SAP Knowledge Base Article - Preview

3149136 - "SAML2Assertion does not specify SubjectConfDataNotOnOrAfter" error in Identity Authentication


  • Identity Authentication acts as a proxy to delegate the authentication to a corporate identity provider.
  • SAML2 SSO fails and the error "Sorry, but you are currently not authorized for access" is returned by Identity Authentication.
  • In SAML2 trace generated as described in KBA 2461862, SAML response from the corporate identity provider looks like:
            <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">XXXX</saml:NameID>
            <saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
                <saml:SubjectConfirmationData Recipient=https://<tenantID><tenantID> />
  • The following error occurs in troubleshooting logs: "SAML2Assertion does not specify SubjectConfDataNotOnOrAfter"



Identity Authentication


Identity Authentication 1.0


IAS, "SAML2Assertion does not specify SubjectConfDataNotOnOrAfter", "Sorry, but you are currently not authorized for access", NotOnOrAfter, SubjectConfirmationData , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.