Accessing ServiceNow externally when SSO is enabled

Brendan Hallida
Kilo Guru

‎08-03-2016 07:45 PM

Hi all,

I have found that since we have setup SSO, users are unable to access our ServiceNow instance from outside the network.   When they do attempt, they get a Could not validate SAMLResponse error.   SSO works fine internally.

Does anyone know where I can start troubleshooting?

Thanks in Advance

Cheers,

Brendan

0 Helpfuls
  • 3,937 Views
7 REPLIES 7

gareth4
Giga Contributor

‎08-04-2016 12:09 AM

Just in case anyone else stumbles in here looking for help (or a miracle) then I found the wiki page I was looking for in my original reply.


External Authentication (Single Sign-On - SSO) - ServiceNow Wiki



Also for those now on the Multi-Provider SSO you should look here first: Multiple Provider Single Sign-On - ServiceNow Wiki


0 Helpfuls

Brendan Hallida
Kilo Guru

‎08-07-2016 11:30 PM

just wondering if anyone else had any ideas on what this issue could be?


0 Helpfuls

gareth4
Giga Contributor

‎08-08-2016 06:58 PM

Hi Brendan,



I've taken a look through the logs you added and think you will need to double check the config of the IdP.



Line 147 shows the error:


SAML2Error: SAML failed to login, Status code is urn:oasis:names:tc:SAML:2.0:status:Responder. When it is supposed to be urn:oasis:names:tc:SAML:2.0:status:Success



This comes from the SAML response (on line 148) and at the bottom of the response you have two XML values showing the Status Code, like this:


<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Responder">


<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:NoAuthnContext" />



this second one is the error you need to debug, i don't know what it is off the top of my head but that's the thing that's stopping the authentication and it's coming from your IdP. Google my be your friend at this point, but if anyone else has seen this before they can probably point you in the right direction.



Thanks,


Gareth