authncontextclass

bhl104
Kilo Explorer

‎08-15-2016 07:24 AM

Hello -

I am trying to figure out how to clear the following errors when I run the "Test Connection"on my SSO properties page.

Error seems to be complaining about the AuthContextClass configuration.

In the the limited discovery that I have done I found this link, but I need some guidance.

Running Hels P3.

Thanks for your review/response,

Brian Ladrido

Penn State Service Management DevOps

Preview file
108 KB
0 Helpfuls
  • 3,247 Views
7 REPLIES 7

Kostya
Tera Guru

‎08-16-2016 12:10 AM

Hi Brian,



Do you use Multi Provider SSO? SAML2.0? How does your SSO fonciguration looks like? Do you have any values in the field "Create AuthnContextClass" and "AuthnContextClassRef Method"?



Ensure the certificate is valid. If the Identity Provider needs a signed request, then mark "Sign AuthnRequest" and use a correct algorithm.


Hit the Thumb Icon and/or mark as Correct, if my answer was correct. So you help others to see correct responses and I get fame 🙂

Cheers,
Kostya
0 Helpfuls

bhl104
Kilo Explorer
In response to Kostya

‎08-16-2016 05:00 AM

Hello   Konstantin -



1) Yes, I am using Multi-SSO SAML 2.0



2) Create AuthnContextClass - box unchecked


- I have tried toggling this checked/unchecked, but receive the same error when I run "Test Connection"



3) AuthnContextClassRef Method - configured for default value per the link that I attached to the case



4) X.509 Certificate has been validated



5) Sign AuthnRequest - box checked



Not sure if my IDP allows for SPs to set the authentication context class, but I am looking for guidance on the configuration and how to troubleshoot/eliminate the error.



BrianL


0 Helpfuls

Sakshi14
Giga Expert

‎08-28-2017 12:34 AM

Hey Brian,



Was just wondering if you got this to work. I am getting the exact same error and have the following configurations:



1. Enabled multi SSO


2. Create AuthnContextClass - box unchecked


3. AuthnContextClassRef Method - blank


4. X.509 Certificate has been validated



Any help would be appreciated!


0 Helpfuls

Ankur Bawiskar
Tera Patron
Tera Patron
In response to Sakshi14

‎08-28-2017 12:58 AM

Hi Sakshi,



Just check whether the IDP requires ServiceNow to send authentication context class. In most of the cases the checkbox for Create AuthContextClass is checked and the value being set to urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport.



Can you try that and check once.



Mark Correct if this solves your issue and also hit Like and Helpful if you find my response worthy based on the impact.


Thanks


Ankur


Regards,
Ankur
✨ Certified Technical Architect  ||  ✨ 9x ServiceNow MVP  ||  ✨ ServiceNow Community Leader
0 Helpfuls