Secondary Signing in Using an External IdP SAML Fails
Last Updated:
Overview
After initial successful signing in using External SAML (Identity Provider (IdP)) with Just-in-time (JIT) authentication, the second sign-in by the same user fails with the error:
400 Login Failed
- Error message on the user interface:
400: Bad Request Error Code: GENERAL_NONSUCCESS
- System Log error:
Unable To JIT
Applies To
- Identity Provider (IdP)
- Security Assertion Markup Language (SAML)
Cause
An External IdP SAML requires either a Persistent Name ID or an Account link policy to be checked in its configuration.
Solution
Check the Persistent Name ID or Account link policy in the External IdP SAML configuration.
