Error messages
Error messages
Error messages appear in the web browser when something goes wrong with SAML SSO authentication.
Pre HTML5 loading
Unable to parse SAML Assertion
There was an error while parsing and validating the SAML Assertion. Further details can be found in HTML5 Logs.
Most common causes:
SAML Response is not valid for this audience: The most probable cause for this issue is having wrong configuration on the IDP, especially the Entity ID URL. The entity ID URL in the assertion will not match with the Entity ID provided in the SP SAML settings.
Expected 1 Assertion or 1 EncryptedAssertion; found 0: The Assertion / EncryptedAssertion tag was not found in the response. The Web Client will be expecting an encrypted assertion while the IDP is sending a non encrypted one. This can either be fixed by changing the IDP settings to send an encrypted assertion or tick the checkbox found in 'RAS Console > Connection > SAML > IDP Settings > Allow unencrypted assertion'
SAML Response is not yet valid: This might happen if the time of the server where RAS Gateway is installed is incorrect, for instance 4 seconds behind. In this case the assert will be created before actually trying to parse it.
SAML Response is no longer valid: This might happen if the time of the server where RAS Gateway is installed is incorrect. In case it's manually set in the future, assert might be seen as not valid anymore while trying to validate it.
SAML Assertion body is empty
SAML Assertion was not found in the response. Further details can be found in HTML5 Logs
Unable to create SAML logout request
There was an error while creating SAML logout request. Further details can be found in HTML5 Logs.
Unable to create SAML logout response
There was an error while creating logout response. Further details can be found in HTML5 Logs.
Post HTML5 loading
0x00000029
SAML IdP settings not found. IdP Id:'xxx'
Check the Identity Provider settings. Check if the IdP metadata are correctly imported.
0x0000002A
SAML IdP info keys loading failed. IdP Id:'xxx'
Check if the IdP certificate is present in the IdP settings.
0x0000002B
SAML Theme mismatch
Check if the theme is correctly set in the IdP settings.
0x0000002C
Logon using SAML failed. Error: 0x00001
See errors below
0x00000029
No Enrollment Sever available
Check Enrollment server(s) status
0x0000002A
Missing NLA User Configuration
Enter NLA User details
0x00000003
Logon using SAML failed. Error: Failed to match AD User. 0x00000006
Check if the Attributes settings are correct in the IdP properties.
0x00000003
Logon using SAML failed. Error: Failed to validate and decrypt the response. 0x00000009
Check if the IdP certificate is present in the IdP settings.
0x00000003
Logon using SAML failed. Error: Assertion not encrypted. 0x0000001C
Check if the IdP settings for the logon request are correct.
0x00000003
Logon using SAML failed. Error: Failed to decrypt the assertion. 0x0000001D
Check the SP certificate is correctly set in the IdP settings.
0x00000003
Logon using SAML failed. Error: Failed to verify assertion. 0x0000001F
Check if the IdP certificate is present in the IdP settings.
Once an application or desktop is launched
Invalid username or password
The user certificate is valid, but the domain controller did not accept it. Check the Kerberos logs on the domain controller.
The system could not log you on. Your credentials could not be verified.
Check connectivity with the domain controller and check that the appropriate certificates installed.
The request is not supported
The "Domain Controller" and "Domain Controller Authentication" certificates on Domain Controller require enrolling, even if they are already available.
The system could not log you on. The smartcard certificate used for authentication was not trusted.
The intermediate and root certificates are not installed on the machine where the error is shown. The CA root certificate and any intermediate certificates must be added to the "Trusted root certificates"in the local computer account.
You cannot logon because smart card logon is not supported for your account.
The user account has not been fully configured for smart card logon.
No valid smart card certificate could be found.
Check the configuration of the PrlsSmartcardCertificate. The extensions might not be set correctly, or the RSA key is less than 2048 bits.
Bad Request
Check the configuration of the PrlsSmartcardCertificate. The extensions might not be set correctly, or the RSA key is less than 2048 bits.