Closed nicholaspierson closed 1 year ago
An unexpected error has occurred
Please try signing in again. If the error persists, please contact your administrator
RequestId: 4bbfa7d5-1bde-48e9-80f4-e50a09d713fe
Time: Fri, 27 Dec 2019 11:40:13 GMT
Of course, it might be better if AWS SSO actually gave a helpful error message like "Invalid identity" or "Unrecognised identity". I'm not sure how documentation can help with "Unexpected error". There is too little context to work with.
- After successfully authenticating at the IdP, AWS SSO web page gave me this message:
An unexpected error has occurred Please try signing in again. If the error persists, please contact your administrator RequestId: 4bbfa7d5-1bde-48e9-80f4-e50a09d713fe Time: Fri, 27 Dec 2019 11:40:13 GMT
- The message was less than helpful. It gave me no hint as to what was wrong or where to look for troubleshooting information.
- I used SAML-tracer (a Chrome plugin) to look at the attributes that the IdP was returning to AWS SSO. I guessed at the root cause.
- The root cause was a bad assumption on my part. I assumed that if the IdP returned the user's email address, AWS SSO would map against that when looking up the user. It doesn't. The identity returned by the IdP must match the actual configured username in AWS SSO. Changing that from "firstname.lastname" to the full email address solved the problem.
Of course, it might be better if AWS SSO actually gave a helpful error message like "Invalid identity" or "Unrecognised identity". I'm not sure how documentation can help with "Unexpected error". There is too little context to work with.
Thank you for your extremely thoughtful reply @pcolmer.
Wow, I cant believe in 2022 that I've ran into the exact problem and solution and IT STILL HASN'T BEEN PROPERLY documented. Oh wait... 🤦
Of course, it might be better if AWS SSO actually gave a helpful error message like "Invalid identity" or "Unrecognised identity". I'm not sure how documentation can help with "Unexpected error". There is too little context to work with.
I ran into the same issue, stuck for a long time on "Something went wrong", I wish some helpful message like above can be given, like saying that username doesn't match the IDP email address
Closing this issue or pull request in advance of archiving this repo. For more information about the decision to archive this repo (and others in the 'awsdocs' org), see the announcement on the AWS News Blog.
As you know, troubleshooting AWS Single Sign-On can be a challenge. What issues have you run into getting AWS Single Sign-On to work? Can you share your solutions with your colleagues? Please share only problems for which you've found a solution. If you're still struggling with a problem please contact AWS Support or post your issue on the Forums.
Share the following information with me as a response to this issue, and I'll consider adding it to the troubleshooting section of the AWS Single Sign-On documentation.
I'll use this information to improve the documentation. The more detail you can add, the better I can use it to improve the docs! Thank you very much.
Nick Pierson Senior Technical Writer AWS Single Sign-On https://docs.aws.amazon.com/singlesignon/latest/userguide/what-is.html