Symptom
- Front-End SAML SSO to BI fails with "HTTP 302" or "Session Expired".
- The Spring SAML log shows the following error:
DEBUG SAMLAuthenticationProvider:99 - Error validating SAML message
org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
Caused by: org.opensaml.common.SAMLException: Local entity is not the intended audience of the assertion in at least one AudienceRestriction
- The Spring SAML log shows the AudienceRestriction information as below:
<saml2:AudienceRestriction><saml2:Audience>https://<hostname >:<port>/BOE/saml/metadata</saml2:Audience>
Read more...
Environment
SAP BusinessObjects Business Intelligence Platform 4.x
Product
SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3
Keywords
SAML, SSO, IDP, SP, AudienceRestriction, Session Expired, 302, bo, boe, bi, 4.x , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.