SAP Knowledge Base Article - Preview

2945414 - 'SAML2Assertion does not specify Subject NameID' error with AD FS

Symptom

SAP Cloud Platform Identity Authentication Service (IAS) is acting as a proxy with AD FS. After authentication to an application, it fails with error HTTP Status 500.

Meanwhile in the Troubleshooting log, you can see the following errors:

  • Authentication error.The authentication process did not set an authenticated principal in the current thread.
  • state=failed, action=login, objectType=user, cause=authenticationStepFailure, category=audit.authentication, credentialType="{TRUSTED_IDP_SAML_ASSERTION=rejected}
  • SAML2Assertion does not specify Subject NameID.com.sap.security.saml2.sp.sso.exception.BadCredentialsException: SAML2Assertion does not specify Subject NameID.

Note: This topic fails to consulting category. Microsoft is responsible to do this configuration. However this KBA provides some hints to troubleshoot and solve this issue.


Read more...

Environment

  • SAP Cloud Platform Identity Authentication Service
  • Microsoft Active Directory Federation Services (AD FS)

Product

Identity Authentication 1.0

Keywords

ADFS, AD FS, Endpoint, Subject NameID , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.