SAP Knowledge Base Article - Preview

2425774 - CX_SAML20_ASSERTION: Attribute 'Subject' of element 'SPNameQualifier' is invalid

Symptom

SAML 2.0 traces show the following error about validation of message 'Response':

SAML20 SP (client 140 ):  Exception raised:
SAML20  SAML20 CX_SAML20_CORE: The validation of message 'Response' failed. Long text: The validation of message 'Response' failed. 
SAML20     at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 57)
SAML20     at CL_SAML20_RESPONSE->VALIDATE(Line 72)
SAML20     at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 87)
SAML20     at CL_HTTP_SAML20->PROCESS_LOGON(Line 340)
SAML20     at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
SAML20     at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2224)
SAML20  Caused by: CX_SAML20_ASSERTION: Attribute 'Subject' of element 'SPNameQualifier' is invalid. Long text: Attribute 'Subject' of element 'SPNameQualifier' is invalid.

SAML20     at CL_SAML20_ASSERTION->VALIDATE_SUBJECT_SSO(Line 166)
SAML20     at CL_SAML20_ASSERTION->VALIDATE_ASSERTION(Line 27)
SAML20     at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 50)
SAML20     at CL_SAML20_RESPONSE->VALIDATE(Line 72)
SAML20     at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 87)
SAML20     at CL_HTTP_SAML20->PROCESS_LOGON(Line 340)
SAML20     at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
SAML20     at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2224)

SAML 2.0 traces can be captured using Security Diagnostic Tool. See the link for more information.


Read more...

Environment

In a NetWeaver ABAP system where SAML 2.0 authentication is used.

  • SAP Netweaver AS ABAP 7.02
  • SAP Netweaver AS ABAP 7.30
  • SAP Netweaver AS ABAP 7.31
  • SAP Netweaver AS ABAP 7.40
  • SAP Netweaver AS ABAP 7.50 and higher

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0

Keywords

The validation of message 'Response' failed, affiliation, Local Provider. , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.