SAP Knowledge Base Article - Public

3347581 - Error "Response doesn't have any valid assertion which would pass subject validation" encountered at verify account step when configure custom SAML IDP in SAP Datasphere

Symptom

Got error "Response doesn't have any valid assertion which would pass subject validation" at verify account step when configure custom SAML IDP in Datasphere.

Environment

  • SAP Datasphere

Reproducing the Issue

  1. Login to customer Datasphere tenant.
  2. Go to System-> Administration->Security.
  3. Click edit and upload the IDP metadata in Step 2.
  4. Click verify account in step 4. 
  5. Notice that error "Response doesn't have any valid assertion which would pass subject validation" happens.

Cause

The attribute "Groups" is not set to "sac" in IDP.

Resolution

Based on the step 7 in the help guide: Enabling a Custom SAML Identity Provider, the attribute "Groups" need to be set to "sac" in IDP, although it is Datasphere.

Keywords

KBA , DS-AUT , Authorizations (Locks, etc.) , Problem

Product

SAP Datasphere all versions