SSO Troubleshooting Dashboard
Configuration
| Authority (IDP) | https://ssostaging.mba.org |
|---|---|
| Client ID | 76f8ecbd-46e2-4d42-afdf-21d737918aec |
| Scopes | openid, profile, email, custom |
| Callback URL |
https://ssotest.sprintend.com
Ensure this URL is registered with the IDP |
Authentication Status: Not Authenticated
Click below to start the SSO login flow and diagnose any issues.
Start SSO Login Test IDP Endpoints (No Auth)SSO Event Log
RemoteFailure
02:16:44.306
{
"Error": "OpenIdConnectAuthenticationHandler: message.State is null or empty.",
"ExceptionType": "AuthenticationFailureException",
"StackTrace": null,
"InnerException": null,
"Timestamp": "2026-01-28T02:16:44.306546Z"
}
MessageReceived
02:16:44.300
{
"Error": null,
"ErrorDescription": null,
"ErrorUri": null,
"Timestamp": "2026-01-28T02:16:44.3007133Z"
}Troubleshooting Guide
Common Issues
- redirect_uri_mismatch
- The callback URL (
https://ssotest.sprintend.com) must be registered exactly in the IDP's client configuration. - invalid_client
- Check that Client ID and Client Secret are correct and the client is enabled on the IDP.
- invalid_scope
- One or more requested scopes are not allowed for this client. Check IDP configuration.
- Token validation failed
- Check issuer mismatch, clock skew, or JWKS key issues. Verify the Authority URL matches the token issuer.
- SSL/Certificate errors
- Ensure the IDP's SSL certificate is trusted. For development, you may need to trust the certificate.
- CORS errors (browser console)
- Usually indicates an IDP misconfiguration. Check IDP CORS settings.
Diagnostic Steps
- Click "Test IDP Endpoints" to verify the IDP is reachable
- Click "Start SSO Login" to initiate the flow
- Check the Event Log for detailed information at each step
- If authentication fails, the error and event log will show where it failed
- Compare the callback URL with what's registered in the IDP