Troubleshooting Single Sign-On (SSO) Errors

Configuring Single Sign-On (SSO) can be a complex process with multiple points of failure. Uptime.com provides an error page as well as specific error message when an SSO login attempt fails. 

This article will cover some common errors, as well as troubleshooting steps based on the errors you may encounter. When in doubt, double check that the fields in the Uptime.com SAML SSO settings page are correct and match with the appropriate fields in the IdP. 

For more information on the full SSO configuration process, see our main support article here. If these steps still don’t help, reach out to support@uptime.com for further assistance!

Table of Contents

General Errors

SSONotConfigured

Return to top

This error means that the Uptime.com SAML SSO settings page and form weren’t properly submitted or saved.

Please complete the full setup process and try again.

SignatureError

Failed to verify signature

Return to top

This error means that there’s an issue with the IdP’s Certificate, and the SAML response couldn’t be verified.

Please double check with your IdP application that the correct Certificate is provided in the SAML SSO settings page

Signature missing for assertion

Return to top

This error means that the IdP-sided configuration for the SAML assertion wasn’t signed with the IdP’s certificate. It is possible the whole SAML response was signed (optional), but this is insufficient; we require the assertion itself to be signed as well.

Please check your IdP’s configuration properly signs its SAML assertions with its certificate.

Enter correct username and password

Return to top

This error usually means that there’s a typo in the username (as entered in the Uptime.com login portal, or as configured on the IdP-side), or that the connection hasn’t been properly initialized via the WAYFless URL “handshake”.

For more information on this initialization process, see our main support article on Configuring SSO for Uptime.com. 

SAML Assertion Errors

Return to top

Problems with the SAML Assertion are very common. Double check that the IdP configuration includes the required SAML Assertions, as described in the Configuring SSO for Uptime.com article.

Click here for a live example of a working SAML response.

MissingKey: None

Return to top

This error means that the SAML assertion metadata entry for Issuer couldn’t be verified.

Double check that the Issuer attribute exactly matches the “Identity Provider’s EntityID / Issuer” field in the SAML SSO settings page

SamlException

An unknown SAML error occurred - Confirm Uptime.com EntityID

Return to top

This error usually means that the Uptime.com-sided EntityID / Audience URI or ACS URLs aren’t configured correctly in your IdP.

Please double check that the URLs from the SAML SSO settings page match the corresponding fields in the IdP application.

NoneType object has no attribute name_qualifier

Return to top

This error means that the SAML response provided by the IdP was missing the Subject NameID clause, which is one of the four required SAML assertions. Alternatively, the Subject NameID attribute is missing the required NameQualifier

Here is an example of a SAML response snippet that provides Subject NameID:

<saml:Assertion ...>
  <saml:Issuer>http://idp.example.com/metadata.php</saml:Issuer>
  <saml:Subject>
    <saml:NameID
          SPNameQualifier="http://sp.example.com/demo1/metadata.php"
          Format="urn:oasis:names:tc:SAML:2.0:nameid-format:transient">
      bob@example.com
    </saml:NameID>
    <saml:SubjectConfirmation ...>
      ...
    </saml:SubjectConfirmation>
  </saml:Subject>
</saml:Assertion>

Please confirm that the NameID attribute in the IdP is set to a unique user identifier.

Could not find attribute representing Username

Return to top

This error means that the SAML response provided by the IdP was missing the required Email (or equivalent) attribute, which should be defined as the user’s email address for the Uptime.com account.

Please confirm that the Email attribute in the IdP is properly configured.

Could not find attribute representing First Name

Return to top

This error usually means that the SAML response provided by the IdP was missing the required FirstName (or equivalent) attribute, which should match the user’s “First Name” field in both the IdP and their Uptime.com user account.

Please confirm that the FirstName attribute is properly configured in the IdP.

SSO Login Failure

urn:oasis:names:tc:SAML:2.0:status:Responder

StatusError: SP-initiated SSO is not enabled

Return to top

This error means that the IdP refused the login request sent by Uptime.com, and that some configuration or setting on the IdP is blocking the login attempt. 

Microsoft describes the error as "The request could not be performed due to an error on the part of the SAML responder or SAML authority."

Please review your IdP configuration for any settings that might be blocking the Uptime.com login request.

StatusInvalidNameidPolicy

Return to top

This error means that the IdP refused the login request sent by Uptime.com for the specific reason of an invalid NameID policy. This is a common Azure AD-sided error, where the claims haven’t been correctly configured.

Please confirm that the claims are configured correctly, using the Azure Active Directory section of the main setup support article. If needed, please collect all technical details from your IdP and include them in a ticket to support@uptime.com for further assistance.

Final Thoughts

Return to top

The most common causes of SSO errors are misconfigured SAML assertions or other IdP-sided settings which block required functionality for Uptime.com and the IdP to validate the login attempt. Double check that the assertions, fields, and settings are configured correctly, as shown in our support article Configuring SSO for Uptime.com.

If you’re still stuck, collect any technical data or screenshots from your IdP configuration and email support@uptime.com for assistance.

Was this article helpful?
2 out of 6 found this helpful

Comments

0 comments

Article is closed for comments.

Have more questions?
Submit a request
Share it, if you like it.