SAP Knowledge Base Article - Preview

2260582 - SAML2Assertion received could not be decrypted

Symptom

The authentication using the Security Assertion Markup Language (SAML) 2.0 fails prompting the user to enter the user and password. The following error message is recorded in the traces:

 

SAML2Assertion received could not be decrypted.
...
Caused by: java.security.InvalidKeyException: This key is not allowed due to the crypto policy file in use. Using Unlimited Strength Jurisdiction Policy Files will fix the problem (Note: 989517).
...
Caused by: java.security.InvalidKeyException: Illegal key size


Read more...

Environment

SAML 2.0 Service Provider

  • NetWeaver AS Java
  • NetWeaver AS ABAP

SAML 2.0 Identity Provider

  • Part of NetWeaver Single Sign-On product
  • IDMFEDERATION SCA have to be installed on top of NetWeaver AS Java
  • Due to historical reasons IDMFEDERATION SCA is also part of SAP Identity Management

Product

SAP Identity Management 8.0 ; SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP NetWeaver Application Server for Java 7.2 ; SAP NetWeaver Identity Management 7.2 ; SAP enhancement package 1 for SAP NetWeaver 7.3

Keywords

saml login module authentication stack JavaEE AS Java SAML2.0 Troubleshooting troubleshooting wizard errors trace log debug IDP SP Idp certificate JCE Cryptography Jurisdiction Policy Files , KBA , BC-JAS-SEC , Security, User Management , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.