cancel
Showing results for 
Search instead for 
Did you mean: 

ServiceNow SAML IdP Issue after updating certificate

J_P_Patinha-Ayd
Nimbostratus
Nimbostratus

Bit of background, the certificate used for our Local IdP Services is due to expire 26.06.2021. We created a new certificate and have been switching Local IdP Services to the new certificate and key then exporting the metadata and providing it to the admins to import.

When it came to changing the certificate for our Production ServiceNow IdP Service the admin renamed the existing Identity Provider then created a new Idetity Provider importing the metadata with the new certificate. When testing the configuration the pop-up that usually shows the test results was just showing the SSO Portal page with our webtops and if you clicked on the link for ServiceNow Production it would juts reload the same page.

We also tried importing the metadata into the existing Production Identity Provider in ServiceNow with the same results.

We have a Dev and UAT version of ServiceNow that we changed the IdP certificate and key for and they worked without issue so I'm a bit stumped as to why the Prod one is having issues.

The External Sp Connectors aren't using signing certificates so I know that isn't the issue.

Any advice would be appreciated.

2 REPLIES 2

You may need to check the SAML comunication:

 

 

https://support.f5.com/csp/article/K51854802

 

 

 

Also maybe delete the new prod IdP that you created as two IdP at the same time with same data could be the issue as you mentioned that on the dev environment you changed the signing cert without making a new IdP for the new cert.

 

 

Have you also followed all the steps in the article below ?:

 

https://support.f5.com/csp/article/K13093290

 

https://support.f5.com/csp/article/K85751335

 

 

Also you have changed only the cert no new metadata or assertion to changed from post to get etc/?

 

 

https://support.f5.com/csp/article/K06743491

 

 

 

 

Also chec the bug tracker for possible bugs:

 

 

https://support.f5.com/csp/bug-tracker?sf189923893=1

Sajid
Cirrostratus
Cirrostratus

Hi J P,

 

I have done many time SAML config b/w APM and ServiceNow.

recently switch to selfsign certificate, and its working without any issue.

 

Steps to validate your config:

  1. you can have as many numbers of IdP no issue
  2. Make sure which IdP is bind your production SP
  3. check SAML Resources
  4. in the policy select the proper resource.

 

ServiceNow

import new IdP metadata profile and make a test. Once the test successful make it active.

 

 

Regards,

Sajid