SAP Knowledge Base Article - Preview

2673983 - SAML Fails with a "status:Responder" Error


You have configured SAML between your AS JAVA as your Service Provider and your Identity Provider but this is failing. You have reproduced this issue running a Security Troubleshooting Wizard Trace and you can see the failed logon procedure throwing the below error:

User: N/A
IP Address:
Authentication Stack: xxxxx
Authentication Stack Properties:
        policy_domain = xxxxx
        realm_name = xxxxx

Login Module                                                                                    Flag        Initialize  Login      Commit     Abort      Details
1.             SUFFICIENT  ok          false                 true      
2.                                  OPTIONAL    ok          exception             true       Rejected signed Response 
                                                                                                                                    Reason: Error SAML2Response received.
                                                                                                                                      ID: xxxxxxxxxx
                                                                                                                                      Issuer: "IDP URL....."
                                                                                                                                      Destination: "SP URL....."
                                                                                                                                      In Response To: xxxxx
                                                                                                                                      Issue Instant: "Time and Date"
                                                                                                                                      Top Level Status Code: urn:oasis:names:tc:SAML:2.0:status:Responder
                                                                                                                                      Second Level Status Code:
                                                                                                                                      Status Message:
                                                                                                                                      Consent: urn:oasis:names:tc:SAML:2.0:consent:unspecified
3.               SUFFICIENT  ok          false                 true      
4.   REQUISITE   ok          false                 false     
5.               REQUISITE   ok          false                 true      
No logon policy was applied



  • Release Independent
  • SAP NetWeaver


SAP NetWeaver all versions


SAML2 Responder, status:Responder, Reason: Error SAML2Response received, Rejected signed Response, SAML2 SSO, Fail, Troubleshooting Wizard Trace. , KBA , BC-JAS-SEC-LGN , Logon, SSO , BC-JAS-SEC-SML , JAVA SAML 1.1 and 2.0 , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.