Hi **Khimani**, Enable the debug in this `/opt/shibboleth-idp/conf/logback.xml` file to get more information from the log file then share that log file with us. Set **DEBUG** for these lines: ``` <variable name="idp.loglevel.idp" value="DEBUG" /> <variable name="idp.loglevel.opensaml" value="DEBUG" /> ``` 1. Restart **idp service** 1. Try the login flow again 1. Check the log file `/opt/shibboleth-idp/logs/idp-process.log`. Thanks, Gasmyr.

**Thanks. I have enabled the debug mode & attached log file.. Kindly help me to resolve the issue.** 2018-04-10 18:11:29,875 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:93] - Decoded RelayState: https://dev3.service-now.com/navpage.doSNCRSEPsysparm_saml_tc=true&glide_sso_id=7d4a8c26db330300dcfb5ff0cf96191a&exit_name=MultiSSO 2018-04-10 18:11:29,877 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:125] - Base64 decoding and inflating SAML message 2018-04-10 18:11:29,904 - DEBUG [org.opensaml.saml.saml2.binding.decoding.impl.HTTPRedirectDeflateDecoder:108] - Decoded SAML message 2018-04-10 18:11:30,015 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.CheckMessageVersionHandler' on INBOUND message context 2018-04-10 18:11:30,016 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:30,030 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml1.binding.impl.SAML1ArtifactRequestIssuerHandler' on INBOUND message context 2018-04-10 18:11:30,030 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:30,044 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLProtocolAndRoleHandler' on INBOUND message context 2018-04-10 18:11:30,044 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:30,080 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler' on INBOUND message context 2018-04-10 18:11:30,080 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:30,089 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:434] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Metadata backing store does not contain any EntityDescriptors with the ID: https://dev3.service-now.com 2018-04-10 18:11:30,090 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:161] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://dev3.service-now.com] 2018-04-10 18:11:30,090 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:586] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Candidates iteration was empty, nothing to filter via predicates 2018-04-10 18:11:30,093 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:161] - Metadata Resolver FilesystemMetadataResolver SiteSP3: Resolved 1 candidates via EntityIdCriterion: EntityIdCriterion [id=https://dev3.service-now.com] 2018-04-10 18:11:30,093 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:590] - Metadata Resolver FilesystemMetadataResolver SiteSP3: Attempting to filter candidate EntityDescriptors via resolved Predicates 2018-04-10 18:11:30,095 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:612] - Metadata Resolver FilesystemMetadataResolver SiteSP3: After predicate filtering 1 EntityDescriptors remain 2018-04-10 18:11:30,102 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:264] - Resolved 1 source EntityDescriptors 2018-04-10 18:11:30,105 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:275] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering 2018-04-10 18:11:30,112 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:376] - Attempting to filter candidate RoleDescriptors via resolved Predicates 2018-04-10 18:11:30,113 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:398] - After predicate filtering 1 RoleDescriptors remain 2018-04-10 18:11:30,113 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLMetadataLookupHandler:144] - Message Handler: org.opensaml.saml.common.messaging.context.SAMLMetadataContext added to MessageContext as child of org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext 2018-04-10 18:11:30,120 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler' on INBOUND message context 2018-04-10 18:11:30,133 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:30,133 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:130] - Message Handler: Selecting default AttributeConsumingService, if any 2018-04-10 18:11:30,134 - DEBUG [org.opensaml.saml.metadata.support.AttributeConsumingServiceSelector:186] - Resolving AttributeConsumingService candidates from SPSSODescriptor 2018-04-10 18:11:30,135 - DEBUG [org.opensaml.saml.metadata.support.AttributeConsumingServiceSelector:141] - AttributeConsumingService candidate list was empty, can not select service 2018-04-10 18:11:30,135 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLAddAttributeConsumingServiceHandler:138] - Message Handler: No AttributeConsumingService selected 2018-04-10 18:11:30,167 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeRelyingPartyContextFromSAMLPeer:132] - Profile Action InitializeRelyingPartyContextFromSAMLPeer: Attaching RelyingPartyContext based on SAML peer https://dev3.service-now.com 2018-04-10 18:11:30,186 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:293] - Resolving relying party configuration 2018-04-10 18:11:30,187 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:305] - Checking if relying party configuration EntityNames[http://192.168.1.5:80/webconsole,] is applicable 2018-04-10 18:11:30,187 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:310] - Relying party configuration EntityNames[http://192.168.1.5:80/webconsole,] is not applicable 2018-04-10 18:11:30,187 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:305] - Checking if relying party configuration EntityNames[https://dev3.service-now.com,] is applicable 2018-04-10 18:11:30,188 - DEBUG [net.shibboleth.idp.relyingparty.impl.DefaultRelyingPartyConfigurationResolver:307] - Relying party configuration EntityNames[https://dev3.service-now.com,] is applicable 2018-04-10 18:11:30,188 - DEBUG [net.shibboleth.idp.profile.impl.SelectRelyingPartyConfiguration:136] - Profile Action SelectRelyingPartyConfiguration: Found relying party configuration EntityNames[https://dev3.service-now.com,] for request 2018-04-10 18:11:30,361 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.PopulateProfileInterceptorContext:126] - Profile Action PopulateProfileInterceptorContext: Installing flow intercept/security-policy/saml2-sso into interceptor context 2018-04-10 18:11:30,566 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:52] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do 2018-04-10 18:11:30,617 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:101] - Profile Action SelectProfileInterceptorFlow: Checking flow intercept/security-policy/saml2-sso for applicability... 2018-04-10 18:11:30,617 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:84] - Profile Action SelectProfileInterceptorFlow: Selecting flow intercept/security-policy/saml2-sso 2018-04-10 18:11:31,376 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler' on INBOUND message context 2018-04-10 18:11:31,376 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:31,377 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:157] - Message Handler: Checking SAML message intended destination endpoint against receiver endpoint 2018-04-10 18:11:31,377 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:190] - Message Handler: Intended message destination endpoint: https://tejesh-khimani.in/idp/profile/SAML2/Redirect/SSO 2018-04-10 18:11:31,382 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:191] - Message Handler: Actual message receiver endpoint: https://tejesh-khimani.in/idp/profile/SAML2/Redirect/SSO 2018-04-10 18:11:31,395 - DEBUG [org.opensaml.saml.common.binding.security.impl.ReceivedEndpointSecurityHandler:204] - Message Handler: SAML message intended destination endpoint matched recipient endpoint 2018-04-10 18:11:31,415 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler' on INBOUND message context 2018-04-10 18:11:31,416 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:31,417 - DEBUG [org.opensaml.saml.common.binding.security.impl.MessageReplaySecurityHandler:152] - Message Handler: Evaluating message replay for message ID 'SNC59f55cc9ab12c0f09e7ac58c1e00bae4', issue instant '2018-04-10T12:42:10.148Z', entityID 'https://dev3.service-now.com' 2018-04-10 18:11:31,435 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.MessageLifetimeSecurityHandler' on INBOUND message context 2018-04-10 18:11:31,440 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:31,456 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2AuthnRequestsSignedSecurityHandler' on INBOUND message context 2018-04-10 18:11:31,457 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:31,492 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler' on INBOUND message context 2018-04-10 18:11:31,493 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:31,494 - DEBUG [org.opensaml.saml.common.binding.security.impl.SAMLProtocolMessageXMLSignatureSecurityHandler:102] - Message Handler: SAML protocol message was not signed, skipping XML signature processing 2018-04-10 18:11:31,513 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler' on INBOUND message context 2018-04-10 18:11:31,514 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:31,514 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:148] - Message Handler: Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler 2018-04-10 18:11:31,515 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:59] - Constructing signed content string from URL query string SAMLRequest=lVJBbtswEPyKwLtEUpVhm7AMqDaCGEgTwXJ66I2mVjFbilS4lNL%2BvrLsoOkhKXrlzs7MznCFsjVpJ4o%2BnOwennvAEP1sjUVxmeSk91Y4iRqFlS2gCEpUxZc7kSZMdN4Fp5whUYEIPmhnN85i34KvwA9aweP%2BLienEDoUlNYwfJrPszTByzC27iVRrqVWDp18gqR2JNqOFrSVZ64%2FmwG%2BA57iHyfdSqsTbamuOzrKN9oAPftJ6R5q7UEFWlUPJLpxXsF0Vk6C74FEu21OqvvNbNnMZkot5ZGnijVsCXOpZgvFgbGjhGwEYikR9QA5aaTB8ypiDzuLQdqQk5TxRcyymLMDT0WWCs4Sni2%2Bkai85vFZ21rbp4%2FDO15AKG4PhzIuH6rDRDDoGvz9iP7P3L6CxymzkZusV1N9YjLu3zb6sSf5WiNZ%2F0t8Rd9KXAU7cXa%2B25bOaPUrKoxxLxsPMsBrC2MvrQzvu%2BAJn150HTcTVEArtSnq2gMioeur7t9%2Fdv0b&RelayState=https%3A%2F%2Fdev3.service-now.com%2Fnavpage.doSNCRSEPsysparm_saml_tc%3Dtrue%26glide_sso_id%3D7d4a8c26db330300dcfb5ff0cf96191a%26exit_name%3DMultiSSO&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1&Signature=EFKBz2X8KeXpspx5GcBzjhClPjrHwnJjNqPrjif9Ov8YnLBBt%2B1Wyb1F2T4jLugr4ehOAywmS1FGDp%2Fd68LwucX6dsV8ARDtGCPt172w8YVaOobobqDv%2BOyq04Ii2ltdqNojwtScrl0xStt8tJRYKBXuX5JlgKhWBaMcDyjyLpE%3D 2018-04-10 18:11:31,517 - DEBUG [org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPRedirectDeflateSignatureSecurityHandler:66] - Constructed signed content string for HTTP-Redirect DEFLATE SAMLRequest=lVJBbtswEPyKwLtEUpVhm7AMqDaCGEgTwXJ66I2mVjFbilS4lNL%2BvrLsoOkhKXrlzs7MznCFsjVpJ4o%2BnOwennvAEP1sjUVxmeSk91Y4iRqFlS2gCEpUxZc7kSZMdN4Fp5whUYEIPmhnN85i34KvwA9aweP%2BLienEDoUlNYwfJrPszTByzC27iVRrqVWDp18gqR2JNqOFrSVZ64%2FmwG%2BA57iHyfdSqsTbamuOzrKN9oAPftJ6R5q7UEFWlUPJLpxXsF0Vk6C74FEu21OqvvNbNnMZkot5ZGnijVsCXOpZgvFgbGjhGwEYikR9QA5aaTB8ypiDzuLQdqQk5TxRcyymLMDT0WWCs4Sni2%2Bkai85vFZ21rbp4%2FDO15AKG4PhzIuH6rDRDDoGvz9iP7P3L6CxymzkZusV1N9YjLu3zb6sSf5WiNZ%2F0t8Rd9KXAU7cXa%2B25bOaPUrKoxxLxsPMsBrC2MvrQzvu%2BAJn150HTcTVEArtSnq2gMioeur7t9%2Fdv0b&RelayState=https%3A%2F%2Fdev3.service-now.com%2Fnavpage.doSNCRSEPsysparm_saml_tc%3Dtrue%26glide_sso_id%3D7d4a8c26db330300dcfb5ff0cf96191a%26exit_name%3DMultiSSO&SigAlg=http%3A%2F%2Fwww.w3.org%2F2000%2F09%2Fxmldsig%23rsa-sha1 2018-04-10 18:11:31,530 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:199] - Message Handler: Attempting to validate SAML protocol message simple signature using context entityID: https://dev3.service-now.com 2018-04-10 18:11:31,532 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:286] - Resolving credentials from metadata using entityID: https://dev3.service-now.com, role: {urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor, protocol: urn:oasis:names:tc:SAML:2.0:protocol, usage: SIGNING 2018-04-10 18:11:31,535 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:436] - Retrieving role descriptor metadata for entity 'https://dev3.service-now.com' in role '{urn:oasis:names:tc:SAML:2.0:metadata}SPSSODescriptor' for protocol 'urn:oasis:names:tc:SAML:2.0:protocol' 2018-04-10 18:11:31,535 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:434] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Metadata backing store does not contain any EntityDescriptors with the ID: https://dev3.service-now.com 2018-04-10 18:11:31,535 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:161] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Resolved 0 candidates via EntityIdCriterion: EntityIdCriterion [id=https://dev3.service-now.com] 2018-04-10 18:11:31,535 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:586] - Metadata Resolver FilesystemMetadataResolver SiteSP1: Candidates iteration was empty, nothing to filter via predicates 2018-04-10 18:11:31,536 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractBatchMetadataResolver:161] - Metadata Resolver FilesystemMetadataResolver SiteSP3: Resolved 1 candidates via EntityIdCriterion: EntityIdCriterion [id=https://dev3.service-now.com] 2018-04-10 18:11:31,536 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:590] - Metadata Resolver FilesystemMetadataResolver SiteSP3: Attempting to filter candidate EntityDescriptors via resolved Predicates 2018-04-10 18:11:31,536 - DEBUG [org.opensaml.saml.metadata.resolver.impl.AbstractMetadataResolver:612] - Metadata Resolver FilesystemMetadataResolver SiteSP3: After predicate filtering 1 EntityDescriptors remain 2018-04-10 18:11:31,536 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:264] - Resolved 1 source EntityDescriptors 2018-04-10 18:11:31,537 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:275] - Resolved 1 RoleDescriptor candidates via role criteria, performing predicate filtering 2018-04-10 18:11:31,537 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:376] - Attempting to filter candidate RoleDescriptors via resolved Predicates 2018-04-10 18:11:31,537 - DEBUG [org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver:398] - After predicate filtering 1 RoleDescriptors remain 2018-04-10 18:11:31,537 - DEBUG [org.opensaml.saml.security.impl.MetadataCredentialResolver:355] - Found no cached credentials in KeyDescriptor object metadata, resolving from KeyInfo 2018-04-10 18:11:31,560 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:271] - Message Handler: Simple signature validation (with no request-derived credentials) was successful 2018-04-10 18:11:31,574 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:203] - Message Handler: Validation of request simple signature succeeded 2018-04-10 18:11:31,575 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:205] - Message Handler: Authentication via request simple signature succeeded for context issuer entity ID https://dev3.service-now.com 2018-04-10 18:11:31,600 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler' on INBOUND message context 2018-04-10 18:11:31,600 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:31,601 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:148] - Message Handler: Evaluating simple signature rule of type: org.opensaml.saml.saml2.binding.security.impl.SAML2HTTPPostSimpleSignSecurityHandler 2018-04-10 18:11:31,601 - DEBUG [org.opensaml.saml.common.binding.security.impl.BaseSAMLSimpleSignatureSecurityHandler:151] - Message Handler: Handler can not handle this request, skipping processing 2018-04-10 18:11:31,621 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:174] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.messaging.handler.impl.CheckMandatoryIssuer' on INBOUND message context 2018-04-10 18:11:31,628 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.AuthnRequestImpl' 2018-04-10 18:11:31,634 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.WriteProfileInterceptorResultToStorage:68] - Profile Action WriteProfileInterceptorResultToStorage: No results available from interceptor context, nothing to store 2018-04-10 18:11:31,644 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.FilterFlowsByNonBrowserSupport:52] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do 2018-04-10 18:11:31,646 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:65] - Profile Action SelectProfileInterceptorFlow: Moving completed flow intercept/security-policy/saml2-sso to completed set, selecting next one 2018-04-10 18:11:31,647 - DEBUG [net.shibboleth.idp.profile.interceptor.impl.SelectProfileInterceptorFlow:80] - Profile Action SelectProfileInterceptorFlow: No flows available to choose from 2018-04-10 18:11:31,673 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeOutboundMessageContext:149] - Profile Action InitializeOutboundMessageContext: Initialized outbound message context 2018-04-10 18:11:31,716 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:375] - Profile Action PopulateBindingAndEndpointContexts: Attempting to resolve endpoint of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService for outbound message 2018-04-10 18:11:31,718 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:516] - Profile Action PopulateBindingAndEndpointContexts: Populating template endpoint for resolution from SAML AuthnRequest 2018-04-10 18:11:31,726 - DEBUG [org.opensaml.saml.common.binding.AbstractEndpointResolver:220] - Endpoint Resolver org.opensaml.saml.common.binding.impl.DefaultEndpointResolver: Returning 2 candidate endpoints of type {urn:oasis:names:tc:SAML:2.0:metadata}AssertionConsumerService 2018-04-10 18:11:31,726 - DEBUG [net.shibboleth.idp.saml.profile.impl.PopulateBindingAndEndpointContexts:418] - Profile Action PopulateBindingAndEndpointContexts: Resolved endpoint at location https://dev3.service-now.com/navpage.do using binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 2018-04-10 18:11:31,754 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:387] - No AttributeConsumingService was resolved, won't be able to determine delegation requested status via metadata 2018-04-10 18:11:31,755 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:520] - No AttributeConsumingService was available 2018-04-10 18:11:31,756 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:505] - Delegation request was not explicitly indicated, using default value: NOT_REQUESTED 2018-04-10 18:11:31,756 - DEBUG [net.shibboleth.idp.saml.saml2.profile.delegation.impl.PopulateDelegationContext:294] - Issuance of a delegated Assertion is not in effect, skipping further processing 2018-04-10 18:11:31,763 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:184] - Profile Action PopulateSignatureSigningParameters: Signing enabled 2018-04-10 18:11:32,097 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:197] - Profile Action PopulateSignatureSigningParameters: Resolving SignatureSigningParameters for request 2018-04-10 18:11:32,199 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:229] - Profile Action PopulateSignatureSigningParameters: Adding metadata to resolution criteria for signing/digest algorithms 2018-04-10 18:11:32,215 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:237] - Profile Action PopulateSignatureSigningParameters: Resolved SignatureSigningParameters 2018-04-10 18:11:32,238 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:184] - Profile Action PopulateSignatureSigningParameters: Signing enabled 2018-04-10 18:11:32,239 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:197] - Profile Action PopulateSignatureSigningParameters: Resolving SignatureSigningParameters for request 2018-04-10 18:11:32,240 - DEBUG [org.opensaml.saml.common.profile.impl.PopulateSignatureSigningParameters:211] - Profile Action PopulateSignatureSigningParameters: Found existing SecurityParametersContext to copy from 2018-04-10 18:11:32,266 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.PopulateEncryptionParameters:299] - Profile Action PopulateEncryptionParameters: No encryption requested, nothing to do 2018-04-10 18:11:32,337 - DEBUG [net.shibboleth.idp.saml.profile.impl.ExtractSubjectFromRequest:144] - Profile Action ExtractSubjectFromRequest: No Subject NameID/NameIdentifier in message needs inbound processing 2018-04-10 18:11:32,345 - DEBUG [org.opensaml.saml.common.profile.impl.VerifyChannelBindings:154] - Profile Action VerifyChannelBindings: No channel bindings found to verify, nothing to do 2018-04-10 18:11:32,519 - DEBUG [net.shibboleth.idp.saml.profile.impl.InitializeAuthenticationContext:115] - Profile Action InitializeAuthenticationContext: Created authentication context: AuthenticationContext{initiationInstant=2018-04-10T18:11:32.519+05:30, isPassive=false, forceAuthn=true, hintedName=null, potentialFlows=[], activeResults=[], attemptedFlow=null, signaledFlowId=null, authenticationStateMap={}, resultCacheable=true, initialAuthenticationResult=null, authenticationResult=null, completionInstant=1970-01-01T05:30:00.000+05:30} 2018-04-10 18:11:32,549 - DEBUG [net.shibboleth.idp.saml.saml2.profile.impl.ProcessRequestedAuthnContext:174] - Profile Action ProcessRequestedAuthnContext: AuthnRequest did not contain a RequestedAuthnContext, nothing to do 2018-04-10 18:11:32,916 - DEBUG [net.shibboleth.idp.authn.impl.PopulateAuthenticationContext:200] - Profile Action PopulateAuthenticationContext: Installed 1 potential authentication flows into AuthenticationContext 2018-04-10 18:11:32,943 - DEBUG [net.shibboleth.idp.session.impl.PopulateSessionContext:133] - Profile Action PopulateSessionContext: No session found for client 2018-04-10 18:11:33,022 - DEBUG [net.shibboleth.idp.authn.impl.InitializeRequestedPrincipalContext:152] - Profile Action InitializeRequestedPrincipalContext: Profile configuration did not supply any default authentication methods 2018-04-10 18:11:33,041 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:75] - Profile Action FilterFlowsByForcedAuthn: Removing flow authn/RemoteUser, it does not support forced authentication 2018-04-10 18:11:33,049 - INFO [net.shibboleth.idp.authn.impl.FilterFlowsByForcedAuthn:82] - Profile Action FilterFlowsByForcedAuthn: No potential authentication flows remain after filtering 2018-04-10 18:11:33,066 - DEBUG [net.shibboleth.idp.authn.impl.FilterFlowsByNonBrowserSupport:53] - Profile Action FilterFlowsByNonBrowserSupport: Request does not have non-browser requirement, nothing to do 2018-04-10 18:11:33,089 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:255] - Profile Action SelectAuthenticationFlow: No specific Principals requested 2018-04-10 18:11:33,090 - DEBUG [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:267] - Profile Action SelectAuthenticationFlow: Forced authentication requested, selecting an inactive flow 2018-04-10 18:11:33,090 - INFO [net.shibboleth.idp.authn.impl.SelectAuthenticationFlow:271] - Profile Action SelectAuthenticationFlow: No potential flows left to choose from, authentication failed 2018-04-10 18:11:33,127 - DEBUG [org.opensaml.saml.common.profile.logic.DefaultLocalErrorPredicate:184] - Error event NoPotentialFlow will be handled with response 2018-04-10 18:11:33,163 - DEBUG [org.opensaml.saml.saml2.profile.impl.AbstractResponseShellAction:217] - Profile Action AddStatusResponseShell: Setting Issuer to https://tejesh-khimani.in/idp/shibboleth 2018-04-10 18:11:33,184 - DEBUG [org.opensaml.saml.common.profile.impl.AddInResponseToToResponse:110] - Profile Action AddInResponseToToResponse: Attempting to add InResponseTo to outgoing Response 2018-04-10 18:11:33,288 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddStatusToResponse:195] - Profile Action AddStatusToResponse: Detailed errors are enabled 2018-04-10 18:11:33,310 - DEBUG [org.opensaml.saml.saml2.profile.impl.AddStatusToResponse:230] - Profile Action AddStatusToResponse: Current state of request was mappable, setting StatusMessage to mapped value 2018-04-10 18:11:33,429 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:179] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler of type 'org.opensaml.messaging.handler.impl.BasicMessageHandlerChain' on OUTBOUND message context 2018-04-10 18:11:33,442 - DEBUG [net.shibboleth.idp.profile.impl.WebFlowMessageHandlerAdaptor:195] - Profile Action WebFlowMessageHandlerAdaptor: Invoking message handler on message context containing a message of type 'org.opensaml.saml.saml2.core.impl.ResponseImpl' 2018-04-10 18:11:33,443 - DEBUG [org.opensaml.saml.common.binding.impl.SAMLOutboundDestinationHandler:62] - Adding destination to outbound SAML 2 protocol message: https://dev3.service-now.com/navpage.do 2018-04-10 18:11:33,443 - DEBUG [org.opensaml.saml.common.binding.security.impl.EndpointURLSchemeSecurityHandler:52] - Message Handler: Checking outbound endpoint for allowed URL scheme: https://dev3.service-now.com/navpage.do 2018-04-10 18:11:33,448 - DEBUG [org.opensaml.saml.common.SAMLObjectSupport:56] - Examining signed object for content references with exclusive canonicalization transform 2018-04-10 18:11:33,461 - DEBUG [org.opensaml.saml.common.SAMLObjectSupport:70] - Saw exclusive transform, declaring non-visible namespaces on signed object 2018-04-10 18:11:33,489 - DEBUG [org.opensaml.saml.common.SAMLObjectContentReference:165] - Adding list of inclusive namespaces for signature exclusive canonicalization transform 2018-04-10 18:11:33,557 - DEBUG [net.shibboleth.idp.saml.profile.impl.SpringAwareMessageEncoderFactory:100] - Looking up message encoder based on binding URI: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST 2018-04-10 18:11:33,586 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:159] - Invoking Velocity template to create POST body 2018-04-10 18:11:33,598 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:192] - Encoding action url of 'https://dev3.service-now.com/navpage.do' with encoded value 'https&#x3a;&#x2f;&#x2f;dev3.service-now.com&#x2f;navpage.do' 2018-04-10 18:11:33,599 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:198] - Marshalling and Base64 encoding SAML message 2018-04-10 18:11:33,605 - WARN [org.opensaml.saml.common.binding.SAMLBindingSupport:93] - Relay state exceeds 80 bytes: https://dev3.service-now.com/navpage.doSNCRSEPsysparm_saml_tc=true&glide_sso_id=7d4a8c26db330300dcfb5ff0cf96191a&exit_name=MultiSSO 2018-04-10 18:11:33,616 - DEBUG [org.opensaml.saml.saml2.binding.encoding.impl.HTTPPostEncoder:220] - Setting RelayState parameter to: 'https://dev3.service-now.com/navpage.doSNCRSEPsysparm_saml_tc=true&glide_sso_id=7d4a8c26db330300dcfb5ff0cf96191a&exit_name=MultiSSO', encoded as 'https&#x3a;&#x2f;&#x2f;dev3.service-now.com&#x2f;navpage.doSNCRSEPsysparm_saml_tc&#x3d;true&amp;glide_sso_id&#x3d;7d4a8c26db330300dcfb5ff0cf96191a&amp;exit_name&#x3d;MultiSSO' 2018-04-10 18:11:33,645 - DEBUG [net.shibboleth.idp.profile.impl.RecordResponseComplete:89] - Profile Action RecordResponseComplete: Record response complete 2018-04-10 18:11:33,660 - INFO [Shibboleth-Audit.SSO:241] - 20180410T124133Z|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect|SNC59f55cc9ab12c0f09e7ac58c1e00bae4|https://dev3.service-now.com|http://shibboleth.net/ns/profiles/saml2/sso/browser|https://tejesh-khimani.in/idp/shibboleth|urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST|_223cf53a5dfe6a82f1badf27ef3956bf||||||

Please follow the documentation provide by ServiceNow.

Thanks for the reply. I did follow the documentation but couldn't figure out the issue. Can you direct what's the exact issue?

Provide the documentation link you have follow.

Tejesh, The nature of community support is that we can point out tips and tricks to help you solve your issues, but we can't do the work for you. You need to do more research, and be tactical about the tickets you open with us. We also need the issues better documented, with exact steps about how to reproduce issues. Thanks, Will