Unable to generate metadata from SSO Identity Provider

Go to solution
John Reynolds
Mega Expert

‎01-10-2018 12:32 PM

I am unable to genereate metadata from my ServiceNow instance when clicking on the "Generate Metadata" UI Action on a new Identity Provider record.

 

Steps to reporduce:

  1. Multiprovider SSO -> Identity Providers
  2. New
  3. Import my Identity Provider Metadata via XML and click Save
  4. Click on "Generate Metadata" button (next to "Test Connection")
  5. Opens a new tab with an empty text box that should contain instance metadata  

 

I have the Identity Provider set to Active and Default and a  valid x.509 Certificate associated with the IDP, however I am still getting nothing returned for metadata.

Labels:
  • 9,667 Views
1 ACCEPTED SOLUTION

Go to solution
Hersh D
Giga Expert

‎02-06-2018 04:56 AM

If anyone else is facing this issue and the other replies in this thread didn't help you, then verify that:


1) The Signing/Encryption alias and the password configured on the identity provider config (saml2_update1_properties table) are valid and same as the ones configured on the SAML 2.0 SP keystore record.


2) The system property 'glide.authenticate.sso.saml2.keystore' has a valid sys_id of SAML 2.0 SP keystore record (sys_certificate). The system property might not be updated if you create a custom keystore for SAML/SSO setup or import certificate records from another instance.



Also try running this snippet / SSCCE as a background script - it's extracted from the AJAX scripts that get executed when you click the 'Generate Metadata' button (you can inspect the XMLHttpRequest triggered by that page to find the server side scripts called). If this background script throws an error, then that's your issue and fixing step #2 above should take care of it.



var idpSysId = '<sys-id-of-the-idp-config-record>'; // from the saml2_update1_properties table

var ssoHelper = new SSO_Helper(idpSysId ,false, null, true);

var SAML2 = new SAML2_update1(ssoHelper);

gs.print(SAML2.generateKeyInfoXML());

View solution in original post

7 REPLIES 7

Go to solution
lks
ServiceNow Employee
ServiceNow Employee

‎01-18-2018 09:15 AM

Hello John,


Do you have any relief with provided steps or still facing this issue?


Thanks, Lalit


0 Helpfuls

Go to solution
jonokoster
Tera Contributor

‎01-24-2018 02:38 PM

I had the same issue today using Opera. It worked fine in Chrome, (Mac OS)


0 Helpfuls

Go to solution
Hersh D
Giga Expert

‎02-06-2018 04:56 AM

If anyone else is facing this issue and the other replies in this thread didn't help you, then verify that:


1) The Signing/Encryption alias and the password configured on the identity provider config (saml2_update1_properties table) are valid and same as the ones configured on the SAML 2.0 SP keystore record.


2) The system property 'glide.authenticate.sso.saml2.keystore' has a valid sys_id of SAML 2.0 SP keystore record (sys_certificate). The system property might not be updated if you create a custom keystore for SAML/SSO setup or import certificate records from another instance.



Also try running this snippet / SSCCE as a background script - it's extracted from the AJAX scripts that get executed when you click the 'Generate Metadata' button (you can inspect the XMLHttpRequest triggered by that page to find the server side scripts called). If this background script throws an error, then that's your issue and fixing step #2 above should take care of it.



var idpSysId = '<sys-id-of-the-idp-config-record>'; // from the saml2_update1_properties table

var ssoHelper = new SSO_Helper(idpSysId ,false, null, true);

var SAML2 = new SAML2_update1(ssoHelper);

gs.print(SAML2.generateKeyInfoXML());