SAML Integration Login Failure
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-15-2013 10:26 AM
We have setup a SAML integration following the documentation on the wiki. The following is occurring:
1. URL for ServiceNow instance loads and redirects to the IDP
2. URL for the IDP loads
3. Credentials are entered into the IDP
4. Error message "Could not validate SAMLResponse" appears and redirects user to the ServiceNow logout page
In the event logs we see: external.authentication.failed4B1F753D6F451100985A93D31C3EE494Authentication failed
In the system logs we see: 2013-11-15 10:24:50:AMInformationCould not validate SAMLResponse
I have verified the proper certificate is uploaded and the proper information is loaded into the SAML properties.
Anyone have any suggestions for where to look next?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-02-2014 08:15 AM
Hi Julian,
Thanks for your response, So I had set this property to false and even then when I try to login, it sends the request to IDP server and immediately logs out.
We have other instances which are all working and I compared all the properties and used the same configuration on this instance, but still no luck.
Regards,
Chandana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-02-2014 08:21 AM
Could try the following if you are going to the same SSO server.
export all the settings from the failed instance to an XML
export all the settings from a good instance to an XML
import the good XML into the failed instance
I did this a couple of times, however I was only going clone to clone
I did not really get involved in our Federation Services configuraton, except for noting what change they made when we addressed a Deeplinking issue with new sessions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-02-2014 08:24 AM
Hi Julian,
I guess I did this quite a number of times, of course didnt do it via XML, but manually did it.
1. added login, logout scripts
2. Added all the SAML properties, the ones unique to the instance are not changed though
3. Added the certificate
4. Added the script object.
Is there anything else, that could be stopping.
Regards,
Chandana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-02-2014 08:28 AM
Does not sound like it
If they are the same as good known configuraitons then I would be inclined to look at the SSO server itself and check it is correct.
