Symptom
You have followed SAP Documents to configure SSO from AO to HANA.
The SSO failed with error: Unable to verify XML signature(StatusCode: , StatusMessage: )
Review the HANA SSO debug traces (Note 2083682 and KBA 2434356), found below error messages:
[000000]\{00000\}[0/-1] YYYY-MM-DD HH:MM:SS d Authentication SAMLAuthenticator.cpp(00276) : libxmlsec ERROR
[000000]\{00000\}[00/-1] YYYY-MM-DD HH:MM:SS d Authentication SAMLAuthenticator.cpp(00277) : file: /data/jenkins_prod/workspace/awduyghiom/s/Authentication/extern/libxmlsec/xmlsec_hdb/impl/x509vfy.cc
[000000]\{00000\}[00/-1] YYYY-MM-DD HH:MM:SS d Authentication SAMLAuthenticator.cpp(00278) : line: 208
[000000]\{00000\}[00/-1] YYYY-MM-DD HH:MM:SS d Authentication SAMLAuthenticator.cpp(00279) : func: xmlSecHDBX509StoreVerify
[000000]\{00000\}[00/-1] YYYY-MM-DD HH:MM:SS d Authentication SAMLAuthenticator.cpp(00280) : errorObject: x509-store
[000000]\{00000\}[00/-1] YYYY-MM-DD HH:MM:SS d Authentication SAMLAuthenticator.cpp(00281) : errorSubject:
[000000]\{00000\}[00/-1] YYYY-MM-DD HH:MM:SS d Authentication SAMLAuthenticator.cpp(00282) : reason: 71
......
[000000]\{00000\}[00/-1] YYYY-MM-DD HH:MM:SS i Authentication SAMLAuthenticator.cpp(00398) : Unable to verify XML signature
[000000]\{00000\}[00/-1] YYYY-MM-DD HH:MM:SS i Authentication MethodSAML.cpp(00103) : unsuccessful login attempt with SAML ticket!
[000000]\{00000\}[00/-1] YYYY-MM-DD HH:MM:SS d Authentication ManagerAcceptor.cpp(00339) : evaluate failed for method: SAML
[000000]\{00000\}[00/-1] YYYY-MM-DD HH:MM:SS d Authentication Authenticate.cc(00489) : exception during authentication: ERROR [CODE-4230] Invalid assertion: Unable to verify XML signature(StatusCode: , StatusMessage: )
Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.
Read more...
Environment
- Analysis Office
- SAP HANA Database
Product
Keywords
AO, SSO, SAML, CMC, authentication failed, XML signature, , KBA , HAN-DB-SEC , SAP HANA Security & User Management , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.