SAP Knowledge Base Article - Public

2233329 - [SSO] The assertion must contain the service provider www.successfactors.com - Single Sign On

Symptom

  • In SSO Error logs in provisioning you get the error: The assertion must contain the service provider www.successfactors.com or the company-wide service provider www.successfactors.com/#####  within the Audience list: [http://www.successfactors.com]
  • Configured Single Sign-on but the login is failing.

Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental.

Environment

SAP SuccessFactors HXM Suite

Reproducing the Issue

  1. Configure SSO between SucessFactors and an Identity Provider
  2. User tries to access SF using the connection set
  3. We receive in our logs (Provisioning > Single Sign On > SSO Log Viewer) the message: The assertion must contain the service provider www.successfactors.com or the company-wide service provider www.successfactors.com/companyID within the Audience list: [http://www.successfactors.com]

Cause

  • Either the Entity ID configured on IdP (Identity Provider) side is incorrect (such as missing the http:// or https:// prefixes)

  OR

  • IdP (Identity provider) is sending http://www.successfactors.com as the Audience in their SAML response. This is the value currently configured in customers IdP

Resolution

First of all, please make sure that the Entity ID configured on IdP side matches exactly the entityID provided on SuccessFactors' metadata file, including "http://" or "https://" (depending on the Data Center, as listed on KBA 2747798 - How to create metadata file for Single Sign On).

If you confirm that the above is correct, then the Audience value in the IdP configuration should be amended to either www.successfactors.com or www.successfactors.com/#####

Changing the value to www.successfactors.com sometimes works but is not recommended. The value on IdP's side should be changed to the 2nd option, www.successfactors.com/#####, as it's unique.

See Also

  • 2747798 - How to create the metadata file for Single Sign On between SuccessFactors and Identity Provider
  • 2088827 - What methods of SSO (Single Sign On) does SuccessFactors Support? - BizX Platform
  • 2088837 - SSO: Partial Organization Single Sign-On - BizX Platform
  • 2757960 - Login Failures Error Log - SSO - BizX Platform

Keywords

SSO, The assertion must contain the service provider www.successfactors.com or the company-wide service provider www.successfactors.com/##### within the Audience list: [http://www.successfactors.com], Entity ID, Service Provider, Company-wide service provider, Audience List , KBA , LOD-SF-PLT-SEL , SSO Errors & Logs , LOD-SF-PLT-SAM , SAML SSO First Time Setup , Problem

Product

SAP SuccessFactors HXM Suite all versions