Appendix A: Troubleshoot external IdPs

this section contains common troubleshooting tips if you experience any of the following errors or issues, review the corresponding list of possible resolutions test button issues this section covers the following error failed to retrieve openid configuration from discovery uri an unexpected error occurred while retrieving configuration from discovery uri possible causes this issue might be caused by the following events incorrect discovery uri provided the discovery endpoint is down resolution try using a curl command against the discovery uri you are using, similar to the following example \# perform a get request against their openid discovery uri curl https //auth pingone com/f32ef909 3e59 4755 a02c a0d234411bb7/as/ well known/openid configuration curl should succeed, and your output should look like the following json example { "issuer" "https //auth pingone com/f32ef909 3e59 4755 a02c a0d234411bb7/as", "authorization endpoint" "https //auth pingone com/f32ef909 3e59 4755 a02c a0d234411bb7/as/authorize", "token endpoint" "https //auth pingone com/f32ef909 3e59 4755 a02c a0d234411bb7/as/token", "userinfo endpoint" "https //auth pingone com/f32ef909 3e59 4755 a02c a0d234411bb7/as/userinfo", "jwks uri" "https //auth pingone com/f32ef909 3e59 4755 a02c a0d234411bb7/as/jwks", "end session endpoint" "https //auth pingone com/f32ef909 3e59 4755 a02c a0d234411bb7/as/signoff", "introspection endpoint" "https //auth pingone com/f32ef909 3e59 4755 a02c a0d234411bb7/as/introspect", "revocation endpoint" "https //auth pingone com/f32ef909 3e59 4755 a02c a0d234411bb7/as/revoke", "claims parameter supported" false, "request parameter supported" true, "request uri parameter supported" false, "scopes supported" \[ "openid", "profile", "email", "address", "phone" ], "response types supported" \[ "code", "id token", "token id token", "code id token", "code token", "code token id token" ], "response modes supported" \[ "pi flow", "query", "fragment", "form post" ], "grant types supported" \[ "authorization code", "implicit", "client credentials", "refresh token" ], "subject types supported" \[ "public" ], "id token signing alg values supported" \[ "rs256" ], "userinfo signing alg values supported" \[ "none" ], "request object signing alg values supported" \[ "none", "hs256" ], "token endpoint auth methods supported" \[ "client secret basic", "client secret post" ], "claim types supported" \[ "normal" ], "claims supported" \[ "sub", "iss", "auth time", "acr", "name", "given name", "family name", "middle name", "preferred username", "profile", "picture", "zoneinfo", "phone number", "updated at", "address", "email", "locale" ], "code challenge methods supported" \[ "plain", "s256" ] } login issues this section covers the following error after successfully authenticating to your external idp, the vip returns identity provider is not associated with the account possible causes this issue might be caused by the following events the user you authenticated with does not belong to the company account owning this identity provider your user you authenticated with does not exist in vip resolution ensure the user you are authenticating with exists in vip under the company account owning this identity provider