which a user is to be logged out).

Query parameter cams_security_domain is invalid

The agent received a cams_security_domain query parameter value that was null, empty, or referenced a security domain that does not exist. Probable cause is a misconfigured login page that either contains a hard-coded security domain name or if a dynamic web page does not properly store the security domain name passed to it by a Cams web agent.

A possible session hijacking attempt occurred: expected hash value does not match.

An actual session hijacking attempt was detected and thwarted or a possible agent misconfiguration resulted in what appeared to be a session hijacking attempt. If not an actual session hijacking attempt, probable cause is inconsistent configuration of session hijacking values for different agents. Confirm that the following properties have the same values for all Cams agents: cams.session.hijacking.protection.enable, cams.session.hijacking.protection.algorithm, cams.session.hijacking.protection.salt

Session hijacking misconfiguration.

Session hijacking protection is not enabled for this agent, but appears to be enabled for another agent. Confirm that the following properties have the same values for all Cams agents: cams.session.hijacking.protection.enable, cams.session.hijacking.protection.algorithm, cams.session.hijacking.protection.salt

Session hijacking misconfiguration.

Session hijacking protection is enabled for this agent, but appears not to be enabled for another agent. Confirm that the following properties have the same values for all Cams agents: cams.session.hijacking.protection.enable, cams.session.hijacking.protection.algorithm, cams.session.hijacking.protection.salt