If you encounter any Security Assertion Markup Language (SAML) app error messages, here are some troubleshooting steps to help you. Show
Encode or decode SAML requests and responsesTo aid in troubleshooting, use the SAML encode/decode tool to process a SAML request and response in human readable form from the HTTP Archive Format (HAR) file. See https://toolbox.googleapps.com/apps/encode_decode/. SAML App creation errorsWhile creating a SAML app in the Admin console, you might see the following 400 error: 400 duplicate entity idYou'll see this if you try to create an application with an already existing entity ID. To resolve the 400 duplicate entity id error: Use the already configured application or use a different entity ID. 500 errors for SAML app creationWhile creating a SAML app in the Admin console, you might see the following 500 errors:
To resolve any 500 errors for SAML app creation: Wait for a while and then try the flow again. If errors still occur, contact Google Cloud Support. SAML runtime errorsThe following error scenarios might occur when you try out a SAML single sign-on (SSO) flow in identity provider (IdP) -initiated or service provider (SP)-initiated flows: 403 app_not_configuredThis error can occur in these scenarios:
To resolve the 403 app_not_configured error:
403 app_not_configured_for_userTo resolve the 403 app_not_configured_for_user error: Verify that the value in the saml:Issuer tag in the SAMLRequest matches the Entity ID value configured in the SAML Service Provider Details section in the Admin console. This value is case-sensitive. 403 app_not_enabled_for_userTo resolve the 403 app_not_enabled_for_user error:
400 saml_invalid_user_id_mappingIf an SP sends a NAMEID parameter in the SAMLRequest, then this parameter must be the same as that configured on the IdP side. Otherwise the SAMLRequest fails with this error. To resolve the 400 saml_invalid_user_id_mapping error:
400 saml_invalid_sp_idThis error occurs when the service provider ID in the URL of the IdP flow is incorrect, because of misconfiguration or tampering with the URL. To resolve the 400 saml_invalid_sp_id error:
The SAML Response send back a status of DENIED for the following scenarios. You might see one of the following three related error messages. SP-initiated Flow Invalid request, ACS URL in request $parameter doesn't match configured ACS URL $parameter.
To resolve the ACS URL in request $parameter doesn't match configured ACS URL $parameter error:
Invalid idpid provided in the urlThe IdP ID (an obfuscated customer ID) provided in the URL has been tampered with and is incorrect. To resolve the invalid IdP ID in URL error:
IdP-initiated Flow Invalid idpid provided in the request.The caller user has tampered with the IdP-initiated SSO URL and changed the IdP ID to another customer ID (obfuscated). To resolve the invalid IdP ID in request error:
500 errors when testing a SAML SSO flowWhen your users are testing a SAML SSO flow in IdP-initiated or SP-initiated flows, they may encounter one of several 500 errors due to backend processes being unavailable. To resolve any 500 errors for testing a SAML SSO flow: Wait and then try the flow again. If this still doesn’t work, contact Google Cloud Support. SAML app access error messages1000 on access of SAML app pageTo resolve the SAML app page access error: Contact Google Cloud Support. 1000 on access of SAML app settingsTo resolve the SAML app settings access error: Contact Google Cloud Support. SAML app user schema deletion error message400This error occurs if you are trying to delete a custom schema that is associated as an attribute mapping for a SAML app that has already been deleted. If you have created the schema before this issue was fixed, this error can occur. To resolve the SAML apps user schema deletion error: Contact Google Cloud Support. Was this helpful? How can we improve it? Why is my AWS account not working?You can't sign in to an AWS account because you're using incorrect credentials (email address, user name, or password), or you forgot the credentials that you use to sign in to an AWS account. You received a notification that there is an issue with your AWS account (for example, that it's closed or suspended).
Can I create new AWS account with same email?For Email address of the account's owner, enter the email address of the account's owner. This email address cannot already be associated with another AWS account because it becomes the user name credential for the root user of the account.
Why was my AWS account terminated?If your account isn't reactivated within 30 days of suspension, then your account will be closed. If your account isn't reactivated within 90 days of closure, then your account is terminated. Terminated accounts can't be reopened, and all resources on the account are lost.
Why is AWS Captcha not working?Use a different internet browser. If you're using a mobile device, try using a desktop browser instead. Clear your browser's cache and cookies. Wait 15 minutes, and then try to sign in again.
|