2821994 - SAML SSO to HANA fails due to missing user parameter mapping

• You have set up SAML Single Sign-on authentication for your SAP HANA database.
• Your external identity has been configured in the identity provider (IdP) with user attribute: e-mail address.
• You have mapped this identity provider to a database user in HANA.
• You test SSO and this fails with errors like these:

error: StatusCode in ResponseMessage != OK; please refer to the database trace for more information

No assertion found in body of request

• The xsengine or indexserver trace file shows entries similar to these:

Authentication SAMLAuthenticator.cpp(00964) : Assertion Subject NameID: <john.doe@domain.com>
Authentication SAMLAuthenticator.cpp(00982) : Assertion AuthnStatement SessionIndex: <SAML assertion id>
Authentication SAMLAuthenticator.cpp(01004) : Response InResponseTo: <SAML response id>
Authentication SAMLAuthenticator.cpp(01295) : exception 1: no.4040007 (Authorization/impl/PrincipalManager.cpp:107)
          Invalid principal id for principal .
exception throw location:
 1: 0x00007f7f3862c168 in Authorization::PrincipalManager::getUserWithNameAsIs(ptime::Transaction&, unsigned int, ltt::basic_string<char, ltt::char_traits<char> > const&) 
 2: 0x00007f7f3862d50d in Authorization::PrincipalManager::getUser(ptime::Transaction&, unsigned int, ltt::basic_string<char, ltt::char_traits<char> > const&) 
 ...

• SAP HANA 1.0 SPS12
• SAP HANA 2.0

HANA, SAML, SSO, single sign-on, authentication, assertion, user parameter, mapping, external identity, database user, e-mail address, error, indexserver, xsengine , KBA , HAN-DB-SEC , SAP HANA Security & User Management , Problem