Login with SSO: Why I'm getting this "SSO token was not accepted by neo4j"

When you are trying to login into the Aura database via SSO, you might get this error message: "SSO token was not accepted by neo4j".

When you get this error message, that means your SSO authentication process succeeds on your IDP side, which means your IDP successfully verified your login identity; then a valid token (ID token or Access token) has been generated and passed back to the Aura instance to do a final verification.  At this point, there is something wrong with the token and Aura can not accept it.

Here are some of the most common issues with this scenario:

1. Token is too large. check if your account belongs to a high number of groups. In this case, your token will be too large and then it will be discarded by the Neo4j Aura.  (You can try with an account that has a handful of groups.)

2. Some fields in your token do not match the configuration in your Aura instance's SSO configuration. For example,  the user name claim in your Aura configuration is username, but the claim in your token is called preferred_username.