SAP Knowledge Base Article - Preview

2758293 - IAS proxy scenario: HTTP 500 error from corporate identity provider - Certificate used to validate the signature cannot be null


Login to Corporate Identity Provider (IdP) does not work with the Identity Authentication Service (IAS) functioning as a proxy. Corporate IdP login screen shows an "HTTP 500" error.

In Troubleshooting Logs, the following entries can be seen:

"POST /saml2/idp/acs/<TenantID> HTTP/1.1" 200

severity=INFO, location=umtrace, crtAccount=<TenantID>, authenticatedSubject="anonymous", state=failed, action=authenticate, objectType=user, authenticationMethod=saml2Assertion, category=audit.configuration, correlationId<TenantID>#anonymous#http-bio- error.SAML2Response signature verification failed. Caused by: Certificate used to validate the signature cannot be null

Hovever, SAML response is successful:

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
<dsig:X509Certificate><...></dsig:X509Certificate><...><samlp:Status><samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"



  • SAP Cloud Platform Identity Authentication Service functioning as a proxy
  • Corporate IdP
  • SAP Cloud Platform


Identity Authentication all versions


500 Internal Server error, Internal server error, HTTP 500, IAS Tenant , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.