SAP Knowledge Base Article - Preview

2437217 - SAML2.0: Signature validation with the configured primary certificate failed

Symptom

Performing SAML 2.0 authentication fails and one of the following error messages is raised:

  • "Signature validation with the configured primary certificate failed..."
  • "CX_SEC_SXML_ERROR: SSFW_KRN_VERIFY failed with: Signature verification failed (for signer) or Envelope failed (for recipient)"
  • Caused by: CX_SAML20_CORE: Error in ST program SAML2_ASSERTION when importing XML data. Long text: Error in ST program SAML2_ASSERTION when importing XML data.
  • Caused by: CX_SEC_SXML_ERROR:
    SAML20 at CL_SEC_SXML_DSIGNATURE->VERIFY_XML(Line 315)

The error appears in the SAML 2.0 traces which can be collected with the Security Diagnostic tool.


Read more...

Environment

  • SAP enhancement package 2 for SAP NetWeaver 7.0
  • SAP NetWeaver 7.3
  • SAP enhancement package 1 for SAP NetWeaver 7.3
  • SAP NetWeaver 7.4
  • SAP NetWeaver 7.5 and higher

Product

SAP NetWeaver 7.3 ; SAP NetWeaver 7.4 ; SAP NetWeaver 7.5 ; SAP enhancement package 2 for SAP NetWeaver 7.0 ; SAP enhancement package 3 for SAP NetWeaver 7.0

Keywords

SAML2.0 CX_SEC_SXML_ERROR SSFW_KRN_VERIFY Signature verification validation SSFW_KRN_VERIFY failed with: Signature verification failed , KBA , BC-SEC-LGN-SML , SAML 2.0 for ABAP , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.