Versions Compared

Old Version 25

changes.mady.by.user Lawrence Tan (Deactivated)

Saved on

compared with

New Version Current

changes.mady.by.user ahmet.boran.old (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Error CodeError DescriptionResolution
SAML1XXError in configurationSAML 2.0 - Configuring Application
SAML101No certificate file loaded to validate SAML login response.Confiugration XML. SAMLLoginX509CertificatePath not populated/found.
SAML102Certificate file not found in path specified.Configuration XML. SAMLLoginX509CertificatePath links to a file which does not exists.
SAML103Binding method not supported or specified for decoding authentication request.Configuration XML. Ensure SAMLLoginBinding is defined to supported types.
SAML104URL to send login request to is not specified.Configuration XML. Ensure SAMLLoginDestination is defined.
SAML105URL to send logout request to is not specified.Configuration XML. Ensure SAMLLogoutDestination is defined.
SAML106Issuer not specified.Configuration XML. Ensure SAMLSPIssuer is defined.
SAML107Unable to read logout certificate using password provided.Ensure that certificate private key (SAMLLogoutX509CertificatePrivateKeyPasswords) is present and correct.
SAML108Unable to find the specified claim attribute.Ensure the SAMLClaimAttributeName in config file is correct.
SAML2XXError in communication 
SAML201Unable to verify/validate SAML response with certificate file.

Check login certificate specified points to active certificate being used by the IDP.

Verify that the assertion provided in the SAML response contains a certificate.

SAML202Unable to resolve/find claim attribute (NameID) in response message.

Ensure the SAML response contains NameID in response XML. The NameID element must be nested in the following order:

  • Response
    • Assertion
      • Subject
        • NameID
SAML203Unable to resolve/find issuer in the response message.

SAML response must contain Issuer in response XML. In the following order:

  • Response
    • Assertion
      • Issuer
SAML204SAML responses via Artifact Binding not supported.Synergetic does not support SAML responses via artificat binding. As of 9/11/2016.
SAML205SAML session index not specified.Session index not found in response message from IDP
SAML206Unable to determine binding method of SAML logout response.Verify that logout response sent by the IDP is in either a POST or REDIRECT format.
SAML207Logout response from IDP was not successful.

Verify that the logout binding method used is permitted by the IDP.

Verify that, SAMLLogoutX509CertificatePath and SAMLLogoutX509CertificatePrivateKeyPassword is set correctly.

If possible check the logs provided by the IDP to identity why the logout request was not valid.

SAML208Multi tenant application did not contain tenant code in relaystate.If application is in a multi tenant application the tenant code must be passed back from the IDP as part of the relaystate.
SAML209SAML Response not found in POST message from IDP. 
SAML210SAML Request not found in message from IDP. 
SAML211SAML IDP Initiated SignOut Not SuccessfulVerify that the claim attribute matches the session value as well as the session index. Check exception log for more detail.
SAML212

...

Signed SAML response does not match certificate, NameID not found.

Verify that the

...

signature of SAML reponse is match with the certificate and NameID attribute is specify in the config file.
SAML3XXError in Data 
SAML301Unable to resolve tenant code provided.The tenant code provided did not match a subsequent record in the xreplSchoolLogin table using spsxreplSchoolLogins.
SAML302More than 1 matching school record found.The tenant code provided matched multiple school records in the xreplSchoolLogin table. Check the tenant code by running stored procedure spsxreplSchoolLogins and pass in the tenant code.
SAML303Too many user's records retrieved from provided IDAM guid.Ensure that only 1 community member is being return when authenticated with that IDAM Guid. Check the exception log of the GUID and run stored procedure spsCommunityByIdamGUID @IdamGUID = 'x' and ensure only 1 records is being returned.
SAML304No community members found matching that IDAM guid.User does not exists in the community table or the IDAM guid is not linked in community maintenance.
SAML305Too many user's records retrieved from provided claim attribute.

Ensure that only 1 community member is being return when authenticated with that claim attribute. Check the exception log of the claim and run stored procedure spsGetUserLoginData @SelectByValue = 'x' and ensure only 1 records is being returned.

Code Block
languagesql
-- IF this returns 2 records then you've got both a ConfigUser and a Commumnity.NetworkLogin the same. System is not sure which one to log in...
SELECT l.*
FROM dbo.pvlogins l
WHERE NetWorkLogin = 'swelsh'
  OR ConfigUsersLoginName = 'swelsh'


-- If you get 0 results, try adding the domain 
SELECT l.*
FROM dbo.pvlogins l
WHERE NetWorkLogin = 'Domain\synergetic'
  OR ConfigUsersLoginName = 'Domain\synergetic'


SAML306No community members found matching that claim attribute.No user matches claim in the community table, check spsGetUserLoginData @SelectByValue = 'x'.


Troubleshooting

Error DescriptionResolution
Doesn`t log exception into the database.Check if the override credential is correct. Compare Override password in config file with the password of zSynergetic_main_dbo from pvsyndatabases.