/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
- Identity Authentication acts as a proxy to delegate the authentication to a corporate identity provider.
- SAML2 SSO fails and the error "Sorry, but you are currently not authorized for access" is returned by Identity Authentication.
- In SAML2 trace generated as described in KBA 2461862, SAML response from the corporate identity provider looks like:
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">XXXX</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData Recipient=https://<tenantID>.accounts.ondemand.com/saml2/idp/acs/<tenantID>.ondemand.com?sp=XXX />
</saml:SubjectConfirmation>
</saml:Subject> - The following error occurs in troubleshooting logs:
"SAML2Assertion does not specify SubjectConfDataNotOnOrAfter"
Read more...
Environment
Identity Authentication
Product
Identity Authentication 1.0
Keywords
IAS "SAML2Assertion does not specify SubjectConfDataNotOnOrAfter" "Sorry, but you are currently not authorized for access" , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)