3164779 - SAML SSO - HTTP Status 401 – Unauthorized

Symptom

using 'Login with Single Sign On' to backoffice, when login the second time you get HTTP Status 401 – Unauthorized message.
You get the following error in console logs: Caused by: org.opensaml.common.SAMLException: InResponseToField of the Response doesn't correspond to sent message

The above error can be displayed in console logs after enabling debug level logging on SAML related classes:

log4j2.logger.springsaml.name=org.springframework.security.saml
log4j2.logger.springsaml.level=DEBUG
log4j2.logger.springsaml.appenderRef.stdout.ref=STDOUT

log4j2.logger.opensaml.name=org.opensaml
log4j2.logger.opensaml.level=DEBUG
log4j2.logger.opensaml.appenderRef.stdout.ref=STDOUT

log4j2.logger.samlsinglesignon.name=de.hybris.platform.samlsinglesignon
log4j2.logger.samlsinglesignon.level=DEBUG
log4j2.logger.samlsinglesignon.appenderRef.stdout.ref=STDOUT

log4j2.logger.samlutil.name=org.springframework.security.saml.util.SAMLUtil
log4j2.logger.samlutil.level=DEBUG
log4j2.logger.samlutil.appenderRef.stdout.ref=STDOUT

log4j2.logger.SAMLProcessingFilter.name=org.springframework.security.saml.SAMLProcessingFilter
log4j2.logger.SAMLProcessingFilter.level=DEBUG
log4j2.logger.SAMLProcessingFilter.appenderRef.stdout.ref=STDOUT

Environment

Commerce Cloud using backoffice SSO login

Product

SAP Hybris Commerce 6.4

Keywords

samlsinglesignon
SAMLResponse
sign on

, KBA , CEC-COM-ADM-BO , Backoffice , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.