SSO issue after adding X.509 Certificates

Alok Sahu
Tera Contributor

‎09-23-2015 06:10 AM

We are using ServiceNow Fuji version after adding JAVA Key Store certificate in X.509 Certificate our SSO fails .


Error :

----------------------------------------------------------------------------------------

There was a problem accessing the site. Try to browse to the site again.

If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.

Reference number: 24441569-5894-48b0-8c2a-abfc2134b0f1

----------------------------------------------------------------------------------------

Is this a Bug or Know issue in Fuji ?

Any work around of fix this issue.

Please help.

0 Helpfuls
  • 2,276 Views
7 REPLIES 7

Michael Fry1
Kilo Patron

‎09-23-2015 06:12 PM

Make sure you only have 1 certificate active. More than 1 might cause problems.


0 Helpfuls

Alok Sahu
Tera Contributor
In response to Michael Fry1

‎09-23-2015 10:25 PM

We need certificate to authenticate third-party SSL integration.


How can ServiceNow restrict itself will only one active certificate ?


ServiceNow only supports one application/system integration via certificates ?


0 Helpfuls

tony_barratt
ServiceNow Employee
ServiceNow Employee
In response to Alok Sahu

‎09-23-2015 10:32 PM

Hi Alok,



As you suggest you can have multiple Certificates active.


However only one can have the name SAML 2.0



SAML 2.0 Setup - ServiceNow Wiki


..


3.5 Step 5. Install the IdP Certificate


Identity providers use a certificate to verify communications with the service provider. Locate the IdP's certificate within the IdP's metadata. You must install the same certificate on both the IdP and the instance.


Note


Note: Certificates for single-sign on should always be in PEM format to work with SAML certificates.


To install the certificate on the ServiceNow instance:


  1. Browse the IdP metadata to find the ds:X509Certificate element. The value of this element contains the IdP's certificate.
  2. In the ServiceNow system, navigate to SAML 2 Single Sign-on > Certificate.
  3. Do not change the Name entry. The name of the X.509 certificate must be SAML 2.0 in order for the integration to use it.

Best Regards



Tony


0 Helpfuls

tony_barratt
ServiceNow Employee
ServiceNow Employee

‎09-23-2015 10:57 PM

Hi Alok,


The error message you are seeing:


"Error :


----------------------------------------------------------------------------------------


There was a problem accessing the site. Try to browse to the site again.


If the problem persists, contact the administrator of this site and provide the reference number to identify the problem.


Reference number: 24441569-5894-48b0-8c2a-abfc2134b0f1"



is unlikely to be caused by a ServiceNow bug.



The message is from the IDP indicating the IDP is seeing an issue with what the ServiceNow instance is sending.


Take a look here:


SAML 2.0 Troubleshooting - ServiceNow Wiki


And consider contacting your IDP administrator and providing the error message reference number.


Please update with how you get on.



Best Regards


Tony


0 Helpfuls