If you’re encountering an error while logging in as an admin using Single Sign-On (SSO), it could be due to one of the following reasons. Below, we’ve listed common error codes, their causes, and how to resolve them.
Error Code: WPO01 – Invalid Login Attempt
Cause:
This error occurs when the email associated with your WordPress admin account does not match the email provided by your Identity Provider (IDP) during SSO authentication.
To enhance security, our plugin now strictly verifies that the WordPress admin email matches the email from your IDP. If they do not match, the system will display the WPO01 error.
How to resolve this issue:
- Ensure that the email address in your WordPress admin account matches the one provided by your IDP.
- If the emails are different, you’ll need to update one of them to match the other—either in your WordPress admin account or in your IDP.
Example:
If your WordPress admin email is admin@mywebsite.com, but your email received from IDP is admin123@mywebsite.com, update one of them to ensure they match.
Once both emails match, you’ll be able to log in successfully without encountering the error.
Error Code: WPOAUTH:002 – Missing Email Verification
Cause:
This error occurs when the Identity Provider (IDP) sends the email_verified attribute, but the value received for that attribute is not as expected.
How to resolve this issue:
Make sure your admin email is verified on your IDP. If it’s not, please verify your email on the IDP to receive the expected attribute value.
Additionally, If the IdP sends the correct attribute value but it does not exactly match the value configured in the plugin, the authentication or verification process may fail. To prevent this, ensure that the plugin configuration aligns with the attribute values received from the IdP..
Note: You can disable this feature directly, but if an admin user’s email is not verified, they will still be able to access the site. Please note that we do not recommend this as this may introduce a security vulnerability.
To bypass this check, first log in to your WordPress site using the default login form. Then, navigate to Login Settings → Advanced Security Settings and disable the “Allow login to Verified IDP Account” option.
Once this is configured properly, admin login via SSO should work without issues.
Error Codes: WPO004 & WPO005 – Admin SSO Not Enabled
Cause:
In our latest release, we introduced a security check that requires Admin SSO to be enabled before administrators can log in via SSO. If Admin SSO is disabled, the system will generate either the WPO004 or WPO005 error.
How to resolve this issue:
- Enable the “Admin SSO” feature in the plugin settings to allow administrators to log in via SSO.
- Ensure that the email attribute is correctly mapped in the plugin settings.
- Refer to this guide for step-by-step instructions: Why is my admin unable to log in via SSO?
Once these settings are updated, try logging in again.
If you’re still experiencing issues, feel free to contact us for further assistance. You can reach our support team by emailing us at oauthsupport@xecurify.com.
