Error handling in orchestration

The following is an overview of possible orchestration errors in Intelligent Adaptive Authentication.

Orchestration errors
Error message Error type Scenario where error occurs Description
Invalid Request ID System error

Online activation

In versions Intelligent Adaptive Authentication December Release - 22.R4 and later, this error occurs for remote transaction verification, when the set time limit (default: 60 seconds) is exceeded.

In versions Intelligent Adaptive Authentication August Release - 22.R3 and earlier, this is specified as an orchestration transaction error (error code –8006) in the client (mobile) side of the Orchestration SDK.
Unable to generate ephemeral key during activation step 1. System error

Online activation

In versions Intelligent Adaptive Authentication December Release - 22.R4 and later, this error occurs in the following situations:

  1. The user requests an activation password (via the POST /users/register endpoint), enters an expired activation password, and at the same time receives a new requested activation password.
  2. The user enters an incorrect activation password but the password checksum passes.

In versions Intelligent Adaptive Authentication August Release - 22.R3 and earlier, this is specified as an unknown orchestration error (error code –8000) in the client (mobile) side of the Orchestration SDK.
Unable to find registration code in Shared Cache System error

Online activation

In versions Intelligent Adaptive Authentication December Release - 22.R4 and later, this error occurs in the following situations:

  1. The user requests an activation password (via the POST /users/register endpoint), receives the activation password, and enters it after it has expired.
  2. The user enters an invalid user name.

In versions Intelligent Adaptive Authentication August Release - 22.R3 and earlier, this is specified as an unknown orchestration error (error code –8000) in the client (mobile) side of the Orchestration SDK.
An unknown error has occurred. System error

Online activation

An assigned authenticator gets unassigned during a remote authentication operation.

In versions Intelligent Adaptive Authentication December Release - 22.R4 and later, this error occurs when the following sequence of events takes place:

  1. The user requests an activation password (via the POST /users/register endpoint).
  2. The user receives the activation password but does not use it as is.
  3. The user requests a new password (again via the POST /users/register endpoint).
  4. The user enters an old activation password (that is still within the previous grace period).
Could not process encrypted message System error Online activation  
Failed to encrypt data System error Online activation  
The registration session was not found System error Online activation  
Failed to parse command System error Online activation

Push NotificationClosed Message that is pushed from a server to a user and is displayed on an end-user device, e.g. a mobile device. Push notifications are received by a particular app. This must be registered on the corresponding server to receive notifications. Notifications can be sent at any time, the users do not have to be actively using the app at that time. with invalid orchestration command received.
Unable to generate activation message during activation step 2. System error Online activation  
Unable to add device during activation step 3. System error Online activation  
Unable to find an element during activation step 3. System error Online activation  
Unable to activate device during activation step 4. System error Online activation  
Unable to find an element during activation step 4. System error Online activation  
Unable to find an element during register notification. System error Online activation  
Unable to send remote authentication. System error Remote authentication  
Unable to send remote transaction. System error Remote transaction  
Unable to find an element during check mobile event. System error Online activation  
Unable to find an element during encryption of response command. System error Online activation  
Unable to encode mobile response. System error Online activation  
The authenticator limit has been reached Business error
  • Online activation
  • Login
  • Authentication
  • Transaction

multi-device activationClosed Activation process in two steps that guarantees that only the intended user can perform the device activation. multi-device activation is closely tied to multi-device licensing (MDL). - a user activates a mobile device that uses Orchestration SDK too often.

For a detailed explanation regarding the restriction on the number of assigned authenticators, see New restriction on number of assigned authenticators, but limit on derived authenticator instances removed in the Intelligent Adaptive Authentication Release Notes September 2021.
The maximum number of authenticator instances that can be activated based on the given license has been exceeded. Please contact your admin to reset the activation count Business error Online activation

This error occurs when the number of activation attempts exceeds the threshold of allowed attempts.

However, this message no longer occurs with the September 2021 update (see New restriction on number of assigned authenticators, but limit on derived authenticator instances removed in the Intelligent Adaptive Authentication Release Notes September 2021)

For a detailed explanation regarding the restriction on the number of assigned authenticators, see Limited number of authenticator instances in the Intelligent Adaptive Authentication Release Notes March 2021
User is disabled Business error
  • Online activation
  • Login
  • Authentication
  • Transaction
 The user is disabled during remote authentication and remote transaction
Authentication failed Business error
  • Online activation
  • Login
  • Authentication
  • Transaction
 The authenticator application is deactivated during remote authentication and remote transaction (Secure ChannelClosed The Secure Channel feature encrypts the communication between device and server. It uses payload keys to protect the confidentiality and authenticity of the message's payload. online or Challenge/Response offline)
User account not found Business error
  • Online activation
  • Login
  • Authentication
  • Transaction
 An invalid user ID is provided during login, remote authentication or remote transaction
User is locked Business error
  • Online activation
  • Login
  • Authentication
  • Transaction
 The user is locked due to inactivity during a longer period.
Number of activation attempts exceeds number allowed Business error Online activation multi-device activation - a user activates a mobile device that uses Orchestration SDK too often but no authenticator instances are available.
No authenticators available Business error Online activation multi-device activation - a user activates a mobile device that uses Orchestration SDK too often but no authenticator instances are available.
Authenticator not supported Business error Online activation An invalid authenticator type is provided.
Static password has expired Business error Online activation This error occurs when a user provides an expired static password when they request an activation password (via the POST /users/register endpoint).