SAP Knowledge Base Article - Preview

2821994 - SAML SSO to HANA fails due to missing user parameter mapping


  • You have set up SAML Single Sign-on authentication for your SAP HANA database.
  • Your external identity has been configured in the identity provider (IdP) with user attribute: e-mail address.
  • You have mapped this identity provider to a database user in HANA.
  • You test SSO and this fails with errors like these:
error: StatusCode in ResponseMessage != OK; please refer to the database trace for more information
No assertion found in body of request
  • The xsengine or indexserver trace file shows entries similar to these:
Authentication SAMLAuthenticator.cpp(00964) : Assertion Subject NameID: <>
Authentication SAMLAuthenticator.cpp(00982) : Assertion AuthnStatement SessionIndex: <SAML assertion id>
Authentication SAMLAuthenticator.cpp(01004) : Response InResponseTo: <SAML response id>
Authentication SAMLAuthenticator.cpp(01295) : exception 1: no.4040007 (Authorization/impl/PrincipalManager.cpp:107)
Invalid principal id for principal .
exception throw location:
1: 0x00007f7f3862c168 in Authorization::PrincipalManager::getUserWithNameAsIs(ptime::Transaction&, unsigned int, ltt::basic_string<char, ltt::char_traits<char> > const&)
2: 0x00007f7f3862d50d in Authorization::PrincipalManager::getUser(ptime::Transaction&, unsigned int, ltt::basic_string<char, ltt::char_traits<char> > const&)



  • SAP HANA 1.0 SPS12
  • SAP HANA 2.0


SAP HANA 1.0, platform edition ; SAP HANA, platform edition 2.0


HANA, SAML, SSO, single sign-on, authentication, assertion, user parameter, mapping, external identity, database user, e-mail address, error, indexserver, xsengine , KBA , HAN-DB-SEC , SAP HANA Security & User Management , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.