3540484 - SAML2.0: User source <> is longer than maximum length of an user alias: 40 characters

Symptom

When performing a SAML 2.0 authentication, the process fails, leading to a redirection to a logon screen.

The SAML Security Diagnostic Tool trace displays an error such as "User source <NameID sent by the IDP> is longer than maximum length of a user alias: 40 characters".

Additionally, the SAML Security Diagnostic Tool trace shows the following exception:

SAML20 SP (client): Exception raised:
SAML20 SAML20 CX_SAML20_FEDERATION: User with alias <NameID sent by the IDP truncated to a maximum of 40 characters> does not exist in client <Client Number>. Long text: User with alias <NameID sent by the IDP truncated to a maximum of 40 characters> does not exist in client <Client Number>.

Product

SAP NetWeaver Application Server for ABAP all versions ; SAP S/4HANA all versions ; SAP Single Sign-On all versions

Keywords

logon, login, username, password, SAML, SSO, Single Sign-On, 40 characters, exception, user alias, logon alias, User ID Mapping Mode, NameID, NameID Format, Unspecified , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.