Troubleshooting SAML errors

ICS123 · ‎09-16-2025

I am trying to login into this cisco security cloud control but i received this error.

What can i do for this type of error?

If there are any more information i need to provide please tell me.

christofferlarsson · ‎09-17-2025

Troubleshooting SAML errors

If you get an HTTP 400 error when testing your IdP integration, try the following troubleshooting steps.

Check that the user's sign-on email domain matches the claimed domain: Ensure the email domain of the user account you're using to test matches your claimed domain.

For instance, if you claimed a top-level domain, such as example.com, then users must sign in with <username>@example.com and not <username>@signon.example.com.

Check that the user is signing in through their identity provider: Users must authenticate through the integrated identity provider. An HTTP 400 error is returned if a user signs in using the Cisco or Microsoft social sign-in options or attempts to sign in directly through Okta.

Check that the <NameID> element in the SAML response is an email address: The value of the <NameId> element in the SAML response must be an email address. The email address must match the email specified in the user's SAML attributes. See SAML Response Requirements for details.

Check that the SAML response contains the correct attribute claims: The SAML response from your IdP to Security Cloud Sign On includes the required user attributes: firstName, lastName, and email. See SAML Response Requirements for details.

Check that the SAML response from your IdP is signed with SHA-256

SAML response from your identity provider must be signed with the SHA-256 signature algorithm. Security Cloud Sign On rejects assertions that are unsigned or signed with another algorithm.

source: Cisco Security Cloud Control Administration Guide - Troubleshooting SAML errors

View solution in original post

christofferlarsson · ‎09-17-2025

Try clearing cookies and/or try a incognito window.

ICS123 · ‎09-17-2025

We tried but it doesnt seem to work.

christofferlarsson · ‎09-17-2025

Troubleshooting SAML errors

If you get an HTTP 400 error when testing your IdP integration, try the following troubleshooting steps.

Check that the user's sign-on email domain matches the claimed domain: Ensure the email domain of the user account you're using to test matches your claimed domain.

For instance, if you claimed a top-level domain, such as example.com, then users must sign in with <username>@example.com and not <username>@signon.example.com.

Check that the user is signing in through their identity provider: Users must authenticate through the integrated identity provider. An HTTP 400 error is returned if a user signs in using the Cisco or Microsoft social sign-in options or attempts to sign in directly through Okta.

Check that the <NameID> element in the SAML response is an email address: The value of the <NameId> element in the SAML response must be an email address. The email address must match the email specified in the user's SAML attributes. See SAML Response Requirements for details.

Check that the SAML response contains the correct attribute claims: The SAML response from your IdP to Security Cloud Sign On includes the required user attributes: firstName, lastName, and email. See SAML Response Requirements for details.

Check that the SAML response from your IdP is signed with SHA-256

SAML response from your identity provider must be signed with the SHA-256 signature algorithm. Security Cloud Sign On rejects assertions that are unsigned or signed with another algorithm.

source: Cisco Security Cloud Control Administration Guide - Troubleshooting SAML errors

Anyone can help with with this problem?

Troubleshooting SAML errors

Troubleshooting SAML errors