2959772 - "SSFW_KRN_VERIFY failed with: Certificate expired" within SAML 2.0

Symptom

Logging to the Netweaver ABAP via SAML2.0 authentication failed with following error:

SAML20 SP (client 005 ): Signature validation with the configured primary certificate failed. Details: SSFW_KRN_VERIFY failed with: Certificate expired. Details:

SAML20 SP (client 005 ): Exception raised:SAML20 SAML20 CX_SAML20_CORE: Error in ST program SAML2_RESPONSE when importing XML data. Long text: Error in ST program SAML2_RESPONSE when importing XML data. Diagnosis System Response Procedure Check the trace of the current work process dev_w<nr>. At level 2 you can find further information about the error. Procedure for System Administration

SAML20 Caused by: CX_SEC_SXML_ERROR: SSFW_KRN_VERIFY failed with: Certificate expired. Details:
SAML20 at CL_SEC_SXML_DSIGNATURE->HANDLE_SSF_ERROR(Line 32)

The error appears in the SAML 2.0 traces which can be collected with the Security Diagnostic tool.

Environment

SAP Enhancement Package 2 for SAP NetWeaver 7.0
SAP NetWeaver 7.3
SAP Enhancement Package 1 for SAP NetWeaver 7.3
SAP NetWeaver 7.4
SAP NetWeaver 7.5 and higher

Product

SAP NetWeaver all versions

Keywords

SAML 2.0, renew certificate, verify signature, trusted provider, primary signing certificate, secondary signing certificate, SSFW_KRN_VERIFY, Certificate expired, Signature validation,SAML2_DEBUG, SAML2_ASSERTION, Certificate, SSF, Sign, Return code 027, Invalid Signature. , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.