Error Codes
If you are facing issues while performing Single Sign-On (SSO) on your site, please refer the error codes below for the cause and resolution of the issue:
| Error Code | Cause | Description | Fix |
|---|---|---|---|
| WPSAMLERR000 | Plugin License Expired | This error code is shown to users when the plugin license has expired and hence the SSO has stopped working. | Please renew your plugin license to get the SSO working. |
| WPSAMLERR001 | Encrypted Assertion From IDP | The Free Version of the plugin does not support encrypted assertion and IDP is sending Encrypted Assertion. | Please turn off assertion encryption in your IDP to test the SSO flow. |
| WPSAMLERR002 | NameID missing | This error occurs when the plugin cant find the nameID attribute in the IDP response. | It is required by the SAML 2.0 standard that either the response or assertion is signed. Please enable the same in your IDP. |
| WPSAMLERR003 | Unsigned Response or Assertion | No signature was found in the SAML Response or Assertion. | To fix this error, copy the certificate value shown in the Test Configuration window and paste it in the X.509 Certificate field in the Service Provider Setup tab of the plugin. |
| WPSAMLERR004 | Mismatch in Certificate | This error occurs when a certificate present in SAML Response does not match with the certificate configured in the plugin. | There has been some issue with user creation in wordpress. Copy the error message and reach out to us at samlsupport@xecurify.com with your registered email. |
| WPSAMLERR005 | User Creation Failed | This error is displayed when there is an issue in creating a user in WordPress. | You will need to double check the configuration between your IDP and SP to fix this issue. |
| WPSAMLERR007 | Invalid Status Code | This error is Displayed when IDP returns a status code other than SUCCESS.The following are some of the common Status Code errors that you might encounter: Requester: The IDP sends this status code when it doesn't like the SAML request. For example : The IDP was expecting a signed request but it received an unsigned one. Responder: The IDP side of configuration is not correct. For ex: The ACS URL is not properly configured at the IDP end. AuthnFailed: Some IDPs send this status code if the signature verification of the SAML Request fails. | You will need to sync the time between your IDP and SP or you can turn off the Assertion Time Validity toggle in the Service Provider Setup tab. |
| WPSAMLERR007 | SP clock is behind IDP | This can happen when your SP clock is behind the IDP clock. | You will need to sync the time between your IDP and SP or you can turn off the Assertion Time Validity toggle in the Service Provider Setup tab. |
| WPSAMLERR008 | SP clock is ahead of IDP | This can happen when your SP clock is ahead of the IDP clock. | To fix this navigate to the Service Provider Metadata tab and copy the Audience URL from the metadata table and paste it in the Audience URL field in your IDP. |
| WPSAMLERR009 | Wrong Audience URL | This happens when you have configured the wrong Audience URL in your Identity Provider. | To fix this navigate to the Service Provider Setup tab and paste the correct IDP Entity ID in the required field. |
| WPSAMLERR010 | Wrong IDP Entity ID | This happens when you have configured the wrong IDP Entity ID in the plugin. | To fix this issue, please configure your IDP to send a valid email address as the NameID value, which should be less than 60 characters in length. |
| WPSAMLERR011 | Username length limit exceeded | This error is displayed when the Username value is greater than 60 characters. | To fix this issue, please configure your IDP to send a valid email address as the NameID value, which should be less than 60 characters in length. |
| WPSAMLERR012 | Mismatch in Certificate | This error occurs when a certificate present in SAML Response does not match with the certificate configured in the plugin after encoding. | To fix this error, turn off the Character encoding toggle in the Service Provider Setup tab. |
| WPSAMLERR013 | Invalid XML detected by the plugin in the form of SAML Metadata, SAML Logout Response , SAML Response. | This error code is shown to users when invalid XML is passed by user or IdP. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com. |
| WPSAMLERR014 | Invalid XML detected by the plugin in the form of SAML Metadata, SAML Logout Response , SAML Response. | This error code is shown to users when the plugin is unable to load XML. | This error code is shown to users when the DOM extension is not installed. |
| WPSAMLERR015 | DOM extension not found while parsing SAML Response, SAML Logout Response or SAML Metadata. | This error code is shown to users when the DOM extension is not installed. | Ask your hosting provider or internal team to install the DOM extension. |
| WPSAMLERR016 | Either user have reloaded the page while plugin was processing SAMLResponse or someone has tried to send a duplicated SAMLResponse. | This error code is shown to users when the plugin detects a duplicate SAMLresponse. | Users will need to initiate the SSO again. |
| WPSAMLERR017 | Invalid XML detected by plugin in form of SAML Metadata, SAML Logout Response , SAML Response. | This error code is shown to users when invalid XML is passed by user or IdP. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com. |
| WPSAMLERR018 | Not a WordPress Member. | This error occurs when you have enabled the Do not auto create users if roles are not mapped here option in Role Mapping section of the attribute mapping tab. | Enable the option only if you want to restrict login to accounts with certain roles. You will also have to map these role values to their respective WordPress role values. If you want users with any role to login disable this toggle. |
| WPSAMLERR019 | User role is restricted | This error is displayed when the user role is restricted from logging in. | If you think you should not be seeing this message make sure that you have configured correct role names to be resticted in the Do not allow the users to login with the following roles input box. |
| WPSAMLERR020 | PHP openssl extension is either not installed or disabled | This error is displayed when the PHP openssl extension is not installed or disabled. | lease ensure that the OpenSSL extension is insalled and activated in order to activate the plugin. |
| WPSAMLERR021 | Permission Denied : Blacklisted user. | This error is displayed when the users with specific domain are restricted from logging in. | This error is displayed when the users with specific domain are restricted from logging in. |
| WPSAMLERR022 | Permission Denied : Not a Whitelisted user. | This error is displayed when the domain of the user is not specified in the domains to be allowed to login. | If you think you should not be seeing this message make sure that you have configured correct domains to be allowed in the Allow users to login with specified domains option input box in the Attribute/Role Mapping tab. |
| WPSAMLERR024 | Invalid SAML Assertion | This error code is shown to users when the plugin recieves invalid assertion in saml response. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com . |
| WPSAMLERR025 | Invalid Logout Request | This error code is shown to users when the plugin is unable to process the Logout Request. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com |
| WPSAMLERR026 | Invalid Metadata file/URL | This error code is shown to users when the plugin is unable to process SMAL Metadta. | Please reach out to samlsupport@xecurify.com with the metadata you are trying to import/ your IDP metadata URL. |
| WPSAMLERR027 | Incorrect IDP certificates | This error code is shown to users when the plugin is unable to decrypt encrypted elements in SAML Response. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com. |
| WPSAMLERR028 | Unable to process XML | This error code is shown to users when the plugin is unable to process XML with xmlseclibs. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com. |
| WPSAMLERR029 | Plugin License Expired | This error code is shown to users when the plugin license has expired and hence the SSO has stopped working. | Please renew your plugin license to get the SSO working. |
| WPSAMLERR030 | Invalid License Found. | This error code occurs when the same plugin license is used on multiple sites or an incorrect license key is entered. | Please contact your administrator to use the correct license |
| WPSAMLERR031 | License File missing from the plugin. | If you are seeing this message it means that there has been some issue with how you have activated your license. | Reach out to us at samlsupport@xecurify.com from your registered email address |
For more information visit our WordPress SSO page.
If you need any assistance, Please reach out to us at samlsupport@xecurify.com.