|
|
It looks like your session has expired or is invalid. Please sign in (SSO) again.
|
It looks like your session has expired or is invalid. Please sign in (SSO) again.
|
|
OpenToken decoding error.
|
We received an error while decoding the authentication response. Check your configuration or contact Ping Identity Customer Support.
|
Error in decoding authentication response. Please verify your configuration.
|
|
User is not in an authorized group for this application.
|
Sorry, you’re not authorized to access the requested resource. Check that you belong to one of the authorized groups.
|
You are not authorized to access the target resource. Please verify that you belong to one of the authorized group(s).
|
|
Multi-factor authentication (MFA) failure.
|
The multi-factor authentication was not successful. Please try again.
|
The multi-factor authentication was not successful.
|
|
|
|
|
|
|
The PPMResponse that we received is not signed.
|
The PPMResponse that we received is not signed.
|
|
Invalid signature for PPM response.
|
The signature of PPMResponse that we received is not valid. Please make sure that the key imported to PingOne matches the signing key configured in the authentication module.
|
The signature of PPMResponse that we received is not valid. Please make sure that the key imported to PingOne matches thesigning key configured in the authentication module.
|
|
|
The assertion from 2nd factor authentication module has expired.
|
The assertion from 2nd factor authentication module has expired.
|
|
Invalid nonce in PPM Response.
|
The nonce in PPMResponse must be the same as the one in PPMRequest.
|
The nonce in PPMResponse must be the same as the one in PPMRequest.
|
|
Username in PPM response doesn’t match PPM request.
|
The user in PPMResponse must be the same as the one in PPMRequest.
|
The user in PPMResponse must be the same as the one in PPMRequest.
|
|
Invalid ID token from IdP.
|
The id token from authorization service is invalid.
|
The id token from authorization service is invalid.
|
|
Failed to get tokens from IdP.
|
Unable to retrieve tokens from authorization service. Please try again later.
|
Unable to retrieve tokens from authorization service. Please try again later.
|
|
Invalid userinfo response from IdP.
|
The userinfo response from authorization service is invalid.
|
The userinfo response from authorization service is invalid.
|
|
Invalid Google API credentials (Google IdP only).
|
A call to the Google Directory API service was rejected due to invalid credentials.
|
A call to the Google Directory API service was rejected due to invalid credentials.
|
|
Connection for this idpid and saasid combination is disabled or doesn’t exist.
|
We’re unable to process the SSO request. The request contains an invalid saasid or idpid value. Check that your registration is complete and the connection configured in PingOne is not disabled.
|
SSO request contained an invalid saasid or idpid. Please make sure the registration is complete and the connection is not disabled.
|
|
|
|
|
|
appurl or errorurl is not HTTPS.
|
We’re unable to process the SSO request. The request contains an invalid appurl or errorurl value. Check that the appurl and errorurl values you have specified use HTTPS.
|
Invalid appurl or errorurl: https is required.
|
|
Invalid appurl or errorurl .
|
We’re unable to process the SSO request. The appurl or errorurl value contains a line feed. Line feeds are not allowed.
|
Invalid appurl or errorurl: line feed is not allowed.
|
|
AuthnRequest sent to wrong endpoint.
|
We’re unable to process the SSO request. Update your SP configuration to send the AuthnRequest to /sso/idp/SSO.saml2?idpid=<idpid>, where idpid is an optional parameter. If idpid is not specified, a user needs to perform an IdP-initiated SSO or PingOne-initiated SSO first.
|
Please update your SP configuration to send AuthnRequest to /sso/idp/SSO.saml2?idpid=<idpid>, where idpid is an optional parameter. If idpid is not specified, a user needs to perform an IdP-initiated SSO or PingOne-initiated SSO once first.
|
|
Connection for this service provider (SP) entityid and idpid combination is disabled or doesn’t exist.
|
We’re unable to process the SSO request. The request contains an invalid SP entityid or idpid. Check that your registration is complete and the connection to PingOne is not disabled.
|
SSO request contained an invalid sp entityid or idpid. Please make sure the registration is complete and the connection is not disabled.
|
|
Cross-site request forgery (CSRF) failure during IdP discovery.
|
|
|
|
Missing AuthnStatement in response from IdP.
|
We’re unable to process the SAML response. The response is missing an AuthnStatement.
|
Invalid SAML response. Missing AuthnStatement.
|
|
Invalid SAML response from IdP.
|
We’re unable to process the SAML response. The response is invalid. Contact your system administrator or Ping Identity Customer Support for more information.
|
|
|
|
We received an unsuccessful response from your IdP. Contact your administrator or an IdP administrator for more information.
|
Unsuccessful SAML response
|
|
No status in response from IdP.
|
We received a response with no status from your IdP. Contact your administrator or an IdP administrator for more information.
|
PingOne received a response with no status from your IdP. Please contact your administrator or authenticating authority for more information.
|
|
No application specified in response from IdP.
|
We’re unable to find a SaaS for the SAML response received. Send the saasid either as a relaystate value (https://pingone.com/1.0/<saasid>) or as an ACS URL parameter (saasid=<saasid>). To find the saasid of the application, log into your APS account and view the application details.
|
Unable to find a SaaS for the SAML response received. Please send saasid either as a relaystate (https://pingone.com/1.0/<saasid>) or as an ACS URL parameter (saasid=<saasid>). To find the saasid of the application, log into your APS account and view the application details.
|
|
Unable to find target for specified SP entity ID.
|
We’re unable to find the correct settings for the SAML response received. Verify that the Entity ID setting in your PingOne configuration matches the Entity ID of your identity bridge (IdP), and that the correct saasid parameter value is being sent with your SAML messages.
|
We’re unable to find the correct settings for the SAML response received. Verify that the Entity ID setting in your PingOne configuration matches the Entity ID of your identity bridge (IdP), and that the correct saasid parameter value is being sent with your SAML messages.
|
|
Invalid assertion from IdP.
|
We received an invalid assertion. Contact your administrator or Ping Identity Customer Support for more information.
|
|
|
Invalid signature from IdP.
|
The Signature is invalid. Check that your signing certificate is the same certificate uploaded to PingOne.
|
Invalid Signature. Please make sure that your signing certificate matches the certificate uploaded to PingOne.
|
|
Invalid certificate for this connection.
|
The certificate is invalid. Check that your signing certificate has not expired.
|
Invalid Certificate. Please verify that the signing certificate is valid and that the certificate has not expired.
|
|
|
The issuer is invalid. Check that the IdP entityid value matches the entityid value configured for the IdP in PingOne.
|
Invalid Issuer. Please verify that the IdP entityid matches the entityid that is configured for the IdP in PingOne.
|
|
Missing issuer in assertion from IdP.
|
There’s no issuer in the assertion we received.
|
No Issuer in the assertion.
|
|
Missing issuer in SAML response from IdP.
|
There’s no issuer specified in the SAML response we received.
|
No Issuer in the SAML response.
|
|
Invalid RelayState from IdP.
|
The RelayState value is not a valid URL. Check that the RelayState URL uses HTTPS and that the domain specified matches the configured domain for the application.
|
Invalid URL in RelayState. Please verify that the RelayState URL uses HTTPS and that the domain matches the configured domain for the application.
|
|
Missing signature in assertion from IdP.
|
It looks like the Signature is missing.
|
|
|
Missing nameid in assertion from IdP.
|
It looks like the NameID is missing.
|
|
|
|
We’re unable to parse the XML message.
|
Unable to parse the XML message.
|
|
Unable to decrypt assertion from IdP.
|
We’re unable to decrypt the assertion. Check that the PingOne certificate is used to encrypt the assertion from your IdP.
|
Unable to decrypt the assertion. Please make sure that the PingOne certificate is used to encrypt the assertion from your IdP.
|
|
Invalid RelayState from IdP.
|
|
|
|
Certificate in assertion doesn’t match configuration.
|
There is a certificate mismatch. Your signing certificate does not match the certificate uploaded to PingOne.
|
Certificate mismatch. Your signing certificate does not match the certificate uploaded to PingOne.
|
|
Invalid single logout (SLO) request.
|
We’re unable to process the message received at the SLO endpoint. The request is missing either SAMLRequest or SAMLResponse.
|
Unknown message was received at SLO endpoint. Missing SAMLRequest or SAMLResponse.
|
|
Unable to verify SLO signature, no certificate configured.
|
It looks like the signing certificate has not been configured.
|
Missing certificate. Please check your configuration.
|
|
Invalid signature for SLO request.
|
The Signature for the SLO Request or Response is invalid. Check that your signing certificate matches the certificate uploaded to PingOne.
|
Invalid Signature for Logout Request/Response. Please make sure that your signing certificate matches the certificate uploaded to PingOne.
|
|
|
The request you sent is outdated. This can be due to an old entry in the browser cache or a bookmark to a transient login page. Try restarting your browser and using the application URL again.
|
The request you sent is outdated. This can be due to an old entry in the browser cache or a bookmark to a transient login page. Try restarting your browser and using the application URL again.
|
|
Invalid request to assertion consumer service (ACS) URL.
|
We received a request without a SAML Response. A request was made to the PingOne Assertion Consumer service, but we found no SAML Response message in the request.
|
Missing SAML Response. A request was made to PingOne Assertion Consumer service. However, SAML Response message was not found.
|
|
|
We’re unable to complete the authentication process with the Identity Provider (IdP). You can try to connect to the application again later or contact an administrator.
|
|
|
|
Due to an invalid request, we’re unable to complete the authentication process with the Identity Provider (IdP). You can try to connect to the application again later or contact an administrator.
|
Invalid request exception
|
|
Missing required attribute from IdP.
|
The response from your IdP is missing a required attribute(s). Check that all necessary attributes are being sent by your IdP.
|
The response from your IdP was missing the required attribute(s). Please review the attributes sent by your IdP.
|
|
Missing required attribute from IdP.
|
The response from your IdP or a secondary module is missing a required attribute(s). Check that all necessary attributes are being returned.
|
The response from your IdP or a secondary module was missing the required attribute(s). Please review the attributes returned.
|
|
Invalid advanced attribute mapping configuration.
|
We’ve had a system error: An unknown transformation function is being used in attribute mapping. Please update your attribute mapping configuration in PingOne.
|
System Error: An unknown transformation function is used in attribute mapping.
|
|
Invalid advanced attribute mapping configuration.
|
We’ve had a system error: An unknown builder function is being used in attribute mapping. Please update your attribute mapping configuration in PingOne.
|
System Error: An unknown builder function is used in attribute mapping.
|
|
|
We’re unable to complete Single Sign-On (SSO) at this time. Contact your system administrator or Ping Identity Customer Support for more information.
|
|
|
Unknown configuration error.
|
It looks like there’s a configuration error. Contact your administrator or Ping Identity Customer Support for help.
|
There is a configuration error.
|
|
Requested page doesn’t exist.
|
The resource you requested does not exist on this server.
|
The resource you requested does not exist on this server.
|