Users who experience issues when attempting to log in to the VIP Dashboard with an organization’s Single Sign-On configuration will be served an informative error message. The error message will indicate a possible underlying cause for the issue. Issues could be due to misconfigurations in the settings for the IdP, or the settings in the VIP Dashboard Single Sign-On panel, or a user attempting to login with an email address that is not recognized by the configured IdP.
Users who receive an SSO login failure error should share the error message with an Org admin. Org admins with access to both the settings for the configured identity provider (IdP) and the Single Sign-On panel for the VIP Dashboard are best able to investigate and potentially resolve these issues.
If an Org admin is unable to successfully troubleshoot an issue, they can reach out to VIP Support for additional assistance.
VIPSSO_001: SSO Login Failure
Unable to authenticate your user via the identity provider. The underlying cause for login failure is unknown and requires additional investigation. An Org admin should reach out to VIP Support on behalf of the user and provide the following information:
- The approximate time in UTC when the login attempt failed.
- The email address submitted by the user.
VIPSSO_002: SSO Invalid email
The email provided by your identity provider for your user appears to be invalid. A valid email address must be mapped to the email attribute and provided during authentication.
This can be caused by:
- Mapping an incorrect field to the email attribute: Verify that the user’s primary email address field is mapped to the email attribute (
https://schemas.wpvip.com/email) in the IdP’s configuration settings.
- A misspelling in the user’s email address in the configured IdP: Verify the spelling of the user’s email address and make any necessary corrections.
VIPSSO_003: SSO Invalid name
The name provided by your identity provider for your user appears to be invalid. During authentication the value mapped to the name attribute is used if it is available. If it is not available, the first name and last name attributes are used, joined by a space.
The “Invalid name” error can be caused by:
- An incorrect field mapped to the name attribute (
https://schemas.wpvip.com/name) in the configuration of the IdP. Verify that the
nameattribute is being used to provide the user’s name.
- A misspelling in the user’s name field in the IdP.
- A missing value or misspelling in the user’s first or last name fields in the IdP settings. These fields must not be empty nor contain an email address.
- Incorrect fields mapped to the first and/or last name attributes. Verify in the IdP settings that the user’s first name field is mapped to the first name attribute (
https://schemas.wpvip.com/firstname) and the last name field is mapped to the last name attribute (
VIPSSO_004: SSO certificate error
Unable to validate the signed response using the Signing Certificate (X.509 Certificate). The signing certificate added to this organization’s SSO configuration is invalid.
This could be caused by:
- An incorrect certificate added to the SSO configuration.
- A certificate that expired after being added to the SSO configuration.
- A certificate that was rotated on the IdP but was not updated on the VIP Dashboard SSO configuration.
VIPSSO_005: SSO Request Denied
The identity provider denied access to the VIP Dashboard for your user. The user attempting to log in was not added by the organization to the IdP.
Last updated: December 04, 2023