| Error Code | Error Description | Resolution |
|---|---|---|
| SAML1XX | Error in configuration | SAML 2.0 - Configuring Application |
| SAML101 | No certificate file loaded to validate SAML login response. | Confiugration XML. SAMLLoginX509CertificatePath not populated/found. |
| SAML102 | Certificate file not found in path specified. | Configuration XML. SAMLLoginX509CertificatePath links to a file which does not exists. |
| SAML103 | Binding method not supported or specified for decoding authentication request. | Configuration XML. Ensure SAMLLoginBinding is defined to supported types. |
| SAML104 | URL to send login request to is not specified. | Configuration XML. Ensure SAMLLoginDestination is defined. |
| SAML105 | URL to send logout request to is not specified. | Configuration XML. Ensure SAMLLogoutDestination is defined. |
| SAML106 | Issuer not specified. | Configuration XML. Ensure SAMLSPIssuer is defined. |
| SAML107 | Unable to read logout certificate using password provided. | Ensure that certificate private key (SAMLLogoutX509CertificatePrivateKeyPasswords) is present and correct. |
| SAML108 | Unable to find the specified claim attribute. | Ensure the SAMLClaimAttributeName in config file is correct. |
| SAML2XX | Error in communication | |
| SAML201 | Unable to verify/validate SAML response with certificate file. | Check login certificate specified points to active certificate being used by the IDP. Verify that the assertion provided in the SAML response contains a certificate. |
| SAML202 | Unable to resolve/find claim attribute (NameID) in response message. | Ensure the SAML response contains NameID in response XML. The NameID element must be nested in the following order:
|
| SAML203 | Unable to resolve/find issuer in the response message. | SAML response must contain Issuer in response XML. In the following order:
|
| SAML204 | SAML responses via Artifact Binding not supported. | Synergetic does not support SAML responses via artificat binding. As of 9/11/2016. |
| SAML205 | SAML session index not specified. | Session index not found in response message from IDP |
| SAML206 | Unable to determine binding method of SAML logout response. | Verify that logout response sent by the IDP is in either a POST or REDIRECT format. |
| SAML207 | Logout response from IDP was not successful. | Verify that the logout binding method used is permitted by the IDP. Verify that, SAMLLogoutX509CertificatePath and SAMLLogoutX509CertificatePrivateKeyPassword is set correctly. If possible check the logs provided by the IDP to identity why the logout request was not valid. |
| SAML208 | Multi tenant application did not contain tenant code in relaystate. | If application is in a multi tenant application the tenant code must be passed back from the IDP as part of the relaystate. |
| SAML209 | SAML Response not found in POST message from IDP. | |
| SAML210 | SAML Request not found in message from IDP. | |
| SAML211 | SAML IDP Initiated SignOut Not Successful | Verify that the claim attribute matches the session value as well as the session index. Check exception log for more detail. |
| SAML212 | Signed SAML response does not match certificate, NameID not found. | Verify that the signature of SAML reponse is match with the certificate and NameID attribute is specify in the config file. |
| SAML3XX | Error in Data | |
| SAML301 | Unable to resolve tenant code provided. | The tenant code provided did not match a subsequent record in the xreplSchoolLogin table using spsxreplSchoolLogins. |
| SAML302 | More than 1 matching school record found. | The tenant code provided matched multiple school records in the xreplSchoolLogin table. Check the tenant code by running stored procedure spsxreplSchoolLogins and pass in the tenant code. |
| SAML303 | Too many user's records retrieved from provided IDAM guid. | Ensure that only 1 community member is being return when authenticated with that IDAM Guid. Check the exception log of the GUID and run stored procedure spsCommunityByIdamGUID @IdamGUID = 'x' and ensure only 1 records is being returned. |
| SAML304 | No community members found matching that IDAM guid. | User does not exists in the community table or the IDAM guid is not linked in community maintenance. |
| SAML305 | Too many user's records retrieved from provided claim attribute. | Ensure that only 1 community member is being return when authenticated with that claim attribute. Check the exception log of the claim and run stored procedure spsGetUserLoginData @SelectByValue = 'x' and ensure only 1 records is being returned. -- IF this returns 2 records then you've got both a ConfigUser and a Commumnity.NetworkLogin the same. System is not sure which one to log in... SELECT l.* FROM dbo.pvlogins l WHERE NetWorkLogin = 'swelsh' OR ConfigUsersLoginName = 'swelsh' |
| SAML306 | No community members found matching that claim attribute. | No user matches claim in the community table, check spsGetUserLoginData @SelectByValue = 'x'. |
Troubleshooting
| Error Description | Resolution |
|---|---|
| Doesn`t log exception into the database. | Check if the override credential is correct. Compare Override password in config file with the password of zSynergetic_main_dbo from pvsyndatabases. |