Skip to content

Error handling during single sign-on

Reference of error codes and how to handle them

When users attempt to log in via single sign-on (SSO) using Scalekit, any issues encountered will result in error details being sent to your application’s redirect URI via the error and error_description query parameters. Proper error handling ensures a better user experience.

If there is any issue between Scalekit and your application, the following errors may occur:

ErrorError descriptionPossible resolution strategy
invalid_redirect_uri
Redirect URI is not part of the pre-approved list of redirect URIsAdd the valid URL in the Scalekit dashboard before using it
invalid_connection_selector
Missing organization_id (or) connection_id (or) domain (or) provider in the authorization URLInclude at least one of these parameters in the request
no_active_connections
There are no active SSO connections configured to process the single sign-on requestEnsure active SSO connections are set up
connection_not_active
The configured connection is not activeEnable the SSO connection in the Scalekit dashboard
no_configured_connections
No active SSO connections configuredEnsure active SSO connections are set up
invalid_organization_id
Invalid organization IDVerify and use a valid organization ID
invalid_connection_id
Invalid connection IDVerify and use a valid connection ID
domain_not_found
No domain specified for the SSO connection(s)Check domain configuration in Scalekit dashboard
invalid_user_domain
User’s domain not allowed for this SSO connectionEnsure user domain is part of the allowed domains list
server_error
actual error description from the serverThis must be a rare occurrence. Please reach out to us via your private slack channel or via email

If SSO configuration issues arise, you will encounter the following errors:

Error codeError descriptionPossible resolution strategy
mandatory_attribute_missing
Missing mandatory user attributesEnsure all the mandatory user attributes are configured properly
invalid_id_token
Invalid ID tokenCheck the identity provider’s functioning
failed_to_exchange_token
Token exchange failure due to incorrect client_secretUpdate the client_secret with the correct value
user_info_retrieve_failed
User info retrieval failed, possibly due to an incorrect client_secret or other issuesUpdate the client_secret with the correct value. If unsuccessful, investigate further. Please reach out to us via your private slack channel or via email
invalid_saml_metadata
Incorrect SAML metadata configurationUpdate SAML metadata URL with the correct value
invalid_saml_response
Invalid SAML responseReview and fix SAML configuration settings
signature_validation_failed
Failed signature validationReview and update the ACS URL in the identity provider’s settings
invalid_acs_url
Invalid ACS URLReview and update the ACS URL in the identity provider’s settings
invalid_status
Invalid statusReview and update the SAML configuration settings in the identity provider
malformed_saml_response
Marshalling errorEnsure SAML response is properly formatted
assertion_expired
Expired SAML assertionWe received an expired SAML assertion. This could be because of clock skew between the identity provider’s server and our servers. Please reach out to us via your private slack channel or via email
response_expired
Expired SAML responseWe received an expired SAML response. This could be because of clock skew between the identity provider’s server and our servers. Please reach out to us via your private slack channel or via email