How to fix SAP error WSS020?

Self-Explanatory Message Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of messages in the SAP system have a message text, however this is frequently insufficient to comprehend or resolve the problem. To make things easier, more detailed information is frequently added to describe the issue, how to fix it, and the necessary steps or configuration modifications. Unfortunately, there isn't any extra information in this error notice. What else can you do? First, use our AnswerBot below to get a possible cause and solution (requires a premium subscription). Also, review the in-depth Common Questions & Answers listed below; you could discover a solution there or be able to connect with others who have faced similar challenges. You can also try searching the SAP support portal (support.sap.com) but you need a special user ID to access it. It is possible that an SAP support note exists that provides additional details about the mistake or even steps for fixing it.

How To Fix WSS020 - Signature check failed (part not signed: &1)

Instant Help Get instant SAP help. Sign up for our Free Essentials Plan.

SAP Error Message - Details

Message type: E = Error
Message class: WSS - Web Services Security
Message number: 020
Message text: Signature check failed (part not signed: &1)
Show details Hide details
Self-Explanatory Message
Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of messages in the SAP system have a message text, however this is frequently insufficient to comprehend or resolve the problem.
To make things easier, more detailed information is frequently added to describe the issue, how to fix it, and the necessary steps or configuration modifications.
Unfortunately, there isn't any extra information in this error notice.

What else can you do?
First, use our AnswerBot below to get a possible cause and solution (requires a premium subscription).
Also, review the in-depth Common Questions & Answers listed below; you could discover a solution there or be able to connect with others who have faced similar challenges.

You can also try searching the SAP support portal (support.sap.com) but you need a special user ID to access it. It is possible that an SAP support note exists that provides additional details about the mistake or even steps for fixing it.

Smart SAP Assistant

What is the cause and solution for SAP error message WSS020 - Signature check failed (part not signed: &1) ?

SAP Error Message:
WSS020 Signature check failed (part not signed: &1)

Cause

This error occurs during the processing of XML messages secured with XML Digital Signatures in SAP Web Services or PI/PO scenarios. Specifically, it means that the signature verification failed because a part of the XML message that was expected to be signed is either:

Not signed at all, or
The signature does not cover the specified part.

The placeholder &1 in the message indicates the name or identifier of the XML part (e.g., an element or node) that was expected to be signed but was not.

Common causes include:

The sender did not sign the required XML element(s) as per the WS-Security policy.
The WS-Security policy on the receiver side expects certain parts to be signed, but the incoming message does not comply.
The signature references are incorrect or missing.
The message was altered after signing, invalidating the signature.
Mismatch in canonicalization or digest algorithms between sender and receiver.

Solution

Check WS-Security Policy:
- Verify the WS-Security policy configuration on the SAP system (receiver).
- Confirm which parts of the message are required to be signed.
- Adjust the policy if necessary to match the sender's signing behavior.
Verify Sender's Signature:
- Ensure the sender signs all required parts of the XML message.
- Confirm that the signature references the correct XML elements.
- Check that the sender uses compatible algorithms and canonicalization methods.
Message Integrity:
- Make sure the message is not modified after signing.
- If message transformations occur (e.g., in PI/PO), ensure they do not break the signature.
Debugging:
- Enable detailed logging for WS-Security processing in SAP to get more information.
- Use tools like XMLSec or SOAP UI to validate the signature outside SAP.
- Compare the signed parts in the incoming message with the WS-Security policy.
SAP Notes and Documentation:
- Search for relevant SAP Notes related to WS-Security signature issues.
- Review SAP Help Portal documentation on WS-Security configuration.

Related Information

SAP WS-Security Framework: SAP uses WS-Security standards to secure SOAP messages. The signature ensures message integrity and authenticity.
Error Context: This error typically appears in scenarios involving SOAP web services, SAP PI/PO message processing, or any integration using WS-Security.
SAP Transaction / Tools:
- Use transaction STRUST to manage certificates and keys.
- Use transaction SICF to check web service configurations.
- Use transaction SMICM and logs for communication errors.
- Enable trace for WS-Security in the SAP system profile parameters or via SOAMANAGER.

Summary

Aspect	Details
Error	WSS020 Signature check failed (part not signed: &1)
Cause	Expected XML part is not signed or signature invalid/missing for that part
Solution	Verify WS-Security policy, ensure sender signs required parts, check message integrity
Tools	STRUST, SOAMANAGER, SOAP UI, XMLSec, SAP Notes
Context	SOAP Web Services, SAP PI/PO, WS-Security signature verification

If you provide the exact XML message or WS-Security policy, I can help analyze the specific part causing the issue.

Instant Help Get instant SAP help. Sign up for our Free Essentials Plan.

Related SAP Error Messages

Click the links below to see the following related messages:

WSS019 Signature check failed - WP: &1 SSF_PAB: &2
What causes this issue? The X.509 signature was rejected by the system.System Response How to fix this error? The signature is checked against the ...
WSS018 No connection to the Security Token Service of this Web Service found.
Self-Explanatory Message Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of...
WSS021 Message expired (&1 &2 &3 )
Self-Explanatory Message Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of...
WSS022 No trusted certificate for SAML authentication found (DN &1&2)
What causes this issue? The system received a SAML assertion, which is not trusted by the SAP system.System Response The system issues an error mess...

Click on this link to search all SAP messages.

ERPlingo's SAP support assistant is amazing. Saves me countless hours trying to solve complex SAP issues myself. It's a real game changer!

Thomas Michael
SAP Consultant, Author & Speaker