Explore & discover

Helpful Links

SAML 2.0 authentication failed

Highlighted
Contributor

SAML 2.0 authentication failed

I have both yahoo.com and att.com email addresses, both of which I access through my Yahoo! Mail. I had to change my password for the att.net mail today, and now every time I try to go that account using my laptop, I get this:

 

SAML 2.0 authentication failed

Error details
FBTSML215E The name identifier policy in the authentication request could not be met by this identity provider.

Stack trace

 

I can access the account on my phone.  How do I fix this issue on my laptop?

26,730 Views
Message 1 of 237
Contributor

Re: SAML 2.0 authentication failed

Me too...just got today for a legacy account of 20+ years, "yanked up" on both laptop and phone....actually won't even let me add back to the phone. I went in like a normally do and when I tried to switch accounts first it wanted me to change the password, then acting like account doesn't exist.....very frustrating

Message 2 of 237
Contributor

Re: SAML 2.0 authentication failed

I received the SAML Failure Problem for the first time this morning. I tried logging into Yahoo from Microsoft Edge instead of Chome and it worked. Don't know the problem, but this is a workaround.

Message 3 of 237
ACE - Expert
Solution
Accepted by Administrator (Administrator)
Accepted by davidbk
‎06-18-2019 11:05 AM

Re: SAML 2.0 authentication failed

If one browser works and the other doesn't this could be a browser cookie problem.  It's always best to try a different browser for comparison before screwing around with the cookies in your preferred browser.

___________________________________________________

This is a public forum and I am a customer just like you. Click kudo if you feel this post is helpful and "Accept as Solution" if it solves your problem.
Award for Community Excellence 2019 Achiever*
*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 4 of 237
Teacher

Re: SAML 2.0 authentication failed

jumping back and forth between browsers IS NOT THE ANSWER.

Message 5 of 237
ACE - Expert

Re: SAML 2.0 authentication failed

@Mz.Am.Staff said:

jumping back and forth between browsers IS NOT THE ANSWER.

If that response is directed toward what I said in post 4 obviously (a) your didn't read or understand what I was saying and (b) must not have ever troubleshooted browser problems like these.

 

I said "try a different browser for comparison" (not always permanently switch to it) because the object is to check for a possible cookie problem by seeing if the problem isn't browser specific before nuking your preferred browser's cookies.  Each browser's set of cookies are specific to that browser.  So if there is no problem in one browser and there is in the preferred browser the problem points to something with the preferred browser.  The first logical candidate to me is the cookies for the described problem.  Hence this troubleshooting technique. 

 

This may not be an answer to you but apparently it was good enough for the Community Manager to accept it since the original poster didn't follow up.

___________________________________________________

This is a public forum and I am a customer just like you. Click kudo if you feel this post is helpful and "Accept as Solution" if it solves your problem.
Award for Community Excellence 2019 Achiever*
*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 6 of 237
Contributor

Re: SAML 2.0 authentication failed

I purchased a new Mac desktop and still have the old one and will transfer files from the hard disk between them at a later time. Meanwhile, my email for both computers has stopped functioning. I've tried resetting the password multiples times, and while the reset program appears to work it keep routing me to the SAML. 2.0 authentication failed notice. Any suggestions?

Message 7 of 237
Contributor

Re: SAML 2.0 authentication failed

I"m getting the same SAML 2.0 message with FBTSML215E. Changing password doesn't help.  How do I

get an answer direct from Yahoo?  This is on my Android phone and my Apple laptop.

Message 8 of 237
Teacher

Re: SAML 2.0 authentication failed

You dont get an answer from yahoo.
 
You are forced to create the secure password thing (OAuth) which is the password you put in the 3rd party email program pop accounts - it has to be done through MyATT account - dont do it through yahoo otherwise yahoo becomes the default. The email secure password, shields your original password - the one you use to login online. 
 
If phone is pop, you will lose all the file folders so to retrieve them delete pop acct, create imap. My sbcglobal on phone is pop my att net on phone is imap. I have all folders under imap but none under sbcglobal. Give all the changes 24-48 hrs.
 
After you do all that, start.att.net or att.net. the att/ yahoo screen will pop up but the actual login parameters are att not att.yahoo. so after everything is accepted, you now land in yahoo but its not a true yahoo account like when you have a yahoo.com email. 
 
I spent 5 days attempting to log in, i copied the full att login message, saw the ssl, went to an ssl testing site, ran the start.att.net address which found the failing certificate errors at the KeyId and BaseId lines aside from the certificate expiring in may,  so i updated a bunch of ssl certificates on my laptop. I also did a web inspection thingy in chrome and found other errors
 
And the red triangle over email icon, is caused by your area code phone number. I live in or-e-gon so i chose the closest location in or-e-gon for my pacific time zone - wrong, phone number is ca, changed time zone to city location in ca and the red triangle disappeared - time zone is location of where telephone number originated.
 
I hope all this helps. I know its a pain and not right that we the customers have to upgrade our end when the company can not create the blanket protection on their end
Message 9 of 237
Teacher

Re: SAML 2.0 authentication failed

Let me repeat this again: jumping back and forth between browsers is not the answer because that error is logged in the temp internet files as the controlling cookie, until cache is cleaned.  See answer of May 9th of this topic. Therein lies the problems and the answers. 

Message 10 of 237
ACE - Expert

Re: SAML 2.0 authentication failed

You are forced to create the secure password thing (OAuth) which is the password you put in the 3rd party email program pop accounts - it has to be done through MyATT account - dont do it through yahoo otherwise yahoo becomes the default. The email secure password, shields your original password - the one you use to login online.

You are not "forced", at least not yet.  But it does avoid accessing the account password which for legacy accounts has become corrupted in many cases due to the "great unmerge" fiasco.  That's the reason behind all the "change your password" suggestions to try to correct the account data.

 

And OAuth has nothing to do with the secure mail key.  They are distinct.  If an client doesn't support OAuth (2 or 1 they don't say in the doc but probably OAuth2) the secure mail key can be used instead.

 

If phone is pop, you will lose all the file folders so to retrieve them delete pop acct, create imap. My sbcglobal on phone is pop my att net on phone is imap. I have all folders under imap but none under sbcglobal. Give all the changes 24-48 hrs.

If you are currently using POP you don't not have to switch from POP to IMAP if you desire to stick with POP.  Both are supported and work fine (contrary to any att docs you might read).

 

Let me repeat this again: jumping back and forth between browsers is not the answer because that error is logged in the temp internet files as the controlling cookie, until cache is cleaned. See answer of May 9th of this topic. Therein lies the problems and the answers.

Well I guess you didn't read and understand my post 6 either!  You cannot seem to understand that the set of cookies is unique to each browser (similarly the browser cache).  There is no such thing as a "controlling cookie" that spans browsers or "internet files" (whatever that means).  A browser's entire world is contained in its "profile" (folder of all its data - each browser has it's own profile) and that's all the browser knows about.  The idea of using another browser for comparison is a troubleshooting step before you decide whether it's worth nuking the cookies in the preferred browser.  That's all it's for.

___________________________________________________

This is a public forum and I am a customer just like you. Click kudo if you feel this post is helpful and "Accept as Solution" if it solves your problem.
Award for Community Excellence 2019 Achiever*
*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 11 of 237
Teacher

Re: SAML 2.0 authentication failed

Browers have specific preferences that a user can program and that is a far as it goes - its technically not a Profile. Temp internet files are little bits of info gather from the various sites visited - i know i have used temp internet files to retreive data - and are a stored cache on your computer until deleted. Profiles are geared specificly for email and 3rd party email programs.

 

In reference to 'att docs read' Sorry, but i havent read any ATT docs that is trail and error experience with imap vs pop. Speaking directly to programming 3rd party email apps on laptop: After i created a new att.net email came in like a champ - sbcglobal didnot. Both accounts were pop. The sbcglobal acct start working after I got an OAuth.

 

I have dealt with this inability of not receiving sbcglobal email for almost the better part of a year nothing to this extreme of being denied access to my email via online logging. I had a secure OAuth on sbcglobal for a couple of months then removed it, access via 3rd party email was denied but online access was granted, then online access was denied. ATT  ***** when they shifted all the real MaBell accounts into yahoo with its aol viral programming. 

 

[Per Guidelines: Keep it Relevant and Appropriate]

 

 

Message 12 of 237
Teacher

Re: SAML 2.0 authentication failed

I wasnt finished when my android so rudily uploaded. . . i have used and compared https:// att login line in two different browers the denial of access is and was still the same. I did however, do reading on ssl, and certification expiring. The only extremely minor differences were found under inspection and those were non-event items, like advertising banner width. 

 

And if know some handy-dandy programming work-around to bypass in user name log in is false thereby denying access, bring it on. Print the code, the registery edit, the bat or dat file. TRULY claim title of SOLVED SOLUTION. Be King for a day.  

You have your belief on cookies i have mine. You deny the existence of temp internet files, i know they exist. To both of these points WE WILL AGREE to disagree on the cookie & temp file issue because frankly, those two background programming issue are NOT a major life activity of concern. Good day enjoy your evening

Message 13 of 237
ACE - Expert

Re: SAML 2.0 authentication failed

@Mz.Am.Staff 

Browers have specific preferences that a user can program and that is a far as it goes - its technically not a Profile.

Completely incorrect.  PERIOD.  Some illustrations here.

 

Temp internet files are little bits of info gather from the various sites visited

Yes, those are your site cookies - AND THEY ARE STORED IN THE BROWSER'S PROFILE as I've repeated been stating.   Flash cookies are stored system wide but aren't pertinent to the problems stated here.

 

i know i have used temp internet files to retreive data - and are a stored cache on your computer until deleted.

On most OSs there is a system wide data cache and a per user cache but again they have no effect on a browser's behavior.  Even cache data is tied to the app that created it.

 

The sbcglobal acct start working after I got an OAuth.

OAuth or the secure mail key?   You couldn't have been using both unless OAuth also (now) accepts the secure mail key.

 

...when they shifted all the real MaBell accounts into yahoo with its aol viral programming.

Att is not shifting the legacy accounts to yahoo, they are unmerging them from yahoo -- or at least attempting to.  That's what's causing all these account problems.

 

...when they shifted all the real MaBell accounts into yahoo with its aol viral programming.

While the accounts are being unmerged from yahoo att still uses yahoo as their email service provider and as such unfortunately and apparently subject to their terms of service (TOS).  Since yahoo is a subsidiary of OATH (not to be confused with OAuth security), and so is AOL, att is also under OATH's TOS as well and its TOS that can be considered the most insidious given they say they are going to mine all your email for all it's worth.

 

You have your belief on cookies i have mine. You deny the existence of temp internet files, i know they exist. To both of these points WE WILL AGREE to disagree on the cookie & temp file issue because frankly, those two background programming issue are NOT a major life activity of concern. Good day enjoy your evening

I explained above cookies and caches.  Mine is not a believe, it is fact.  You care to not believe it.  Fine, so as you say, we'll agree to disagree.

 

### END OF DISCUSSION ###

___________________________________________________

This is a public forum and I am a customer just like you. Click kudo if you feel this post is helpful and "Accept as Solution" if it solves your problem.
Award for Community Excellence 2019 Achiever*
*The views and opinions expressed on this forum are purely my own. Any product claim, statistic, quote, or other representation about a product or service should be verified with the manufacturer, provider, or party.
Message 14 of 237
Contributor

new email sign-in blockade

Just set up a new email at a att.net address and received "welcome" notice upon completion. We have an older fully functional email acct.at a bellsouth.net address. When trying to access the new acct. at att.net I receive a SAML.2.0 authentication failure screen notice. What is this and what can I do to access and use the new email acct.?

Message 15 of 237
Share this topic
Share this topic
Announcements

Are you having trouble logging in? Is your email password not working? Let us show you how to Reset your Email Password using myAT&T!

Additional Support