Could not validate SAML Response

jpavanaryan · ‎03-28-2016

Hello Folks,

I am trying to integrate ServiceNow with Windows Active Directory (Server 2012 R2). I did the following steps based on wiki tutorial Configuring ADFS 3.0 to Communicate with SAML 2.0 - ServiceNow Wiki so far

1. Configured ADDS, ADFS, DNS, ADCS etc.. in Windows Server 2012 R2

2. Imported PEM certificate in SN

3. Configured Relay party claim rules and other stuff

Once everything completed, I tried to login. It displays an error saying that "Could not validate SAML Response". I checked logs but I didn't find anything. If anyone faced similar situation Please let me know

Thanks

tony_barratt · ‎03-29-2016

Hi,

That is good news!

What version is your instance? Which SSO plugin is active?

Best Regards

Tony

jpavanaryan · ‎03-29-2016

I am using FUJI, we just enabled in SAML2.1 SSO.

tony_barratt · ‎03-29-2016

1) I have an idea that Multi Provider SSO plugin is suggested to Fuji - but that might not be the issue here.

2) There are quite a few hits in google for 503 adfs 2012 R2 - I just checked.

3) When you reproduce the 503 error what is seen in the ServiceNow logs do you see:

jpavanaryan · ‎03-29-2016

Tony,

When I tried with URL https://devxxxxx.service-now.com/navpage.do nothing showd up in logs, but when I tried with https://devxxxxx.service-now.com, it throws an error No Deep Linking for this SAML request

I checked ServiceNow KB: Common SAML 2.0 errors and solutions (KB0529257) for similar errors, it says I need to update to SAML 2.1 But my instance was already updated. Nothing shows in ADFS logs.

tony_barratt · ‎03-29-2016

Hi,

There is a suggestion on a forum

ADFS 3.0 Service Unavailable in some circumstances - Server Fault

that it could be useful to run a MS diagnostic package against the ADFS server:

Script AD FS Diagnostics Module

Consider running this diagnostic package.

Best Regards

Tony