SAP Knowledge Base Article - Preview

2673983 - SAML Fails with a "status:Responder" Error


You have configured SAML between your AS JAVA as your Service Provider and your Identity Provider but this is failing. You have reproduced this issue running a Security Troubleshooting Wizard Trace and you can see the failed logon procedure throwing the below error:

User: N/A
IP Address:
Authentication Stack: xxxxx
Authentication Stack Properties:
        policy_domain = xxxxx
        realm_name = xxxxx

Login Module                                                                                    Flag        Initialize  Login      Commit     Abort      Details
1.             SUFFICIENT  ok          false                 true      
2.                                  OPTIONAL    ok          exception             true       Rejected signed Response 
                                                                                                                                    Reason: Error SAML2Response received.
                                                                                                                                      ID: xxxxxxxxxx
                                                                                                                                      Issuer: "IDP URL....."
                                                                                                                                      Destination: "SP URL....."
                                                                                                                                      In Response To: xxxxx
                                                                                                                                      Issue Instant: "Time and Date"
                                                                                                                                      Top Level Status Code: urn:oasis:names:tc:SAML:2.0:status:Responder
                                                                                                                                      Second Level Status Code:
                                                                                                                                      Status Message:
                                                                                                                                      Consent: urn:oasis:names:tc:SAML:2.0:consent:unspecified
3.               SUFFICIENT  ok          false                 true      
4.   REQUISITE   ok          false                 false     
5.               REQUISITE   ok          false                 true      
No logon policy was applied



  • Release Independent
  • SAP NetWeaver


SAP NetWeaver all versions


SAML2 Responder, status:Responder, Reason: Error SAML2Response received, Rejected signed Response, SAML2 SSO, Fail, Troubleshooting Wizard Trace. , KBA , BC-JAS-SEC-LGN , Logon, SSO , BC-JAS-SEC-SML , JAVA SAML 1.1 and 2.0 , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.