/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
The authentication response sent by the Identity Authentication Service to the Application contains the message in the subject, which can be seen in the SAML trace (see SAP KBA 2461862):
<Response ...>
<ns2:Issuer>xxxxxxx.accounts.ondemand.com</ns2:Issuer>
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/>
</StatusCode>
<StatusMessage>The user [PXXXXXX] is not provisioned for Service Provider [...]</StatusMessage>
</Status>
</Response>
In the Troubleshooting log, the following error is displayed:
Identity Provider could not process the authentication request received due to error on its own side.The user [Pxxxxxx] is not provisioned for Service Provider [<sp_URL>] Caused by: javax.security.auth.login.AccountException: The user [Pxxxxxx] is not provisioned for Service Provider [<sp_URL>] Caused by: The user [Pxxxxxx] is not provisioned for Service Provider [<sp_URL>]
Read more...
Environment
Identity Authentication Service
Product
Keywords
sci, cloud identity, access, not provisioned, ias , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)