Tips for troubleshooting SSO login errors

Tips for troubleshooting SSO login errors
< Previous / Next >

Tips for troubleshooting SSO login errors

Overview

When you sign up for Evernote Teams, you can enable single sign-on (SSO) to increase control and security over your Evernote account. After configuring your Evernote account with your Identity Provider, you may run into some errors if any steps during setup were missed or misconfigured. Below is a table with account login errors and some troubleshooting suggestions to fix them. If needed, refer to the following articles about SSO as well:

Errors

Error message What it means Details
SamlConsumerAction.error.authnFailed You have entered an incorrect username and/or password. We received a SAML response from the Identity Provider where response.status.statusCode != success. This is most likely due to incorrect login credentials. Try again with the correct credentials.
SamlConsumerAction.error.authnFailed.tryAgain You have entered an incorrect username and/or password. This occurs when attempting a Service Provider-initiated login. We received a SAML response from the Identity Provider where response.status.statusCode != success. This is most likely due to incorrect login credentials. Try again with the correct credentials.
SamlConsumerAction.error.noMatch We are unable to identify an Evernote Teams user or pending invitation for the email address. We could not find a user account matching the "subject" specified in the SAML Assertion received from the Identity Provider. This is typically the user’s email address if everything is set up correctly with the Identity Provider (in other words, if other users are able to use SSO successfully). However, you may also get this error if the Identity Provider was not set up correctly. For example, if the Identity Provider was configured to provide users' last name in the subject of the SAML Response instead of the email address, you may encounter this error.
SamlConsumerAction.error.noAssertionSubject The Assertion from your company's Identity Provider does not contain a subject. Contact your Identity Provider, as this is issued by them in the SAML response. This document contains a generic SAML response for demonstration purposes.
SamlConsumerAction.error.noSubjectNameID The Assertion subject from your company's Identity Provider does not contain a NameID. Contact your Identity Provider to debug and fix this configuration.
SamlConsumerAction.error.noSubject The response from your company's Identity Provider does not contain the required NameID identity. Contact your Identity Provider to debug and fix this configuration.
SamlConsumerAction.error.match We encountered an unexpected error. Contact Evernote Support.
SamlConsumerAction.redirect.wait Please wait... Wait and try again.
SamlConsumerAction.message.loggedOut We have identified an existing Evernote Teams account. Sign in to continue.
SamlConsumerAction.error.unmarshall The response from your company's Identity Provider does not appear to be well-formed. Contact your Identity Provider to debug and fix this configuration.
SamlConsumerAction.error.Assertion.count Evernote requires that SAML responses contain exactly one Assertion. Check your SAML response for more than one Assertion. Evernote requires only one Assertion with nameID or Attributes of the user after the initial authentication process.
SamlConsumerAction.error.expired Your session expired. This occurs when attempting an Identity Provider-initiated login. The expiration time of the SAML Assertion received from the Identity Provider is earlier than "now" (when we are evaluating the response). Close the window and try again.
SamlConsumerAction.error.expired.tryAgain Your session expired. This occurs when attempting a Service Provider-initiated login. The expiration time of the SAML Assertion received from the Identity Provider is earlier than "now" (when we are evaluating the response). Close the window and try again.
SamlConsumerAction.error.nosig This SAML response is not signed. Check your SAML response to ensure that it’s signed before trying to log in again. This document contains a generic SAML response for demonstration purposes.
SamlConsumerAction.error.sig.profile This SAML response is not correctly signed. Check your SAML response to ensure that it’s correctly signed before trying to log in again. This document contains a generic SAML response for demonstration purposes.
SamlConsumerAction.error.authn.count Evernote requires that SAML Assertions contain exactly one auth statement. Sometimes Identity Providers can issue more than one auth statement in the SAML Response. Evernote requires exactly one. Contact your Identity Provider to debug and fix this configuration.
SamlConsumerAction.error.wrongEmail Authorization with your company was not successful. This can happen if you are authenticated to your company with the wrong account, or if the email address that your company has on file does not match the team email address on file in Evernote. Contact your SSO and Evernote Teams account admin to ensure that the email address in your Identity Provider matches the email address assigned to your Evernote Teams account.
SamlConsumerAction.error.notSso Single sign-on has not been activated for your Evernote account. Double check the steps you took to enable SSO in Evernote. See Configure SSO for your Evernote Teams account for SSO setup instructions.
SamlConsumerAction.error.admin Please relay the error message to your Evernote Teams account admin for help. Contact your Evernote Teams account admin to make sure your account is provisioned (if not using SCIM), and that there are no other issues with your Identity Provider at this time. If the problem persists, contact Evernote Support.
SamlConsumerAction.error.session.expiration Evernote requires authentication statements that grant secure sessions for at least two hours. Contact your Identity Provider to debug and fix this configuration.
SamlConsumerAction.error.response.required A SAML response is required. A SAML response from your Identity Provider is required to successfully use SSO with Evernote Teams.
SamlConsumerAction.match.error.cert Your company's X.509 certificate appears to be invalid. Revisit your Identity Provider’s X.509 certificate. When pasting it in Evernote’s SSO setup page, make sure you are including the BEGIN and END statements.
SamlConsumerAction.match.error.noCert Your company hasn't provided an X.509 certificate. Ask your Evernote Teams account admin to add your Identity Provider’s X.509 certificate to Evernote’s SSO setup page.
SamlConsumerAction.match.error.sig The signature on this security Assertion didn't pass validation. The X.509 certificate that your company has provided may be out of date.
SamlConsumerAction.error.inlineInvitePending Source INLINE is not permitted when a user has not joined the team. Contact your Evernote Teams account admin to make sure you’ve been added to the team account before using SSO to login to Evernote.

LANGUAGES_PRODUCT