Troubleshooting errors in SAML 2.0 federations
- Error when creating a new user
- SAMLResponse assertions not encrypted
- The resulting XML is not a SAMLResponse
- SAMLResponse is an incorrect XML
- SAMLResponse contains no assertions
- Error handling the response
- Invalid sender address
- Incorrect SAMLResponse assertions
- Invalid response signature
- Assertions contain no subject element
- Assertion contains an incorrect subject element
- Decryption error
- Incorrect Issuer element
- SAMLResponse parameter not found
- RelayState parameter not found
- Federation not supported
- Invalid SSO URL protocol
- Invalid SSO URL
- Invalid NameID
Error when creating a new user
An attempt to add a new user to a federation has failed because the auto user creation option is disabled. Add a user manually or enable the Automatically create users option in the federation settings.
SAMLResponse assertions not encrypted
The Sign authentication requests option is enabled in the federation. With this option on, SAMLResponse
assertions must be encrypted.
The resulting XML is not a SAMLResponse
The response received from the IdP server is a valid XML but not a valid SAMLResponse
. You can learn more about SAMLResponse
requirements in the SAML V2.0 standard
SAMLResponse is an incorrect XML
XML recognition error occurred. SAMLResponse
data is incomplete or corrupt.
SAMLResponse contains no assertions
The resulting SAMLResponse
contains no assertions
. The error message must contain an up-to-date status code, e.g., No assertions found in response. The status code is 'Responder'
.
Make sure the identity provider's response contains the correct SAML. Learn more about setting up a SAML application on the IdP server side.
Error handling the response
Failed to decode a SAMLResponse
string.
Invalid sender address
SAMLResponse
sender address does not match the URL address of the SamlRequest
recipient. You can learn more about the requirements in the SAML V2.0 specification
Incorrect SAMLResponse assertions
SAMLResponse
assertions failed required authentication checks.
Invalid response signature
Invalid SAMLResponse
signature.
Assertions contain no subject element
There is no subject
element in SAMLResponse
.
Assertion contains an incorrect subject element
SAMLResponse
contains a subject
element, but there is no NameID
or EncryptedID
field in it.
Decryption error
Failed to decrypt an assertion or name ID in SAMLResponse
. Check the certificates.
Incorrect Issuer element
SAMLResponse
contains an incorrect Issuer
element. You can learn more about this element in the SAML V2.0 specification
SAMLResponse parameter not found
No SAMLResponse
parameter found in the IdP response. This parameter is required and must be included in the HTTP response body.
RelayState parameter not found
No RelayState
parameter found in the IdP response. This parameter is required and must be included in the HTTP response body.
Federation not supported
This type of federation is no longer supported. Contact support
Invalid SSO URL protocol
Sso url: isn't valid schema. The scheme must be HTTPS or HTTP
Invalid URL protocol in the Link to the IdP login page field. You can only use HTTP and HTTPS.
Invalid URL protocol in the sso-url
field. You can only use HTTP and HTTPS.
Invalid URL protocol in the sso_url
field. You can only use HTTP and HTTPS.
Invalid URL protocol in the ssoUrl
field. You can only use HTTP and HTTPS.
Invalid SSO URL
Sso url: isn't valid (the link to the IdP login page)
Invalid URL in the Link to the IdP login page field. Please check the URL.
Invalid URL in the sso-url
field. Please check the URL.
Invalid URL in the sso_url
field. Please check the URL.
Invalid URL in the ssoUrl
field. Please check the URL.
Invalid NameID
The NameID value must follow this format: "^[a-z0-9A-Z/@_.\\-=+*\\\\]+$"
.