SAP Knowledge Base Article - Preview

2758293 - IAS proxy scenario: HTTP 500 error from corporate identity provider - Certificate used to validate the signature cannot be null


Login to Corporate Identity Provider (IdP) does not work with the Identity Authentication Service (IAS) functioning as a proxy. Corporate IdP login screen shows an "HTTP 500" error.

In Troubleshooting Logs, the following entries can be seen:

"POST /saml2/idp/acs/<TenantID> HTTP/1.1" 200

severity=INFO, location=umtrace, crtAccount=<TenantID>, authenticatedSubject="anonymous", state=failed, action=authenticate, objectType=user, authenticationMethod=saml2Assertion, category=audit.configuration, correlationId<TenantID>#anonymous#http-bio- error.SAML2Response signature verification failed. Caused by: Certificate used to validate the signature cannot be null

Hovever, SAML response is successful:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
<dsig:X509Certificate><...></dsig:X509Certificate><...><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"



  • SAP Cloud Platform Identity Authentication Service functioning as a proxy
  • Corporate IdP
  • SAP Cloud Platform


SAP Cloud Identity Services all versions


500 Internal Server error, Internal server error, HTTP 500, IAS Tenant , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.