Error messages for SWS protected applications from your IdP
This topic describes the error messages for applications configured with SWS protections.
These errors apply to non-Identity applications that are configured with SWS protections only, as described in Configure SWS policy for third-party IdP apps .
Error codes and description
The following is a list of error codes, why the error happened, and how you can resolve them.
Error code 1: Something went wrong
An internal communication error was detected.
Re-verify all configurations are correct and try again. If the issue persists, contact support.
Error code 8: The URL you are trying to access does not match a known application
This can happen if the application has been deleted from SWS, or the URL was copied incorrectly into the IdP or service provider.
Verify the application exists in SWS and that the assigned SWS URLs are copied correctly in the IdP and service provider.
Error code 9: The SAMLResponse parameter was not found in the IdP response
The call sent from the IdP does not contain the required parameter - SAMLResponse. This is a required parameter for any SAML flow to be successful. SWS cannot complete the user flow without it.
Verify the configuration in your IdP for this application to ensure the SAMLResponse parameter is included.
Error code 10: There was a problem parsing the SAMLResponse parameter sent from your IdP
The SAMLResponse parameter was found in the message sent by your IdP, but there was an error opening it. This can happen if the metadata or application URL's configured in the IdP are incorrect or incomplete.
Check and verify that the IdP configuration for this application is correct.
Error code 11: There was a problem parsing the SAMLResponse parameter sent from your IdP
The schema of the SAML response sent from your IdP was invalid.
Check and verify that the IdP configuration for this application is correct.
Error code 12: The URL you are trying to access does not match a known application
The SWS URL that you are trying to reach doesn't match a known application. This can happen if data was copied incorrectly or the application is inactive.
Copy one or more of the URLs into the service provider or the IdP, or check if the application is active.
Error code 13: There was a problem parsing the SAMLResponse parameter sent from your IdP
The format of the SAML response was incorrect. This can happen because of a misconfiguration at the IdP.
Check and verify that the IdP configuration for this application is correct.
Error code 14: The SAML response is no longer valid (timeout occurred)
The SAML response received from the IdP (for example, ADFS) has an invalid timeframe.
Make sure that the times-syncs are accurate at both the identity provider server and service provider server.
Error code 15: The issuer received is not as defined
The issuer provided in the SAML response did not match the one expected in the application configuration.
Check and verify that the Issuer/Entity configuration for this application is correct in both the IdP and service provider configurations, and in the SWS portal.
Error code 16: The SAML response is no longer valid (timeout occurred)
The SAML response was received from the IdP server (for example, ADFS) in an invalid timeframe.
Make sure that the times are correct on both the identity provider server and the service provider server.
Error code 17: The audience received is not as expected
The audience provided (service provider entity ID) in the SAML response did not match the one provided in the application configuration.
Check and verify that the audience configuration for this application is correct in both the IdP and service provider configurations, and in the SWS portal.
Error code 18: The status of the SAML response was not successful
Something went wrong with the IdP.
Check the SAML logs in the IdP for details about the error.
Error code 19: The certificate uploaded in the IdP expired
The certificate provided in SWS from the IdP is expired.
Download a new certificate from the IdP and upload it again in the application.
Error code 20: The assertion signature in the SAML response is invalid
The certificate might have been changed in the IdP.
Verify that the IdP certificate is the correct one.
Error code 21: Something went wrong
An internal communication error was detected.
Re-verify all configurations are correct and try again. If the issue persists, contact support.
Error code 22: Something went wrong. Try again in a few minutes
An internal communication error was detected.
This error indicates an issue between SWS components. It might be temporary. Wait 5 minutes and try again. If the problem persists, contact support.
Error code 23: Something went wrong. Try again in a few minutes
An internal communication error was detected.
This error indicates an issue between SWS components. It might be temporary. Wait 5 minutes and try again. If the problem persists, contact support.
Error code 24: Something went wrong. Try again in a few minutes
An internal communication error was detected.
This error indicates an issue between SWS components. It might be temporary. Wait 5 minutes and try again. If the problem persists, contact support.
Error code 25: Something went wrong. Try again in a few minutes
An internal communication error was detected.
This error indicates an issue between SWS components. It might be temporary. Wait 5 minutes and try again. If the problem persists, contact support.
Error code 26: Authentication denied
SWS authorization has failed for this user. This can happen because of multiple factors, including:
-
Missing requirements (extension not installed or disabled)
-
Endpoint Privilege Manager required but not verified
Verify the SWS security layer configurations for the user accessing this application.
Error code 27: A SAML request was not found in the parameters sent
The call sent from the application does not contain the required parameter - SAMLRequest
Verify that the call sent to SWS includes a valid SAML request.
Error code 28: A SAML request was not found in the parameters sent
The call sent from the application does not contain the required parameter Signature Algorithm - SigAlg
Verify that the call sent to SWS includes a valid SAML request.
Error code 29: A SAML request was not found in the parameters sent
The call sent from the application does not contain the required parameter - Signature.
Verify that the call sent to SWS includes a valid SAML request.
Error code 30: The certificate uploaded in the service provider is expired
The certificate provided in SWS from the service provider is expired.
Download a new certificate from the service provider and upload it again in the application.
Error code 31: The signature in the SAML request is invalid
The certificate might have been changed in the service provider.
Verify that the service provider certificate is the correct one.
Error code 32: There was a problem parsing the SAMLRequest parameter sent from your service provider.
The SAMLRequest parameter was found in the message sent by your service provider, but there was an error opening it.
Go to the service provider's SAML log for potential errors to fix them accordingly.
Error code 33: There was a problem parsing the SAMLRequest parameter sent from your service provider.
The format of the SAML request was incorrect. This can happen because of a misconfiguration in the service provider.
Check and verify that the service provider configuration for this application is correct.
Error code 34: The signature in the SAML response is invalid
The certificate might have been changed in the IdP.
Verify that the IdP certificate is the correct one.
Error code 35: There was a problem parsing the SAMLRequest parameter sent from your service provider.
The format of the SAML request was incorrect. This can happen because of a misconfiguration in the service provider.
Check and verify that the service provider configuration for this application is correct.
Error code 36: The IdP response must be set as HTTP POST for security reasons
The IdP response is using HTTP GET method. SWS only supports HTTP POST for security reasons.
Verify that the IdP method used is set to HTTP POST.
Error code 37: The SWS application is inactive
The SWS application you are trying to reach is inactive.
Activate the application in the SWS portal.
Error code 38: The destination received is not as expected
The destination provided in the SAML response did not match the one provided in the SWS portal ACSU (Assertion Consumer Service URL).
Check and verify that the configuration for this application is correct in both the IdP and service provider configurations, and in the SWS portal.
Error code 39: The ACSU received is not as expected
The ACSU provided in the SAML request did not match the one provided in the SWS portal ACSU (Assertion Consumer Service URL).
Check and verify that the ACSU configuration for this application is correct in the service provider configuration and in the SWS portal.
Error code 40: The destination received is not as expected
The destination provided in the SAML request did not match the one provided in the SWS portal Login URL.
Check and verify that the configuration for this application is correct in the service provider configuration and in the SWS portal.
Error code 41: The destination received is not as expected
The destination provided in the SAML request did not match the one provided in the SWS portal Login URL.
Check and verify that the configuration for this application is correct in the service provider configuration and in the SWS portal.
Error code 42: The destination received is not as expected
The destination provided in the SAML request did not match the one provided in the SWS portal service provider Entity ID.
Check and verify that the configuration for this application is correct in the service provider configuration and in the SWS portal.
Error code 43: The destination received is not as expected
The destination provided in the SAML request did not match the one provided in the SWS portal service provider Entity ID.
Check and verify that the configuration for this application is correct in the service provider configuration and in the SWS portal.
Error code 44: The destination received is not as expected
The destination provided in the SAML response did not match the one provided in the SWS portal IdP Entity ID.
Check and verify that the configuration for this application is correct in the IdP configuration and in the SWS portal.
Error code 45: The destination received is not as expected
The destination provided in the SAML response did not match the one provided in the SWS portal service provider logout URL.
Check and verify that the configuration for this application is correct in the IdP configuration and in the SWS portal.
Error code 46: The destination received is not as expected
The destination provided in the SAML response did not match the one provided in the SWS portal service provider ACSU URL.
Check and verify that the configuration for this application is correct in the IdP configuration and in the SWS portal.
Error code 47: The SAML response was sent in an unsupported manner
SWS will generally pass on a SAML response in the same manner in which it was received from the IdP. However, if no security attributes are received at all in the response from the IdP - meaning no signature or encryption on the response or any of the assertions within - this will be blocked.
Ensure that the IdP application configuration includes minimal security attributes.
