SAML SSO Failures and Failure Codes

Modified on Mon, 12 Feb 2024 at 01:37 PM

Hard Failures


Codes, the failure, and a description for each are listed as follows


Code: SAML SSO Failure



  • Description


 


HF01: Bad Http SAML2 Request



  • Incorrect HTTP method

  • Request is a POST, not a GET


HF02: Invalid portal authentication type



  • Portal making SAML Request is not authentication type SSO SAML2

  • Configure Single Sign-On via the SHW's Admin Website


HF03: SAML Assertion Already Used



  • SAML assertions are cached to prevent replay attacks


HF04: Form is missing variable SAML Response



  • Missing required XML tag <Request> in the SAML Response


HF05: SAML Assertion Signature is not signed



  • SAML Response does not contain an XML Signature


HF06: Error verifying response signature



  • Unable to verify the XML response signature using the known IdP public key

  • Invalid SAML response signature or invalid IdP certificate


HF07: SAML Response Status is not a success status



  • Either:

    • Missing required XML tag <Status> in the SAML Response

    • Missing required XML tag <StatusCode> in the SAML Response

    • Value of <StatusCode> is not "urn:oasis:names:tc:SAML:2.0:status:Success"




Example:


<samlp:Status>


        <samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>


</samlp:Status>


HF08: Encrypted assertion is not found in SAML response



  • Either:

    • Missing required XML tag <EncryptedAssertion> in the SAML Response

    • There is more than one encrypted SAML assertion




HF09: Decryption failed of SAML certificate



  • Unable to decrypt the encrypted assertion using the stored SP key


HF10: XML deserialization failed of SAML certificate



  • Unable to deserialize the SAML assertion


HF11: Unexpected error decrypting SAML assertion



  • Unexpected error occurred while decrypting the SAML assertion

  • Contact Avidon Health for technical support


HF12: Issuer Id not found



  • IssueId in SAML Response does not match what is expected 

  • Configure Single Sign-On via the Admin website


HF13: Unexpected exception



  • Unexpected exception occurred

  • Contact Avidon Health for technical support


HF14: Missing SSO Member Attributes



  • No SSO member attributes have been configured for this portal

  • Configure Single Sign-On via the Admin website


HF15: No mapping for required KeHF15: No mapping for required Keyfield Member Attribute



  • Missing required SSO Member Attribute 'KeyField'

  • Configure Single Sign-On via the SHW Admin website


HF16: Cannot find returning SSO user



  • Internal error—unable to find identity profile for returning portal member

  • Contact Avidon Health for customer support


HF17: Invalid User



  • Portal Registration—One or more attributes threw an error (ex, CustomField1 has an incorrectly formatted value)

  • This is a catch-all for SAML Attributes


HF18: Portal is not configured for SLO



  • This portal has not been configured to use Single Log Out

  • Configure Single Sign-On via the Admin Website


HF19: Portal Member status is not active or account has been deleted



  • Portal Member's account is not in the correct state to allow login

  • Contact Avidon Health for customer support


HF20: No mapping for required PortalName Member Attribute



  • Missing required SSO Member Attribute 'PortalGroup'

  • Configure Single Sign-On via the Admin website


HF21: SAML Request does not contain a value for Keyfield



  • Provide a value for required SSO Member Attribute in SAML Request


HF22: SAML Request does not contain a value for PortalGroup



  • Provide a value for required SSO Member Attribute in SAML Request

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons

Feedback sent

We appreciate your effort and will try to fix the article