SAP Knowledge Base Article - Preview

2645425 - The digital signature of the received SAML2 message is invalid


An Identity Authentication tenant returns the message in subject when an authentication request is done from a specific Service Provider. This can be checked via a SAML trace (see SAP KBA 2461862).

In case the Service Provider is SAP Cloud Platform, you get a 500 error on screen.

In the Troubleshooting log, the following error is displayed:

message=Identity Provider could not process the authentication request received due to error on its own side.An unexpected exception occurred. See call stack for details. Caused by: Signature of the SAML2 protocol token cannot be validated because neither primary nor secondary certificates are available in the configuration



SAP Cloud Platform Identity Authentication Service


Identity Authentication all versions


sci cloud identity scp HTTP Status 500 An internal error occurred Request portal web ide webide certificate missing invalid configured , KBA , BC-IAM-IDS , Identity Authentication Service , BC-NEO-SEC-IAM , Authentication, Authorization(Cloud Platform Neo) , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.