This topic has 2 replies, 2 voices, and was last updated 3 years, 7 months ago by aniru2dh.

  • Author
    Posts
  • #21939
     aniru2dh
    Participant

    Hi Team,

    We are trying to setup Federation between OpenAM 5.0 and Service now where IDP is OpenAM and SP is Service now. We are facing issue after saml assertion is posted to service now during both idp/SP initiated login.

    On Reaching Service now it says “Could not valid saml response”.

    IS there any official document available on the OpenAM for integrating service now. Any help would be appreciated.

    Below is the inverse sequence of errors observed at service now and there are no errors on openam.

    2018-05-28 06:18:21
    Error *** Script: SAML2.0 signature/certificate validation failed: no thrown error com.glide.ui.ServletErrorListener

    2018-05-28 06:18:21
    Information Status message: null *** Script

    2018-05-28 06:18:21
    Information Got signature *** Script

    2018-05-28 06:18:21
    Information certificate valid date to: Wed Mar 04 07:03:23 PST 2026 *** Script

    2018-05-28 06:18:21
    Error SAML2ValidationError: Signature did not validate against the credential’s key SAML2

    2018-05-28 06:18:21
    Information Signature did not validate against the credential’s key *** Script

    2018-05-28 06:18:21
    Information Status code: urn:oasis:names:tc:SAML:2.0:status:Success *** Script
    2018-05-28 06:18:21
    Information Signature not in response, attempting to get signature from assertion *** Script

    2018-05-28 06:18:21
    Information Read from property : glide.authenticate.sso.saml2.clockskew, value : 180 *** Script

    2018-05-28 06:18:21
    Information certificate valid date from: Wed Aug 03 08:03:23 PDT 2016 *** Script

    2018-05-28 06:18:21
    Information Will create a new SSO_Helper object with no auth resolve *** Script

    2018-05-28 06:18:21
    Error SAML2: SAML2ValidationError: Signature did not validate against the credential’s key: no thrown error com.glide.ui.ServletErrorListener

    #21943
     grk
    Participant

    @aniru2dh, Check if signing cert public key was imported into SP system OR public key is matching or not.

    Here is Service Now SAML setup doc.
    https://docs.servicenow.com/bundle/geneva-servicenow-platform/page/integrate/saml/task/t_InstallTheIdentityProviderCert.html

    Thanks,

    #21956
     aniru2dh
    Participant

    Thanks @grk. We were able to solve the issue after making certain changes made at the service now end.

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?