SAML Error - Could not validate SAML response

satkum456
Kilo Explorer

‎03-12-2015 09:31 AM

when we click "Logout" button, we are getting the error message as "could not validate SAML Response". Also it says that logout happened successfully. I attached the saml properties and also SSO properties.

When the check box is checked for the property "Sign LogoutRequest. Set this property to true if the Identity Provider's SingleLogoutRequest service requires signed LogoutRequest.", it throws an error message as "could not validate SAML Response".

When the checkbox is not checked, it displays the error message as "An error occurred. Contact your administrator for more information.".

I attached the screenshot as well.

Preview file
82 KB
Preview file
76 KB
Preview file
76 KB
0 Helpfuls
  • 77,192 Views
11 REPLIES 11

jamesmcwhinney
Giga Guru

‎08-18-2016 07:32 AM

For what its worth,.   we had this error message today for a specific user.


When they tried to authenticate via SSO, it would flash that message and go to the log in screen.



It turned out that our IDP settings in ServiceNow were configured with email as the "user field" and the user in question didn't have an email address.


Ivan Prikhodko
Tera Contributor
In response to jamesmcwhinney

‎09-30-2016 03:29 AM

Hello James,




indeed, we also experienced the same issue - user account without "mail" attribute couldn't be authenticated, since we configured ADFS rules to use e-mail for inbound request from SNOW instance.


But meanwhile, I have another issue with single one user account in the domain, recently login name (sAMAccountname) has been changed due to user request. Since then, user can't login, instead "Could not validate SAML response" error message appears. So user have all attributes in sync with AD, but still, can't login.




I would much appreciate in case you or some other experts in the community provide me with any clue on how to troubleshoot and eliminate this issue.




Thank you.


0 Helpfuls

guille
Kilo Expert
In response to Ivan Prikhodko

‎12-01-2017 01:08 PM

Could be a dumb suggestion but...



Have you checked if the PEM Certificate field contains the alphanumeric code inside the certificate??   it must match the one on the certificate usually this is set automatically.



For example:



-----BEGIN CERTIFICATE-----


464864684sdfafafaf687da86dasdsadadaq


wdur0q9uq6dasdsadadaqwdur0q9u


.


.


.


-----END CERTIFICATE-----


0 Helpfuls

raja_chintha
Kilo Contributor

‎12-27-2017 11:43 PM

its a projection problem. who are using in this context@


1392138794
Thanks for all that you do!



Preview file
35 KB
0 Helpfuls

reeba1
Tera Contributor
In response to raja_chintha

‎04-12-2018 05:21 AM

Hi raja.chintha,

What  do you mean by the projection problem? 

 

 

 

0 Helpfuls