The error "OpenID Connect Provider 'jackson' is unknown or has not been configured" means that the OIDC provider with the ID jackson has not been added to your Ory project's configuration. To resolve this, you need to configure the provider in your Ory project. How to fix: 1. Add the OIDC provider configuration: - If you are using the Ory Console, go to Authentication → Social Sign-In (OIDC), and add a new provider. Make sure to set the provider ID to jackson and fill in the required fields (Client ID, Client Secret, Issuer URL, etc.) [Social sign-in guide](https://www.ory.sh/docs/identities/get-started/social-sign-in). - If you are using the CLI or editing the config file directly, add an entry for jackson in the providers array under the OIDC method. For example:

yaml    selfservice:      methods:        oidc:          config:            providers:              - id: jackson                provider: generic                client_id: "YOUR_CLIENT_ID"                client_secret: "YOUR_CLIENT_SECRET"                issuer_url: "<https://your-jackson-oidc-provider.com>"                mapper_url: "<base64://YOUR_BASE64_ENCODED_JSONNET>"                scope:                  - openid                  - email          enabled: true

After editing, update your Ory project configuration using the CLI:

ory update identity-config --project <project-id> --workspace <workspace-id> --file identity-config.yaml

2. Set the correct redirect URI in your OIDC provider's configuration. The redirect URI should match the one provided by Ory for the jackson provider. The pattern is typically:

https://<your-ory-domain>/self-service/methods/oidc/callback/jackson

3. Restart or reload your Ory service if you are self-hosting, to apply the new configuration. Summary: You must explicitly configure the OIDC provider with the ID jackson in your Ory project's settings. Once configured, the error should be resolved and users will be able to sign up using that SSO provider. For more details, see the official documentation on [adding generic OIDC providers](https://www.ory.sh/docs/kratos/social-signin/generic) and [social sign-in setup](https://www.ory.sh/docs/identities/get-started/social-sign-in).

If you are signing up with the

saml

method but encounter the error "OpenID Connect Provider 'jackson' is unknown or has not been configured," this suggests that the SSO flow is attempting to use an OIDC provider named jackson, rather than a SAML provider. This typically happens if the frontend or configuration is pointing to the wrong method or provider. How to resolve: 1. Check your frontend integration: Ensure that your sign-up or login flow is explicitly using the

saml

method, not

oidc

. The error message you see is specific to OIDC, so double-check that the correct method is being triggered in your UI or API calls. 2. Verify SAML provider configuration: In your Ory project, make sure you have correctly configured a SAML provider under the SAML method, not under OIDC. The configuration should look similar to this (using the Ory Console or API):

json    {      "id": "your-saml-provider-id",      "label": "My SAML provider",      "mapper_url": "base64://...", // Your Jsonnet mapping      "raw_idp_metadata_xml": "base64://...", // Your IdP metadata      "organization_id": "your-organization-id"    }

And SAML must be enabled:

json    [      {        "op": "replace",        "path": "/services/identity/config/selfservice/methods/saml/enabled",        "value": true      }    ]

[See the official guide for SAML setup](https://www.ory.sh/docs/kratos/organizations#saml-via-ory-network). 3. Check the callback URL: The SAML application callback URL to set at your SAML Identity Provider should be:

<https://api.console.ory.sh/saml/api/oauth/saml>

[Reference](https://www.ory.sh/docs/kratos/organizations#saml-via-ory-network) 4. Ensure correct provider ID: When triggering the SAML flow, the provider ID in your URLs or API calls must match the SAML provider you configured, not an OIDC provider like jackson. Summary: The error indicates that the system is trying to use an OIDC provider instead of a SAML provider. Double-check your frontend and backend configuration to ensure the SAML method and the correct provider ID are being used. If you continue to see this error while using the SAML method, it may indicate a misconfiguration in your flow or a mix-up in provider IDs. If you need to review the full SAML setup process, refer to the [Ory SAML integration guide](https://www.ory.sh/docs/kratos/organizations#saml-via-ory-network).