Problem Statement
A user is trying to login and is unable to do so due to various errors having dependencies on the IDP.
Resolution Steps
| 1 | cannot be logged in as this user is not part of this organisation | 1.User not Present in Organisation as an agent 2.Customer trying to create Requestors but they trying to login as an agent instead |
|
| 2 | Signature validation failed: RSA Signature did not match | The verification key given in JWT SSO configuration setting is not correct or is mismatched from what is actually used | Provide valid JWT RSA token |
| 3 | Invalid token or user info response: | The token or user info response can be invalid because of missing some required attributes.
|
|
| 4 | Constraint validation failed with reason: Invalid state param or nonce param sent by IDP | SP sends state and nonce parameters while making call to the authorization endpoint. IDP should send the state parameter back in callback url and the nonce parameter as part of id_token. | Ensure that the IDP sends state and nonce properly. |
| 5 | Token cannot be empty (often seen in logs for modules configured using Azure B2C) | Azure B2C is a special case IDP where it needs the client_id as part of scope to send the access_token in the token endpoint's response along with id_token. But freshid needs the access_token mandatorily. | Ensure that the scopes in config has the client_id in it. And Email will be in Emails attribute in Azure B2C.
|
| 6 | Invalid Characters (CR/LF) in header Location | The user info is returned as array of objects and we support only as object | Verify response of user info endpoint and we expect user info in object format. |