Something unexpected has occurred.

Review the MyID Audit Reporting and System Events workflows for further details.

Possible causes include the MyID License limit being reached or attempting to add a new user when this feature is disabled.

This may also occur when no SSRP URLs have been configured. The value for the key SSRPUrls does not contain any valid SSRP URL.

Enabling logging and repeating the process may help diagnose the issue.

No Identity Providers are enabled. The myid.json files for each SSRP instance have been set up with every identity provider disabled.

Either the SSRP site is not configured to accept client certificates, or the client is not providing a certificate.

Check the SSRP SSL settings.

The certificate that the user is presenting does not qualify for any credential profiles.

If the user is trying to use client certificate authentication and you are expecting them to qualify for a credential profile, check the roles being assigned in the configuration file (as defined in section 2.8.7, Configuring the available credential profiles), then ensure that the credential profile has a capability of Derived Credential and that these roles allowed for Can Request, Can Collect, and Can Receive.

If the user is trying to use OpenID authentication, check that the roles that you are adding using the myid.json file allow Can Request, Can Collect, and Can Receive.

An attempt has been made to request a credential profile that the certificate holder is not allowed to receive.

Having the certificate holder browse to the StartPage site will present a list of all the profiles that they can receive.

There are multiple profiles available to the user. This error is always caught and handled, so should never be presented to the user.

The Derived Credential request has been created with an unexpected status.

Enabling logging and repeating the process may help diagnose the issue.

The Derived Credential request has not matched an existing account, and account creation is disabled in the configuration.

See section 2.4, MyID configuration options for further details.

Your MyID license has expired. Contact Intercede to arrange a new license.

The text presented to the user for this message is deliberately generic.

The request cannot be created because required information is not available.

The credential profile used has Requisite User Data set, but the person does not have the required data; check the audit to see what credential profile was selected, and what required data was missing.

The role specified in the ssrp.conf.xml file can not be given to a user in the group to which the user is being attempted to be added.

There is an error in the ssrp.conf.xml file; check that the userprofileid is correct and present in the database.

The attempt to authenticate using the OpenID provider has failed. To help diagnose the issue, enable logging and repeat the process. There will not be anything in LogEvents or SystemEvents.