After upgrading to 2H2021 you receive SSO error navigating to Learning from Bizx:
- Get SAML authentication error: “SAML response could not be authenticated…”
SAP SuccessFactors Learning
Reproducing the Issue
The Assertion Consumer Service (ACS) url is misconfigured (although it may be working in current misconfiguration prior to release).
Navigate from Bizx to Learning and get error after release.
The 2H2021 release requires stronger signing, see KBA 3068321 - Outbound SSO migration to SHA-256(Authorized SP Assertion Consumer Service Settings).
This will require this flag to be set in provisioning as 2h2021 learning will only respond to SHA-256 signed requests.
In order to assist customers, since this setting is in provisioning, a script is run that sets this SHA-256 flag automatically; however if the ACS URL is misconfigured this script does not execute on your system.
Ensure the ACS URLs are correct & enable the SHA-256 flag and application dropdown.
Note: The ACS URLs should appear like https://[tenantURLdomain]/learning/saml/SSO & https://[tenantURLdomain]/learning/saml/SingleLogout, e.g. https://customer.plateau.com/learning/saml/SSO
2449659 - SSO Implementation issues | SHA-256 vs SHA-1 encryption algorithms
sap, sf, learning, saml, sso, lms, error, authenticated, authentication, sha-256, acs, assertion consumer service, url , KBA , LOD-SF-LMS-INT , Integrations with BizX , Problem