Greetings all

We are evaluating the OKTA and SN solution and decided to try the multi SSO provider option with OKTA ServiceNow UD application, but so far without success.

At this time we dont want to use the SN Share application.     I decided to try this on a dev instance first to gain hands on experience.

When a user logs on to okta SN app then it redirects correctly to SN instance but then i get the logout page as SAML failed to authenticate. I have also cleaned out session cookies to be sure.

I have done a lot of research on the community posts and following and nothing obvious stands out. !

My errors say the following when i try to do test connection   from the SSO Multi page. so it should work. all URL are verified correct.

Any help would be greatly appreciated.

Lookig in the logs i get this messages

10/17/17 20:12:25 (451) Read from column : audience, value: https://[instance].service-now.com

10/17/17 20:12:25 (451) Assertion audience mismatch. Expected: https://[instance].service-now.com, Actual: https://[instance].service-now.com/

10/17/17 20:12:25 (452) SAML2ValidationError: AudienceRestriction validation failed. No matching audience found.

10/17/17 20:12:25 (452) Could not validate SAMLResponse

IN debug   and logs i see the following errors

ERROR SAML2: SAML2ValidationError: AudienceRestriction validation failed. No matching audience found.: no thrown error

ERROR                                       SAML2: Assertion audience mismatch. Expected: https://devxxxxx.service-now.com, Actual: https://devxxxxx.service-now.com/: no thrown error

INFORMATION           Did not find content in CDN for saml2_update1_properties-normal

Attached is screenshot of Multi SSO Setup screen.

Regards

Julian Day.