3117932 - Configuring Different Trust Configurations for the Same IAS Tenant the authentication fails

Symptom

After configuring the SAP Identity Authentication (IAS) and Azure by following the section (Optional) Configure Different Trust Configurations for the Same Identity Authentication Tenant (Azure AD Apps) the authentication fails
The Reply URL configured in the Azure is correctly matching the Assertion Consumer Service (ACS) URL (typically https://<tenant ID>.accounts.ondemand.com/saml2/idp/acs/<tenant ID>.accounts.ondemand.com )
In the Troubleshooting Logs the error is present similar to below:

<date and time>  timestamp=<date and time> , ipAddress=<IP address> , severity=ERROR, location=com.sap.security.saml2.sp.sso.AssertionValidationService,

crtAccount=<tenant ID>, authenticatedSubject="anonymous", correlationID <correlation ID>, message=

Signature validation of SAML2Assertion failed.com.sap.security.saml2.lib.common.SAML2Exception: Signature not valid!

Environment

SAP Identity Authentication

Azure Corporate IDP

Product

Identity Authentication 1.0

Keywords

KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.