function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Andy Wong 45Andy Wong 45 

Single Sign-On Error We can't log you in. Check for an invalid assertion in the SAML Assertion Validator

We got the following error:
Single Sign-On Error
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins.

We tried recreate another account, but once use this "xxxxx@xxxxxxx.com" in federation ID , we got the Single Sign-On Error
We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins.

Any one expericence the same ?
NagendraNagendra (Salesforce Developers) 

Hi Andy,

Sorry for this issue you are facing.

Usually, this error occurs if there is a change in the Federation ID.

We have faced a similar issue in the past and if there is a Federation ID this error cause.

Solution: Lower case, Upper case All data has to be case sensitive.

Please let us know if this helps.

Kindly mark this as solved if the reply was helpful.

Thanks,
Nagendra
 

Andy Wong 45Andy Wong 45
Hi Nagendra,
The federation ID was all lower case, and I make sure the ID in the microsoft AD is also lower case.
Still got that error.
While I use all other ID in the microsoft AD can sign in.
It seems to be only one particular ID.

I found the single sign on should be work , cause I can sign in. but the error seems passing from the ADFS server to the Sales force.
I checked the login history for failed logins, and didn't see any record.

I also tried to create a new account in sales force, but once I assign that federation ID. then I got the error.
Seems sales force doesn't accept that ID.

Any where I can check other than the login history for failed logins.

Regards, Andy
Gaurav singh 40Gaurav singh 40
Is your AD certificate active or expired ? , From the error it seems like something wrong in SAML, so check all the settings in AD.
Andy Wong 45Andy Wong 45
Our AD Certificate is active, and all other user in the same AD was successful authenticate. Just one user can't, and even if we create and change account in the sales force. it is still giving us the error while signing in. is there anywhere I can check on sales force, why it doesn't accept that federation id ?
Gabriel McGinnGabriel McGinn
I encountered the "We can't log you in. Check for an invalid assertion in the SAML Assertion Validator (available in Single Sign-On Settings) or check the login history for failed logins. " error and resolved the issue.
I couldn't log in after enabling SSO and I instead logged in with my local creds by going to www.___.my.salesforce.com?login
I confirmed the SSO settings were set to use the Federation ID and found that I was passing all checks in Setup - Single Sign-On Settings - SAML Assertion Validator.
Upon further investigation I found that when I had dataloaded the Federation IDs, I had added my Federation ID to my main user and second test account.
When I removed the fed ID from the test account I was able to login.
A PandaA Panda
I see similar discussion here - https://probablesolution.blogspot.com/2022/04/we-cant-log-you-in-because-of-issue.html