SAP Knowledge Base Article - Preview

3343085 - SAML2.0: How to extract IdP signing certificate from JAVA Troubleshooting Trace Log (TSHW)


You use SAML 2.0 on NetWeaver JAVA and on the IdP side the signing certificate has changed. Therefore, the signature verification of the Response fails with errors like:

Signature validation with the configured primary certificate failed 

Signiture validation of SAML2Assertion failed.
[EXCEPTION] Verification failed. 

The errors are found in trace collected with the JAVA TSHW trace log: Note:1332726 - Troubleshooting Wizard



SAP Netweaver JAVA Systems


SAP NetWeaver Application Server for Java all versions


SAML 2.0, SAML 2.0, renew certificate, verify signature, trusted provider, primary signing certificate, secondary signing certificate, The validation of message 'Response' failed, X.509 certificate, Signiture validation of SAML2Assertion failed  , KBA , BC-JAS-SEC-SML , JAVA SAML 1.1 and 2.0 , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.