Configuring Single Sign-On (SSO) can be a complex process with multiple points of failure. Uptime.com provides an error page as well as specific error message when an SSO login attempt fails.
This article will cover some common errors, as well as troubleshooting steps based on the errors you may encounter. When in doubt, double check that the fields in the Uptime.com SAML SSO settings page are correct and match with the appropriate fields in the IdP.
For more information on the full SSO configuration process, see our main support article here. If these steps still don’t help, reach out to support@uptime.com for further assistance!
Table of Contents
General Errors
SSONotConfigured
This error means that the Uptime.com SAML SSO settings page and form weren’t properly submitted or saved.
Please complete the full setup process and try again.
SignatureError
Failed to verify signature
This error means that there’s an issue with the IdP’s Certificate, and the SAML response couldn’t be verified.
Please double check with your IdP application that the correct Certificate is provided in the SAML SSO settings page.
Signature missing for assertion
This error means that the IdP-sided configuration for the SAML assertion wasn’t signed with the IdP’s certificate. It is possible the whole SAML response was signed (optional), but this is insufficient; we require the assertion itself to be signed as well.
Please check your IdP’s configuration properly signs its SAML assertions with its certificate.
Enter correct username and password
This error usually means that there’s a typo in the username (as entered in the Uptime.com login portal, or as configured on the IdP-side), or that the connection hasn’t been properly initialized via the WAYFless URL “handshake”.
For more information on this initialization process, see our main support article on Configuring SSO for Uptime.com.
SAML Assertion Errors
Problems with the SAML Assertion are very common. Double check that the IdP configuration includes the required SAML Assertions, as described in the Configuring SSO for Uptime.com article.
Click here for a live example of a working SAML response.
MissingKey: None
This error means that the SAML assertion metadata entry for Issuer
couldn’t be verified.
Double check that the Issuer
attribute exactly matches the “Identity Provider’s EntityID / Issuer” field in the SAML SSO settings page.
SamlException
An unknown SAML error occurred - Confirm Uptime.com EntityID
This error usually means that the Uptime.com-sided EntityID
/ Audience URI or ACS URL
s aren’t configured correctly in your IdP.
Please double check that the URLs from the SAML SSO settings page match the corresponding fields in the IdP application.
NoneType
object has no attribute name_qualifier
This error means that the SAML response provided by the IdP was missing the Subject NameID
clause, which is one of the four required SAML assertions. Alternatively, the Subject NameID
attribute is missing the required NameQualifier
.
Here is an example of a SAML response snippet that provides Subject NameID
:
<saml:Assertion ...> <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer> <saml:Subject> <saml:NameID SPNameQualifier="http://sp.example.com/demo1/metadata.php" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient"> bob@example.com </saml:NameID> <saml:SubjectConfirmation ...> ... </saml:SubjectConfirmation> </saml:Subject> </saml:Assertion>
Please confirm that the NameID
attribute in the IdP is set to a unique user identifier.
Could not find attribute representing Username
This error means that the SAML response provided by the IdP was missing the required Email (or equivalent) attribute, which should be defined as the user’s email address for the Uptime.com account.
Please confirm that the Email
attribute in the IdP is properly configured.
Could not find attribute representing First Name
This error usually means that the SAML response provided by the IdP was missing the required FirstName (or equivalent) attribute, which should match the user’s “First Name” field in both the IdP and their Uptime.com user account.
Please confirm that the FirstName
attribute is properly configured in the IdP.
SSO Login Failure
urn:oasis:names:tc:SAML:2.0:status:Responder
StatusError
: SP-initiated SSO is not enabled
This error means that the IdP refused the login request sent by Uptime.com, and that some configuration or setting on the IdP is blocking the login attempt.
Microsoft describes the error as "The request could not be performed due to an error on the part of the SAML responder or SAML authority."
Please review your IdP configuration for any settings that might be blocking the Uptime.com login request.
StatusInvalidNameidPolicy
This error means that the IdP refused the login request sent by Uptime.com for the specific reason of an invalid NameID policy. This is a common Azure AD-sided error, where the claims haven’t been correctly configured.
Please confirm that the claims are configured correctly, using the Azure Active Directory section of the main setup support article. If needed, please collect all technical details from your IdP and include them in a ticket to support@uptime.com for further assistance.
Final Thoughts
The most common causes of SSO errors are misconfigured SAML assertions or other IdP-sided settings which block required functionality for Uptime.com and the IdP to validate the login attempt. Double check that the assertions, fields, and settings are configured correctly, as shown in our support article Configuring SSO for Uptime.com.
If you’re still stuck, collect any technical data or screenshots from your IdP configuration and email support@uptime.com for assistance.
Comments
0 comments