Error Codes

If you are facing issues while performing Single Sign-On (SSO) on your site, please refer the error codes below for the cause and resolution of the issue:

---

WPSAMLERR001

Encrypted Assertion From IDP

Description

The Free Version of the plugin does not support encrypted assertion and IDP is sending Encrypted Assertion.

Fix

Please turn off Assertion Encryption in your Identity Provider to test the SSO flow.

---

WPSAMLERR002

NameID missing

Description

This error occurs when the plugin can't find the NameID attribute in the IDP response.

Fix

Please configure your IDP to send a NameID attribute. If it is already configured then the user you are trying Single Sign On might have the blank NameID mapped attribute.

---

WPSAMLERR003

Unsigned Response or Assertion

Description

No signature was found in the SAML Response or Assertion.

Fix

It is required by the SAML 2.0 standard that either the response or assertion is signed. Please enable the same in your IDP.

Related Articles

• Okta
• Keycloak

---

WPSAMLERR004

Mismatch in Certificate

Description

This error occurs when a certificate in the SAML Response does not match the certificate configured in the plugin.

Fix

• To fix this error, click on the Fix Issue button in the Test Configuration window or copy the certificate value shown in the Test Configuration window.
• Paste it in the X.509 Certificate field in the Service Provider Setup tab of the plugin.
• If the issue persists, disable the Character encoding toggle under the Service Provider Setup tab.

Free Plugin:

Premium Plugin:

Related Articles

• Unable to find the Certificate

---

WPSAMLERR005

User Creation Failed

Description

This error is displayed when there is an issue in creating a user in WordPress.

Fix

Copy the error message and reach out us at samlsupport@xecurify.com with your registered email.

---

WPSAMLERR006

Invalid Status Code

Description

This error is displayed when IDP returns a status code other than SUCCESS.

The following are some of the common Status Code errors you might encounter:

• Requester: The IDP sends this status code when it doesn't like the SAML request.
  For example: The IDP was expecting a signed request but received an unsigned one.
• Responder: The IDP side of the configuration is not correct. For eg: The ACS URL is not properly configured at the IDP end.
• AuthnFailed: Some IDPs send this status code if the signature verification of the SAML Request fails.

Fix

You must double-check the configurations between your IDP and SP to fix this issue.

---

WPSAMLERR007

SP clock is behind IDP

Description

This can happen when your SP clock is behind the IDP clock.

Fix

You will need to sync the time between your IDP and SP or can turn off the Assertion Time Validity toggle in the Service Provider Setup tab.

---

WPSAMLERR008

SP clock is ahead of IDP

Description

This can happen when your SP clock is ahead of the IDP clock.

Fix

You will need to sync the time between your IDP and SP or can turn off the Assertion Time Validity toggle in the Service Provider Setup tab.

---

WPSAMLERR009

Invalid Audience URI

Description

This error indicates that the Audience URI is not correctly configured at your Identity Provider.

Fix

• Please navigate to the Service Provider Metadata tab of the plugin to copy the Audience URI from the metadata table.
• Now, paste this URI into the Audience URI field in your IDP.

---

WPSAMLERR0010

Wrong IDP Entity ID

Description

This happens when the wrong IDP Entity ID is configured in the plugin.

Fix

To fix this navigate to the Service Provider Setup tab and paste the correct IDP Entity ID in the required field.

---

WPSAMLERR0011

Username length limit exceeded

Description

This error is displayed when the Username value is more than 60 characters.

Fix

To fix this issue, please configure your IDP to send a valid email address as the NameID value, which should be less than 60 characters in length.

---

WPSAMLERR0012

Mismatch in Certificate

Description

This error occurs when the X509 certificate received in the SAML Response does not match the certificate configured in the plugin after encoding.

Fix

To fix this error, turn off the Character encoding toggle in the Service Provider Setup tab.

---

WPSAMLERR0013

Certificate Not Found

Description

This error occurs when the X.509 Certificate field in the plugin does not match the certificate found in SAML Response.

Fix

Please copy the IDP certificate from your IDP and paste it into the X509 Certificate input field in the Service Provider Setup tab of the plugin.

---

WPSAMLERR0014

Encryption Certificate Mismatch

Description

This error occurs when an incorrect certificate is added on the Identity Provider for Encryption.

Fix

• Please check if the certificate added in Identity Provider is the same as the certificate provided in the Service Provider Metadata tab of the Plugin.

---

WPSAMLERR0015

DOM extension not installed

Description

This error code is shown to users when the DOM extension is not found (installed) while parsing SAML Response, SAML Logout Response, or SAML Metadata.

Fix

Ask your hosting provider or internal team to install or enable the DOM extension.

Related Articles

• How to enable DOM extension?

---

WPSAMLERR0016

Either the user has reloaded the page while the plugin was processing the SAML Response or someone has tried to send a duplicated SAML Response.

Description

This error code is shown to users when the plugin detects a duplicate SAML response.

Fix

Users will need to initiate the SSO again.

---

WPSAMLERR0017

Invalid XML detected by the plugin in the form of SAML Metadata, SAML Logout Response, and SAML Response.

Description

This error code is shown when an invalid XML is passed by a user or IDP.

Fix

Please send the SAML tracer while reproducing the whole issue to samlsupport@xecurify.com.

---

WPSAMLERR0018

Not a WordPress Member

Description

This error occurs when you have enabled the Don't create a new user if roles are not mapped within the Role mapping section of the Attribute/Role map.

Fix

• Enable the Don't create a new user if roles are not mapped toggle only if you want to allow SSO only for users with roles that are mapped within the Role mapping section of the Attribute/Role mapping tab.
• If you want users to be able to log into the site regardless of their role, then disable this option.

---

WPSAMLERR0019

User role is restricted

Description

This error is displayed when the user role is restricted from logging in.

Fix

Please ensure the role names and corresponding values are correctly configured for restriction. This can be done in the IDP Attribute Name and IDP Attribute Value input boxes under the Advanced Settings tab under the Attribute/Role Mapping section.

---

WPSAMLERR0020

PHP OpenSSL extension is either not installed or disabled.

Description

This error is displayed when the PHP OpenSSL extension is not installed or disabled.

Fix

Please ensure that the OpenSSL extension is installed and enabled to activate the plugin.

Related Articles

• How to enable PHP OpenSSL extension?

---

WPSAMLERR0021

Permission Denied: Blacklisted user

Description

This error is displayed when the users with a specific domain are restricted from logging in.

Fix

If this message shouldn't appear, ensure correct domain restrictions are entered in the Email Domains input box located under the Allow/Deny user login based on email domain toggle in the Advanced Settings of the Attribute/Role Mapping tab.

---

WPSAMLERR0022

Permission Denied: Not a Whitelisted user

Description

This error is displayed when the users with a specific domain are restricted from logging in.

Fix

If this message shouldn't appear, ensure correct domain restrictions are entered in the Email Domains input box located under the Allow/Deny user login based on email domain toggle in the Advanced Settings of the Attribute/Role Mapping tab.

---

WPSAMLERR0023

IDP not enabled

Description

This error is displayed when the IDP status is inactive and a user tries to log in to the site.

Fix

• Activate the IDP status in the Service Provider Setup tab by selecting Activate from the Bulk Actions dropdown.
• Then, click on Apply.

---

WPSAMLERR0024

Invalid SAML Assertion

Description

This error code is shown to users when the plugin receives an invalid assertion in the SAML response.

Fix

Please send the SAML tracer while reproducing the whole issue to samlsupport@xecurify.com.

Related Articles

• How to capture SAML Tracer logs?

---

WPSAMLERR0025

Invalid Logout Request

Description

This error code is shown to users when the plugin cannot process the Logout Request.

Fix

Please send the SAML tracer while reproducing the whole issue to samlsupport@xecurify.com.

Related Articles

• How to capture SAML Tracer logs?

---

WPSAMLERR0026

Invalid Metadata file/URL

Description

This error code is shown to users when the plugin cannot process SAML Metadata.

Fix

Please contact samlsupport@xecurify.com with the metadata file/IDP metadata URL you are trying to import.

---

WPSAMLERR0027

Incorrect IDP certificates

Description

This error code is shown to users when the plugin cannot decrypt encrypted elements in SAML Response.

Fix

Please send the SAML tracer while reproducing the whole issue to samlsupport@xecurify.com.

Related Articles

• How to capture SAML Tracer logs?

---

WPSAMLERR0028

Unable to process XML

Description

This error code is shown to users when the plugin cannnot process XML as per the SAML specification.

Fix

Please send the SAML tracer while reproducing the whole issue to samlsupport@xecurify.com.

Related Articles

• How to capture SAML Tracer logs?

---

WPSAMLERR0029

Plugin License Expired

Description

This error code is shown to users when the plugin license has expired and the SSO has stopped working.

Fix

Please renew your plugin license to get the SSO working.

Related Articles

• How can I renew my WordPress Plugin License?

---

WPSAMLERR0030

Invalid License Found

Description

This error code occurs when the same plugin license is used on multiple sites or an incorrect license key is entered.

Fix

Please make sure that your license is activated only on the number of sites permitted by the amount of your license or reach out to us at samlsupport@xecurify.com to upgrade your license.

Related Articles

• Check License

---

WPSAMLERR0031

License File missing from the plugin.

Description

If you are seeing this message it means that there has been some issue with how you have activated your license.

Fix

Reach out to us at samlsupport@xecurify.com using your registered email address.

---

WPSAMLERR0032

The Curl extension is either not installed or disabled.

Description

This error is displayed when the Curl extension is not installed or disabled.

Fix

Please contact your hosting provider to enable the PHP CURL extension for your website.

Related Articles

• How to enable PHP Curl extension?

---

WPSAMLERR0033

IdP is incorrectly configured or the SAML Response contains insecure elements.

Description

This error occurred while parsing encrypted XML.

Fix

The SAML Response sent by IDP is not correct. Please send the IDP, plugin configurations,and the SAML Tracer, to samlsupport@xecurify.com for further debugging.

Related Articles

• How to export Configuration?
• How to capture SAML Tracer logs?

---

WPSAMLERR0034

No Default IDP selected

Description

This error code indicates that you have not configured any Identity Provider as default in the Service Provider Setup tab.

Fix

You need to select at least 1 Identity Provider as default in the Service Provider Setup tab.

Related Articles

• What is Default Identity Provider?

---

WPSAMLERR0035

Password Reset URL not configured.

Description

This error code indicates that the Password reset URL is not configured in AzureB2C configuration.

Fix

You need to check the AzureB2C Policies for the Password Reset.

---

WPSAMLERR0036

No Such Identity Provider is configured at your SP.

Description

This error code indicates that you have no such Identity Provider configured in your service provider.

Fix

You should re-check if the Identity Provider is present in the Service Provider Setup tab.

---

WPSAMLERR0037

UserName/Email Missing

Description

This error code indicates that you have provided an empty value to the UserName/Email.

Fix

Please provide a valid value to the UserName/Email attribute name in the Attribute Mapping tab.

---

WPSAMLERR0038

Test Configuration is not allowed for non-admin users.

Description

This error code indicates that the user role other than administrator has accessed the Test Configuration URL.

Fix

• Users other than the administrator cannot access the Test Configuration Window.
• If you want to access the test configuration link, please login into the WP site as Admin and then access it.

Related Articles

• How to do Test Configuration?

---

WPSAMLERR0039

Subsite Limit Exceeded.

Description

This error occurs when SSO is activated on more sites than your purchased license allows.

Fix

Please make sure that your license is activated only on the number of sites permitted by the amount of your license or reach out to us at samlsupport@xecurify.com to upgrade your license.

Related Articles

• Check License

---

For more information visit our WordPress SSO page.

If you need any assistance, Please reach out to us at samlsupport@xecurify.com.