What are the SAML Error Codes?

Security Assertion Markup Language

What are the SAML error codes?

Where can I find a list of SAML Single Sign-On related error numbers?

SSO error code list


Solution:

See the table below for common Security Assertion Markup Language (SAML) errors:

Error CodeDescription of symptomPossible CauseSuggested resolution
1SSO protocol errorThis is general SSO exception, some run time exceptions are wrapped to this Error codeCheck with Webex Technical Support
4No X.509 certificate found in the systemThe Webex administrator has not configured the certificateCheck Webex administration tool for 'Organization Certificate Management' and
configure the certificate
5Only POST request is supportedWhen IdP system send assertion to Webex Service, only the 'post' method is
accepted
Check the trace, if it's the 'get' method, update the IdP configuration
7The org is not allowed to use SSOThe Webex service is not SSO enabled, or the protocol configured is wrongContact Webex Technical Support to check if SSO is turned on and/or check administration tool if the protocol is correct
8Incorrect X.509 certificate to validate SAML assertionWebex service admin has configured the org certificate, but it doesn't match the certificate in IdP systemRefer to the section of 'Customer ID system Configuration' to see the certification mapping between the org admin and IdP system
13Invalid SAML AssertionCertificate is correct, but the assertion verification is failCheck the assertion string, if it's complete. Take a trace and validate the assertion fields
15X.509 certificate has expiredX.509 certificate has expiredCheck administration tool 'Organization Certificate Management' and update the certificate
19SAML assertion is expiredSAML assertion is expired. Normally caused
by time mismatch between IdP and Webex
service
Contact Webex Technical Support
23Invalid digital signatureThe digital signature in assertion is not correctTake a trace and check the assertion, the digital signature is missing or invalid
24Untrusted IssuerThe issuer ID doesn't match between IdP system and Webex serviceCompare the issuer ID between two systems
25Name Identifier format is incorrectThe name identifier format doesn't match between IdP system and Webex serviceCompare the name identifier format between two systems
26Unable to generate AuthnRequestThe Webex administration tool has checked the authnRequst, but failed to generateNormally it's Webex certificate issue, check org admin 'Webex Certificate Management'
28InResponseTo does not match the request IDThe 'InResponseTo' in assertion doesn't match the request, normally caused by the following:
1. the assertion
is re-used, or page was flushed, assertion was sent again
2. the request sent from CAS server 1, but the response
sent back to CAS server 2. and they don't share DB
1. the assertion can't be reused.
2. check the IdP system, if the 'Assertion Consumer Service URL' is incorrect, point to wrong Webex server
29Invalid Response message1. tag is missing from Assertion
2. tag is not first child of Response or Assertion
3. The Assertion is not base64 encoded when sent to Webex.
4. The name of the POST response is not set as SAMLResponse (case must match).
5. Double check that the AuthnContextstyleRef matches. Check character by character. On occasions a missing ':' has caused this issue.
Check the Assertion and confirm none of the possible causes exist. If the issue continues to occur once confirming/correcting these issues, contact Webex Technical Support.
31Auto Account Creation failedCan't find the user in Webex Service by nameid in the assertion1. the user exists, but the 'nameid' in assertion is incorrect, can't auto create because the email conflict 2. the user does not exist, but the mandatory attributes are missing: (firstname, lastname, email)
32Auto Account Update failedAnything that causes error 31 could also result in error 32 when updating accounts. The assertion contains an attribute value that is not supported by the site, or is not formatted properly. (Example: Meeting type (MT) sent in the assertion is not available on the Webex site.)Review attributes being sent in the assertion and compare with the options available/required on the Webex site, correct as needed.

For more SAML error codes, see:

SSO Error Codes

For help uploading an X.509 Certificate, see:

Was this article helpful?

Related Articles
arrow up