Siteminder with SAML 2.0

tomas_larsson · ‎08-28-2012

We are currently configuring SAML 2.0 to communicate with Siteminder. Anyone who has done that before and has some good experiences to share?

Thanks,
Tomas

jason_petty · ‎08-28-2012

Yes, I have done this a number of times. The key to get this to work is one of two things.
1. If they are on SAML 2.0 plugin then get the update set in addition to that plugin here: http://www.john-james-andersen.com/blog/service-now/servicenow-saml-2-0-additional-configurations-update-set.html
2. If they are on SAML 2.0 update 1 plugin then it should not need that update set.

There are a lot of customers that use SiteMinder so it should work for you.

tomas_larsson · ‎08-28-2012

Okay, they are on the SAML 2.0 update 1 plugin. I have used the update set on an older instance to get SAML 2.0 to communicate with ADFS 2.0. That was really great stuff!

So then it should just be a matter of getting the configurations right. We currently get these two errors in the ServiceNow script log:

1. Assertion audience mismatch. Expect: https://mycompany.service-now.com/, actual: ServiceNow
2. SAML2ValidationError: AudienceRestriction validation failed. No matching audience found.

Is it possible that we have entered wrong base URL to the Identity Provider's AuthnRequest service?

tomas_larsson · ‎08-29-2012

Hi again,

I was just wondering if it would be possible for you to provide one or two screenshots of the SAML 2.0 update 1 plugin properties page from a functional SAML 2.0 - Siteminder configuration. That would most certainly be very helpful for us.

Thanks,
Tomas

jason_petty · ‎08-29-2012

I don't have any screenshots that I can give you from a customer without blanking out all of their information so that wouldn't help you. You may want to use the developer tools in your browser to trace what is going on and look at the SAML Request and see if it is being formed correctly for your IDP.