2996158 - SAML 2.0 authentication fails, user Source <email address> is longer than maximum length of a user name: 12 characters

Symptom

When performing a SAML 2.0 authentication, it fails and you are redirected to a logon screen or you will receive an authentication popup.
SAML 2.0 secure diagnostic tool trace shows error like "User source <email address> is longer than maximum length of a user name: 12 characters".
Below exception shows in SAML Security Diagnostic Tool trace which can be collected with the KBA 2960670.

SAML20 SP (client <client number> ): Exception raised:
SAML20 SAML20 CX_SAML20_FEDERATION: User <email address> does not exist in client <client number>. Long text: User <email address> does not exist in client <client number>.
SAML20     at CL_SAML20_FEDERATION->MAP_USERSOURCE_TO_USER_ID(Line 104)
SAML20     at CL_SAML20_FEDERATION->CREATE_INSTANCE(Line 257)
SAML20     at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 82)
SAML20     at CL_SAML20_RESPONSE->VALIDATE(Line 64)
SAML20     at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 91)
SAML20     at CL_HTTP_SAML20->PROCESS_LOGON(Line 345)
SAML20     at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
SAML20     at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2289)

Environment

SAP Netweaver AS ABAP 7.02
SAP Netweaver AS ABAP 7.30
SAP Netweaver AS ABAP 7.31
SAP Netweaver AS ABAP 7.40
SAP Netweaver AS ABAP 7.50 and higher

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0

Keywords

SAML, SAML2, SAML20, SAML20 CX_SAML20_FEDERATION,is longer than maximum length of a user name: 12 characters, email, User id mapping mode , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.