Symptom
- IAS acts as proxy to delegate the authentication to corporate identity provider
- During logout, the following error is returned by IAS:
HTTP Status 400 - Identity Provider could process the logout message received - In IAS troubleshooting logs, the following errors can be found:
"Identity Provider could not process SAML2 logout message. RedirectPayload is not signed. "
"ASJ.saml20_sp.010003# Service Provider SLO endpoint received RedirectPayload from Identity Provider [xxxxxxxxxxxxxxxxxxxxxxxxx] that is not signed."
or:
"Identity Provider could not process SAML2 logout message. SLO message is not signed."
"ASJ.saml20_sp.010006# Service Provider SLO endpoint received SLO message from Identity Provider [xxxxxxxxxxxxxxxxxxxxxxxxx] that is not signed."
Read more...
Environment
Identity Authentication
Product
Identity Authentication 1.0
Keywords
SLO "single logout" signature , KBA , BC-IAM-IDS , Identity Authentication Service , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.