SSO Issues

I’m getting “WPSAMLERR001 : Encrypted Assertion From IDP”. What should I do?

215 views April 18, 2025 1

Error Code Description

The Free version of the plugin does not support encrypted assertion and IDP is sending Encrypted Assertion.

Solution

Please turn off assertion encryption in your IDP to test the SSO flow.

Follow the steps below to resolve the error for the IdPs listed:

  • Okta as IdP
  • KeyCloak as IdP


Configuration steps for Okta as IdP:

Follow the steps below to resolve the ERROR WPSAMLERR001 for Okta:

  • Once you are in the Okta Admin Dashboard, then navigate to the Applications tab and select the application which you have created.
  • Navigate to Applications tab
  • Select the General tab, scroll down to the SAML Settings and click on Edit.
  • In General tab scroll down to SAML Setting
  • Click on Next button.
  • Click on Next button
  • Click on the Show Advanced Settings.
  • Show Advanced Settings
  • For Assertion Encryption filed, select UnEncryted as the value from the dropdown.
  • Assertion Encryption
  • Click on Next button.
  • Click on Next button
  • Click on Finish button.
  • Click on Finish button
  • Finally, In the WordPress SAML SSO plugin, go to the Service Provider Setup tab of the plugin.
  • Click on Test Configuration to check if the ERROR WPSAMLERR001 for Okta has been resolved. If the error is fixed, the test is successful.
  • Test Configuration
Configuration steps for KeyCloak as IdP:

Follow the steps below to resolve the ERROR WPSAMLERR001 for KeyCloak:

  • Once you are in the Keycloak Admin console, click on Clients tab from the left menu and then click on the client/application which you have created.
  • Click on Clients tab
  • Then, click on Keys tab.
  • Click on Keys tab
  • Scroll down to the Encryption keys config section (Encrypt assertions toggle might be enabled).
  • Encryption Keys Config section
  • Disable the Encrypt assertions toggle to test the flow SSO without the Error..
  • Disable Encrypt Assertions toggle
  • Finally, In the WordPress SAML SSO plugin, go to the Service Provider Setup tab of the plugin.
  • Click on Test Configuration to check if the ERROR WPSAMLERR001 for KeyCloak has been resolved. If the error is fixed, the test is successful.
  • Test Configuration

Feel free to reach us at samlsupport@xecurify.com

Was this helpful?


Hello there!

Need Help? We are right here!

support