SAP Knowledge Base Article - Preview

2260582 - SAML2Assertion received could not be decrypted - Illegal key size - SAP NetWeaver AS Java


The authentication using the Security Assertion Markup Language (SAML) 2.0 fails prompting the user to enter the user and password. The following error message is recorded in the traces:


SAML2Assertion received could not be decrypted.
Caused by: This key is not allowed due to the crypto policy file in use. Using Unlimited Strength Jurisdiction Policy Files will fix the problem (Note: 989517).
Caused by: Illegal key size



SAML 2.0 Service Provider

  • NetWeaver AS Java
  • NetWeaver AS ABAP

SAML 2.0 Identity Provider

  • Part of NetWeaver Single Sign-On product
  • IDMFEDERATION SCA have to be installed on top of NetWeaver AS Java
  • Due to historical reasons IDMFEDERATION SCA is also part of SAP Identity Management


SAP Identity Management 8.0 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP NetWeaver Application Server for Java 7.2 ; SAP NetWeaver Identity Management 7.2 ; SAP enhancement package 1 for SAP NetWeaver 7.3


saml login module authentication stack JavaEE AS Java SAML2.0 Troubleshooting troubleshooting wizard errors trace log debug IDP SP Idp certificate JCE Cryptography Jurisdiction Policy Files , KBA , saml2assertion-decryption-error , BC-JAS-SEC-SML , JAVA SAML 1.1 and 2.0 , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.