SAML ADFS first authentication SSO with error

Gaetano De Mitr · ‎05-23-2017

Hi,

I'm doing my first login to with SAML ADFS. When I login servicenow response with current error:

userToLogin: failed_authentication

could not validate SAML Response.

more information:

If I uncheck flag "Enable multiple provider SSO" (No value), in Multiple Provider SSO >> Properties.

not response with "could not validate SAML Response error", but when I login, I'm redirected on servicenow login page and not in homepage.

in attachment my log.

Regards,

Trevor Muhl · ‎05-23-2017

Hello Gaetano,

I recently upgraded our production instance to multi-provider SSO. While testing, I received the same error, "could not validate SAML response". This would occur when the default identity provider (IdP) was misconfigured. Ensure that "Encrypt Assertion" is correct (should probably be enabled).

Also, make sure that an X.509 certificate has been associated to the IdP using the form's related list. It is easy to forget about that certificate. Having multiple certificates will also cause similar issues if one or more are incorrect.

I hope this helps!

- Trevor Muhl

Gaetano De Mitr · ‎05-23-2017

Thank you for your answer.

I've checked "Encrypt Assertion" flag.

and I had just joined X.509 certificate.

but I have same error

Trevor Muhl · ‎05-23-2017

Ah, sorry to hear that. In this case, there is likely a separate issue with your IdP. You may have to check with your ADFS team to ensure that the alias, password, and certificate are correct.

One other note, did you modify the "Signing Signature Algorithm"? It is recommended to use the default value "http://www.w3.org/2000/09/xmldsig#rsa-sha1".

- Trevor Muhl

Gaetano De Mitr · ‎05-23-2017

I have just set this "Signing Signature Algorithm", but I have same error.

On Windows Server 2012 R2, I configurated ADFS correctly.

When I validate certificate , I got info messasge "Valid trust_store"