SAP Knowledge Base Article - Public

2253268 - Learning Validation Error: You must correct the following error(s) before proceeding: Failed to authenticate the SAML response. If this keeps happening, please contact the administrator.

Symptom

When trying to access the Learning system or add learning activities in Talent modules, the below error is received: "Failed to authenticate the SAML response. If this keeps happening, please contact administrator."

SAML error.png

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

  • SAP SuccessFactors Learning
  • SAP SuccessFactors Career Development Planning
  • SAP SuccessFactors Performance Management

Reproducing the Issue

  1. Log in to the system >
  2. Navigate to the home dropdown > Learning >
  3. The user is redirected to the Learning module >
  4. Receive error.

OR

  1. Log in to the system >
  2. Navigate to the home dropdown > Goal >
  3. Select Development Goal tab >
  4. Locate a goal and select the 3 dots > Add Learning >
  5. The user is redirected to the Learning module >
  6. Receive error.

OR

  1. Log in to the system >
  2. Navigate to the home dropdown > Performance >
  3. Select a performance form >
  4. Locate a goal section and select Add New Learning Activity >
  5. The user is redirected to the Learning module >
  6. Receive error.

Cause

  • Third party cookies deprecation in Google Chrome.
  • Enable SuccessFactors Learning third-party cookie mechanism is not flagged in BizX Provisioning.
  • The user was not synchronized from HXM/BizX to Learning.

Resolution

1. Third party cookies deprecation in Google Chrome

Browser vendors are in the process of deprecating or limiting the use of third-party cookies to prevent user tracking for data privacy reasons. Google Chrome begins its deprecation plans on January 4th, 2024 and will permanently block third-party cookies after 2024.

2. Enable SuccessFactors Learning third-party cookie mechanism is not flagged in BizX Provisioning

SAP SuccessFactors has a Provisioning setting called "Enable SuccessFactors Learning third-party cookie mechanism" which bypasses the need to use cookies as the Learning site is not loaded within an iframe. There are no security or access issues if this setting is enabled. Additional details about the "Enable SuccessFactors Learning third-party cookie mechanism":

  • Some websites use third-party content providers (communicating from one webpage/site with the help of another webpage/site). A third-party content provider can track you across websites to advertise products and services. SAP SuccessFactors do use cookies to store session information (to constantly validate the user sessions and store values for faster page/data processing) but not for any advertising purpose, so no need to worry about that.
  • BizX and Learning are two different sites that work with each other by communicating with cookies and other internal logic, so we expect the browser setting to enable 3rd party cookie communication.
  • But this has recently become an issue as browsers are disabling third party cookies by default. This means that every user must change their browser default setting and some companies consider this a security/privacy risk. It is a privacy thing and not a security risk.
  • To avoid depending on browser settings we introduced a setting at the Provisioning side called "Enable SuccessFactors Learning third-party cookie mechanism" to handle the things differently than how it works with the setting to avoid the "Failed to Authenticate SAML Response" issue.
  • How the above mentioned is achieved: we force the user to initially visit a Learning page in a main BizX window outside of an iFrame (usually Learning is loaded into the BizX via an iFrame). In that case any follow up persistence of Learning cookies even in an iFrame will no longer be considered 3rd party. So, this is what that Provisioning setting would do.
  • No security or access issues would be caused by using that setting. It is explained above. And there isn’t the need to schedule any background job to enable this for everyone. Once enabled, this would have immediate effect. After this is enabled, we would just need to request user to clear cookie and cache.
  1. As a customer, you do not have access to Provisioning. Please engage a Certified Partner or Product Support to assist with this configuration. If this setting needs to be enabled and a Partner is not engaged, please create a case with the LOD-SF-LMS-INT component.
  2. After the setting is enabled, cleared cache and cookies from the browser

3. The user was not synchronized from HXM/BizX to Learning

The error can occur if a user is not properly created in the Learning application. User creation in Learning differs but the standard process is via the User Connector - SF. Please see 2668004 for information on how to troubleshoot user creation via the connector.

Keywords

learning, lms, saml, validation, error, failed, to, authenticate, the, response, cookies, cookie, settings, 3rd, parties, cookies, validations, errors, cdp, pm, pmgm, goals, objectives , KBA , LOD-SF-LMS-INT , Integrations with BizX , LOD-SF-CDP-INT , CDP Integrations, LMS, PM, EC etc. , LOD-SF-CDP-LA , Learning Activity Plan (LMS) , LOD-SF-PM-GM , Goals in PM Form , Problem

Product

SAP SuccessFactors Learning all versions ; SAP SuccessFactors Performance & Goals all versions ; SAP SuccessFactors Succession & Development all versions