Siteminder with SAML 2.0

tomas_larsson
Kilo Explorer

We are currently configuring SAML 2.0 to communicate with Siteminder. Anyone who has done that before and has some good experiences to share?

Thanks,
Tomas

9 REPLIES 9

jason_petty
Tera Expert

Yes, I have done this a number of times. The key to get this to work is one of two things.
1. If they are on SAML 2.0 plugin then get the update set in addition to that plugin here: http://www.john-james-andersen.com/blog/service-now/servicenow-saml-2-0-additional-configurations-update-set.html
2. If they are on SAML 2.0 update 1 plugin then it should not need that update set.

There are a lot of customers that use SiteMinder so it should work for you.


tomas_larsson
Kilo Explorer

Okay, they are on the SAML 2.0 update 1 plugin. I have used the update set on an older instance to get SAML 2.0 to communicate with ADFS 2.0. That was really great stuff!

So then it should just be a matter of getting the configurations right. We currently get these two errors in the ServiceNow script log:

1. Assertion audience mismatch. Expect: https://mycompany.service-now.com/, actual: ServiceNow
2. SAML2ValidationError: AudienceRestriction validation failed. No matching audience found.

Is it possible that we have entered wrong base URL to the Identity Provider's AuthnRequest service?


tomas_larsson
Kilo Explorer

Hi again,

I was just wondering if it would be possible for you to provide one or two screenshots of the SAML 2.0 update 1 plugin properties page from a functional SAML 2.0 - Siteminder configuration. That would most certainly be very helpful for us.

Thanks,
Tomas


jason_petty
Tera Expert

I don't have any screenshots that I can give you from a customer without blanking out all of their information so that wouldn't help you. You may want to use the developer tools in your browser to trace what is going on and look at the SAML Request and see if it is being formed correctly for your IDP.