- Enable Plugin 'Integration - Multiple Provider Single Sign-On Installer'
- Under 'Multiple Provider SSO' Application
- Go to Properties > Enable multiple provider SSO & Enable debug logging for the multiple provider SSO integration
- Install ADFS Certificate in PEM format under 'MultiProvSSO' app
(Issuer , Subject will autopopulate if correctly installed)
- Go to 'Identity Providers' under ‘Multiple Provider SSO’ application
a. Click New
b. Click SAML
c. Give URL ox XML of the ADFS Server in pop-up Window
d. Click Import – It will import all the ADFS properties from the URL like NAME, Identity Provider URL, Identity Provider’s AuthnRequest etc
e. Set NameIDPolicyaccording to the requirement
OOB it is “urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress” if you are not using email address for authentication change it to “urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified”
f. Under Advanced tab
- Give ‘User field’ OOB it is email if you are not using email address for authentication change it to relevant field example “user_name”.
- Uncheck ‘Create AuthnContextClass’ checkbox
- Set ‘AuthContextClassRef Method’ to urn:federation:authentication:windows
For more details about AuthnContextClass go to https://docs.servicenow.com/bundle/kingston-platform-administration/page/integrate/saml/task/t_Enabl... and https://docs.servicenow.com/bundle/kingston-platform-administration/page/integrate/saml/task/t_Suppo...
- Set ‘Protocol Binding for the IDP's SingleLogoutRequest’ to ‘urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST’
- Finally Test Connection
- Only after successful connection test you will be able to make authentication Active
- After activation of identity provider set ‘Auto redirect IDP’ to true.
