Problem statement
We are getting the following error for a failed SAML connection login attempt:
"message": "You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies since we couldn't find your session. Try logging in again from the application and if the problem persists please contact the administrator.".
This is our SAML Response:
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Requester">
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:InvalidNameIDPolicy"></samlp:StatusCode>
</samlp:StatusCode>
<samlp:StatusDetail>
<fim:FIMStatusDetail MessageID="unsatisfied_nameid_policy"></fim:FIMStatusDetail>
</samlp:StatusDetail>
</samlp:Status>
Cause
- The error message “unsatisfied_nameid_policy” appears to be a configuration issue on the IdP side and seems to be common with ADFS. There are some Stack Overflow posts mentioning that this can sometimes be a part of a rule configuration in ADFS that is not set up to return the Name ID in the requested format.
Solution
We recommend checking out the following resources to address this issue: