The following issues may occur when using single sign-on (SSO) with SAML. Find below the error messages for each issue and their associate explanations and suggested solution. If the problem continues, contact our support team at firstname.lastname@example.org.
The Logged In User Is Not an Active Meisterplan User
Full Error Message: "The logged in user is not an active Meisterplan user. Please use a different account or contact your administrator."
Explanation: The user trying to log in has been authorized by the Identity Provider but is not an active Meisterplan user. You cannot add new Meisterplan users through SAML, Meisterplan users have to be added manually.
Solution: Add the user to Meisterplan. If the user is already set up in Meisterplan, ensure they are not deactivated and that the username in Meisterplan matches the username in the Identity Provider.
Your account is configured to log in through Single-Sign-On
Full Error Message: "Your account is configured to log in through Single Sign-On. You can only log in through your Identity Provider. Please contact your Meisterplan Administrator for further assistance."
Explanation: The user tries to login with the Meisterplan login form (or work account) while SAML is active. This only works if the user has the "Manage Users and User Groups" permission (e.g., for system administrators), otherwise the error message above is displayed.
Solution: The user must only log in through single sign-on.
405 Method Not Allowed
Explanation: The SAML configuration is very likely invalid.
Solution: Compare the details entered in the SAML configuration closely with those provided by Meisterplan and the IDP, and ensure they are identical.
Parsing RelayState failed
Explanation: The Relay State in the Identity Provider configuration is not the same as the Relay State from Meisterplan.
Solution: Ensure that the Service Provider Relay State in the IDP configuration matches the Relay State provided by Meisterplan.