Error when loggong on for external ID "": Error during SAML 2.0 logon

Hi,

I'm getting be below error when trying to use SAML SSO for a ABAP Webdynpro page on a NW 7.4 system. When I access the page, it redirects to the identity provider, comes back to the page and it shows the logon page. I'm looking for any ideas of things I could look at.

N  SAML20 SP (client 400): Incoming Response

N  SAML20 Binding:          POST

N  SAML20 IdP Name:         http://xxxxxx/adfs/services/trust

N  SAML20 Status Code:      urn:oasis:names:tc:SAML:2.0:status:Responder

N  SAML20 SP (client 400): Default ACS endpoint: https://xxxxxx/sap/saml2/sp/acs/400 , old default ACS endpoint

N  SAML-Trace: CALL 'SAML login': SY-SUBRC = 222 , PWDCHG = 0

N  *** ERROR => SAML-Trace: Path = /sap/bc/webdynpro/sap/oauth2_authority [sign.c       16519]

N  {root-id=005056AD26DF1ED4B69880FF4BE51F68}_{conn-id=005056AD26DF1ED4B69880FF4BE53F68}_1

N  *** ERROR => SAML-Trace: Returncode = 222 [sign.c       16519]

N  *** ERROR => SAML-Trace: Message class = SAML number = 011 [sign.c       16519]

N  *** ERROR => SAML-Trace: Message = Error when logging on for external ID "": Error during SAML 2.0 logon [sign.c       16519]

I have updated the service to use alternate logon procedure and added the handler CL_HTTP_EXT_SAML20

I have added the identity provider through transaction SAML2, but it does not seem to be working.

Here is a decrypted SAML assertion:

<samlp:Response ID="_9c844d84-8117-4851-8270-aeb12e935daf"

  Version="2.0"

  IssueInstant="2015-04-02T00:21:06.477Z"

  Destination="https://xxxxxxxxx/sap/saml2/sp/acs/400"

  Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"

  InResponseTo="S005056ad-26df-1ed4-b699-c4c630853f68"

  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"

  >

  <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">http://xxxxxxxx.com/adfs/services/trust</Issuer>

  <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">

  <ds:SignedInfo>

  <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

  <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />

  <ds:Reference URI="#_9c844d84-8117-4851-8270-aeb12e935daf">

  <ds:Transforms>

  <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />

  <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />

  </ds:Transforms>

  <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />

  <ds:DigestValue>08HK08VLpJC23JoQs+p+oHbDBvjRF+9NwBeowmlFTrY=</ds:DigestValue>

  </ds:Reference>

  </ds:SignedInfo>

  <ds:SignatureValue>xxxxxxx</ds:SignatureValue>

  <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">

  <ds:X509Data>

  <ds:X509Certificate>MIIFPjCCBCagAwIBAgIHAMFKH58TFzANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UEBhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xNDAxMjMxOTM3MThaFw0xNzAxMjMxOTM3MThaMEIxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEdMBsGA1UEAxMUZnNwcm94eTItZGV2LmlndC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDAM13/bboldFRmDGK3QBbxlDREoGuQEUWeroZCDM/tH7Rk+AjgXbc4pkon13EwKi7q9brzkBMCY3HH9Ep2BUHjopydy+AWQH9vjLK2wXD/+6T4FCG1i8Kt+lRrcxRWUugnBuK+BRgxEJDz7ap8KvcRk6ERWQrx5Co8K7ey5nEqjapCDJQg3Yrkxo2pEWGBKSIXXmpU+CgK03y4HOW19/rmdcyLThjchn+Jgxe8obL4tiVk4D/X36wOqtV/1cnIjGak/px/p1oQEGD5PC7F3FIZConhUu7PJDLmioqdGcimZvFiZK6xQJyzy90lm0dHRT1qhkC9TTsGvAAMCh/gn41xAgMBAAGjggHEMIIBwDAPBgNVHRMBAf8EBTADAQEAMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5nb2RhZGR5LmNvbS9nZGlnMnMxLTExLmNybDBTBgNVHSAETDBKMEgGC2CGSAGG/W0BBxcBMDkwNwYIKwYBBQUHAgEWK2h0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS8wdgYIKwYBBQUHAQEEajBoMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5nb2RhZGR5LmNvbS8wQAYIKwYBBQUHMAKGNGh0dHA6Ly9jZXJ0aWZpY2F0ZXMuZ29kYWRkeS5jb20vcmVwb3NpdG9yeS9nZGlnMi5jcnQwHwYDVR0jBBgwFoAUQMK9J47MNIMwojPX+2yz8LQsgM4wOQYDVR0RBDIwMIIUZnNwcm94eTItZGV2LmlndC5jb22CGHd3dy5mc3Byb3h5Mi1kZXYuaWd0LmNvbTAdBgNVHQ4EFgQUMRTW5O0fpR4kET2ED84QAS6ZXBowDQYJKoZIhvcNAQELBQADggEBAKCQfnSSA1gs6qyYKqAqQKhhRRhC4wMtZJLZUmMGPe2q+QM4dQxJgrFy2OVG6I4dXFrxINGlPdJVVXBKtLn9Fm2t0Cb8lAV3rLruEfRJTDK6MeDFOD5qXgU4higpuDGrAmqKvMIOk7VJA0gPbW4lasgqGQXzOspZCmCIWwOqcIDZRr0wo09QLidegr/phjZMzuy8IO0U1w7U6MX767qcl3RGcqRwpquMtMiaw5ROx9v3DK3JOemlqQwKy/uzzBohzYln6AYim8cnZMvfaKDLYNwE0+Rg6nmemlf6PXOjE3Uisc71v3uFstWsXzUPhDeQlycFzPDT4t4srIaxdMrEs3w=</ds:X509Certificate>

  </ds:X509Data>

  </KeyInfo>

  </ds:Signature>

  <samlp:Status>

  <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">

  <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:NoPassive" />

  </samlp:StatusCode>

  </samlp:Status>

</samlp:Response>