Hi All,
I am having an issue with setting up SSO with ADFS as the Idp for SAP Fiori Launchpad.
I have managed to setup Fiori Dev and QA systems on the test ADFS system we temporarily created.
However, when we implement the same changes on the production ADFS, we get the below error:
CX_SAML20_CORE: The validation of message 'Response' failed. Long text: The validation of message 'Response' failed.
at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 57)
at CL_SAML20_RESPONSE->VALIDATE(Line 72)
at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 86)
at CL_HTTP_SAML20->PROCESS_LOGON(Line 303)
at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2491)
Caused by: CX_SAML20_CORE: Error in ST program SAML2_ASSERTION when importing XML data. Long text: Error in ST program SAML2_ASSERTION when importing XML data. Diagnosis Signature verification failed (for signer) or Enve System Response Procedure Check the trace of the current work process dev_w. At level 2 you can find further information about the error. Procedure for System Administration
at CL_SAML20_ABSTRACT_MSG->VERIFY_SIGNATURE(Line 134)
at CL_SAML20_ABSTRACT_MSG->DECRYPT(Line 107)
at CL_SAML20_ABSTRACT_MSG->PARSE_XML(Line 252)
at CL_SAML20_ASSERTION->CREATE_FROM_XML(Line 52)
at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 32)
at CL_SAML20_RESPONSE->VALIDATE(Line 72)
at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 86)
at CL_HTTP_SAML20->PROCESS_LOGON(Line 303)
at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 62)
at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2491)
Caused by: CX_SEC_SXML_ERROR: SSFW_KRN_VERIFY failed with: Signature verification failed (for signer) or Envelope failed (for recipient)
at CL_SEC_SXML_DSIGNATURE->HANDLE_SSF_ERROR(Line 51)
We followed the following document