3386997 - Login error occurred when IAS and corporate IdP involved with error "Authentication error.The authentication process did not set an authenticated principal in the current thread" in IAS troubleshooting log.

Symptom

Login error occurred in the application side.
Checking the SAML trace, IAS sent the error in the SAML response to the application.
<Status>
<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder" />
<StatusMessage>Failed to authenticate user.</StatusMessage>
</Status>
In the IAS troubleshooting log, there is error.
...message="Authentication error.The authentication process did not set an authenticated principal in the current thread. Id: ...
Checking the SAML trace, in the SAML response from the corporate IdP to IAS, there is the Subject Name Identifier.
<Subject>
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">xxxxxx@yyy.zzz</NameID>
......
</Subject>
In IAS, the option "Use Identity Authentication user store" is enabled for the corporate IdP.

Environment

Identity Authentication.

Product

Identity Authentication 1.0

Keywords

IAS, IPS, corporate IdP, Azure AD, AD FS, ADFS, Failed to authenticate user, Authentication error.The authentication process did not set an authenticated principal in the current thread , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.