SSO with OneLogin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-19-2018 01:36 AM
Hi all,
I have implemented SSO using onelogin tool. The tool is configured correctly and I can see the login page for OneLogin but after providing the credentials the URL is getting redirected to a new URL with %20 in it and an error message is flashed accrossed the screen saying "cannot validate SAML response".
Can anyone please help me out in this situation as why is this getting redirected to a wrong URL
Thanks in advance.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-19-2018 02:02 AM
Use the "Test" button on ServiceNow...you will come to know what parameter is not getting matched.
Also activate logs for SSO.
This error usually comes up when certain parameter doesn't match.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-19-2018 02:16 AM
It is not asking me for any parameter rather I am not able to go on to the login screen while redirection. The test connection is not showing any error in the logs section.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-19-2018 02:28 AM
What are you getting in logs after activating SSO debug property ?
Did you check the new URL with OneLogin team, it can also be a redirection issue at their end.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎01-19-2018 05:51 AM
Hi sachin here are the logs you asked for:
01/19/18 16:08:40 (950) Testing SSO: <111111111111111111111111>
01/19/18 16:08:40 (956) Read from column : name, value: https://app.onelogin.com/saml/metadata/743974
01/19/18 16:08:40 (958) Use the SSOHelper passed in.
01/19/18 16:08:40 (959) Read from column : service_url, value: https://<instance>.service-now.com/navpage.do
01/19/18 16:08:40 (960) Read from column : clock_skew, value: 60
01/19/18 16:08:40 (963) Read from column : idp_authnrequest_url, value: https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974
01/19/18 16:08:40 (964) Read from column : service_url, value: https://<instance>.service-now.com/navpage.do
01/19/18 16:08:40 (965) Read from column : force_authn, value: 0
01/19/18 16:08:40 (966) Read from column : is_passive, value: 0
01/19/18 16:08:40 (967) Read from column : issuer, value: https://<instance>.service-now.com
01/19/18 16:08:40 (968) Read from column : nameid_policy, value: urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
01/19/18 16:08:40 (970) Read from column : service_url, value: https://<instance>.service-now.com/navpage.do
01/19/18 16:08:40 (971) Read from column : idp_authnrequest_url, value: https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974
01/19/18 16:08:40 (974) Read from column : createrequestedauthncontext, value: 0
01/19/18 16:08:40 (981) SAML Request xml: <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://<instance>.service-now.com/navpage.do" Destination="https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974" ForceAuthn="true" ID="SNC6ca91d1a58bb69ead104db3b162a3e06" IsPassive="false" IssueInstant="2018-01-19T10:38:40.967Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="https://<instance>.service-now.com/navpage.do" Version="2.0"><saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://<instance>.service-now.com</saml2:Issuer><saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/></saml2p:AuthnRequest>
01/19/18 16:08:41 (030) Stripping down the serviceURL: https://<instance>.service-now.com/navpage.do to a base URL of: https://<instance>.service-now.com
01/19/18 16:08:41 (033) Generating a Test Connection Relay State of: https://<instance>.service-now.com/navpage.doSNCRSEPsysparm_saml_tc=true&glide_sso_id=8b541a384f3f8300d86e2dee0210c7de&exit_name=MultiSSO
01/19/18 16:08:41 (038) Read from column : require_signed_authnrequest, value: 0
01/19/18 16:08:41 (039) Redirecting to: https://<instance>.onelogin.com/trust/saml2/http-redirect/sso/743974?SAMLRequest=< .......... >