Troubleshooting iHasco Single Sign-on (SSO)

Listed below are the error codes reported by iHasco SSO, with a description of the problem and recommended solutions.

401 Unauthorized 

Problem

A user has successfully authenticated with their identity provider, but iHasco will not authorise a session because SSO has been configured to only allow access for registered users. Other SSO users are accessing iHasco without a problem

Solution

Add the user manually (or via bulk upload), or modify the SSO configuration to allow access to unregistered users (this is the default).

Still a problem, or problem affects all users?

Check that the SSO configuration is correct (IDP configuration may have changed). Also check that the Security registration method is set to Single Sign On provider in the LMS.

422 Unprocessable Entity

Problem

The required user attributes: email address, first name and last name have been incorrectly mapped, or the IDP is now sending different attribute names.

Solution

Check that the SSO user attribute configuration is correct (IDP attribute names may have changed).

404 Not Found

Problem

An authentication URL was manually (mis)typed by a user.

Solution

There should be no need for users to enter any authentication URLs, SSO users only need to visit their iHasco training URL.

403 Forbidden

Problem

The SAML security assertion has already been sent. This is a security measure to prevent replay attacks.

Solution

The user should close the browser and re-attempt login.

405 Method Not Allowed

Problem

The identity provider is attempting to initiate an SSO flow.

Solution

iHasco only supports service-provider-initiated SSO. The identity provider must be configured with a start URL set to the iHasco training URL.

500 Internal Server Error

Problem

There is a problem with the SSO application.

Solution

Please contact iHasco support for further investigation. You can call us or open a chat, our contact details are on our website:  https://www.ihasco.co.uk/.