- You have set up SAML Single Sign-on authentication for your SAP HANA database.
- Your external identity has been configured in the identity provider (IdP) with user attribute: e-mail address.
- You have mapped this identity provider to a database user in HANA.
- You test SSO and this fails with errors like these:
error: StatusCode in ResponseMessage != OK; please refer to the database trace for more information
No assertion found in body of request
- The xsengine or indexserver trace file shows entries similar to these:
Authentication SAMLAuthenticator.cpp(00964) : Assertion Subject NameID: <firstname.lastname@example.org>
Authentication SAMLAuthenticator.cpp(00982) : Assertion AuthnStatement SessionIndex: <SAML assertion id>
Authentication SAMLAuthenticator.cpp(01004) : Response InResponseTo: <SAML response id>
Authentication SAMLAuthenticator.cpp(01295) : exception 1: no.4040007 (Authorization/impl/PrincipalManager.cpp:107)
Invalid principal id for principal .
exception throw location:
1: 0x00007f7f3862c168 in Authorization::PrincipalManager::getUserWithNameAsIs(ptime::Transaction&, unsigned int, ltt::basic_string<char, ltt::char_traits<char> > const&)
2: 0x00007f7f3862d50d in Authorization::PrincipalManager::getUser(ptime::Transaction&, unsigned int, ltt::basic_string<char, ltt::char_traits<char> > const&)
- SAP HANA 1.0 SPS12
- SAP HANA 2.0
HANA, SAML, SSO, single sign-on, authentication, assertion, user parameter, mapping, external identity, database user, e-mail address, error, indexserver, xsengine , KBA , HAN-DB-SEC , SAP HANA Security & User Management , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.