Symptom
In Identity Authentication Service under the Application's 'Authentication and Access' tab, the 'E-Mail Verification' is set to OFF.
However, the authentication for users is failing with an infinite loop or other error messages.
The SAML trace is showing this Status error:
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/></StatusCode>
<StatusMessage>The email of the user is not verified.</StatusMessage>
In the Troubleshooting log, the following error is displayed:
message=Identity Provider could not process the authentication request received due to error on its own side.com.sap.security.saml2.lib.common.exceptions.SAML2ErrorResponseException: The email of the user is not verified.
If the administrator sets a user's e-mail address to verified under 'User Management' >> 'User Details' >> 'Personal Information' in the Administration Console, the authentication becomes successful.
The issue occurs, when the registration is On Behalf Registration, which means that a user was created on behalf of it, so not via self-registration (e.g. in Administration Console, via SCIM REST API, using the Import users functionality).
Read more...
Environment
SAP Cloud Platform Identity Authentication Service
Product
Keywords
IAS, E-Mail Verification, OFF, loop, verified, verify, email, e-mail, name ID attribute, nameid-format:emailAddress , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.