Symptom
- Identity Authentication acts as a proxy to delegate the authentication to a corporate identity provider.
- SAML2 SSO fails and the error "Sorry, but you are currently not authorized for access" is returned by Identity Authentication.
- In SAML2 trace generated as described in KBA 2461862, SAML response from the corporate identity provider looks like:
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">XXXX</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient=https://<tenantID>.accounts.ondemand.com/saml2/idp/acs/<tenantID>.ondemand.com?sp=XXX />
</saml:SubjectConfirmation>
</saml:Subject> - The following error occurs in troubleshooting logs: "SAML2Assertion does not specify SubjectConfDataNotOnOrAfter"
Read more...
Environment
Identity Authentication
Product
Identity Authentication 1.0
Keywords
IAS, "SAML2Assertion does not specify SubjectConfDataNotOnOrAfter", "Sorry, but you are currently not authorized for access", NotOnOrAfter, SubjectConfirmationData , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.