SAP Knowledge Base Article - Preview

2443779 - Rejected signed Assertion - Authentication contexts in the SAML2Assertion not sufficient


  • You've configured SSO using SAML 2.0 with a trusted Identity Provider
  • The authentication fails with message "Authentication failed at Identity Provider <name>"


  • Troubleshooting Wizard traces show the following exception in the SAML2LoginModule:

Rejected signed Assertion
Reason: Reauthentication required due to authentication contexts in the SAML2Assertion not sufficient against configured authentication contexts for the application.

  • The following log (or similar) is also seen in the trace:

Service Provider could not authenticate the user due to authentication contexts 

Authentication context [[Name: urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified, Alias: unspecified, TimeStamp: 1488877765913]] in the SAML2Assertion not sufficient against configured authentication contexts. Authenticated contexts: [[[Name: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, Alias: PasswordProtectedTransport, TimeStamp: 1488877765912]]]



SAP NetWeaver Application Server Java


SAP NetWeaver Application Server for Java all versions


KBA , BC-JAS-SEC-SML , JAVA SAML 1.1 and 2.0 , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.