To know what actually went wrong,
- Login to you WordPress administrator account. And go miniOrange Windows Authentication plugin’s Configure Service Provider tab.
- Click on Test Configuration. A popup window will open (make sure you popup enabled in your browser).
- Click on Login button. You will be redirected to your IdP for authentication.
- On successful authentication, You will be redirect back with the actual error message.
- Here are the some frequent errors:
- INVALID_ISSUER: This means that you have NOT entered the correct Issuer or Entity ID value provided by your Identity Provider. You’ll see in the error message what was the expected value (that you have configured) and what actually found in the SAML Response.
- INVALID_AUDIENCE: This means that you have NOT configured Audience URL in your Identity Provider correctly. It must be set to https://login.xecurify.com/moas/rest/saml/acs in your Identity Provider.
- INVALID_DESTINATION: This means that you have NOT configured Destination URL in your Identity Provider correctly. It must be set to https://login.xecurify.com/moas/rest/saml/acs in your Identity Provider.
- INVALID_SIGNATURE: This means that the certificate you provided did NOT match the certificate found in the SAML Response. Make sure you provide the same certificate that you downloaded from your IdP. If you have your IdP’s Metadata XML file then make sure you provide certificate enclosed in X509Certificate tag which has an attribute use=”signing”.
- INVALID_CERTIFICATE: This means that the certificate you provided is NOT in proper format. Make sure you have copied the entire certificate provided by your IdP. If coiped from IdP’s Metadata XML file, make sure that you copied the entire value.
If you need help resolving the issue, please contact us using the support form and we will get back to you shortly.