SSO with OneLogin

s_karpe · ‎01-19-2018

Hi all,

I have implemented SSO using onelogin tool. The tool is configured correctly and I can see the login page for OneLogin but after providing the credentials the URL is getting redirected to a new URL with %20 in it and an error message is flashed accrossed the screen saying "cannot validate SAML response".

Can anyone please help me out in this situation as why is this getting redirected to a wrong URL

Thanks in advance.

sach1 · ‎01-19-2018

Use the "Test" button on ServiceNow...you will come to know what parameter is not getting matched.

Also activate logs for SSO.

This error usually comes up when certain parameter doesn't match.

s_karpe · ‎01-19-2018

It is not asking me for any parameter rather I am not able to go on to the login screen while redirection. The test connection is not showing any error in the logs section.

sach1 · ‎01-19-2018

What are you getting in logs after activating SSO debug property ?

Did you check the new URL with OneLogin team, it can also be a redirection issue at their end.

s_karpe · ‎01-19-2018

Hi sachin here are the logs you asked for:

01/19/18 16:08:40 (950) Testing SSO: <111111111111111111111111>

01/19/18 16:08:40 (956) Read from column : name, value: https://app.onelogin.com/saml/metadata/743974

01/19/18 16:08:40 (958) Use the SSOHelper passed in.

01/19/18 16:08:40 (959) Read from column : service_url, value: https://<instance>.service-now.com/navpage.do

01/19/18 16:08:40 (960) Read from column : clock_skew, value: 60

01/19/18 16:08:40 (963) Read from column : idp_authnrequest_url, value: https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974

01/19/18 16:08:40 (964) Read from column : service_url, value: https://<instance>.service-now.com/navpage.do

01/19/18 16:08:40 (965) Read from column : force_authn, value: 0

01/19/18 16:08:40 (966) Read from column : is_passive, value: 0

01/19/18 16:08:40 (967) Read from column : issuer, value: https://<instance>.service-now.com

01/19/18 16:08:40 (968) Read from column : nameid_policy, value: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress

01/19/18 16:08:40 (970) Read from column : service_url, value: https://<instance>.service-now.com/navpage.do

01/19/18 16:08:40 (971) Read from column : idp_authnrequest_url, value: https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974

01/19/18 16:08:40 (974) Read from column : createrequestedauthncontext, value: 0

01/19/18 16:08:40 (981) SAML Request xml: <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://<instance>.service-now.com/navpage.do" Destination="https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974" ForceAuthn="true" ID="SNC6ca91d1a58bb69ead104db3b162a3e06" IsPassive="false" IssueInstant="2018-01-19T10:38:40.967Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="https://<instance>.service-now.com/navpage.do" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://<instance>.service-now.com</saml2:Issuer><saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/></saml2p:AuthnRequest>

01/19/18 16:08:41 (030) Stripping down the serviceURL: https://<instance>.service-now.com/navpage.do to a base URL of: https://<instance>.service-now.com

01/19/18 16:08:41 (033) Generating a Test Connection Relay State of: https://<instance>.service-now.com/navpage.doSNCRSEPsysparm_saml_tc=true&glide_sso_id=8b541a384f3f8300d86e2dee0210c7de&exit_name=MultiSSO

01/19/18 16:08:41 (038) Read from column : require_signed_authnrequest, value: 0

01/19/18 16:08:41 (039) Redirecting to: https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974?SAMLRequest=< .......... >