SAP Knowledge Base Article - Preview

3526847 - Front-End SAML SSO to SAP BusinessObjects Business Intelligence Platform (BI) Fails with "HTTP 302" or "Session Expired"

Symptom

  • Front-End SAML SSO to BI fails with "HTTP 302" or "Session Expired".
  • The Spring SAML log shows the following error:
             DEBUG SAMLAuthenticationProvider:99 - Error validating SAML message
             org.opensaml.common.SAMLException: Response doesn't have any valid assertion which would pass subject validation
             Caused by: org.opensaml.common.SAMLException: Local entity is not the intended audience of the assertion in at least one AudienceRestriction
  • The Spring SAML log shows the AudienceRestriction information as below:
            <saml2:AudienceRestriction><saml2:Audience>https://<hostname >:<port>/BOE/saml/metadata</saml2:Audience>


Read more...

Environment

SAP BusinessObjects Business Intelligence Platform 4.x

Product

SAP BusinessObjects Business Intelligence platform 4.2 ; SAP BusinessObjects Business Intelligence platform 4.3

Keywords

SAML, SSO, IDP, SP, AudienceRestriction, Session Expired, 302, bo, boe, bi, 4.x   , KBA , BI-BIP-AUT , Authentication, ActiveDirectory, LDAP, SSO, Vintela , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.