Symptom
Got error "Response doesn't have any valid assertion which would pass subject validation" at verify account step when configure custom SAML IDP in Datasphere.
Environment
- SAP Datasphere
Reproducing the Issue
- Login to customer Datasphere tenant.
- Go to System-> Administration->Security.
- Click edit and upload the IDP metadata in Step 2.
- Click verify account in step 4.
- Notice that error "Response doesn't have any valid assertion which would pass subject validation" happens.
Cause
The attribute "Groups" is not set to "sac" in IDP.
Resolution
Based on the step 7 in the help guide: Enabling a Custom SAML Identity Provider, the attribute "Groups" need to be set to "sac" in IDP, although it is Datasphere.
Keywords
KBA , DS-AUT , Authorizations (Locks, etc.) , Problem
Product
SAP Datasphere all versions