SAP Knowledge Base Article - Preview

2945414 - 'SAML2Assertion does not specify Subject NameID' error with AD FS


SAP Cloud Platform Identity Authentication Service (IAS) is acting as a proxy with AD FS. After authentication to an application, it fails with the error HTTP Status 500.

Meanwhile, in the Troubleshooting log, the following errors can be seen:

  • Authentication error.The authentication process did not set an authenticated principal in the current thread.
  • state=failed, action=login, objectType=user, cause=authenticationStepFailure, category=audit.authentication, credentialType="{TRUSTED_IDP_SAML_ASSERTION=rejected}
  • SAML2Assertion does not specify Subject SAML2Assertion does not specify Subject NameID.

Note: This topic fails to consulting category. Microsoft is responsible to do this configuration. However, this KBA provides some hints to troubleshoot and solve this issue.



  • SAP Cloud Platform Identity Authentication Service
  • Microsoft Active Directory Federation Services (AD FS)


Identity Authentication 1.0


ADFS, AD FS, Endpoint, Subject NameID , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.