SAP Knowledge Base Article - Preview

2758293 - IAS proxy scenario: Logon fails due to error "Certificate used to validate the signature cannot be null"


When you use Identity Authentication acts as a proxy to delegate the authentication to a corporate identity provider, logon fails and in Troubleshooting Logs, the following entries can be seen:

"POST /saml2/idp/acs/<TenantID> HTTP/1.1" 200

severity=INFO, location=umtrace, crtAccount=<TenantID>, authenticatedSubject="anonymous", state=failed, action=authenticate, objectType=user, authenticationMethod=saml2Assertion, category=audit.configuration, correlationId<TenantID>#anonymous#http-bio- error.SAML2Response signature verification failed. Caused by: Certificate used to validate the signature cannot be null

However, SAML response is successful:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
<dsig:X509Certificate><...></dsig:X509Certificate><...><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"



  • Identity Authentication


SAP Cloud Identity Services all versions


500 Internal Server error, Internal server error, HTTP 500, IAS Tenant , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.