How To Fix WSS022 - No trusted certificate for SAML authentication found (DN &1&2)


WSS022 - Overview

  • Message type: E = Error

  • Message class: WSS - Web Services Security

  • Message number: 022

  • Message text: No trusted certificate for SAML authentication found (DN &1&2)

  • Show details Hide details
  • What causes this issue?

    The system received a SAML assertion, which is not trusted by the SAP
    system.

    System Response

    The system issues an error message and will not allow you to continue with this transaction until the error is resolved.

    How to fix this error?

    The SAML assertion (issuer &V3&) is using a X.509 certificate (&V1&&V2&)
    for signing, which was not trusted by the SAP system. To trus the issuer
    of the SAML assertion, obtain the certificate of the SAML issuer, and
    import it into the System PSE.
    Please ensure user mapping has been maintained. Please refer to the SAP
    documentation and note 1254821.
    SAML Issuer: &V3&
    Certificate DN: &V1&&V2&
    If you use report RSUSREXTID for maintaing the mapping, the following
    information if usefull:
    Type of External ID:SA
    Prefix of External Name: &V4&
    Name of Issuer: &V1&&V2&

    Procedure for System Administrators


    Error message extract from SAP system. Copyright SAP SE.


Smart SAP Assistant

  • What is the cause and solution for SAP error message WSS022 - No trusted certificate for SAML authentication found (DN &1&2) ?
    Certainly! Here's a detailed explanation of the SAP error message:
    
    SAP Error Message:
    WSS022 No trusted certificate for SAML authentication found (DN &1&2)
    
    
    Cause: This error occurs when the SAP system attempts to perform SAML (Security Assertion Markup Language) authentication but cannot find a trusted certificate corresponding to the Distinguished Name (DN) provided in the SAML assertion. Essentially, the system is trying to validate the signature or trust the issuer of the SAML token but fails because the certificate used to sign the SAML assertion is not present or not trusted in the SAP system's certificate store. Common reasons include: The certificate of the Identity Provider (IdP) is not imported or trusted in the SAP system. The certificate has expired or been revoked. The DN in the SAML assertion does not match any trusted certificate in the SAP system. The certificate is imported but not assigned correctly to the SAML configuration. The certificate store or trust configuration is incomplete or

    Already have an account? Login here!




Instant HelpGet instant SAP help. Sign up for our Free Essentials Plan.


Related SAP Error Messages

Click the links below to see the following related messages:

Click on this link to search all SAP messages.


Rating
ERPlingo simplifies finding the accurate answers to SAP message errors. I now use every week. A must have tool for anyone working with SAP! Highly recommended!
Rate 1
Kent Bettisworth
Executive SAP Consultant