Affected: Single sign-on
Overview
Reference this document when experiencing issues when signing on through SSO and you see SAML assertion consumer errors.
Topics
*Occurs before or after authentication?
-
Errors before authentication of LaunchDarkly account: These errors occur before a LaunchDarkly account has been connected to the assertion consumer service URL.
-
Errors after authentication of LD account: These errors occur after an LD account has been connected to the assertion consumer service URL.
Error Code |
Full error message | *Occurs before or after authentication | Reason for error |
401 | Error (401) - invalid_request: SSO authentication failed. |
Before |
A 401 error suggests one of the following:
|
736 | ACS received invalid 'id' parameter |
Before |
The assertion consumer service URL provided by LaunchDarkly in the This is likely a copy/paste error. |
924 | ACS could not find account |
Before |
The assertion consumer service URL provided by LaunchDarkly in the This is likely a copy/paste/typo error. |
925 | ACS received a duplicate SAMLResponse |
Before | The provided SAML is a duplicate of a previous request, which could be a replay attack. A reasonable request wouldn’t reuse the same data. |
847 | Unable to parse X.509 certificate for the account |
After |
The This is likely a copy/paste/typo error. |
729 | X.509 certificate is not set for the account |
After |
There isn’t a |
972 | Name ID element must be email address |
After |
The These issues can take two forms. It will either be the NameID field is incorrect, or you are sending the wrong attribute map. |
701 |
OR
OR
|
After |
This error code indicates that there is a problem with the Missing attributes or elements could include: This is likely related to a mismatch in attribute mapping or an invalid |
None | SSO authentication failed: Configure SAML on LaunchDarkly. |
After |
The LD account connected to the provided This means that either the account’s |