Auto redirect users to correct IDP when using multiple Identity Providers

Vedhavrath_Kond
Tera Guru

‎04-21-2023 11:58 PM - edited ‎04-23-2023 09:35 PM

 

In today's world, companies often use multiple Identity Providers (IDPs) for signing into their applications. ServiceNow provides the ability to integrate with multiple IDPs for Single Sign-On (SSO) using either Secure Web Authentication or SAML protocols. However, how does ServiceNow identify the right IDP for each user and redirect them to the correct IDP? This can be done using the SSO Source field on the User table. The SSO Source field consists of the sys_id of the IDP configured and tested in the instance.

 

Note that all the configured IDPs should be active, and no auto-redirect IDP should be enabled(Value of glide.authenticate.sso.redirect.idp system property should be empty). When a user tries to log in to ServiceNow using the URL, the URL points to the public login page, which asks for credentials. With the Multiple Provider Single Sign-On Enhanced UI plugin, users can find a text link "Login with SSO." Clicking on this link takes the user to the “login_locate_sso.do” page where the user is only asked for their username. Once the user enters their username, ServiceNow queries the User table to retrieve the right SSO Source “sys_id”. Once retrieved, the user is redirected to the SSO login page of the IDP tagged to their user account.

 

VedhavrathKon2_0-1682146241168.png

 

VedhavrathKon2_1-1682146241179.png

 

However, one can bypass this step by making the “login_locate_sso.do” page the initial login page. This can be done using the following steps:

 

Step 1: Create a Script Include

 

  1. Log in to ServiceNow as an administrator.
  2. Navigate to System Definition > Script Includes.
  3. Click the New button to create a new Script Include.
  4. In the Name field, enter a name for the Script Include, for example, "LocateLoginSso."
  5. In the Script field, enter the following code:

 

var LocateLoginSso = Class.create();

LocateLoginSso.prototype = {

  initialize: function() {},

  redirectToSSO: function() {

    return "/login_locate_sso.do";

  },

  type: LocateLoginSso

};

 

  1. Click the Submit button to save the Script Include.

Screenshot 2023-04-22 at 12.14.17 PM.png

 

 

Step 2: Update the System Property

 

  1. Navigate to System Properties> System.
  2. Find the “glide.entry.page.script” property and click the Edit button (Create the property if you don’t find it).
  3. In the Value field, enter the following code:

new LocateLoginSso ().redirectToSSO ();

 Screenshot 2023-04-22 at 12.14.08 PM.png

 

  1. Click the Submit button to save the System Property.

 

Step 3: Test the Auto-Redirect

 

Open a new browser window and enter the ServiceNow instance URL, for example, http://instance.service-now.com.

The user should be automatically redirected to http://instance.service-now.com/login_locate_sso.do.

The user should then be redirected to the correct IDP login page based on their SSO Source field in the User table.

 

Please mark it helpful if you find it interesting

 

  • 4,781 Views
19 REPLIES 19

Poorna Kola
Tera Guru

‎04-22-2023 12:16 AM

Good one

0 Helpfuls

SAI SRIKANTH AL
Tera Contributor

‎04-22-2023 01:29 AM

Helpful article, thank you.

NRekha
Tera Contributor

‎04-22-2023 01:46 AM

Interesting and very helpful 

0 Helpfuls

Suma Mallidi
Tera Expert

‎04-22-2023 02:22 AM

Helpful Article !!

0 Helpfuls