Common SAML Assertion Errors and Resolutions

Question 1

Assertion Expired

Answer 1

The timestamp on the assertion is too old.

Question 2

Assertion Invalid

Answer 2

The assertion is malformed, possibly due to a missing <Subject> element.</Subject>

Question 3

Audience Invalid

Answer 3

The <Audience> value doesn’t match the Entity ID specified during SSO configuration.</Audience>

Question 4

Issuer Mismatched

Answer 4

The issuer in the configuration doesn’t match the issuer in the assertion.

Question 5

Signature Invalid

Answer 5

The uploaded certificate failed to validate the signature in the assertion.

Question 6

Configuration Error/Perm Disabled

Answer 6

Issues in SAML configuration, such as a corrupt certificate or disabled settings.

Question 7

Recipient Mismatched

Answer 7

The recipient in the assertion does not match the recipient configured in Salesforce.

Question 8

Replay Detected

Answer 8

Salesforce detected a duplicate assertion ID.

Question 9

Signature Invalid

Answer 9

The certificate uploaded failed to validate the signature in the assertion.

Question 10

Subject Confirmation Error

Answer 10

The <Subject> specified in the assertion does not match the one configured in Salesforce.</Subject>