SSO with OneLogin

s_karpe
Kilo Contributor

Hi all,

I have implemented SSO using onelogin tool. The tool is configured correctly and I can see the login page for OneLogin but after providing the credentials the URL is getting redirected to a new URL with %20 in it and an error message is flashed accrossed the screen saying "cannot validate SAML response".

Can anyone please help me out in this situation as why is this getting redirected to a wrong URL

Thanks in advance.

8 REPLIES 8

sach1
Tera Guru

Use the "Test" button on ServiceNow...you will come to know what parameter is not getting matched.


Also activate logs for SSO.


This error usually comes up when certain parameter doesn't match.


s_karpe
Kilo Contributor

It is not asking me for any parameter rather I am not able to go on to the login screen while redirection. The test connection is not showing any error in the logs section.


What are you getting in logs after activating SSO debug property ?


Did you check the new URL with OneLogin team, it can also be a redirection issue at their end.


s_karpe
Kilo Contributor

Hi sachin here are the logs you asked for:




01/19/18 16:08:40 (950) Testing SSO: <111111111111111111111111>


01/19/18 16:08:40 (956) Read from column : name, value: https://app.onelogin.com/saml/metadata/743974


01/19/18 16:08:40 (958) Use the SSOHelper passed in.


01/19/18 16:08:40 (959) Read from column : service_url, value: https://<instance>.service-now.com/navpage.do


01/19/18 16:08:40 (960) Read from column : clock_skew, value: 60


01/19/18 16:08:40 (963) Read from column : idp_authnrequest_url, value: https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974


01/19/18 16:08:40 (964) Read from column : service_url, value: https://<instance>.service-now.com/navpage.do


01/19/18 16:08:40 (965) Read from column : force_authn, value: 0


01/19/18 16:08:40 (966) Read from column : is_passive, value: 0


01/19/18 16:08:40 (967) Read from column : issuer, value: https://<instance>.service-now.com


01/19/18 16:08:40 (968) Read from column : nameid_policy, value: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress


01/19/18 16:08:40 (970) Read from column : service_url, value: https://<instance>.service-now.com/navpage.do


01/19/18 16:08:40 (971) Read from column : idp_authnrequest_url, value: https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974


01/19/18 16:08:40 (974) Read from column : createrequestedauthncontext, value: 0


01/19/18 16:08:40 (981) SAML Request xml: <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://<instance>.service-now.com/navpage.do" Destination="https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974" ForceAuthn="true" ID="SNC6ca91d1a58bb69ead104db3b162a3e06" IsPassive="false" IssueInstant="2018-01-19T10:38:40.967Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="https://<instance>.service-now.com/navpage.do" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://<instance>.service-now.com</saml2:Issuer><saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/></saml2p:AuthnRequest>


01/19/18 16:08:41 (030) Stripping down the serviceURL: https://<instance>.service-now.com/navpage.do to a base URL of: https://<instance>.service-now.com


01/19/18 16:08:41 (033) Generating a Test Connection Relay State of: https://<instance>.service-now.com/navpage.doSNCRSEPsysparm_saml_tc=true&glide_sso_id=8b541a384f3f8300d86e2dee0210c7de&exit_name=MultiSSO


01/19/18 16:08:41 (038) Read from column : require_signed_authnrequest, value: 0


01/19/18 16:08:41 (039) Redirecting to: https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974?SAMLRequest=< ..........   >