Configuring IdP Initiated SSO

stevejarman
Giga Guru

‎08-22-2017 08:15 PM

Hi - I am urgently trying to locate the documentation or some sort of guide for configuring IdP Initiated SSO with ServiceNow. Are you able to tell me if that documentation exists, and - if so - where to find it?

0 Helpfuls
  • 3,230 Views
12 REPLIES 12

tony_barratt
ServiceNow Employee
ServiceNow Employee
In response to stevejarman

‎08-22-2017 09:31 PM

Hi Steve,


You mention when arriving at the ServiceNow pre-authenticated - that could happen if the user has authenticated via an application that is not   ServiceNow but is SSO enabled.


Vice versa as well, if you log in via the IDP as the result of logging into ServiceNow then the user can access the other Enterprise apps without re authenticating - as the idp maintains a log in session for you - and destroys it when you log out.


OK so far?



Also you can configure the SSO to redirect to the idp for log in without having to select   "External Login".


Here are some doc links to Multi SSO


https://docs.servicenow.com/bundle/istanbul-servicenow-platform/page/integrate/single-sign-on/task/t...


https://docs.servicenow.com/bundle/istanbul-servicenow-platform/page/integrate/single-sign-on/task/t...



The other way of arriving at the ServiceNow pre-authenticated is when you have authenticated via a Windows domain controller so you get   access to your Enterprise resources.


There is a link that refers:


(Workaround) Support Kerberos authentication


This is Service Provider initiated rather idp intiated however.



If the reply was informational, please like, mark as helpful or mark as correct!






stevejarman
Giga Guru
In response to tony_barratt

‎08-22-2017 09:46 PM

So maybe I'm thinking about this all wrong. Whether or not your initiating your "visit" to the ServiceNow instance from ServiceNow, OR from another authentication portal, the SSO config in ServiceNow is the same? I'd got it into my head that the config requirements were actually different, but maybe that's not the case.


0 Helpfuls

tony_barratt
ServiceNow Employee
ServiceNow Employee
In response to stevejarman

‎08-22-2017 10:08 PM

Hi Steve,


I am not sure what your current set up is.


Are you using Multi Provider SSO?


If so there is some info here which might be helpful. If you are using say Okta the situation could be different.


https://docs.servicenow.com/bundle/jakarta-servicenow-platform/page/integrate/authentication/concept...



Screen Shot 2017-08-23 at 7.05.54 AM.png


Preview file
84 KB

stevejarman
Giga Guru

‎08-23-2017 05:59 PM

Thanks for all the info guys. Slowly getting somewhere.



Something else I'm confused about though - in the Multi-Provider SSO, Identity Providers record, is it actually necessary to manually import and assign the certificate under the "x509 Certificate" field?



I've noticed that the PEM format certificate appears to be included in the XML metadata export from the IdP. I have one customer who's SSO is working fine, and I didn't import a certificate for them. Just importing the XML file populated the X.509 Certificates related list at the bottom of the record, even though the "x509 Certificate" field itself is blank.



1.png



2.png


Preview file
21 KB
Preview file
96 KB
0 Helpfuls

stevejarman
Giga Guru
In response to stevejarman

‎08-28-2017 03:27 PM

Anyone know the answer to this one?


0 Helpfuls