- After successfully configuring SAP Analytics Cloud to use Microsoft Azure IDP as a Custom SAML SSO Identity Provider for authentication with SAP Analytics Cloud tenant, after several days, the login will fail with error
"Response doesn't have any valid assertion which would pass subject validation"
- When the error occurs in one client browser, the login will continue to fail with this error.
- After cleaning browser cache the issue no longer persists but after some days, the same error may occur again.
- Issue does not persist in Incognito Window (Private Mode)
- SAP Analytics Cloud (Enterprise)
- The authentication was rejected because there was too great a difference between the time the authentication was initiated (IssueInstant) and the time when the IDP last authenticated the user (AuthnInstant).
- The default for maxAuthenticationAge in SAP Cloud Platform was 10 days.
- The issue only occurs, if an SAML2 IDP issues in an SAML2 Assertion an AuthnInstant time and current time+date differs more than 10 days eg;
AuthnInstant="2020-01-01T09:07:36.666Z" IssueInstant="2020-03-31T09:27:18.346Z" Difference = 90 days, which are longer than 10 days.
In Microsoft Azure IDP side, configure authentication session management to make sure the session lifetime should be less than 10 days.
See Microsoft document: https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/howto-conditional-access-session-lifetime
- 2569847 - Where can you find SAC user assistance (help) to use, configure, and operate it more effectively?
- Have a question? Ask it here and let our amazing SAP community help! Or reply and share your knowledge!
- 2487011 - What information do I need to provide when opening an incident for SAP Analytics Cloud?
- SAP Analytics Cloud > Learning > Guided Playlists
- SAP Analytics Cloud > Learning > Guided Playlists > Getting Support
- Need More Help? Contact Support or visit the solution finder today!
Your feedback is important to help us improve our knowledge base.
SAP Cloud for Planning, sc4p, c4p, cforp, cloudforplanning, Cloud for Analytics, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJcloud, BOCloud., SAC, SAP AC, Cloud-Analytics, CloudAnalytics, SAPCloudAnalytics,Error, Issue, System, Data, User, Unable, Access, Connection, Sac, Connector, Live, Acquisition, Up, Set, setup, Model, BW, Connect, Story, Tenant, Import, Failed, Using, Working, SAML, SSO, sapanalyticscloud, sap analytical cloud, sap analytical cloud, SAC , KBA , ms edge not working for a specific user. , LOD-ANA-BI , Business Intelligence Functionality, Analytic Models , Problem