Cannot Generate Metadata when Sign AuthnRequest or Sign LogoutRequest is checkedDescriptionCannot Generate Metadata when enabling Sign AuthnRequest / Sign LogoutRequest / Encrypt Assertion on an Identity Provider (IdP).CauseThere might be various possible reasons which may cause this behavior. To better understand those possibilities it is important to understand what happens behind the scene when you set one of the aforementioned checkboxes true on an IdP record. Enabling these checkboxes means signing your authentication/logout request or encrypting the Assertion request with an SSL key which is stored in a Java Key-store. By default, ServiceNow uses its base system keystore SAML 2.0 SP Keystore to do this job. And, this configuration is defined in system property glide.authenticate.sso.saml2.keystore which stores the sys_id of this keystore. Some customers prefer to use their own keystore which is also possible. In that case, you must have a keystore available in 1st place and then you need to create a record similar to SAML 2.0 SP Keystore (of course with a different name) in X.509 Certificate (sys_certificate) table and attach your keystore there. Plus you need to update glide.authenticate.sso.saml2.keystore system property value with the sys_id of custom keystore you created.ResolutionWhen using a base system Keystore: Make sure system property glide.authenticate.sso.saml2.keystore is updated with the sys_id of the base system keystore SAML 2.0 SP Keystore or SAML 2.0 Keystore_Key2048_SHA256 (when you want to use SHA-256).Signing/Encryption Key Alias and Signing/Encryption Key Password values on an IdP record are correct i.e. "saml2sp."No duplicate entries of Signing/Encryption Key Alias / Signing/Encryption Key Password / Encrypt Assertion fields on IdP form layout. When using a custom keystore: Make sure system property glide.authenticate.sso.saml2.keystore is updated with the sys_id of your custom Keystore.Signing/Encryption Key Alias and Signing/Encryption Key Password values on an IdP record are correct.No duplicate entries of Signing/Encryption Key Alias / Signing/Encryption Key Password / Encrypt Assertion fields on IdP form layout. Note: The base system Signing/Encryption Key Alias and Signing/Encryption Key Password values are identical, that is, "saml2sp". Changing the Signing/Encryption Key Password value to "saml2sp" should correct the issue, and Generate Metadata should work.