2945414 - 'SAML2Assertion does not specify Subject NameID' error with AD FS

Symptom

Identity Authentication (IAS) is acting as a proxy with AD FS. After authentication to an application, it fails with the error HTTP Status 500.
Meanwhile, in the Troubleshooting log, ALL of the below errors can be seen:

Authentication error.The authentication process did not set an authenticated principal in the current thread.
state=failed, action=login, objectType=user, cause=authenticationStepFailure, category=audit.authentication, credentialType="{TRUSTED_IDP_SAML_ASSERTION=rejected}
SAML2Assertion does not specify Subject NameID.com.sap.security.saml2.sp.sso.exception.BadCredentialsException: SAML2Assertion does not specify Subject NameID.
Identity Authentication (IAS) is acting as a proxy with AD FS. After successful authentication in AD FS, the application(SP) displayed login error or login page.
Checking the SAML trace, in the SAML response from AD FS to IAS, there is no Subject NameID.

Note: This topic fails to consulting category. Microsoft is responsible to do this configuration. However, this KBA provides some hints to troubleshoot and solve this issue.

Environment

Identity Authentication
Microsoft Active Directory Federation Services (AD FS)

Product

Identity Authentication 1.0

Keywords

ADFS, AD FS, Endpoint, Subject NameID , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.