Error Codes
If you are facing issues while performing Single Sign-On (SSO) on your site, please refer the error codes below for the cause and resolution of the issue:
WPSAMLERR001
Encrypted Assertion From IDP
Description
The Free Version of the plugin does not support encrypted assertion and IDP is sending Encrypted Assertion.
Fix
Please turn off Assertion Encryption in your Identity Provider to test the SSO flow.
WPSAMLERR002
NameID missing
Description
This error occurs when the plugin can't find the NameID attribute in the IDP response.
Fix
Please configure your IDP to send a NameID attribute. If it is already configured then the user you are trying Single Sign On might have the blank NameID mapped attribute.
WPSAMLERR003
Unsigned Response or Assertion
Description
No signature was found in the SAML Response or Assertion.
Fix
It is required by the SAML 2.0 standard that either the response or assertion is signed. Please enable the same in your IDP.
Related Articles
WPSAMLERR004
Mismatch in Certificate
Description
This error occurs when a certificate in the SAML Response does not match the certificate configured in the plugin.
Fix
- To fix this error, click on the Fix Issue button in the Test Configuration window or copy the certificate value shown in the Test Configuration window.
- Paste it in the X.509 Certificate field in the Service Provider Setup tab of the plugin.
- If the issue persists, disable the Character encoding toggle under the Service Provider Setup tab.
Free Plugin:
Premium Plugin:
Related Articles
WPSAMLERR005
User Creation Failed
Description
This error is displayed when there is an issue in creating a user in WordPress.
Fix
Copy the error message and reach out us at samlsupport@xecurify.com with your registered email.
WPSAMLERR006
Invalid Status Code
Description
This error is displayed when IDP returns a status code other than SUCCESS.
The following are some of the common Status Code errors you might encounter:
- Requester: The IDP sends this status code when it doesn't like the SAML request.
For example: The IDP was expecting a signed request but received an unsigned one. - Responder: The IDP side of the configuration is not correct. For eg: The ACS URL is not properly configured at the IDP end.
- AuthnFailed: Some IDPs send this status code if the signature verification of the SAML Request fails.
Fix
You must double-check the configurations between your IDP and SP to fix this issue.
WPSAMLERR007
SP clock is behind IDP
Description
This can happen when your SP clock is behind the IDP clock.
Fix
You will need to sync the time between your IDP and SP or can turn off the Assertion Time Validity toggle in the Service Provider Setup tab.
WPSAMLERR008
SP clock is ahead of IDP
Description
This can happen when your SP clock is ahead of the IDP clock.
Fix
You will need to sync the time between your IDP and SP or can turn off the Assertion Time Validity toggle in the Service Provider Setup tab.
WPSAMLERR009
Wrong Audience URI
Description
This error occurs when an incorrect certificate is added to the Identity Provider for Encryption.
Fix
- Please check if the certificate added in Identity Provider is the same as the certificate provided in the Service Provider Metadata tab of the Plugin.
WPSAMLERR0010
Wrong IDP Entity ID
Description
This happens when the wrong IDP Entity ID is configured in the plugin.
Fix
To fix this navigate to the Service Provider Setup tab and paste the correct IDP Entity ID in the required field.
WPSAMLERR0011
Username length limit exceeded
Description
This error is displayed when the Username value is more than 60 characters.
Fix
To fix this issue, please configure your IDP to send a valid email address as the NameID value, which should be less than 60 characters in length.
WPSAMLERR0012
Mismatch in Certificate
Description
This error occurs when the X509 certificate received in the SAML Response does not match the certificate configured in the plugin after encoding.
Fix
To fix this error, turn off the Character encoding toggle in the Service Provider Setup tab.
WPSAMLERR0013
Certificate Not Found
Description
This error occurs when the X.509 Certificate field in the plugin does not match the certificate found in SAML Response.
Fix
Please copy the IDP certificate from your IDP and paste it into the X509 Certificate input field in the Service Provider Setup tab of the plugin.
WPSAMLERR0014
Encryption Certificate Mismatch
Description
This happens when you have configured the wrong Audience URI in your Identity Provider.
Fix
- Please navigate to the Service Provider Metadata tab of the plugin to copy the Audience URI from the metadata table.
- Now, paste this URI into the Audience URI field in your IDP.
WPSAMLERR0015
DOM extension not installed
Description
This error code is shown to users when the DOM extension is not found (installed) while parsing SAML Response, SAML Logout Response, or SAML Metadata.
Fix
Ask your hosting provider or internal team to install or enable the DOM extension.
Related Articles
WPSAMLERR0016
Either the user has reloaded the page while the plugin was processing the SAML Response or someone has tried to send a duplicated SAML Response.
Description
This error code is shown to users when the plugin detects a duplicate SAML response.
Fix
Users will need to initiate the SSO again.
WPSAMLERR0017
Invalid XML detected by the plugin in the form of SAML Metadata, SAML Logout Response, and SAML Response.
Description
This error code is shown when an invalid XML is passed by a user or IDP.
Fix
Please send the SAML tracer while reproducing the whole issue to samlsupport@xecurify.com.
WPSAMLERR0018
Not a WordPress Member
Description
This error occurs when you have enabled the Don't create a new user if roles are not mapped within the Role mapping section of the Attribute/Role map.
Fix
- Enable the Don't create a new user if roles are not mapped toggle only if you want to allow SSO only for users with roles that are mapped within the Role mapping section of the Attribute/Role mapping tab.
- If you want users to be able to log into the site regardless of their role, then disable this option.
WPSAMLERR0019
User role is restricted
Description
This error is displayed when the user role is restricted from logging in.
Fix
Please ensure the role names and corresponding values are correctly configured for restriction. This can be done in the IDP Attribute Name and IDP Attribute Value input boxes under the Advanced Settings tab under the Attribute/Role Mapping section.
WPSAMLERR0020
PHP OpenSSL extension is either not installed or disabled.
Description
This error is displayed when the PHP OpenSSL extension is not installed or disabled.
Fix
Please ensure that the OpenSSL extension is installed and enabled to activate the plugin.
Related Articles
WPSAMLERR0021
Permission Denied: Blacklisted user
Description
This error is displayed when the users with a specific domain are restricted from logging in.
Fix
If this message shouldn't appear, ensure correct domain restrictions are entered in the Email Domains input box located under the Allow/Deny user login based on email domain toggle in the Advanced Settings of the Attribute/Role Mapping tab.
WPSAMLERR0022
Permission Denied: Not a Whitelisted user
Description
This error is displayed when the users with a specific domain are restricted from logging in.
Fix
If this message shouldn't appear, ensure correct domain restrictions are entered in the Email Domains input box located under the Allow/Deny user login based on email domain toggle in the Advanced Settings of the Attribute/Role Mapping tab.
WPSAMLERR0023
IDP not enabled
Description
This error is displayed when the IDP status is inactive and a user tries to log in to the site.
Fix
- Activate the IDP status in the Service Provider Setup tab by selecting Activate from the Bulk Actions dropdown.
- Then, click on Apply.
WPSAMLERR0024
Invalid SAML Assertion
Description
This error code is shown to users when the plugin receives an invalid assertion in the SAML response.
Fix
Please send the SAML tracer while reproducing the whole issue to samlsupport@xecurify.com.
Related Articles
WPSAMLERR0025
Invalid Logout Request
Description
This error code is shown to users when the plugin cannot process the Logout Request.
Fix
Please send the SAML tracer while reproducing the whole issue to samlsupport@xecurify.com.
Related Articles
WPSAMLERR0026
Invalid Metadata file/URL
Description
This error code is shown to users when the plugin cannot process SAML Metadata.
Fix
Please contact samlsupport@xecurify.com with the metadata file/IDP metadata URL you are trying to import.
WPSAMLERR0027
Incorrect IDP certificates
Description
This error code is shown to users when the plugin cannot decrypt encrypted elements in SAML Response.
Fix
Please send the SAML tracer while reproducing the whole issue to samlsupport@xecurify.com.
Related Articles
WPSAMLERR0028
Unable to process XML
Description
This error code is shown to users when the plugin cannnot process XML as per the SAML specification.
Fix
Please send the SAML tracer while reproducing the whole issue to samlsupport@xecurify.com.
Related Articles
WPSAMLERR0029
Plugin License Expired
Description
This error code is shown to users when the plugin license has expired and the SSO has stopped working.
Fix
Please renew your plugin license to get the SSO working.
Related Articles
WPSAMLERR0030
Invalid License Found
Description
This error code occurs when the same plugin license is used on multiple sites or an incorrect license key is entered.
Fix
Please make sure that your license is activated only on the number of sites permitted by the amount of your license or reach out to us at samlsupport@xecurify.com to upgrade your license.
Related Articles
WPSAMLERR0031
License File missing from the plugin.
Description
If you are seeing this message it means that there has been some issue with how you have activated your license.
Fix
Reach out to us at samlsupport@xecurify.com using your registered email address.
WPSAMLERR0032
The Curl extension is either not installed or disabled.
Description
This error is displayed when the Curl extension is not installed or disabled.
Fix
Please contact your hosting provider to enable the PHP CURL extension for your website.
Related Articles
WPSAMLERR0033
IdP is incorrectly configured or the SAML Response contains insecure elements.
Description
This error occurred while parsing encrypted XML.
Fix
The SAML Response sent by IDP is not correct. Please send the IDP, plugin configurations,and the SAML Tracer, to samlsupport@xecurify.com for further debugging.
Related Articles
WPSAMLERR0034
No Default IDP selected
Description
This error code indicates that you have not configured any Identity Provider as default in the Service Provider Setup tab.
Fix
You need to select at least 1 Identity Provider as default in the Service Provider Setup tab.
Related Articles
WPSAMLERR0035
Password Reset URL not configured.
Description
This error code indicates that the Password reset URL is not configured in AzureB2C configuration.
Fix
You need to check the AzureB2C Policies for the Password Reset.
WPSAMLERR0036
No Such Identity Provider is configured at your SP.
Description
This error code indicates that you have no such Identity Provider configured in your service provider.
Fix
You should re-check if the Identity Provider is present in the Service Provider Setup tab.
WPSAMLERR0037
UserName/Email Missing
Description
This error code indicates that you have provided an empty value to the UserName/Email.
Fix
Please provide a valid value to the UserName/Email attribute name in the Attribute Mapping tab.
WPSAMLERR0038
Test Configuration is not allowed for non-admin users.
Description
This error code indicates that the user role other than administrator has accessed the Test Configuration URL.
Fix
- Users other than the administrator cannot access the Test Configuration Window.
- If you want to access the test configuration link, please login into the WP site as Admin and then access it.
Related Articles
WPSAMLERR0039
Subsite Limit Exceeded.
Description
This error occurs when SSO is activated on more sites than your purchased license allows.
Fix
Please make sure that your license is activated only on the number of sites permitted by the amount of your license or reach out to us at samlsupport@xecurify.com to upgrade your license.
Related Articles
For more information visit our WordPress SSO page.
If you need any assistance, Please reach out to us at samlsupport@xecurify.com.