SAP Knowledge Base Article - Preview

2437217 - SAML2.0: Signature validation with the configured primary certificate failed

Symptom

Performing SAML 2.0 authentication fails and one of the following error messages is raised:

  • "Signature validation with the configured primary certificate failed..."
  • "CX_SEC_SXML_ERROR: SSFW_KRN_VERIFY failed with: Signature verification failed (for signer) or Envelope failed (for recipient)"
  • "SSFW_KRN_VERIFY failed with: Signer is not known or not trusted *OR* Recipient not found"
  • Caused by: CX_SAML20_CORE: Error in ST program SAML2_ASSERTION when importing XML data. Long text: Error in ST program SAML2_ASSERTION when importing XML data.
  • Caused by: CX_SEC_SXML_ERROR:
    SAML20 at CL_SEC_SXML_DSIGNATURE->VERIFY_XML(Line 315)

The error appears in the SAML 2.0 traces which can be collected with the Security Diagnostic tool.


Read more...

Environment

  • SAP enhancement package 2 for SAP NetWeaver 7.0
  • SAP NetWeaver 7.3
  • SAP enhancement package 1 for SAP NetWeaver 7.3
  • SAP NetWeaver 7.4
  • SAP NetWeaver 7.5 and higher

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

Keywords

SAML2.0 CX_SEC_SXML_ERROR SSFW_KRN_VERIFY Signature verification validation SSFW_KRN_VERIFY failed with: Signature verification failed SAML2_DEBUG SAML2_ASSERTION , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.