authncontextclass

bhl104
Kilo Explorer

Hello -

I am trying to figure out how to clear the following errors when I run the "Test Connection"on my SSO properties page.

Error seems to be complaining about the AuthContextClass configuration.

In the the limited discovery that I have done I found this link, but I need some guidance.

Running Hels P3.

Thanks for your review/response,

Brian Ladrido

Penn State Service Management DevOps

7 REPLIES 7

Kostya
Tera Guru

Hi Brian,



Do you use Multi Provider SSO? SAML2.0? How does your SSO fonciguration looks like? Do you have any values in the field "Create AuthnContextClass" and "AuthnContextClassRef Method"?



Ensure the certificate is valid. If the Identity Provider needs a signed request, then mark "Sign AuthnRequest" and use a correct algorithm.


Hit the Thumb Icon and/or mark as Correct, if my answer was correct. So you help others to see correct responses and I get fame 🙂

Cheers,
Kostya

Hello   Konstantin -



1) Yes, I am using Multi-SSO SAML 2.0



2) Create AuthnContextClass - box unchecked


- I have tried toggling this checked/unchecked, but receive the same error when I run "Test Connection"



3) AuthnContextClassRef Method - configured for default value per the link that I attached to the case



4) X.509 Certificate has been validated



5) Sign AuthnRequest - box checked



Not sure if my IDP allows for SPs to set the authentication context class, but I am looking for guidance on the configuration and how to troubleshoot/eliminate the error.



BrianL


Sakshi14
Giga Expert

Hey Brian,



Was just wondering if you got this to work. I am getting the exact same error and have the following configurations:



1. Enabled multi SSO


2. Create AuthnContextClass - box unchecked


3. AuthnContextClassRef Method - blank


4. X.509 Certificate has been validated



Any help would be appreciated!


Hi Sakshi,



Just check whether the IDP requires ServiceNow to send authentication context class. In most of the cases the checkbox for Create AuthContextClass is checked and the value being set to urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport.



Can you try that and check once.



Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.


Thanks


Ankur


Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader