SAP Knowledge Base Article - Preview

2926820 - E-Mail Verification is set to OFF for Application in IAS, but users can't access it without verification

Symptom

In Identity Authentication Service under the Application's 'Authentication and Access' tab, the 'E-Mail Verification' is set to OFF.

However, the authentication for users is failing with an infinite loop or other error messages.

The SAML trace is showing this Status error:

<StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder"><StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:AuthnFailed"/></StatusCode>
<StatusMessage>The email of the user is not verified.</StatusMessage>

In the Troubleshooting log, the following error is displayed:

message=Identity Provider could not process the authentication request received due to error on its own side.com.sap.security.saml2.lib.common.exceptions.SAML2ErrorResponseException: The email of the user is not verified.

If the administrator sets a user's e-mail address to verified under 'User Management' >> 'User Details' >> 'Personal Information' in the Administration Console, the authentication becomes successful.

The issue occurs, when the registration is On Behalf Registration, which means that a user was created on behalf of it, so not via self-registration (e.g. in Administration Console, via SCIM REST API, using the Import users functionality).


Read more...

Environment

SAP Cloud Platform Identity Authentication Service

Product

Identity Authentication 1.0

Keywords

IAS, E-Mail Verification, OFF, loop, verified, verify, email, e-mail, name ID attribute, nameid-format:emailAddress , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.