Symptom
SAML 2.0 traces show the following error about validation of message 'Response':
SAML20 SP (client <nnn>): Exception raised:
SAML20 SAML20 CX_SAML20_CORE: The validation of message 'Response' failed. Long text: The validation of message 'Response' failed.
SAML20 at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 57)
SAML20 at CL_SAML20_RESPONSE->VALIDATE(Line 72)
SAML20 at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 86)
SAML20 at CL_HTTP_SAML20->PROCESS_LOGON(Line 303)
SAML20 at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
SAML20 at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2491)
SAML20 Caused by: CX_SAML20_ASSERTION: Attribute 'SessionIndex' of element 'AuthnStatement' does not exist. Long text: Attribute 'SessionIndex' of element 'AuthnStatement' does not exist.
SAML20 at CL_SAML20_ASSERTION->VALIDATE_ASSERTION(Line 74)
SAML20 at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 50)
SAML20 at CL_SAML20_RESPONSE->VALIDATE(Line 72)
SAML20 at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 86)
SAML20 at CL_HTTP_SAML20->PROCESS_LOGON(Line 303)
SAML20 at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
SAML20 at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2491)
SAML 2.0 traces can be captured using Security Diagnostic Tool. See the link for more information.
Read more...
Environment
NetWeaver ABAP system where SAML 2.0 authentication is used.
- SAP Netweaver AS ABAP 7.02
- SAP Netweaver AS ABAP 7.30
- SAP Netweaver AS ABAP 7.31
- SAP Netweaver AS ABAP 7.40
- SAP Netweaver AS ABAP 7.50 and higher
Product
Keywords
KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.