SAP Knowledge Base Article - Preview

2645425 - The digital signature of the received SAML2 message is invalid

Symptom

An Identity Authentication tenant returns the message in subject when an authentication request is done from a specific Service Provider. This can be checked via a SAML trace (see SAP KBA 2461862).

In case the Service Provider is an SAP BTP subaccount, the following error can be seen:

"HTTP Status 500 - An internal application error occurred."

And the SAMLResponse in HTTP/SAML Trace shows the below error:

"The digital signature of the received SAML2 message is invalid."


In the Troubleshooting log, the following error is displayed:

message=Identity Provider could not process the authentication request received due to error on its own side.An unexpected exception occurred. See call stack for details. Caused by: Signature of the SAML2 protocol token cannot be validated because neither primary nor secondary certificates are available in the configuration


Read more...

Environment

Identity Authentication
SAP Business Technology Platform

Product

SAP Cloud Identity Services all versions

Keywords

sci, cloud identity, btp, HTTP Status 500, An internal error occurred, Request, portal, web ide, webide, certificate, missing, invalid, configured, Identity Provider could not process the authentication request received due to client error.The digital signature of the received SAML2 message is invalid. Caused by: Signature not valid!, Signature of the SAML2 protocol token cannot be validated, HTTP Status 500 - An internal application error occurred, certificate expired , KBA , BC-IAM-IDS , Identity Authentication Service , BC-NEO-SEC-IAM , Authentication, Authorization(Cloud Platform Neo) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.