Problem Statement
A user is trying to login and is unable to do so due to various errors having dependencies on the IDP.
Resolution Steps
| 1 | cannot be logged in as this user is not part of this organisation | 1.User not Present in Organisation as an agent 2.Customer trying to create Requestors but they trying to login as an agent instead |
|
| 2 | Signature validation failed: RSA Signature did not match | The verification key given in JWT SSO configuration setting is not correct or is mismatched from what is actually used | Provide valid JWT RSA token |
| 3 | Invalid token or user info response: | The token or user info response can be invalid because of missing some required attributes.
|
|
| 4 | Constraint validation failed with reason: Invalid state param or nonce param sent by IDP | SP sends state and nonce parameters while making call to the authorization endpoint. IDP should send the state parameter back in callback url and the nonce parameter as part of id_token. | Ensure that the IDP sends state and nonce properly. |
| 5 | Token cannot be empty (often seen in logs for modules configured using Azure B2C) | Azure B2C is a special case IDP where it needs the client_id as part of scope to send the access_token in the token endpoint's response along with id_token. But freshid needs the access_token mandatorily. | Ensure that the scopes in config has the client_id in it. And Email will be in Emails attribute in Azure B2C.
|
| 6 | Invalid Characters (CR/LF) in header Location | The user info is returned as array of objects and we support only as object | Verify response of user info endpoint and we expect user info in object format. |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article