Hi
Turn up SSO debugging and you may get more insight to the error in /var/log/apm log
Once a APM session is started, either do a "sessiondump -allkey | grep .last." at the APM CLI, or run a report via the APM GUI and look at the session.logon.last session varibles for your session. Is there a {session.logon.last.username or session.logon.last.logonname ?)
Also use SAML tracer in Firefox to look at the SAML assertion that your browser is posting (if you are getting to that point).
Your error above may be the "SP Entity ID" value that is mismatched between the APM and Service-now (not sure, so double check).
There also seems to be a mismatch of certs/keys used to sign and decrypt the assertion on either side. Check you have the same combination of settings either side (start with signing but not encrypting).
Lastly, depending on the version of APM, there is an issue with soecial cahracters in the asserion.... there is an irule fix to ensure the Assertion is preserved as initially created
maybe look at
http://wiki.servicenow.com/index.php?title=SAML_2.0_Web_Browser_SSO_Profile
https://wiki.servicenow.com/index.php?title=SAML_2.0_Troubleshooting
and "Fixing F5 BIG-IP SAML Authentication Requests" blog
http://blog.routedlogic.net/?p=480
HTH
Gary