Error Codes
If you are facing issues while performing Single Sign-On (SSO) on your site, please refer the error codes below for the cause and resolution of the issue:
| Error Code | Cause | Description | Fix |
|---|---|---|---|
| WPSAMLERR001 | Encrypted Assertion From IDP | The Free Version of the plugin does not support encrypted assertion and IDP is sending Encrypted Assertion | Please turn off assertion encryption in your IDP to test the SSO flow. |
| WPSAMLERR002 | NameID missing | This error occurs when the plugin can't find the nameID attribute in the IDP response. | Please configure your IDP to send a NameID attribute. If it is already configured then the user with which you are trying might have the blank NameID mapped attribute. |
| WPSAMLERR003 | Unsigned Response or Assertion | No signature was found in the SAML Response or Assertion. | It is required by the SAML 2.0 standard that either the response or assertion is signed. Please enable the same in your IDP. |
| WPSAMLERR004 | Mismatch in Certificate | This error occurs when certificate present in SAML Response does not match with the certificate configured in the plugin. | Copy paste the certificate provided above in X.509 Certificate under Service Provider Setup tab.If issue persists disable Character encoding under Service Provider Setup tab. |
| WPSAMLERR005 | User Creation Failed | This error is displayed when there is an issue in creating user in WordPress. | There has been some issue with user creation in wordpress, copy the error message and reach out us at samlsupport@xecurify.com with your registered email. |
| WPSAMLERR006 | Invalid Status Code | This error is Displayed when IDP returns a status code other than SUCCESS.The following are some of the common Status Code errors that you might encounter: Requester: The IDP sends this status code when it doesn't like the SAML request. For example : The IDP was expecting a signed request but it received an unsigned one. Responder: The IDP side of configuration is not correct. For ex: The ACS URL is not properly configured at the IDP end. AuthnFailed: Some IDPs send this status code if the signature verification of the SAML Request fails. | You will need to double check the configuration between your IDP and SP to fix this issue. |
| WPSAMLERR007 | SP clock is behind IDP | This can happen when your SP clock is behind the IDP clock. | You will need to sync the time between your IDP and SP or you can turn off the Assertion Time Validity toggle in the Service Provider Setup tab. |
| WPSAMLERR008 | SP clock is ahead of IDP | This can happen when your SP clock is ahead of the IDP clock. | You will need to sync the time between your IDP and SP or you can turn off the Assertion Time Validity toggle in the Service Provider Setup tab. |
| WPSAMLERR009 | Invalid Audience URI | This error indicates that the Audience URI is not correctly configured at your Identity Provider. | Copy the Audience URI configured in the Identity Provider from above and paste it into the SP EntityID/Issuer field in the Plugin's settings. OR Copy the Audience URI configured in the plugin from above and paste it into the Audience URI field in the Identity Provider. |
| WPSAMLERR010 | Wrong IDP Entity ID | This happens when you have configured wrong IDP Entity ID in the plugin. | To fix this navigate to Service Provider Setup tab and paste the correct IDP Entity ID in the required field. |
| WPSAMLERR011 | Username length limit exceeded | This error is displayed when the Username value is greater than 60 characters. | To fix this issue, please configure your IDP to send a valid email address as the NameID value, which should be less than 60 characters in length. |
| WPSAMLERR012 | Mismatch in Certificate | This error occurs when certificate present in SAML Response does not match with the certificate configured in the plugin after encoding. | To fix this error, turn off the Character encoding toggle in the Service Provider Setup tab. |
| WPSAMLERR013 | Certificate Not Found | This error occurs when X.509 Certificate field in plugin does not match the certificate found in SAML Response. | Please copy the IDP certificate from your IDP and paste it in the X509 Certificate input field in the Service Provider Setup tab of the plugin. |
| WPSAMLERR014 | Encryption Certificate Mismatch | This error occurs when an incorrect certificate is added on the Identity Provider for Encryption. | Please check if the certificate added in Identity Provider is the same as the certificate provided in the Service Provider Metadata tab of the Plugin. |
| WPSAMLERR015 | DOM extension not found while parsing SAML Response, SAML Logout Response or SAML Metadata. | This error code is shown to users when DOM extension is not installed. | Ask your hosting provider or internal team to install DOM extension. |
| WPSAMLERR016 | Either user have reloaded the page while plugin was processing SAMLResponse or someone has tried to send a duplicated SAMLResponse. | This error code is shown to users when the plugin detects a duplicate saml response | User will need to initiate the SSO again. |
| WPSAMLERR017 | Invalid XML detected by plugin in form of SAML Metadata, SAML Logout Response, SAML Response. | This error code is shown to users when invalid XML is passed by user or IdP. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com. |
| WPSAMLERR018 | Not a WordPress Member. | This error occurs when you have enabled the Do not auto create users if roles are not mapped here option in Role Mapping section of the attribute mapping tab. | Enable the option only if you want to restrict login to accounts with certain roles. You will also have to map these role values to their respective WordPress role values. If you want users with any role to login disable this toggle. |
| WPSAMLERR019 | User role is restricted | This error is displayed when the user role is restricted from logging in. | If you believe this message is not applicable, please ensure that the role names and their corresponding values are correctly configured for restriction. This can be done in the IDP Attribute Name and IDP Attribute Value input boxes within the Attribute/Role Mapping section under the Advanced Settings tab. |
| WPSAMLERR020 | PHP OpenSSL extension is either not installed or disabled. | This error is displayed when the PHP OpenSSL extension is not installed or disabled. | Please ensure that the OpenSSL extension is installed and activated in order to activate the plugin. |
| WPSAMLERR021 | Permission Denied : Blacklisted user. | This error is displayed when the users with specific domain are restricted from logging in. | If this message shouldn't appear, ensure correct domain restrictions are set in the Email Domains input box under the Allow/Deny user login based on email domain toggle in the Advanced Settings of the Attribute/Role Mapping tab. |
| WPSAMLERR022 | Permission Denied : Not a Whitelisted user. | This error is displayed when the domain of the user is not specified in the domains to be allowed to login. | If you think you should not be seeing this message make sure that you have configured the correct domains to be allowed in the Email Domains input box under Allow/Deny user login based on the email domain within the Advanced setting tab of the Attribute/Role Mapping section. |
| WPSAMLERR023 | IDP not enabled. | This error is displayed when the IDP status is inactive and a user tries to log in to the site. | Activate the IDP status in the Service Provider Setup tab by selecting Activate from the Bulk Actions dropdown and then clicking on Apply. |
| WPSAMLERR024 | Invalid SAML Assertion | This error code is shown to users when the plugin receives invalid assertion in saml response. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com. |
| WPSAMLERR025 | Invalid Logout Request | This error code is shown to users when the plugin is unable to process the Logout Request. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com. |
| WPSAMLERR026 | Invalid Metadata file/URL | This error code is shown to users when the plugin is unable to process SAML Metadata. | Please reach out to samlsupport@xecurify.com with the metadata file/IDP metadata URL you are trying to import. |
| WPSAMLERR027 | Incorrect IDP certificates | This error code is shown to users when the plugin is unable to decrypt encrypted elements in SAML Response. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com. |
| WPSAMLERR028 | Unable to process XML | This error code is shown to users when the plugin is unable to process XML with xmlseclibs. | Please send SAML tracer while reproducing the whole issue to samlsupport@xecurify.com. |
| WPSAMLERR029 | Plugin License Expired | This error code is shown to users when the plugin license has expired and hence the SSO has stopped working. | Please renew your plugin license to get the SSO working. |
| WPSAMLERR030 | Invalid License Found. | This error code occurs when the same plugin license is used on multiple sites or an incorrect license key is entered. | Please contact your administrator to use the correct license. |
| WPSAMLERR031 | License File missing from the plugin. | This error code indicates that there has been some issue with how you have activated your license. | Reach out to us at samlsupport@xecurify.com from your registered email address |
| WPSAMLERR032 | Curl extension is either not installed or disabled. | This error is displayed when the Curl extension is not installed or disabled. | Please ensure that the Curl extension is installed and activated in order to activate the plugin. |
| WPSAMLERR033 | IdP is not configured correctly or the SAML Response contains insecure elements. | This error occurred while parsing encrypted XML. | SAML Response sent by IDP is not correct. Send IdP configurations and plugin configurations to samlsupport@xecurify.com for further debugging. |
| WPSAMLERR034 | No Default IDP selected | This error code indicates that you have not configured any Identity Provider as default in the Service Provider Setup tab. | You will need to select atleast 1 Identity Provider as default in the Service Provider Setup tab. |
| WPSAMLERR035 | Password Reset URL not configured | This error code indicates that the Password reset URL is not configured in AzureB2C configuration. | You will need to check the AzureB2C Policies for the Password Reset. |
| WPSAMLERR036 | No Such Identity Provider is Configured At your SP | This error code indicates that you have No Such Identity Provider is existed in your Service Provider. | You will need to re-check if the Identity Provider is present in the Service Provider Setup tab. |
| WPSAMLERR037 | UserName/Email Missing | This error code indicates that you have provided a empty value to the UserName/Email. | Please provide a valid value to the UserName/Email attribute name in Attribute Mapping tab. |
| WPSAMLERR038 | Test Configuration not allowed for non-admin users. | This error code indicates that the user roles other than administrator has accessed the Test Configuration URL. | Users other than administrator cannot access the Test Configuration Window. Please login to your site as Administrator and try performing the test configuration again. |
| WPSAMLERR039 | Subsite Limit Exceeded. | This error is displayed when you have enabled SSO on more sites than the license purchased for. | Please ensure that the SSO is enabled only on the sites for which you have purchased the license or reach out to us at samlsupport@xecurify.com to upgrade your license. |
For more information visit our WordPress SSO page.
If you need any assistance, Please reach out to us at samlsupport@xecurify.com.