Bit of background, the certificate used for our Local IdP Services is due to expire 26.06.2021. We created a new certificate and have been switching Local IdP Services to the new certificate and key then exporting the metadata and providing it to the admins to import.
When it came to changing the certificate for our Production ServiceNow IdP Service the admin renamed the existing Identity Provider then created a new Idetity Provider importing the metadata with the new certificate. When testing the configuration the pop-up that usually shows the test results was just showing the SSO Portal page with our webtops and if you clicked on the link for ServiceNow Production it would juts reload the same page.
We also tried importing the metadata into the existing Production Identity Provider in ServiceNow with the same results.
We have a Dev and UAT version of ServiceNow that we changed the IdP certificate and key for and they worked without issue so I'm a bit stumped as to why the Prod one is having issues.
The External Sp Connectors aren't using signing certificates so I know that isn't the issue.
Any advice would be appreciated.
You may need to check the SAML comunication:
Also maybe delete the new prod IdP that you created as two IdP at the same time with same data could be the issue as you mentioned that on the dev environment you changed the signing cert without making a new IdP for the new cert.
Have you also followed all the steps in the article below ?:
Also you have changed only the cert no new metadata or assertion to changed from post to get etc/?
Also chec the bug tracker for possible bugs:
Hi J P,
I have done many time SAML config b/w APM and ServiceNow.
recently switch to selfsign certificate, and its working without any issue.
Steps to validate your config:
import new IdP metadata profile and make a test. Once the test successful make it active.