SAP Knowledge Base Article - Preview

3058189 - The digital signature of the received SAML2 message is invalid. Caused by: Certificate is expired

Symptom

  • Service provider may returns an error "User does not exist" in the browser.

  • In the IAS troubleshooting log the following error message is displayed:
    Identity Provider could not process the authentication request received due to client error.
    The digital signature of the received SAML2 message is invalid. Caused by: Certificate is expired (Certificate NotAfter: <date and time>) Caused by: NotAfter: <date and time>

  • The SAML trace shows that the authentication request did not go to the Corporate Identity Provider and returned back to the service provider with the error message:
    <StatusMessage>The digital signature of the received SAML2 message is invalid.</StatusMessage>


Read more...

Environment

 Identity Authentication

Product

Identity Authentication all versions

Keywords

 SAML, certificate, expired, IAS,proxy, certificate, signing , KBA , BC-IAM-IDS , Identity Authentication Service , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.