Skip to Content

Fiori SSO with ADFS

Dear colleagues,

We have configured SP initiated SSO Fiori with ADFS IDP.

We are getting below error in the logs,

CX_SAML20_ASSERTION: Attribute 'SessionIndex' of element 'AuthnStatement' does not exist. Long text: Attribute 'SessionIndex' of element 'AuthnStatement' does not exist.

Please provide the inputs to fix the issue.

Regards,

Sree

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

1 Answer

  • Posted on Sep 29, 2018 at 07:02 AM

    <--Please don't be surprised if no one answers-->

    Because lately, I read such questions... In general, if you want to get reliable answers from experts here and you don't use google to check for similar issues, at least please take your time and provide more details.

    Without information like:

    • Environment: NW Release, ADFS version
    • Configuration steps
    • Screenshots
    • Traces

    it will hardly be possible to provide a meaningful answer.

    A look into my "magic ball" tells me it could be "something" related to a misconfigured rule inside the ADFS relying party configuration. Mostly the "NameID" claim is missing in the assertion issued by the IdP, at least that is what good old Google told me (first search result). Use the SAML2 diagnostic tool - it provides very much details …/sap/bc/webdynpro/sap/sec_diag_tool?sap-client=xxx

    Cheers, Carsten

    Add a comment
    10|10000 characters needed characters exceeded

    • Hi Carsten,

      The scenario is SSO set up for C4C with MS ADFS. The basic configuration is completed.

      Below is the error after the user id and password has been provided in the SSO URL of C4C.

      Do you know what could be causing this issue ? Also how do we identify the issue logs in C4C systems for SSO ?

      CX_SAML20_CORE: The validation of message 'Response' failed. Long text: The validation of message 'Response' failed.
      at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 48)
      at CL_SAML20_RESPONSE->VALIDATE(Line 81)
      at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 78)
      at CL_HTTP_SAML20->PROCESS_LOGON(Line 187)
      at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 64)
      at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2380)
      Caused by: CX_SAML20_ASSERTION: Attribute 'SessionIndex' of element 'AuthnStatement' does not exist. Long text: Attribute 'SessionIndex' of element 'AuthnStatement' does not exist.
      at CL_SAML20_ASSERTION->VALIDATE_ASSERTION(Line 91)
      at CL_SAML20_RESPONSE->VALIDATE_ASSERTION(Line 41)
      at CL_SAML20_RESPONSE->VALIDATE(Line 81)
      at CL_SAML20_SSO->VALIDATE_RESPONSE(Line 78)
      at CL_HTTP_SAML20->PROCESS_LOGON(Line 187)
      at CL_ICF_SAML_LOGIN->PROCESS_LOGON(Line 64)
      at CL_HTTP_SERVER_NET->AUTHENTICATION(Line 2380)

      Any help is much appreciated.

      Thanks & Regards,

      Vaidya

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.