SAP Knowledge Base Article - Preview

2693814 - SAML logon to application failed via IAS and corporate IdP due to incorrect audience restriction in SAML response from corporate IdP

Symptom

  • Logon to application via IAS and corporate IdP failed.
  • SAML is used between application IAS and corporate IdP
  • In IAS Troubleshooting log, following errors occurred:

    ERROR "Service Provider does not match specified audience in the SAML2Assertion. Service Provider does not match specified audience in the SAML2Assertion. Correlation ID: <ID> 

    WARNING "SAML2Assertion validation failed. com.sap.security.saml2.sp.sso.exception.BadCredentialsException: Service Provider does not match specified audience in the SAML2Assertion.

    WARNING "ASJ.saml20_sp.000053# Service Provider has received SAML2Assertion from Identity Provider [<SAML name id of corporate IdP>] whose audience restriction [[<incorrect SAML name id of IAS>]] does not specify the current Service Provider [<correct SAML name id of IAS>]. " 


Read more...

Environment

  • SAP Cloud Platform
  • Identity Authentication Service

Product

SAP Business Technology Platform all versions ; SAP Cloud Identity Services all versions

Keywords

sso, single-sign-on, login.failed, artifact, JAVA ,Service Provider, SP, Identity Provider, IdP, Issue, Instant is not valid, SAP Production, ABAP R/3, ERP, SRM, CRM, ERP, PPM, SEM, APO, XI PI PORTAL, Test, development, SAML 2.0, SAML2Assertion, Warning, saml2.sp.ResponseValidationService, SAMLREQUEST
, KBA , BC-IAM-IDS , Identity Authentication Service , BC-NEO-SEC-IAM , Authentication, Authorization(Cloud Platform Neo) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.