SAP Knowledge Base Article - Public

3109771 - 2H2021 Learning Get SAML authentication error: “SAML response could not be authenticated…”


After upgrading to 2H2021 you receive SSO error navigating to Learning from Bizx:

  • Get SAML authentication error: “SAML response could not be authenticated…”


SAP SuccessFactors Learning

Reproducing the Issue

The Assertion Consumer Service (ACS) url is misconfigured (although it may be working in current misconfiguration prior to release).
Navigate from Bizx to Learning and get error after release.


The 2H2021 release requires stronger signing, see KBA 3068321 - Outbound SSO migration to SHA-256(Authorized SP Assertion Consumer Service Settings).
This will require this flag to be set in provisioning as 2h2021 learning will only respond to SHA-256 signed requests.
In order to assist customers, since this setting is in provisioning, a script is run that sets this SHA-256 flag automatically; however if the ACS URL is misconfigured this script does not execute on your system.


Ensure the ACS URLs are correct & enable the SHA-256 flag and application dropdown.
Note: The ACS URLs should appear like https://[tenantURLdomain]/learning/saml/SSO & https://[tenantURLdomain]/learning/saml/SingleLogout, e.g. 

See Also

2449659 - SSO Implementation issues | SHA-256 vs SHA-1 encryption algorithms


sap, sf, learning, saml, sso, lms, error, authenticated, authentication, sha-256, acs, assertion consumer service, url , KBA , LOD-SF-LMS-INT , Integrations with BizX , Problem


SAP SuccessFactors Learning all versions