Siteminder with SAML 2.0
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2012 01:20 PM
We are currently configuring SAML 2.0 to communicate with Siteminder. Anyone who has done that before and has some good experiences to share?
Thanks,
Tomas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2012 01:48 PM
Yes, I have done this a number of times. The key to get this to work is one of two things.
1. If they are on SAML 2.0 plugin then get the update set in addition to that plugin here: http://www.john-james-andersen.com/blog/service-now/servicenow-saml-2-0-additional-configurations-update-set.html
2. If they are on SAML 2.0 update 1 plugin then it should not need that update set.
There are a lot of customers that use SiteMinder so it should work for you.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-28-2012 02:04 PM
Okay, they are on the SAML 2.0 update 1 plugin. I have used the update set on an older instance to get SAML 2.0 to communicate with ADFS 2.0. That was really great stuff!
So then it should just be a matter of getting the configurations right. We currently get these two errors in the ServiceNow script log:
1. Assertion audience mismatch. Expect: https://mycompany.service-now.com/, actual: ServiceNow
2. SAML2ValidationError: AudienceRestriction validation failed. No matching audience found.
Is it possible that we have entered wrong base URL to the Identity Provider's AuthnRequest service?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-29-2012 12:00 AM
Hi again,
I was just wondering if it would be possible for you to provide one or two screenshots of the SAML 2.0 update 1 plugin properties page from a functional SAML 2.0 - Siteminder configuration. That would most certainly be very helpful for us.
Thanks,
Tomas
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-29-2012 08:22 AM
I don't have any screenshots that I can give you from a customer without blanking out all of their information so that wouldn't help you. You may want to use the developer tools in your browser to trace what is going on and look at the SAML Request and see if it is being formed correctly for your IDP.