saml

SAML Status Codes

Status codes returned in SAML 2.0 protocol responses, as defined in the OASIS SAML 2.0 Core specification (section 3.2.2). Codes are URIs of the form urn:oasis:names:tc:SAML:2.0:status:<LocalName>.

23 codes

references docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf

· All codes 23 codes

AuthnFailed Authentication Failed The responding provider was unable to successfully authenticate the principal. This is a second-level status code used with the Responder top-level code.
InvalidAttrNameOrValue Invalid Attribute Name or Value Unexpected or invalid content was encountered within a saml:Attribute or saml:AttributeValue element. This is a second-level status code used with the Requester top-level code.
InvalidNameIDPolicy Invalid Name ID Policy The responding provider cannot or will not support the requested name identifier policy. This is a second-level status code used with the Requester top-level code.
NoAuthnContext No Authentication Context The specified authentication context requirements cannot be met by the responder. This is a second-level status code used with the Requester or Responder top-level code.
NoAvailableIDP No Available IDP Used by an intermediary to indicate that none of the supported identity provider Loc elements in an IDPList can be resolved or none are available. This is a second-level status code used with the Responder top-level code.
NoPassive No Passive The request could not be fulfilled because the requester specified IsPassive=true and the responding provider could not authenticate the principal passively. This is a second-level status code used with the Requester or Responder top-level code.
NoSupportedBinding No Supported Binding Used by an intermediary to indicate that the responding provider cannot authenticate the principal by any means that allow the responder to satisfy the request. This is a second-level status code used with the Responder top-level code.
PartialLogout Partial Logout The logout operation was not entirely successful, as at least one session participant did not respond or reported a failure. This is a second-level status code used with the Success top-level code.
ProxyCountExceeded Proxy Count Exceeded A responding provider cannot authenticate the principal directly and is not permitted to proxy the request further, because the ProxyCount in the request has been reached. This is a second-level status code used with the Responder top-level code.
RequestDenied Request Denied The SAML responder or SAML authority is able to process the request but has chosen not to respond. This status code may be used when there is a concern about the security context of the request. This is a second-level status code used with the Requester or Responder top-level code.
Requester Requester The request could not be performed due to an error on the part of the requester. Used as a top-level status code when the error was caused by the requesting party.
RequestUnsupported Request Unsupported The SAML responder or SAML authority does not support the request. This is a second-level status code used with the Requester or Responder top-level code.
RequestVersionDeprecated Request Version Deprecated The SAML responder cannot process the request because the protocol version specified in the request has been deprecated. This is a second-level status code used with the Requester top-level code.
RequestVersionTooHigh Request Version Too High The SAML responder cannot process the request because the protocol version specified in the request is too high. This is a second-level status code used with the VersionMismatch top-level code.
RequestVersionTooLow Request Version Too Low The SAML responder cannot process the request because the protocol version specified in the request is too low. This is a second-level status code used with the VersionMismatch top-level code.
ResourceNotRecognized Resource Not Recognized The resource value provided in the request message is invalid or unrecognised. This is a second-level status code used with the Requester top-level code.
Responder Responder The request could not be performed due to an error on the part of the SAML responder or SAML authority. Used as a top-level status code when the error was caused by the responding party.
Success Success The request succeeded. The responding provider completed the request successfully.
TooManyResponses Too Many Responses The response message would contain more elements than the SAML responder is able to return. This is a second-level status code used with the Responder top-level code.
UnknownAttrProfile Unknown Attribute Profile An entity that has no knowledge of a particular attribute profile has been presented with an attribute drawn from that profile. This is a second-level status code used with the Requester or Responder top-level code.
UnknownPrincipal Unknown Principal The responding provider does not recognise the principal specified or implied by the request. This is a second-level status code used with the Responder top-level code.
UnsupportedBinding Unsupported Binding The SAML responder cannot properly fulfil the request using the protocol binding specified in the request. This is a second-level status code used with the Requester top-level code.
VersionMismatch Version Mismatch The SAML responder could not process the request because the version of the request message was incorrect. The responder does not support the protocol version specified in the request.