SAP Knowledge Base Article - Preview

2821994 - SAML SSO to HANA fails due to missing user parameter mapping


  • You have set up SAML Single Sign-on authentication for your SAP HANA database.
  • Your external identity has been configured in the identity provider (IdP) with user attribute: e-mail address.
  • You have mapped this identity provider to a database user in HANA.
  • You test SSO and this fails with errors like these:
error: StatusCode in ResponseMessage != OK; please refer to the database trace for more information
No assertion found in body of request
  • The xsengine or indexserver trace file shows entries similar to these:
Authentication SAMLAuthenticator.cpp(00964) : Assertion Subject NameID: <>
Authentication SAMLAuthenticator.cpp(00982) : Assertion AuthnStatement SessionIndex: <SAML assertion id>
Authentication SAMLAuthenticator.cpp(01004) : Response InResponseTo: <SAML response id>
Authentication SAMLAuthenticator.cpp(01295) : exception 1: no.4040007 (Authorization/impl/PrincipalManager.cpp:107)
Invalid principal id for principal .
exception throw location:
1: 0x00007f7f3862c168 in Authorization::PrincipalManager::getUserWithNameAsIs(ptime::Transaction&, unsigned int, ltt::basic_string<char, ltt::char_traits<char> > const&)
2: 0x00007f7f3862d50d in Authorization::PrincipalManager::getUser(ptime::Transaction&, unsigned int, ltt::basic_string<char, ltt::char_traits<char> > const&)



  • SAP HANA 1.0 SPS12
  • SAP HANA 2.0


SAP HANA 1.0, platform edition ; SAP HANA, platform edition 2.0


HANA, SAML, SSO, single sign-on, authentication, assertion, user parameter, mapping, external identity, database user, e-mail address, error, indexserver, xsengine , KBA , HAN-DB-SEC , SAP HANA Security & User Management , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.