SAML Integration Login Failure
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-15-2013 10:26 AM
We have setup a SAML integration following the documentation on the wiki. The following is occurring:
1. URL for ServiceNow instance loads and redirects to the IDP
2. URL for the IDP loads
3. Credentials are entered into the IDP
4. Error message "Could not validate SAMLResponse" appears and redirects user to the ServiceNow logout page
In the event logs we see: external.authentication.failed4B1F753D6F451100985A93D31C3EE494Authentication failed
In the system logs we see: 2013-11-15 10:24:50:AMInformationCould not validate SAMLResponse
I have verified the proper certificate is uploaded and the proper information is loaded into the SAML properties.
Anyone have any suggestions for where to look next?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-15-2013 11:10 AM
Look at the logs closer and see if there is some other error in there that says something like actual is ...... expected .....
You might have a property set wrong for your IDP. That seems to be the most common reason why SAML login doesn't work the first time.
If you send me an email with the instance name you are working on, I could take a look at the log quickly too.
jason.petty@servicenow.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-15-2013 11:30 AM
The setting:
The Identity Provider URL which will issue the SAML2 security token with user info.
was set to https instead of http like the ADFS IDP was expecting for that value.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-02-2014 07:11 AM
Hello Jason,
I have the similar problem with my instance, which I am trying to newly set up. The error log and the event log says the same as mentioned in the initial post.
Would you please be able to help me out, I can share the details if you can tell me what to share.
Regards,
Chandana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-02-2014 08:09 AM
Can be the following
Create an AuthnContextClass request in the AuthnRequest statement
glide.authenticate.sso.saml2.createrequestedauthncontext
Leave it as off and let the server decide
for us, if we enable this, our internal users work and our external users log straight off.
disabling and all work
Cheers