2425774 - CX_SAML20_ASSERTION: Attribute 'Subject' of element 'SPNameQualifier' is invalid | SAP Knowledge Base Article

SAP Knowledge Base Article - Preview

2425774 - CX_SAML20_ASSERTION: Attribute 'Subject' of element 'SPNameQualifier' is invalid

Symptom

SAML 2.0 traces show the following error about validation of message 'Response':

SAML20 SP (client 140 ):  Exception raised:
SAML20 SAML20 CX_SAML20_CORE: The validation of message 'Response' failed. Long text: The validation of message 'Response' failed.
SAML20     at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 57)
SAML20     at CL_SAML20_RESPONSE->VALIDATE(Line 72)
SAML20     at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 87)
SAML20     at CL_HTTP_SAML20->PROCESS_LOGON(Line 340)
SAML20     at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
SAML20     at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2224)
SAML20 Caused by: CX_SAML20_ASSERTION: Attribute 'Subject' of element 'SPNameQualifier' is invalid. Long text: Attribute 'Subject' of element 'SPNameQualifier' is invalid.
SAML20     at CL_SAML20_ASSERTION->VALIDATE_SUBJECT_SSO(Line 166)
SAML20     at CL_SAML20_ASSERTION->VALIDATE_ASSERTION(Line 27)
SAML20     at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 50)
SAML20     at CL_SAML20_RESPONSE->VALIDATE(Line 72)
SAML20     at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 87)
SAML20     at CL_HTTP_SAML20->PROCESS_LOGON(Line 340)
SAML20     at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
SAML20     at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2224)

SAML 2.0 traces can be captured using Security Diagnostic Tool. See the link for more information.


Read more...

Environment

In a NetWeaver ABAP system where SAML 2.0 authentication is used.

  • SAP Netweaver AS ABAP 7.02
  • SAP Netweaver AS ABAP 7.30
  • SAP Netweaver AS ABAP 7.31
  • SAP Netweaver AS ABAP 7.40
  • SAP Netweaver AS ABAP 7.50 and higher

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 1 for SAP NetWeaver 7.3 ; SAP enhancement package 2 for SAP NetWeaver 7.0

Keywords

The validation of message 'Response' failed, affiliation, Local Provider. , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , BC-SEC-LGN , Authentication and SSO , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.