SAP Knowledge Base Article - Preview

3058189 - The digital signature of the received SAML2 message is invalid. Caused by: Certificate is expired

Symptom

  • Service provider may returns an error "User does not exist" in the browser.

  • In the IAS troubleshooting log the following error message is displayed:
    Identity Provider could not process the authentication request received due to client error.
    The digital signature of the received SAML2 message is invalid. Caused by: Certificate is expired (Certificate NotAfter: <date and time>) Caused by: NotAfter: <date and time>

  • The SAML trace shows that the authentication request did not go to the Corporate Identity Provider and returned back to the service provider with the error message:
    <StatusMessage>The digital signature of the received SAML2 message is invalid.</StatusMessage>


Read more...

Environment

 Identity Authentication

Product

SAP Cloud Identity Services all versions

Keywords

 SAML, certificate, expired, IAS,proxy, certificate, signing , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.