Error while logging with saml credentials
Error while trying to login using SAML credentials.
Overview: This article describes troubleshooting steps for common SAML login errors including invalid_response due to incorrect signing certificates, issues with Entity ID mismatches, and timestamp validation errors.
Step 1: Correct Signing Certificate
- If you encounter the following errors, ensure the correct signing certificate is provided under Settings > SAML > Signing Certificate. Ensure characters are accurately copied without omissions:
Error Message: invalid_response
Details: Unable to extract public key
Request ID: ONELOGIN_7a4bb336c24aa25e8d8e022a65b08ec9730f2ccd
Status: Not authenticated
Error Message: Saml response not received
Issue: Signature verification failed
Request ID: ONELOGIN_7a4bb336c24aa25e8d8e022a65b08ec9730f2ccd
Step 2: Verify Entity ID
- If you encounter errors related to incorrect Entity ID, verify and correct it under Settings > SAML > Entity ID to match expected values:
invalid_response
Invalid issuer in the Assertion/Response (expected ' http://www.okta.com/exk1218683FMeODwH ', got ' http://www.okta.com/exk1218683FMeODwH4x7 ')
Request ID: ONELOGIN_eb76a22385d99ff9d91d0596127d308b511de7ca
Not authenticated
Step 3: Check Server Time
- Ensure server time is accurate to resolve timestamp validation issues causing the following error:
invalid_response
Could not validate timestamp: not yet valid. Check system clock.
Request ID: ONELOGIN_470f247589c4d84fc203d642d825d65e0e0bcabe
Not authenticated
These steps help diagnose and resolve common SAML login errors, ensuring smooth authentication processes.
Related Articles: