SAML Error - Could not validate SAML response

satkum456
Kilo Explorer

‎03-12-2015 09:31 AM

when we click "Logout" button, we are getting the error message as "could not validate SAML Response". Also it says that logout happened successfully. I attached the saml properties and also SSO properties.

When the check box is checked for the property "Sign LogoutRequest. Set this property to true if the Identity Provider's SingleLogoutRequest service requires signed LogoutRequest.", it throws an error message as "could not validate SAML Response".

When the checkbox is not checked, it displays the error message as "An error occurred. Contact your administrator for more information.".

I attached the screenshot as well.

Preview file
82 KB
Preview file
76 KB
Preview file
76 KB
0 Helpfuls
  • 77,185 Views
11 REPLIES 11

ghaing
Giga Expert

‎03-12-2015 09:36 AM

Hi,



It is related to certificate, could you check if its not a expiration problem ?


Take a look here : Troubleshooting SAML and Updating Certificates


Regards,


0 Helpfuls

satkum456
Kilo Explorer
In response to ghaing

‎03-12-2015 11:48 AM

We don't have any problem with the certification expiration date. Also its a PEM certificate.


0 Helpfuls

dkg002165
Kilo Explorer

‎03-12-2015 10:11 AM

Seems issue is with your "The base URL to the Identity Provider's SingleLogoutRequest service" URL.



Try to resolve this URL directly on your browser .if you got same error then check with your company Authentication team who provided this.


0 Helpfuls

postwick
Giga Expert

‎03-12-2015 12:14 PM

For the Property "When SAML 2.0 single sign-on fails because the session is not authenticated..." you have the /IdpInitiatedSignon.aspx?login..... on the URL but shouldn't.   Just make it:



https://adfs-dev.altria.com/adfs/ls/



For the two "URl to redirect users" properties you have logout_success.do and external_logout_complete.do but these are default ServiceNow pages.   Leave those two properties blank.



The first one is likely your problem, but the redirect properties may also be the culprit.



Edit: someone else mentioned the SingleLogout property.   I've seen a lot of people have trouble trying to set this up, and even saw some comments from implementers that say they've never seen it work.   Do you really want it configured?   What that property does is tells ADFS to log the user out of ALL sessions in ALL apps, not just ServiceNow.


0 Helpfuls