- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-12-2018 12:03 PM
HI we configured MultiSSO for multiple identity providers. We used ADFS and Okta.
We ran into an issue where ADFS users redirect to ADFS no longer worked and the ADFS users were directed to the default ServiceNow login screen.
Is this normal when you set up multiple identity providers under the multisso plugin and how can we always ensure the redirect works as eventually, we need to have more than 2 configured?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2018 11:30 AM
Thanks for replying
We also got some info from Now forum
Sharing for others
Challenge:
When differing company/domain users log onto ServiceNow they need to be authenticated by the correct IDP. Currently they are configured for Users to select their idp at login. this is not working for them and they require to be redirected automatically at point of login
Solutions:
1 Provide a specifically configured ServiceNow URL to the users. This URL holds the IDP.
/login_with_sso.do?glide_sso_id=<sys_id of the sso configuration>
2: Update the SSO Source field for user records to reference the correct idp: sso=<sys_id of the idp>
If you review the UI Page: login_locate_sso
This page evaluates the user and and users the gs.getProperty('glide.authenticate.multisso.login_locate.user_field', 'user_name') to determine a user reconciliation field;
From the user record it then retrieves the users IDP, generates a URL and redirects.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2018 11:25 AM
Hi,
It's kind of hard to say but it isn't normal that it should do that. Something isn't working anymore in your configuration. Normally if the SSO (ADFS side) stops working it doesn't redirect automatically since ADFS users doesn't have any local password anyway and can't login through that login. How to ensure it is pretty much configure it the correct way. I know this is a crappy answer, but not much more to say about it unless having more information.
//Göran
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-05-2018 11:30 AM
Thanks for replying
We also got some info from Now forum
Sharing for others
Challenge:
When differing company/domain users log onto ServiceNow they need to be authenticated by the correct IDP. Currently they are configured for Users to select their idp at login. this is not working for them and they require to be redirected automatically at point of login
Solutions:
1 Provide a specifically configured ServiceNow URL to the users. This URL holds the IDP.
/login_with_sso.do?glide_sso_id=<sys_id of the sso configuration>
2: Update the SSO Source field for user records to reference the correct idp: sso=<sys_id of the idp>
If you review the UI Page: login_locate_sso
This page evaluates the user and and users the gs.getProperty('glide.authenticate.multisso.login_locate.user_field', 'user_name') to determine a user reconciliation field;
From the user record it then retrieves the users IDP, generates a URL and redirects.
