How To Fix WSS022 - No trusted certificate for SAML authentication found (DN &1&2)
WSS022 - Overview
Message type: E = Error
-
Message class:
WSS - Web Services Security -
Message number: 022
-
Message text: No trusted certificate for SAML authentication found (DN &1&2)
- Show details Hide details
-
What causes this issue?
The system received a SAML assertion, which is not trusted by the SAP
system.System Response
The system issues an error message and will not allow you to continue with this transaction until the error is resolved.
How to fix this error?
The SAML assertion (issuer &V3&) is using a X.509 certificate (&V1&&V2&)
for signing, which was not trusted by the SAP system. To trus the issuer
of the SAML assertion, obtain the certificate of the SAML issuer, and
import it into the System PSE.
Please ensure user mapping has been maintained. Please refer to the SAP
documentation and note 1254821.
SAML Issuer: &V3&
Certificate DN: &V1&&V2&
If you use report RSUSREXTID for maintaing the mapping, the following
information if usefull:
Type of External ID:SA
Prefix of External Name: &V4&
Name of Issuer: &V1&&V2&Procedure for System Administrators
Error message extract from SAP system. Copyright SAP SE.
Smart SAP Assistant
- What is the cause and solution for SAP error message
WSS022- No trusted certificate for SAML authentication found (DN &1&2) ?Certainly! Here's a detailed explanation of the SAP error message: SAP Error Message: WSS022 No trusted certificate for SAML authentication found (DN &1&2)
Cause: This error occurs when the SAP system attempts to perform SAML (Security Assertion Markup Language) authentication but cannot find a trusted certificate corresponding to the Distinguished Name (DN) provided in the SAML assertion. Essentially, the system is trying to validate the signature or trust the issuer of the SAML token but fails because the certificate used to sign the SAML assertion is not present or not trusted in the SAP system's certificate store. Common reasons include: The certificate of the Identity Provider (IdP) is not imported or trusted in the SAP system. The certificate has expired or been revoked. The DN in the SAML assertion does not match any trusted certificate in the SAP system. The certificate is imported but not assigned correctly to the SAML configuration. The certificate store or trust configuration is incomplete or
Get instant SAP help. Sign up for our Free Essentials Plan.
Related SAP Error Messages
Click the links below to see the following related messages:WSS021Message expired (&1 &2 &3 )
Self-Explanatory Message Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of...WSS020Signature check failed (part not signed: &1)
Self-Explanatory Message Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of...WSS023No mapping for SAML authentication found (Issuer &3)
What causes this issue? The system received a SAML assertion, but it did not find a usermapping to authenticate the user.System Response The system ...WSS024Error while creating wsse:UsernameToken.
Self-Explanatory Message Since SAP believes that this specific error message is 'self-explanatory,' no more information has been given.The majority of...
Click on this link to search all SAP messages.
ERPlingo simplifies finding the accurate answers to SAP message errors. I now use every week. A must have tool for anyone working with SAP! Highly recommended!
Executive SAP Consultant