ADFS Saml sso Login issue

mehak1890
Tera Expert

‎01-30-2018 05:19 AM

Dear All,

I have configured ADFS/ SAML in ServcieNow as per this videoHow to Configure ADFS 2.0 to Communicate with SAML 2.0 - YouTube

1.jpg

2.jpg

3.jpg

In Last during testing, Test the ADFS configuration

https://adfs.abc.com/adfs/ls/idpinitiatedsignon.aspx

its first ask me to select identifier which i configured in ADFS, afterthat its asked me to enter credentials and after that I navigated to ServcieNow instance.

Next step, i changed the setting as per documentation, "Enable external authentication" in SAML servcienow properties and logout and login again.

Now, when customer hitting https://adfs.abc.com/adfs/ls/idpinitiatedsignon.aspx   url and entering AD login details then he is able to navigate servcienow instance. And when he is hitting direct servcienow url then page is coming totally blank page.

I'm also facing same issue, SSO means servcienow instance page directly opened without credentials, but its not.

Pls pls help its very urgent.

Thanks,

Mehak

Preview file
54 KB
Preview file
96 KB
Preview file
111 KB
0 Helpfuls
  • 2,765 Views
11 REPLIES 11

corina
ServiceNow Employee
ServiceNow Employee
In response to mehak1890

‎01-30-2018 06:30 AM

Your error is


Could not extract Subject NameID from SAMLResponse.



You will need to check the following:



Confirm that IdP is returning the required NameID element in the SAMLResponse.Within the SAMLResponse XML, it should contain something like the following: <saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" NameQualifier="http://idp.ssocircle.com" SPNameQualifier="https://dloomac.service-now.com/navpage.do">david.loo@service-now.com</saml:NameID>
0 Helpfuls

mehak1890
Tera Expert
In response to corina

‎01-30-2018 06:37 AM

Hi Corina,


I have added this in transform claim rule type wizard as per ServcieNow video guidelines, so should i removed/ edit this if no name id?



8.png


Preview file
185 KB
0 Helpfuls

corina
ServiceNow Employee
ServiceNow Employee
In response to mehak1890

‎01-30-2018 06:42 AM

On the ADFS side I am not sure what it should be. You could test with all scnearios you have there.


On ServiceNow you could try with unspecified instead of email adress hereScreen Shot 2018-01-30 at 15.42.28.png:


Preview file
70 KB
0 Helpfuls

mehak1890
Tera Expert
In response to corina

‎01-30-2018 07:14 AM

I'm getting this error on home page, Could not extract Subject NameID from SAMLResponse


0 Helpfuls

mehak1890
Tera Expert
In response to mehak1890

‎01-30-2018 09:25 AM

Hi Corina/ All,


Urgent Help!


During debugging, i changed unspecified instaed of emailAddess.


Now i'm not able to open Servicenow instance, through https://adfs.abc.com/adfs/ls/idpinitiatedsignon.aspx I was trying but now m entring user name and password then its saying that error is user ******not found and logout successful window is coming, how i can open my servicenow instance.



pls pls help.


https://adfs.hes.scot/adfs/ls/idpinitiatedsignon.aspx


0 Helpfuls