MultiSSOv2 Issue
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-22-2022 08:49 AM
Evening all
I have just gone through the process of upgrading the MultiSSO to V2. Customized the scripts where needed but thats a whole other story. When on the Identity provider record I press test connection It errors straight away. I was hoping someone may have an idea what the cause is.
I have on the IDP changed the single sign on script to the new MultiSSOv2_SAML2_custom and put customized code in there. What is odd is that when i test incognito browser i actually do get redirected correctly for it to enter my deets and it allows me to log on.
Im trying to work my way through the issues starting with the cause and fix of the below. I have removed the URL for the instance environments for obvious reasons from the error logs below.
Also to note I havnt made any changes to the IDP record other than swapping around the single sign on script.
SSO Login Test Results
| AuthnRequest generation error |
| Failed to generate authnrequest |
SSO Logout Test Results
| Cannot logout of IDP's session |
| IDP's Login connection failed. Session does not exist on IDP to test logout. |
SSO Test Connection Summary
| Test connection failed. Please fix the issues highlighted above. Test details can be found in the logs. Click the"Close"button to close this window and continue editing the SSO configuration.
|
09/22/22 16:35:44 (050) SSO_Helper.getHeaderOrCookie name: glide_sso_id
09/22/22 16:35:44 (051) Value: 7cb23f131b121100227e5581be071355 from request session
09/22/22 16:35:44 (053) field changed: name, value =SAML2+Update1
09/22/22 16:35:44 (054) masked field changed: signing_key_password
09/22/22 16:35:44 (055) sso_id:7cb23f131b121100227e5581be071355
09/22/22 16:35:44 (056) User attempting to login using SSO SAML2+Update1
09/22/22 16:35:44 (057) ScriptName : MultiSSOv2_SAML2_custom
09/22/22 16:35:44 (058) Use the SSOHelper passed in.
09/22/22 16:35:44 (058) Read from column : service_url, value: https:// dev.service-now.com/navpage.do
09/22/22 16:35:44 (059) Read from column : clock_skew, value: 180
09/22/22 16:35:44 (059) SAMLResponseObject not found in GlideController.
09/22/22 16:35:44 (060) Read from column : idp_authnrequest_url, value: https://sso2..com/saml2/idp/SSOService.php
09/22/22 16:35:44 (060) Read from column : force_authn, value: 0
09/22/22 16:35:44 (060) Read from column : is_passive, value: 0
09/22/22 16:35:44 (061) Read from column : issuer, value: https://.service-now.com
09/22/22 16:35:44 (061) Read from column : nameid_policy, value: urn:oasis:names:tc:SAML:2.0:attrname-format:username
09/22/22 16:35:44 (062) Read from column : service_url, value: https://.service-now.com/navpage.do
09/22/22 16:35:44 (062) Read from column : idp_authnrequest_url, value: https://sso2..com/saml2/idp/SSOService.php
09/22/22 16:35:44 (063) Read from column : createrequestedauthncontext, value: 1
09/22/22 16:35:44 (063) Read from column : authncontextcassref_method, value: urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
09/22/22 16:35:44 (064) SAML Request xml: <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://.service-now.com/navpage.do" Destination="https://sso2..com/saml2/idp/SSOService.php" ForceAuthn="false" ID="SNCb284208e6627b8f08a1c5dd029478255" IsPassive="false" IssueInstant="2022-09-22T15:35:44.061Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="https://.service-now.com/navpage.do" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://.service-now.com</saml2:Issuer><saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:attrname-format:username"/><saml2p:RequestedAuthnContext Comparison="exact"><saml2:AuthnContextClassRef xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef></saml2p:RequestedAuthnContext></saml2p:AuthnRequest>
09/22/22 16:35:44 (064) Stripping down the serviceURL: https://.service-now.com/navpage.do to a base URL of: https://.service-now.com
09/22/22 16:35:44 (065) loginRedirectURL: null
09/22/22 16:35:44 (065) original starting_page: null
09/22/22 16:35:44 (066) requestURI: /xmlhttp.do
09/22/22 16:35:44 (066) Query String (qs): null
09/22/22 16:35:44 (066) CMS site name: null
09/22/22 16:35:44 (067) Is this a request to access a service portal ? - null
09/22/22 16:35:44 (067) There may be Deep Linking involved with this SAML request
09/22/22 16:35:44 (068) RequestURI :/xmlhttp.do
09/22/22 16:35:44 (068) Generating a Relay State of: https://.service-now.com/saml_redirector.do?sysparm_nostack=true&sysparm_uri=%2Fnav_to.do%3Furi%3D%252Fxmlhttp.do
09/22/22 16:35:44 (068) Read from column : require_signed_authnrequest, value: 0
09/22/22 16:35:44 (069) Redirecting to: https://sso2..com/saml2/idp/SSOService.php?SAMLRequest=nVNNbxoxEP0rK9%2F3A5clxGKRKKgqUpqsWJpDb8YegqVd2%2FV4gf77ehcSOKRE6dEzb%2Ba9eTOeIG9qatms9Tu9gt8toI%2BOTa2RnTIFaZ1mhqNCpnkDyLxg1ezHA6NJxqwz3ghTk2iGCM4ro%2BdGY9uAq8DtlYCfq4eC7Ly3yNKUS269hH2Cp2SszSERpkk131v%2BAok0JFoECUrzrtelEtHQRHLPrbLQl%2FTyUiVtWlVPZ7LE7iyJvhknoB%2BoIFteI5BouShI9Tjf0PGQZmMYjejdZrzNxnwgcikzej%2B8G9M8D0AsOaLaw6UUsYWlRs%2B1LwjNKI2z%2B5jS9SBnX3I2HCbZaPCLROXZiq9KS6Vfbvu2OYGQfV%2Bvy7h8qtZ9g72S4B4D%2BpOWPYPD3q7Qm0wnvTWsF%2B6ul3lbE3%2FdIJl%2BRD5JrynOhJZ1ypeL0tRK%2FIlmdW0Ocwfch2m8a6FfTMP9Byq8d1003vZg1gbq7k3SN5rzmYLsdxzuzcPRR3PTWO4UdjbAkQv%2FZsQ1bF6HMVew%2FS9bbsIEE13vEO4u6GCc7C4CRNC5dlyjNc6%2F%2Bvaeouk5%2BY%2F5Lunrrzr9Cw%3D%3D&RelayState=https%3A%2F%2F.service-now.com%2Fsaml_redirector.do%3Fsysparm_nostack%3Dtrue%26sysparm_uri%3D%252Fnav_to.do%253Furi%253D%25252Fxmlhttp.do
09/22/22 16:35:44 (069) userToLogin: https://sso2..com/saml2/idp/SSOService.php?SAMLRequest=nVNNbxoxEP0rK9%2F3A5clxGKRKKgqUpqsWJpDb8YegqVd2%2FV4gf77ehcSOKRE6dEzb%2Ba9eTOeIG9qatms9Tu9gt8toI%2BOTa2RnTIFaZ1mhqNCpnkDyLxg1ezHA6NJxqwz3ghTk2iGCM4ro%2BdGY9uAq8DtlYCfq4eC7Ly3yNKUS269hH2Cp2SszSERpkk131v%2BAok0JFoECUrzrtelEtHQRHLPrbLQl%2FTyUiVtWlVPZ7LE7iyJvhknoB%2BoIFteI5BouShI9Tjf0PGQZmMYjejdZrzNxnwgcikzej%2B8G9M8D0AsOaLaw6UUsYWlRs%2B1LwjNKI2z%2B5jS9SBnX3I2HCbZaPCLROXZiq9KS6Vfbvu2OYGQfV%2Bvy7h8qtZ9g72S4B4D%2BpOWPYPD3q7Qm0wnvTWsF%2B6ul3lbE3%2FdIJl%2BRD5JrynOhJZ1ypeL0tRK%2FIlmdW0Ocwfch2m8a6FfTMP9Byq8d1003vZg1gbq7k3SN5rzmYLsdxzuzcPRR3PTWO4UdjbAkQv%2FZsQ1bF6HMVew%2FS9bbsIEE13vEO4u6GCc7C4CRNC5dlyjNc6%2F%2Bvaeouk5%2BY%2F5Lunrrzr9Cw%3D%3D&RelayState=https%3A%2F%2F.service-now.com%2Fsaml_redirector.do%3Fsysparm_nostack%3Dtrue%26sysparm_uri%3D%252Fnav_to.do%253Furi%253D%25252Fxmlhttp.do
09/22/22 16:35:44 (070) class org.mozilla.javascript.ConsString cannot be cast to class java.lang.String (org.mozilla.javascript.ConsString is in unnamed module of loader com.snc.orbit.container.tomcat8.Tomcat8$OrbitTomcat8ClassLoader @1c42a76; java.lang.String is in module java.base of loader 'bootstrap')
09/22/22 16:35:44 (070) error performing test conneciton java.lang.ClassCastException: class org.mozilla.javascript.ConsString cannot be cast to class java.lang.String (org.mozilla.javascript.ConsString is in unnamed module of loader com.snc.orbit.container.tomcat8.Tomcat8$OrbitTomcat8ClassLoader @1c42a76; java.lang.String is in module java.base of loader 'bootstrap')
09/22/22 16:35:44 (070) Read from column : popup_dlg_width, value: 900
09/22/22 16:35:44 (071) Read from column : popup_dlg_height, value: 800
09/22/22 16:35:44 (172) User session is using SSO : 7cb23f131b121100227e5581be071355
09/22/22 16:35:44 (172) Testing SSO: null
09/22/22 16:35:44 (173) StatusCode: null
09/22/22 16:35:44 (174) **** NEED LOGOUT SET TO TRUE ****
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-10-2022 03:28 AM
Hi,
First, I recommend dont change the customize code and try to check the test connection. If error persist with OOB script you should solve the error and test the connection. All connection successful you should try with custom script.
Regards,
Suresh.
Suresh.
