SSO Single Sign-on Error Messages

When SSO configurations present unexpected results, SSO Error message try to provide guidance in locating and correcting errors.

SSO Configuration Error Messages
When SSO configurations are unable to complete successfully, error messages generate and provide specific information to resolve those errors. The following error messages are the most commonly encountered during SSO configuration. Generally, error messages generate a code identifier.
HIWAA0002W
SAML Error message for invalid credentials.
SAML message and general communication are working as expected although there is an invalid user error. The UserId provided inside of the SAML assertion does not match to any users within the configured User store. Verify that the server-side information includes the user name and then verify it within the configured User store.
FBTSTS019E
SAML Error message about incorrect Audience.
The received assertion includes a targeted audience that does not match the Identifier of the server. Use Kibana to search for the Audience element within the received assertion. This assertion might look like this: (<saml:Audience>https://2x-staging.kenexa.com/sps/inboundSSOStage/saml20</saml:Audience>)
The correct Audience for Staging is: https://2x-staging.kenexa.com/sps/inboundSSOStage/saml20 , and the correct Audience for Production is: https://2x.kenexa.com/sps/inboundSSOProd/saml20
  • https://2x-staging.kenexa.com/sps/inboundSSOStage/saml20
Verify with the client and then change the Audience field to match the server EntitylD.
FBTSML236E
Assertion does not match client's token.
The received assertion could not be validated. Generally, this message means that either an incorrect certificate is stored inside of the customer configuration or the validity of the token has timed out. You can verify the assertion inside of Kibana by viewing the verify the verification Error on the server side. Often there is a mis-match between the certificate the client is using and the one visible within the SSO configuration page. If the certificate does not match, exchange it with the new one the customer is using.
FBTSML241E
SAML endpoint not valid.
The processed request on the SAML endpoint is not valid. This error type could be caused by missing or incorrect parameters. You can use Kibana to view the access logs and check if the parameters match the Specification. If the RelayStateis visible, it needs to point to the application and not to the SAML endpoint.
FBTSML224E
SAML message cannot be built error message.
The SAML error message is that the SAML message cannot be built. This error can be caused by an incorrect configuration within the Inbound Page and the Identify Source page. Verify that the Entity Identifier and the Unique Name values match.