Troubleshooting errors in SAML 2.0 federations
- Error when creating a new user
- SAMLResponse assertions not encrypted
- Resulting XML is not a SAMLResponse
- SAMLResponse is an incorrect XML
- SAMLResponse contains no assertions
- Error handling the response
- Invalid sender address
- Incorrect SAMLResponse assertions
- Invalid response signature
- Assertions are missing the subjectelement
- Assertion contains an incorrect subjectelement
- Decryption error
- Incorrect Issuer
- SAMLResponseparameter not found
- RelayStateparameter not found
- Federation not supported
- Invalid SSO URL protocol
- Invalid SSO URL
- Invalid NameID
Error when creating a new user
An attempt to add a new user to a federation has failed because the auto user creation option is disabled. Add a user manually or enable the Automatically create users option in the federation settings.
SAMLResponse assertions not encrypted
The Sign authentication requests option is enabled in the federation. When it is enabled, SAMLResponse assertions must be encrypted.
Resulting XML is not a SAMLResponse
The response received from the IdP server is a valid XML, but it is not a valid SAMLResponse. You can learn more about SAMLResponse requirements in the SAML V2.0 specification.
SAMLResponse is an incorrect XML
XML recognition error occurred. SAMLResponse data is incomplete or corrupt.
SAMLResponse contains no assertions
The received SAMLResponse contains no assertions. A valid status code must be specified in the error message, such as: No assertions found in response. The status code is 'Responder'.
Error handling the response
Failed to decode a SAMLResponse string.
Invalid sender address
The SAMLResponse sender address does not match the URL address of the SamlRequest recipient. You can learn more about the requirements in the SAML V2.0 specification.
Incorrect SAMLResponse assertions
SAMLResponse assertions failed mandatory checks under authentication.
Invalid response signature
SAMLResponse signature is not valid.
Assertions are missing the subjectelement
There is no subject in the SAMLResponse.
Assertion contains an incorrect subjectelement
There is a subject in the SAMLResponse but the NameID or EncryptedID field is missing in it.
Decryption error
Failed to decrypt an assertion or name ID in the SAMLResponse. Check the certificates.
Incorrect Issuer
SAMLResponse contains an incorrect Issuer element. You can learn more about this element in the SAML V2.0 specification.
SAMLResponseparameter not found
There is no SAMLResponse parameter in the IdP server response. This parameter is required and must be included in the HTTP response body.
RelayStateparameter not found
No RelayState parameter in the IdP server response. This parameter is required and must be included in the HTTP response body.
Federation not supported
This type of identity federations is no longer supported. Contact support.
Invalid SSO URL protocol
Sso url: isn't valid schema. The scheme must be HTTPS or HTTP
Invalid URL protocol in the Link to the IdP login page field. You can only use HTTP and HTTPS.
Invalid URL protocol in the sso-url field. You can only use HTTP and HTTPS.
Invalid URL protocol in the sso_url field. You can only use HTTP and HTTPS.
Invalid URL protocol in the ssoUrl field. You can only use HTTP and HTTPS.
Invalid SSO URL
Sso url: isn't valid (the link to the IdP login page)
Invalid URL in the Link to the IdP login page field. Please check the URL.
Invalid URL in the sso-url field. Please check the URL.
Invalid URL in the sso_url field. Please check the URL.
Invalid URL in the ssoUrl field. Please check the URL.
Invalid NameID
The NameID value must follow this format: "^[a-z0-9A-Z/@_.\\-=+*\\\\]+$".