Symptom
We get the following error message when using our newly created SAML-integration with Signavio:
Error: Oops... the system was unable to perform the requested function
Cause: Reason: An error occurred (saml2.exception - no user found)
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Resolution
The information provided does not imply that SAP Signavio Product Support have any expertise in setting up 3rd party identity provider (IdP) systems for customers. These are merely bits of information that were gathered over time while configuring the SAML SSO with identity providers, which may help you with a smoother setup. If you require assistance setting up your IdP system, please reach out to your consultant, partner, or specialized support.
The error could mean two things.
1. If you have velocity HUB turned on then you might need to have the samlAutoAccountCreation feature package enabled to auto create the user accounts automatically
2. The SAML response and the various assertions can be unsigned, signed or encrypted. Currently, Signavio supports the following variants:
- An unsigned SAML response with a signed assertion
- A signed SAML response with a signed assertion
The error message indicates that you are encrypting the SAML assertion.
You can remove the encryption-certificate by performing the following for your IDP:
- ADFS: Open the Signavio Relying Trust Party, choose Properties. In the next window, please delete the certificate in the "Encryption"-tab
- Azure AD: Open the Signavio application in your Azure AD. Afterwards, open the "Token encryption"-section and deactivate/delete the certificate
Keywords
KBA , BPI-SIG-CA-SEC-SAM , SAML 2.0 for SAP Signavio , How To
Product
Attachments
image2020-2-4_9-23-53.png |
image2020-2-4_9-25-24.png |