Symptom
- Logon to application via IAS and corporate IdP failed.
- SAML is used between application IAS and corporate IdP
- In IAS Troubleshooting log, following errors occurred:
ERROR "Service Provider does not match specified audience in the SAML2Assertion. Service Provider does not match specified audience in the SAML2Assertion. Correlation ID: <ID>
WARNING "SAML2Assertion validation failed. com.sap.security.saml2.sp.sso.exception.BadCredentialsException: Service Provider does not match specified audience in the SAML2Assertion.
WARNING "ASJ.saml20_sp.000053# Service Provider has received SAML2Assertion from Identity Provider [<SAML name id of corporate IdP>] whose audience restriction [[<incorrect SAML name id of IAS>]] does not specify the current Service Provider [<correct SAML name id of IAS>]. "
Read more...
Environment
- SAP Cloud Platform
- Identity Authentication Service
Product
SAP Business Technology Platform all versions ; SAP Cloud Identity Services all versions
Keywords
sso, single-sign-on, login.failed, artifact, JAVA ,Service Provider, SP, Identity Provider, IdP, Issue, Instant is not valid, SAP Production, ABAP R/3, ERP, SRM, CRM, ERP, PPM, SEM, APO, XI PI PORTAL, Test, development, SAML 2.0, SAML2Assertion, Warning, saml2.sp.ResponseValidationService, SAMLREQUEST
, KBA , BC-IAM-IDS , Identity Authentication Service , BC-NEO-SEC-IAM , Authentication, Authorization(Cloud Platform Neo) , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.