In Identity Authentication Service under the Application's 'Authentication and Access' tab, the 'E-Mail Verification' is set to OFF.
However, the authentication for users is failing with an infinite loop or other error messages.
The SAML trace is showing this Status error:
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/></StatusCode>
<StatusMessage>The email of the user is not verified.</StatusMessage>
In the Troubleshooting log, the following error is displayed:
message=Identity Provider could not process the authentication request received due to error on its own side.com.sap.security.saml2.lib.common.exceptions.SAML2ErrorResponseException: The email of the user is not verified.
If the administrator sets a user's e-mail address to verified under 'User Management' >> 'User Details' >> 'Personal Information' in the Administration Console, the authentication becomes successful.
The issue occurs, when the registration is On Behalf Registration, which means that a user was created on behalf of it, so not via self-registration (e.g. in Administration Console, via SCIM REST API, using the Import users functionality).
SAP Cloud Platform Identity Authentication Service
IAS, E-Mail Verification, OFF, loop, verified, verify, email, e-mail, name ID attribute, nameid-format:emailAddress , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.