on 03-04-2016 7:55 AM
Hi All,
I am having an issue with setting up SSO with ADFS as the Idp for SAP Fiori Launchpad.
I have managed to setup Fiori Dev and QA systems on the test ADFS system we temporarily created.
However, when we implement the same changes on the production ADFS, we get the below error:
CX_SAML20_CORE: The validation of message 'Response' failed. Long text: The validation of message 'Response' failed.
at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 57)
at CL_SAML20_RESPONSE->VALIDATE(Line 72)
at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 86)
at CL_HTTP_SAML20->PROCESS_LOGON(Line 303)
at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2491)
Caused by: CX_SAML20_CORE: Error in ST program SAML2_ASSERTION when importing XML data. Long text: Error in ST program SAML2_ASSERTION when importing XML data. Diagnosis Signature verification failed (for signer) or Enve System Response Procedure Check the trace of the current work process dev_w. At level 2 you can find further information about the error. Procedure for System Administration
at CL_SAML20_ABSTRACT_MSG->VERIFY_SIGNATURE(Line 134)
at CL_SAML20_ABSTRACT_MSG->DECRYPT(Line 107)
at CL_SAML20_ABSTRACT_MSG->PARSE_XML(Line 252)
at CL_SAML20_ASSERTION->CREATE_FROM_XML(Line 52)
at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 32)
at CL_SAML20_RESPONSE->VALIDATE(Line 72)
at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 86)
at CL_HTTP_SAML20->PROCESS_LOGON(Line 303)
at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2491)
Caused by: CX_SEC_SXML_ERROR: SSFW_KRN_VERIFY failed with: Signature verification failed (for signer) or Envelope failed (for recipient)
at CL_SEC_SXML_DSIGNATURE->HANDLE_SSF_ERROR(Line 51)
We followed the following document
Hello,
Could you please make sure that both ADFS and the ABAP Service Provider are using certificates with SHA-256 algorithm?
This issue usually happens when IdP or SP are using SHA-1 certificates for signing the SAML response metadata.
Cheers,
Filipe Santos
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have exactly the same issue on production after importing new ADFS certificates. Did you find a solution?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
72 | |
11 | |
10 | |
7 | |
6 | |
6 | |
6 | |
6 | |
5 | |
5 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.