Skip to content

Login failure errors

Users who experience issues when attempting to log in to the VIP Dashboard with an organization’s Single Sign-On configuration are served an informative error message. The error message indicates a possible underlying cause for the issue. Issues could be due to misconfigurations in the settings for the IdP, in the settings in the VIP Dashboard Single Sign-On panel, or a user attempting to login with an email address that is not recognized by the configured IdP.

Users who receive an SSO login failure error should share the error message with an Org admin. Org admins with access to both the settings for the configured identity provider (IdP) and the Single Sign-On panel for the VIP Dashboard are best able to investigate and potentially resolve these issues.

Useful browser extensions that can assist with troubleshooting user attribute configurations:

If an Org admin is unable to successfully troubleshoot an issue, they can reach out to VIP Support for additional assistance.

VIPSSO_001: SSO Login Failure

Unable to authenticate your user via the identity provider. The underlying cause for login failure is unknown and requires additional investigation. An Org admin should reach out to VIP Support on behalf of the user and provide the following information:

  • The approximate time in UTC when the login attempt failed.
  • The email address submitted by the user.

VIPSSO_002: SSO Invalid email

The email provided by your identity provider for your user appears to be invalid. A valid email address must be mapped to the email attribute and provided during authentication.

This can be caused by:

  • Missing email attribute: Verify that the exact value https://schemas.wpvip.com/email has been correctly added as the email attribute to the IdP’s configuration settings.
  • Incorrect name for the email attribute: Verify that the exact value https://schemas.wpvip.com/email has been correctly added as the email attribute to the IdP’s configuration settings. Entering the email attribute as email is incorrect and will not work.
  • Incorrect field mapped to the email attribute: Verify that the user’s primary email address field is mapped to the email attribute https://schemas.wpvip.com/email in the IdP’s configuration settings.
  • A misspelling in the user’s email address: Verify the spelling of the user’s email address in the IdP’s configuration settings and make any necessary corrections.

VIPSSO_003: SSO Invalid name

The name provided by your identity provider for your user appears to be invalid. During authentication the value mapped to the full name attribute is used if it is available. If it is not available, the first name and last name attributes are used, joined by a space.

The “Invalid name” error can be caused by:

  • Incorrect name for the full name attribute: Verify that the exact value https://schemas.wpvip.com/name has been correctly added as the full name attribute to the IdP’s configuration settings. Entering name for this value is incorrect and will not work.
  • Incorrect name for the first name and/or last name attribute: When applicable, verify that the exact value https://schemas.wpvip.com/firstname has been correctly added as the first name attribute in the IdP’s configuration settings, and https://schemas.wpvip.com/lastname has been added for the last name attribute. Entering firstname or lastname for these values is incorrect and will not work.
  • Incorrect field mapped to the first name and/or last name attribute: Verify in the IdP settings that the user’s first name field is mapped to the first name attribute https://schemas.wpvip.com/firstname and the last name field is mapped to the last name attribute https://schemas.wpvip.com/lastname.
  • A misspelling in the user’s name field: Verify the spelling of the user’s full name in the IdP’s configuration settings and make any necessary corrections.
  • A missing value or misspelling in the user’s first or last name fields: Verify the spelling of the user’s first and/or last name in the IdP’s configuration settings and make any necessary corrections. These fields must not be empty nor contain an email address.

VIPSSO_004: SSO certificate error

Unable to validate the signed response using the Signing Certificate (X.509 Certificate). The signing certificate added to this organization’s SSO configuration is invalid.

This could be caused by:

  • An incorrect certificate added to the SSO configuration.
  • A certificate that expired after being added to the SSO configuration.
  • A certificate that was rotated on the IdP but was not updated on the VIP Dashboard SSO configuration.

VIPSSO_005: SSO Request Denied

The identity provider denied access to the VIP Dashboard for your user. The user attempting to log in was not added by the organization to the IdP.

Last updated: January 19, 2024

Relevant to

  • Node.js
  • WordPress