Troubleshooting

The below error can occur at login time for several different reasons. In this article, explore a few ways of troubleshooting, based on common root-causes.

• Email case may be wrong (iObeya is case-sensitive):

  • If the “email (E-mail)” attribute is selected in the Authentication attributes, then each user’s email address (“E-mail” field in the user’s profile) have to match exactly their email address from the IDP, including the case.

  • If there is a mismatch (including the wrong case on any letter), the user gets to the error page when trying to log in via the SSO button.

    Note:

    You can find this error in the logs (Tools > Download logs), in the json.log file.

    Example error message (tip - search for the user’s email address in the file):

    "User\"User(\"UserLogin(jdoe)\", \"UserId*******************************)\")\" has an email address matching the query "Jdoe@iobeya.com" in a case-insensitive way but it is ignored, according to the email address format specified in RFC 5322."

    In this example, John Doe’s email address was entered as “jdoe@iobeya.com” on the IDP side, but as “Jdoe@iobeya.com” in iObeya, so the mapping is not working, because of the upper-case “J”.

• 2 user IDs with same email:

  • If 2 user IDs share the same email address, there is an error, because mapping cannot be established.

    This can happen if using both SSO and basic form authentication - the user gets an email and tries to log in, but then the system is confused about which user to map to.

• Same email address is used on multiple accounts:

  iObeya is known to be case sensitive when authenticating users with SSO on email criteria. But as you probably have noticed when searching for a user (frontend app or admin) the search itself is not case sensitive.

  • When the same email address (regardless the case) is used on multiple accounts, none of these accounts are able to use SSO because iObeya finds several accounts matching the SAML response. If only some users are getting SSO connection error messages, it is worth going to the admin and performing a search on the “users” page using the email to check if the email is not used multiple times.