SAP Knowledge Base Article - Preview

2645425 - The digital signature of the received SAML2 message is invalid

Symptom

An Identity Authentication tenant returns the message in subject when an authentication request is done from a specific Service Provider. This can be checked via a SAML trace (see SAP KBA 2461862).

In case the Service Provider is an SAP BTP subaccount, 500 error on the screen can be seen.

In the Troubleshooting log, the following error is displayed:

message=Identity Provider could not process the authentication request received due to error on its own side.An unexpected exception occurred. See call stack for details. Caused by: Signature of the SAML2 protocol token cannot be validated because neither primary nor secondary certificates are available in the configuration


Read more...

Environment

Identity Authentication

Product

Identity Authentication all versions

Keywords

sci, cloud identity, btp, HTTP Status 500, An internal error occurred, Request, portal, web ide, webide, certificate, missing, invalid, configured, Identity Provider could not process the authentication request received due to client error.The digital signature of the received SAML2 message is invalid. Caused by: Signature not valid! , KBA , BC-IAM-IDS , Identity Authentication Service , BC-NEO-SEC-IAM , Authentication, Authorization(Cloud Platform Neo) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.