SAP Knowledge Base Article - Public

3109771 - 2H2021 Learning Get SAML authentication error: “SAML response could not be authenticated…”

Symptom

After upgrading to 2H2021 you receive SSO error navigating to Learning from Bizx:

  • Get SAML authentication error: “SAML response could not be authenticated…”

Environment

SAP SuccessFactors Learning

Reproducing the Issue

The Assertion Consumer Service (ACS) url is misconfigured (although it may be working in current misconfiguration prior to release).
Navigate from Bizx to Learning and get error after release.

Cause

The 2H2021 release requires stronger signing, see KBA 3068321 - Outbound SSO migration to SHA-256(Authorized SP Assertion Consumer Service Settings).
This will require this flag to be set in provisioning as 2h2021 learning will only respond to SHA-256 signed requests.
In order to assist customers, since this setting is in provisioning, a script is run that sets this SHA-256 flag automatically; however if the ACS URL is misconfigured this script does not execute on your system.

Resolution

Ensure the ACS URLs are correct & enable the SHA-256 flag and application dropdown.
Note: The ACS URLs should appear like https://[tenantURLdomain]/learning/saml/SSO & https://[tenantURLdomain]/learning/saml/SingleLogout, e.g. https://customer.plateau.com/learning/saml/SSO 

See Also

2449659 - SSO Implementation issues | SHA-256 vs SHA-1 encryption algorithms

Keywords

sap, sf, learning, saml, sso, lms, error, authenticated, authentication, sha-256, acs, assertion consumer service, url , KBA , LOD-SF-LMS-INT , Integrations with BizX , Problem

Product

SAP SuccessFactors Learning all versions