Troubleshooting SSO Errors

  • Updated

SSO errors typically occur when there is a mismatch between your organization's Identity Provider (IdP) and Unimarket (the Service Provider). Most issues can be resolved by verifying user attributes or checking account status within Unimarket.

 

Response Failures & Missing Data

  • Errors: "Authentication Service Response Failure", "Authentication Service Error", or "Missing Data".

  • Cause: The IdP is sending an incomplete or malformed SAML assertion. This often means mandatory attributes (like email or NameID) are missing or the user's local profile is corrupted.

  • Troubleshooting:

    • Browser Cleanup: Have the user clear cache/history or try an Incognito/Private window to rule out stale session cookies.

    • IT Review: Ask your IT team to verify the user's attributes in the IdP (Active Directory/Okta/Azure).

    • Support: If persists, provide Unimarket Support with the user's name and a precise timestamp to check the integration logs.

 

Provisioning & Identification Issues

  • Error: "Auto-Provisioning not enabled" or "We could not find an account with the username..."

  • Cause: Unimarket receives a valid login but cannot find a matching user record, and the system is not configured to create new users automatically.

  • Troubleshooting:

    • Username Match: Ensure the NameID sent by your IdP matches, the Username field in Unimarket exactly (case-sensitive).

    • Manual Creation: If Auto-Provisioning is off, an administrator must manually create the user in Unimarket first.

 

Account Status Issues

  • Error: "Your account has been locked" or "The user account is disabled."

  • Cause: The user's Unimarket profile has been manually disabled or locked due to security overrides.

  • Troubleshooting:

    • Admin Check: Go to Administration > Users. Clear the "State" filter and search for the username.

    • Re-enable: If the state is Disabled, edit the profile to Enabled.

    • Lockout: If locked, verify the user hasn't been attempting to log in via the standard Unimarket login page instead of the SSO portal.

 

Troubleshooting Checklist for IT Admins

If a specific group of users is failing, check the following technical configurations:

  • SAML Certificate: Check if your IdP signing certificate has recently expired.

  • Clock Skew: Ensure your IdP server time is synchronized via NTP; a difference of more than a few minutes will cause the SAML assertion to be rejected.

  • Encryption: Verify if Unimarket expects an encrypted vs. unencrypted assertion.