Class Saml2ErrorCodes
java.lang.Object
org.springframework.security.saml2.core.Saml2ErrorCodes
A list of SAML known 2 error codes used during SAML authentication.
- Since:
- 5.2
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The system failed to decrypt an assertion or a name identifier.static final String
An error happened during validation.static final String
The assertion was not valid.static final String
Response destination does not match the request URL.static final String
The InResponseTo content of the response does not match the ID of the AuthNRequest.static final String
An Issuer element contained a value that didn't https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=15static final String
Request is invalid in a general way.static final String
Response is invalid in a general way.static final String
The signature of response or assertion was invalid.static final String
The serialized AuthNRequest could not be deserialized correctly.static final String
The response data is malformed or incomplete.static final String
The relying party registration was not found.static final String
The assertion did not contain a subject element.static final String
SAML Data does not represent a SAML 2 Response object.static final String
The subject did not contain a user identifier The assertion contained a subject element, but the subject element did not have aNameID
orEncryptedID
element https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18 -
Method Summary
-
Field Details
-
UNKNOWN_RESPONSE_CLASS
SAML Data does not represent a SAML 2 Response object. A valid XML object was received, but that object was not a SAML 2 Response object of typeResponseType
per specification https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=46- See Also:
-
MALFORMED_REQUEST_DATA
The serialized AuthNRequest could not be deserialized correctly.- Since:
- 5.7
- See Also:
-
MALFORMED_RESPONSE_DATA
The response data is malformed or incomplete. An invalid XML object was received, and XML unmarshalling failed.- See Also:
-
INVALID_REQUEST
Request is invalid in a general way.- Since:
- 5.6
- See Also:
-
INVALID_RESPONSE
Response is invalid in a general way.- Since:
- 5.5
- See Also:
-
INVALID_DESTINATION
Response destination does not match the request URL. A SAML 2 response object was received at a URL that did not match the URL stored in the {code Destination} attribute in the Response object. https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=38- See Also:
-
INVALID_ASSERTION
The assertion was not valid. The assertion used for authentication failed validation. Details around the failure will be present in the error description.- See Also:
-
INVALID_SIGNATURE
The signature of response or assertion was invalid. Either the response or the assertion was missing a signature or the signature could not be verified using the system's configured credentials. Most commonly the IDP's X509 certificate.- See Also:
-
SUBJECT_NOT_FOUND
The assertion did not contain a subject element. The subject element, type SubjectType, contains aNameID
or anEncryptedID
that is used to assign the authenticated principal an identifier, typically a username. https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18- See Also:
-
USERNAME_NOT_FOUND
The subject did not contain a user identifier The assertion contained a subject element, but the subject element did not have aNameID
orEncryptedID
element https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=18- See Also:
-
DECRYPTION_ERROR
The system failed to decrypt an assertion or a name identifier. This error code will be thrown if the decryption of either aEncryptedAssertion
orEncryptedID
fails. https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=17- See Also:
-
INVALID_ISSUER
An Issuer element contained a value that didn't https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf#page=15- See Also:
-
INTERNAL_VALIDATION_ERROR
An error happened during validation. Used when internal, non classified, errors are caught during the authentication process.- See Also:
-
RELYING_PARTY_REGISTRATION_NOT_FOUND
The relying party registration was not found. The registration ID did not correspond to any relying party registration.- See Also:
-
INVALID_IN_RESPONSE_TO
The InResponseTo content of the response does not match the ID of the AuthNRequest.- Since:
- 5.7
- See Also:
-