3470113 - Error "SAML message intended destination endpoint did not match recipient endpoint" in Spring SAML logs

Symptom

Trying to login in CMC/ BI Launchpad with SAML Authentication fails.
Error "Http Status 500-Internal Server Error" after being redirected by Identity Provider (IdP) when using SAML to login.
The following errors can be seen in Spring SAML logs:

DEBUG BaseSAMLMessageDecoder:191 - Checking SAML message intended destination endpoint against receiver endpoint
DEBUG BaseSAMLMessageDecoder:210 - Intended message destination endpoint: https://<LoadBalancer/Proxy_URL>/BOE/saml/SSO
DEBUG BaseSAMLMessageDecoder:211 - Actual message receiver endpoint: https://<BI_SERVER>:<BI_PORT>/BOE/saml/SSO
ERROR BaseSAMLMessageDecoder:215 - SAML message intended destination endpoint 'https://<LoadBalancer/Proxy_URL>/BOE/saml/SSO' did not match the recipient endpoint 'https://<BI_SERVER>:<BI_PORT>/BOE/saml/SSO'
DEBUG SAMLProcessingFilter:104 - Incoming SAML message is invalid
org.opensaml.xml.security.SecurityException: SAML message intended destination endpoint did not match recipient endpoint

Environment

SAP BusinessObjects Business Intelligence Platform 4.x
Load Balancer/ Reverse Proxy

Product

SAP BusinessObjects Business Intelligence platform all versions

Keywords

SAML, spring, login, BI Launchpad, redirect, Authentication, Azure, stderr.log, stdout.log, har, fail, LB, RP, Load Balancer, RProxy, HTTP 500, Identity Provider, Internal Server Error, Security Context , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.