Symptom
- You've configured SSO using SAML 2.0 with a trusted Identity Provider
- The authentication fails with message "Authentication failed at Identity Provider <name>"
- Troubleshooting Wizard traces show the following exception in the SAML2LoginModule:
Rejected signed Assertion
Reason: Reauthentication required due to authentication contexts in the SAML2Assertion not sufficient against configured authentication contexts for the application.
- The following log (or similar) is also seen in the trace:
Service Provider could not authenticate the user due to authentication contexts
Authentication context [[Name: urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified, Alias: unspecified, TimeStamp: 1488877765913]] in the SAML2Assertion not sufficient against configured authentication contexts. Authenticated contexts: [[[Name: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, Alias: PasswordProtectedTransport, TimeStamp: 1488877765912]]]
Read more...
Environment
SAP NetWeaver Application Server Java
Product
Keywords
KBA , BC-JAS-SEC-SML , JAVA SAML 1.1 and 2.0 , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.