Symptom
Logging to the Netweaver ABAP via SAML2.0 authentication failed with following error:
SAML20 SP (client 005 ): Signature validation with the configured primary certificate failed. Details: SSFW_KRN_VERIFY failed with: Certificate expired. Details:SAML20 SP (client 005 ): Exception raised:SAML20 SAML20 CX_SAML20_CORE: Error in ST program SAML2_RESPONSE when importing XML data. Long text: Error in ST program SAML2_RESPONSE when importing XML data. Diagnosis System Response Procedure Check the trace of the current work process dev_w<nr>. At level 2 you can find further information about the error. Procedure for System Administration
SAML20 Caused by: CX_SEC_SXML_ERROR: SSFW_KRN_VERIFY failed with: Certificate expired. Details:
SAML20 at CL_SEC_SXML_DSIGNATURE->HANDLE_SSF_ERROR(Line 32)
The error appears in the SAML 2.0 traces which can be collected with the Security Diagnostic tool.
Read more...
Environment
- SAP Enhancement Package 2 for SAP NetWeaver 7.0
- SAP NetWeaver 7.3
- SAP Enhancement Package 1 for SAP NetWeaver 7.3
- SAP NetWeaver 7.4
- SAP NetWeaver 7.5 and higher
Product
SAP NetWeaver all versions
Keywords
SAML 2.0, renew certificate, verify signature, trusted provider, primary signing certificate, secondary signing certificate, SSFW_KRN_VERIFY, Certificate expired, Signature validation, SAML2 , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.