SAP Knowledge Base Article - Preview

3730168 - OAuth 2.0 Token Request Fails with “Invalid Grant No User Found with alias" During SAML Bearer Assertion Flow

Symptom

When attempting Single Sign-On to SAP S/4HANA using the SAML 2.0 Bearer Assertion flow for OAuth 2.0, the token endpoint returns:

invalid_grant
Provided authorization grant is invalid. Exception was No user found with * "user@email.com".
For more information, consult the kernel traces or the OAuth 2.0 troubleshooting SAP note 1688545.

The configuration requirement applies to all SAML‑to‑ABAP user‑mapping modes, where * represents the mapping mode expected by the S/4HANA system (e.g., Alias, Email, Logon ID, etc.).


Read more...

Environment

  • SAP NetWeaver Application Server
  • ABAP Platform
  • SAP S/4HANA

Product

ABAP platform all versions ; SAP NetWeaver all versions ; SAP S/4HANA all versions

Keywords

invalid_grant, saml subject name identifier, nameid, login name, sso mapping, no user found with alias, oauth grant invalid, 403 forbiddeN,, user id mapping, oauth, oauth server, saml bearer, assertion, saml, no user found with , KBA , BC-SEC-LGN-OA2 , OAuth 2.0 for ABAP , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.