Symptom
Identity Authentication is used as a proxy. The authentication is failing and ending with message on the Identity Authentication UI: Sorry, but you are currently not authorized for access.
Investigating the SAML trace, the below StatusMessage can be seen:
<saml2p:StatusMessage>Invalid request, ACS Url in request https://<tenant_ID>.accounts.ondemand.com/saml2/idp/acs/<tenant_ID>.accounts.ondemand.com doesn't match configured ACS Url https://<tenant_ID>.accounts.ondemand.com/saml2/idp/acs/<tenant_ID>.accounts.ondemand.com?sp=<sp_name>&index=<index_number>.</saml2p:StatusMessage>
In the Identity Authentication Troubleshooting log the below similar error is printed:
message=ASJ.saml20_sp.000025# Service Provider has received SAML2Response from Identity Provider [<corporate_IdP_EntityID] that contains an error status code [urn:oasis:names:tc:SAML:2.0:status:Requester]. Status message: [Invalid request, ACS Url in request https://<tenant_ID>.accounts.ondemand.com/saml2/idp/acs/<tenant_ID>.accounts.ondemand.com doesn't match configured ACS Url https://<tenant_ID>.accounts.ondemand.com/saml2/idp/acs/<tenant_ID>.accounts.ondemand.com?sp=<sp_name>&index=<index_number>.]
message=Error SAML2Response received. Details: Invalid request, ACS Url in request https://<tenant_ID>.accounts.ondemand.com/saml2/idp/acs/<tenant_ID>.accounts.ondemand.com doesn't match configured ACS Url https://<tenant_ID>.accounts.ondemand.com/saml2/idp/acs/<tenant_ID>.accounts.ondemand.com?sp=<sp_name>&index=<index_number>.Error SAML2Response received. Details: Invalid request, ACS Url in request https://<tenant_ID>.accounts.ondemand.com/saml2/idp/acs/<tenant_ID>.accounts.ondemand.com doesn't match configured ACS Url https://<tenant_ID>.accounts.ondemand.com/saml2/idp/acs/<tenant_ID>.accounts.ondemand.com?sp=<sp_name>&index=<index_number>.
Read more...
Environment
Identity Authentication
Product
Keywords
IAS, ACS, endpoint, URL, multiple, IdP, SP, initiated, SSO, flow, error, Assertion Consumer Service , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.