authncontextclass
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2016 07:24 AM
Hello -
I am trying to figure out how to clear the following errors when I run the "Test Connection"on my SSO properties page.
Error seems to be complaining about the AuthContextClass configuration.
In the the limited discovery that I have done I found this link, but I need some guidance.
Running Hels P3.
Thanks for your review/response,
Brian Ladrido
Penn State Service Management DevOps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-16-2016 12:10 AM
Hi Brian,
Do you use Multi Provider SSO? SAML2.0? How does your SSO fonciguration looks like? Do you have any values in the field "Create AuthnContextClass" and "AuthnContextClassRef Method"?
Ensure the certificate is valid. If the Identity Provider needs a signed request, then mark "Sign AuthnRequest" and use a correct algorithm.
Cheers,
Kostya
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-16-2016 05:00 AM
Hello Konstantin -
1) Yes, I am using Multi-SSO SAML 2.0
2) Create AuthnContextClass - box unchecked
- I have tried toggling this checked/unchecked, but receive the same error when I run "Test Connection"
3) AuthnContextClassRef Method - configured for default value per the link that I attached to the case
4) X.509 Certificate has been validated
5) Sign AuthnRequest - box checked
Not sure if my IDP allows for SPs to set the authentication context class, but I am looking for guidance on the configuration and how to troubleshoot/eliminate the error.
BrianL

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2017 12:34 AM
Hey Brian,
Was just wondering if you got this to work. I am getting the exact same error and have the following configurations:
1. Enabled multi SSO
2. Create AuthnContextClass - box unchecked
3. AuthnContextClassRef Method - blank
4. X.509 Certificate has been validated
Any help would be appreciated!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2017 12:58 AM
Hi Sakshi,
Just check whether the IDP requires ServiceNow to send authentication context class. In most of the cases the checkbox for Create AuthContextClass is checked and the value being set to urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport.
Can you try that and check once.
Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.
Thanks
Ankur
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader