Tracing a failed SAML 2.0 SSO shows similar errors:
Received unsigned authentication Response (top level status code: urn:oasis:names:tc:SAML:2.0:status:Success, second level status code: <null>) from Identity Provider: https://<idp_host> through binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
SAML2Assertion received could not be decrypted
Caused by: com.sap.engine.lib.xml.signature.SignatureException: EME-OAEP_DECODE error - pHash does not equal pHash'
SAML2Assertion validation failed.
com.sap.security.saml2.sp.exception.BadCredentialsException: Rejected not signed Response
SAP NetWeaver Release Independent
KBA , BC-JAS-SEC-SML , JAVA SAML 1.1 and 2.0 , BC-JAS-SEC-LGN , Logon, SSO , Problem
About this pageThis is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).
Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.