2487567 - Troubleshooting SAML assertions when configuring SAML SSO in SAP Analytics Cloud

SAP Knowledge Base Articles - public

2487567 - Troubleshooting SAML assertions when configuring SAML SSO in SAP Analytics Cloud


You are configuring SAML SSO in SAP Analytics Cloud. When you validate the account you get an error message, pop-up window or a screen whith this message:

We've encountered an unexpected issue.
Please try again later or contact your system administrator if the problem persists.


  • SAP Analytics Cloud 2017
  • SAML IdP Provider of your choice


Install a Chrome Extension

There are multiple tools and extensions that can help you read the SAML assertion. In this example, I am using SAML Chrome panel.

We can capture and display the SAML assertions if we open Chrome Develper Tools and select the new tab SAML after installing the extension.


You will need to activate this extension in Incognito mode as well while validating the SAML configuration. To do that go to:

Chrome menu Extensions:


What to capture

  • When you are offered to validate your configuration, open your incognito Window
  • Open the Chrome Web development tools (F12 or Option + Command + I in MacOS)
  • Paste the URL from the validate windows
  • You should get redirected from SAP Analytics Cloud to your SAML IdP
  • Type your username / password, after you should be redirected back to SAP Analytics Cloud.

In the last entry for the SAML Plugin, search for the content NameID, similar to:

            <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><SubjectConfirmationData

Case Sensitive

SAP Analytics Cloud is case sensitive. If your NameID returned by your SAML IdP is Rose, it will fail as your User ID in SAC is ROSE (uppercase). There is currently an enhancement created to be evaluated by development. This KBA will be updated when that enhancement is implemented.

  • USER IDs in SAP Analytics Cloud are all Uppercase while the SAML IdP may be passing the NameID in lowercase.
  • E-mail is also case sensitive, you need to verify that your SAML IdP email entries match uppercase and lowercase exactly with the entries in SAP Analtyics Cloud. user@company.com will be rejected if the entry is User@company.com in SAC

See Also

Your feedback is important to help us improve our knowledge base.
Please rate how useful you found this article by using the star rating feature at the beginning of this article.
Thank you.


SAML, SSO, authentication, EPM-ODS, Cloud for Analytics, C4P, Cloud4Analytics, CloudforAnalytics, Cloud 4 Planning, HCP, C4A, BOC, SAPBusinessObjectsCloud, BusinessObjectsCloud, BOBJ, BOBJcloud, BOCloud., BICloud, SBOC, SAC , KBA , saml , adf , LOD-ANA , SAP Analytics Cloud , LOD-ANA-BI , SAP Analytics Cloud - Business Intelligence (BOC) , LOD-ANA-PL , SAP Analytics Cloud – Planning (BOC) , LOD-ANA-BR , SAP Analytics Cloud - Digital Boardroom , LOD-ANA-PR , SAP Analytics Cloud – Predictive (BOC) , How To


SAP Analytics Cloud 1.0