Single Sign On (SSO) Troubleshooting Logs
On occasion, you might run into errors while setting up Single Sign On (SSO) in your Bynder portal. If you’ve completed the steps for setting up SSO, but are still experiencing login issues, see the chart below on how to resolve the issue.
Learn more about setting up SAML SSO and Google SSO
Skip Directly To
How to Troubleshoot SSO
Navigate to Settings > Advanced Settings > Portal Settings
Click Login Configuration on the left sidebar
Select the SSO method that you would like to review
Select Logs
Here you will see the list of login events. Click Login failed to see the specific error
Use the information in the chart below to help identify and troubleshoot the issue
SAML Response Validation
These errors correspond to invalid SAML configuration in the idp and in Bynder platform.
SAML Response ValidationError | Description |
|---|---|
SSO disabled | This SSO method is disabled in Bynder's login configuration. |
Invalid issuer | Received "{received}" instead of the expected "{expected}", which is the configured value for Identity Provider Identifier. |
Invalid audience | "{Received}" was not found in the audience restriction. |
Invalid signature | The signature validation of the SAML response failed. The certificates in the SAML response and the SSO method configuration don't match. |
Response not signed | No signature was found in the SAML response. The signature hasn't been set up in the identity provider. |
Invalid Google
These errors may happen specifically for Google SSO flows.
InvalidGoogleTitle | Description |
|---|---|
Domain not allowed | User email is not included in the configuration's allowed domains |
SSO disabled | This SSO method is disabled in Bynder's login configuration. |
Login failed | Something went wrong, please try again later and if the issue continues, contact Support. |
Invalid OpenID
These errors may happen specifically for OpenID SSO flows
Title | Description |
|---|---|
SSO disabled | This SSO method is disabled in Bynder's login configuration. |
Authorization endpoint | The server denied the authorization request and may have provided more information. Error: "{error}", error description: "{error_description}". |
Token endpoint | The server responded with a {status_code} status code and may have provided more information. Error: "{error}", error description: "{error_description}". |
JWKS endpoint | Unable to retrieve the JSON Web Key Set from the configured JWKS URL. |
Invalid Token | The token endpoint did not return a token or the token is invalid. |
Userinfo endpoint | The server responded with a {status_code} status code and may have provided more information. Error: "{error}", error description: "{error_description}". |
JWT | The JWT returned by the token endpoint could not be validated against the retrieved JSON Web Key Set. |
User Validation
These errors may happen in both SAML SSO flow, and are relative to user management in Bynder's platform.
User ValidationError | Description |
|---|---|
Email not found | No valid email was found in the attribute with Name "{attribute}". |
Email not found | No valid email was found in the NameID value. |
First name not found | No value was found in the attribute with Name "{attribute}". |
Last name not found | No value was found in the attribute with Name "{attribute}". |
Inactive user | This user is currently deactivated and not allowed to log in. |
User not found | The user does not exist and couldn't be created because just in time user provisioning is disabled in the SSO method configuration. |
Missing username | No valid username was found in the attribute with Name "{attribute}". |
Still receiving an error?
Related Articles
Enable Single Sign on (SSO) in Bynder