Troubleshooting SuiteSignOn (Outbound SSO)

This section includes the following troubleshooting information:

SuiteSignOn (Outbound SSO) Error Messages

When SuiteSignOn (Outbound SSO) authentication fails, the system returns a WWW-Authenticate header with the details of the failure. Look for the parameter oauth_problem.

HTTP response header with error Example

              WWW-Authenticate: OAuth realm="https%3A%2F%2Facct-java10026.bos.netledger.com", oauth_problem="token_expired"

The error codes and meanings are defined in the following table.

Error Code	Problem	Resolution
consumer_key_rejected	No SuiteSignOn application with this key was found.	Ensure the consumer key is correct. If there are no SuiteSignOn applications set up, create a new one.
parameter_absent	The Aauthorization header does not contain all necessary parameters.	Examine the oauth_parameters_absent parameter for more information about which parameter is missing.
parameter_rejected	The same parameter was sent multiple times.	Examine the oauth_parameters_rejected parameter for more information about which parameter was rejected.
signature_invalid	The request was not signed correctly.	See Generate a Signature for the correct method of signing a request.
signature_method_rejected	The algorithm used to create signature is not supported.	The only supported algorithms are: You should use HMAC-SHA256, as it is the most secure signature option. You can use HMAC-SHA1 PLAINTEXT is supported.
timestamp_refused	The timestamp of the request must be within plus or minus five (+ or –5) minutes of the server time.	Ensure that: Your computer clocks are synchronized using the NTP protocol. Requests are sent soon after generating the authorization header. Requests are not being queued before being sent to NetSuite. Refer to the parameter `oauth_acceptable_timestamps` for the accepted range of the timestamp.
token_expired	The token could not be found.	Ensure that: The token is correct. The user is still logged in the NetSuite UI in the same role. The token is only valid until the user changes roles or logs out of the UI. The user still has access to the NetSuite UI.
version_rejected	The oauth_version is unknown.	The only accepted value for oauth_version is `1.0`.

Error Code

Problem

Resolution

consumer_key_rejected

No SuiteSignOn application with this key was found.

Ensure the consumer key is correct.

If there are no SuiteSignOn applications set up, create a new one.

parameter_absent

The Aauthorization header does not contain all necessary parameters.

Examine the oauth_parameters_absent parameter for more information about which parameter is missing.

parameter_rejected

The same parameter was sent multiple times.

Examine the oauth_parameters_rejected parameter for more information about which parameter was rejected.

signature_invalid

The request was not signed correctly.

See Generate a Signature for the correct method of signing a request.

signature_method_rejected

The algorithm used to create signature is not supported.

The only supported algorithms are:

You should use HMAC-SHA256, as it is the most secure signature option.
You can use HMAC-SHA1
PLAINTEXT is supported.

timestamp_refused

The timestamp of the request must be within plus or minus five (+ or –5) minutes of the server time.

Ensure that:

Your computer clocks are synchronized using the NTP protocol.
Requests are sent soon after generating the authorization header.
Requests are not being queued before being sent to NetSuite.

Refer to the parameter oauth_acceptable_timestamps for the accepted range of the timestamp.

token_expired

The token could not be found.

Ensure that:

The token is correct.
The user is still logged in the NetSuite UI in the same role. The token is only valid until the user changes roles or logs out of the UI.
The user still has access to the NetSuite UI.

version_rejected

The oauth_version is unknown.

The only accepted value for oauth_version is 1.0.

SuiteSignOn (Outbound SSO) Error Messages

HTTP response header with error Example

Related Topics