Skip to end of banner
Go to start of banner

SAML Error Code Matrix/Troubleshooting

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Error CodeError DescriptionResolution
SAML1XXError in configurationSAML 2.0 - Configuring Application
SAML101No certificate file loaded to validate SAML login response.Confiugration XML. SAMLLoginX509CertificatePath not populated/found.
SAML102Certificate file not found in path specified.Configuration XML. SAMLLoginX509CertificatePath links to a file which does not exists.
SAML103Binding method not supported or specified for decoding authentication request.Configuration XML. Ensure SAMLLoginBinding is defined to supported types.
SAML104URL to send login request to is not specified.Configuration XML. Ensure SAMLLoginDestination is defined.
SAML105URL to send logout request to is not specified.Configuration XML. Ensure SAMLLogoutDestination is defined.
SAML106Issuer not specified.Configuration XML. Ensure SAMLSPIssuer is defined.
SAML107Unable to read logout certificate using password provided.Ensure that certificate private key (SAMLLogoutX509CertificatePrivateKeyPasswords) is present and correct.
   
SAML2XXError in communication 
SAML201Unable to verify/validate SAML response with certificate file.Check login certificate specified points to active certificate being used by the IDP.
SAML202Unable to resolve/find claim attribute (NameID) in response message.

Ensure the SAML response contains NameID in response XML. The NameID element must be nested in the following order:

  • Response
    • Assertion
      • Subject
        • NameID
SAML203Unable to resolve/find issuer in the response message.

SAML response must contain Issuer in response XML. In the following order:

  • Response
    • Assertion
      • Issuer
SAML204SAML responses via Artifact Binding not supported.Synergetic does not support SAML responses via artificat binding. As of 9/11/2016.
SAML205SAML session index not specified.Session index not found in response message from IDP
SAML206Unable to determine binding method of SAML logout response.Verify that logout response sent by the IDP is in either a POST or REDIRECT format.
SAML207Logout response from IDP was not successful.

Verify that the logout binding method used is permitted by the IDP.

Verify that, SAMLLogoutX509CertificatePath and SAMLLogoutX509CertificatePrivateKeyPassword is set correctly.

If possible check the logs provided by the IDP to identity why the logout request was not valid.

SAML208Multi tenant application did not contain tenant code in relaystate.If application is in a multi tenant application the tenant code must be passed back from the IDP as part of the relaystate.
SAML209SAML Response not found in POST message from IDP. 
SAML210SAML Request not found in message from IDP. 
SAML211SAML IDP Initiated SignOut Not SuccessfulVerify that the claim attribute matches the session value as well as the session index. Check exception log for more detail.
SAML3XXError in Data 
SAML301Unable to resolve tenant code provided.The tenant code provided did not match a subsequent record in the xreplSchoolLogin table using spsxreplSchoolLogins.
SAML302More than 1 matching school record found.The tenant code provided matched multiple school records in the xreplSchoolLogin table. Check the tenant code by running stored procedure spsxreplSchoolLogins and pass in the tenant code.
  • No labels