ServiceNow SAML IdP Issue after updating certificate

Question

Bit of background, the certificate used for our Local IdP Services is due to expire 26.06.2021. We created a new certificate and have been switching Local IdP Services to the new certificate and key then exporting the metadata and providing it to the admins to import.

When it came to changing the certificate for our Production ServiceNow IdP Service the admin renamed the existing Identity Provider then created a new Idetity Provider importing the metadata with the new certificate. When testing the configuration the pop-up that usually shows the test results was just showing the SSO Portal page with our webtops and if you clicked on the link for ServiceNow Production it would juts reload the same page.

We also tried importing the metadata into the existing Production Identity Provider in ServiceNow with the same results.

We have a Dev and UAT version of ServiceNow that we changed the IdP certificate and key for and they worked without issue so I'm a bit stumped as to why the Prod one is having issues.

The External Sp Connectors aren't using signing certificates so I know that isn't the issue.

Any advice would be appreciated.

nikoolayy1 · Answer

You may need to check the SAML comunication:

https://support.f5.com/csp/article/K51854802

Also maybe delete the new prod IdP that you created as two IdP at the same time with same data could be the issue as you mentioned that on the dev environment you changed the signing cert without making a new IdP for the new cert.

Have you also followed all the steps in the article below ?:

https://support.f5.com/csp/article/K13093290

https://support.f5.com/csp/article/K85751335

Also you have changed only the cert no new metadata or assertion to changed from post to get etc/?

https://support.f5.com/csp/article/K06743491

Also chec the bug tracker for possible bugs:

https://support.f5.com/csp/bug-tracker?sf189923893=1

sajid · Answer

Hi J P,&nbsp;I have done many time SAML config b/w APM and ServiceNow.recently switch to selfsign certificate, and its working without any issue.&nbsp;Steps to validate your config:you can have as many numbers of IdP no issue Make sure which IdP is bind your production SP check SAML Resourcesin the policy select the proper resource.&nbsp;ServiceNowimport new IdP metadata profile and make a test. Once the test successful make it active.&nbsp;&nbsp;Regards,Sajid

Forum Discussion

ServiceNow SAML IdP Issue after updating certificate

2 Replies

Recent Discussions

F5Access | MacOS Sonoma

Rewrite uri translation not working

Chrome V 124+ on MacOS - Virtual Server Access Issue

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Auditing Security Policy Updates

Device certificate Issuer and other information not updating on the browser's certificate details

F5 Self-Service Forms by Integrating ServiceNow with F5 Application Services Templates (FAST)

Re: Management Certificate

Update your DevCentral user profile