Symptom
- When performing a SAML 2.0 authentication, it fails and you are redirected to a logon screen or you will receive an authentication popup.
- SAML 2.0 secure diagnostic tool trace shows error like "User source <email address> is longer than maximum length of a user name: 12 characters".
- Below exception shows in SAML Security Diagnostic Tool trace which can be collected with the KBA 2960670.
SAML20 SP (client <client number> ): Exception raised:
SAML20 SAML20 CX_SAML20_FEDERATION: User <email address> does not exist in client <client number>. Long text: User <email address> does not exist in client <client number>.
SAML20 at CL_SAML20_FEDERATION->MAP_USERSOURCE_TO_USER_ID(Line 104)
SAML20 at CL_SAML20_FEDERATION->CREATE_INSTANCE(Line 257)
SAML20 at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 82)
SAML20 at CL_SAML20_RESPONSE->VALIDATE(Line 64)
SAML20 at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 91)
SAML20 at CL_HTTP_SAML20->PROCESS_LOGON(Line 345)
SAML20 at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
SAML20 at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2289)
Read more...
Environment
- SAP Netweaver AS ABAP 7.02
- SAP Netweaver AS ABAP 7.30
- SAP Netweaver AS ABAP 7.31
- SAP Netweaver AS ABAP 7.40
- SAP Netweaver AS ABAP 7.50 and higher
Product
SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0
Keywords
SAML, SAML2, SAML20, SAML20 CX_SAML20_FEDERATION,is longer than maximum length of a user name: 12 characters, email, User id mapping mode , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.