Error Code | Reason | Solution |
4 | The IdP certificate file is not uploaded right. | Reconfigure IdP details. |
8 | SAML response is not received from IdP. | AssetExplorer supports only POST binding method. Ensure that the IdP follows POST binding method. |
10 | Error in validating the logout response of the IdP. | Refer errors 42, 44, 50, 4, and 36. Contact assetexplorer-support@manageengine.com. |
21, 22, 23 | The IdP response Status is Failure. | Reconfigure the IdP details by following the instructions given here. |
35 | The IdP response is not signed. AssetExplorer accepts only signed responses. | Configure the IdP settings for AssetExplorer to sign assertion and responses. |
36 | Unable to verify IdP signature in the SAML response. | Upload the correct IdP certificate file in the SAML configuration page of AssetExplorer. |
40 | Entity IDs in the SAML response and AssetExplorer are not the same. | Reconfigure the SP details in your IdP portal. |
42 | The destination URL in the SAML response does not match the actual URL from which the response is called. | Reconfigure the SP details in your IdP portal. If you have configured a proxy server (say azure app proxy) to externalize the application, add proxyName="<external_url>" and proxyPort="<external_port>" attributes to the connector tag in the server.xml file. |
44 | The Issuer field is empty in the SAML response. | Contact assetexplorer-support@manageengine.com. |
46, 47, 51 | The SAML response will not be validated as the System Time Stamp does not match the Standard Time. | Set proper time and time zone in the application server. |
48 | The user has configured Assertion Encryption, which is not supported in AssetExplorer. | Change Assertion Encryption to Assertion Sign in the IdP, which will sign the assertion but not encrypt it. |
49 | Issuer name is missing in the SAML assertion. | Reconfigure the SP and IdP. If the error persists, email us at assetexplorer-support@manageengine.com with the log files. |
50 | The SAML assertion from the IdP is not for the intended user/requester. | Log in again by using SAML authentication. |
52 | No such user exists in the application or the user is not a technician. | Create a new technician manually with the login name generated by the IdP or change the requester into a technician. |
60 | User not found (during email based SAML login). | If the user does not exist in AssetExplorer, create a new user manually and configure email address. If the user already exists in the application, configure their email address to match the login email ID in AssetExplorer. |
61 | Login is disabled for the user. | Enable login for the user. |
62 | More than one user is configured with the login email ID. | Ensure that the login email address is configured only with one user. This error is thrown if the login email ID is configured as a primary/secondary email address of another user. |