Skip to Content

SAML Login to SAP CP CF using Azure AD B2C results in the error message "Invalid signature"

Hello SAP CP Cloud Foundry SAML Experts,

I've successfully setup my SAP Cloud Platform Cloud Foundry Trial Environment to use my Azure Active Directory (Azure AD) for the authentication of users. Now I want also to try Azure AD B2C. I've configured my tenant according to the guide Register a SAML application in Azure AD B2C. It works just fine using the Neo environment. But unfortunately in Cloud Foundry I get the following error message when I try to authenticate:

Response has invalid status code urn:oasis:names:tc:SAML:2.0:status:Requester, status message is Invalid signature.

Looking forward for your input.

Best regards
Gregor

CC: Maximilian Streifeneder Marius Obert Holger Bruchelt

Add a comment
10|10000 characters needed characters exceeded

Related questions

1 Answer

  • Posted on Apr 06 at 01:37 PM

    Hi Gregor,

    hope you are doing good! Long time no see!

    I checked out your scenario with a B2C tenant on my side and my CF Trial account. After some edits in the manifest file of the registered app in the B2C tenant I was able to successfully federate the CF subaccount with my tenant. Here is a short summary of what I did in the app manifest (in Azure Portal under <Your B2C tenant> -> App registrations (preview) -> <Your app> -> Manifest):

    • Change/add the "identifierUris" to contain the value of the element in SAML request sent by CF UAA, e.g. [" https://4457e38dtrial.authentication.eu10.hana.ondemand.com"] in my case
    • Add the following element (sample) to the "replyUrlsWithType". This value must match Your AssertionConsumerService URL (can also be found in the SAML request):

    {
    "url":"https://4457e38dtrial.authentication.eu10.hana.ondemand.com/saml/SSO/alias/4457e38dtrial.aws-live-eu10",
    "type":"Web"
    }

    Hope this helps to get setup working. Otherwise let me know and we can setup a short call ;-)

    Best regards

    Martin

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.