SAP Knowledge Base Article - Preview

2541151 - SAML2Assertion validation failed: Audience restriction does not specify the current Service Provider


Configured SAML 2.0 logon fails and errors similar to below are recorded in the SAP Application Server JAVA troubleshooting wizard traces:

Service Provider has received SAML2Assertion from Identity Provider <IDP details> whose audience restriction <AudienceRestriction> does not specify the current Service Provider
Warning saml2.sp.ResponseValidationService SAML2Assertion validation failed. [EXCEPTION]
Caused by: Rejected not signed Assertion
Reason: Service Provider does not match specified audience in the SAML2Assertion.



  • SAP NetWeaver Java


SAP Composition Environment all versions ; SAP NetWeaver Application Server for Java all versions ; SAP NetWeaver all versions ; SAP Process Integration all versions ; SAP Solution Manager all versions


sso single-sign-on login.failed artifact JAVA Service Provider SP Identity Provider IDP Issue Instant is not valid SAP Production ABAP R/3 ERP SRM CRM ERP PPM SEM APO XI PI PORTAL Test development QA SAML 2.0 SAML2Assertion Warning saml2.sp.ResponseValidationService SAML2Assertion Service Provider SAMLREQUEST
, KBA , BC-JAS-SEC-SML , JAVA SAML 1.1 and 2.0 , BC-JAS-SEC , Security, User Management , BC-SEC-LGN-SML , SAML 2.0 for ABAP , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.