E-Signature with credentials in an SSO environment - which password?

Christian Prob2 · ‎08-20-2020

Hi Community!

Has anybody used the E-signature module and e-signature via credentials - eg. the user entering their password - in an SSO environment? My question is if the password is the SSO password or the ServiceNow sys_user password?

Thanks,

Christian

Willem · ‎08-20-2020

You can set up SSO to work with E-signatures:

On the eSignature Approval tab, enter the following e-signature SAML properties:

Option	Description
Assertion Consumer URL for eSignature authentication	This property defaults to the appropriate URL. To configure this property, click the lock icon to make this field editable. After edits, click the icon to lock the field.
Assertion Consumer Index for eSignature authentication	If your Service Provider has more than one URL set for the AssertionConsumerURL, you can set the index to use for eSignature, starting with index 1 or more.
AuthnRequest URL for eSignature Authentication	You can enter the URL that points to the SAML 2.0 IdP AuthnRequest URL for eSignature authentication. If the URL is the same as the Assertion Consumer URL, you can leave this setting blank.
Authentication Pop-up Dialog Width	When a user approves a request using eSignature, a dialog opens and a user can enter credentials. This setting controls the width of that dialog box. The default is 500.
Authentication Pop-up Dialog Height	When a user approves a request using eSignature, a dialog opens and a user can enter credentials. This setting controls the height of that dialog box. The default is 300.

https://docs.servicenow.com/bundle/orlando-servicenow-platform/page/integrate/single-sign-on/task/ss...

View solution in original post

Willem · ‎08-20-2020

You can set up SSO to work with E-signatures:

On the eSignature Approval tab, enter the following e-signature SAML properties:

Option	Description
Assertion Consumer URL for eSignature authentication	This property defaults to the appropriate URL. To configure this property, click the lock icon to make this field editable. After edits, click the icon to lock the field.
Assertion Consumer Index for eSignature authentication	If your Service Provider has more than one URL set for the AssertionConsumerURL, you can set the index to use for eSignature, starting with index 1 or more.
AuthnRequest URL for eSignature Authentication	You can enter the URL that points to the SAML 2.0 IdP AuthnRequest URL for eSignature authentication. If the URL is the same as the Assertion Consumer URL, you can leave this setting blank.
Authentication Pop-up Dialog Width	When a user approves a request using eSignature, a dialog opens and a user can enter credentials. This setting controls the width of that dialog box. The default is 500.
Authentication Pop-up Dialog Height	When a user approves a request using eSignature, a dialog opens and a user can enter credentials. This setting controls the height of that dialog box. The default is 300.

https://docs.servicenow.com/bundle/orlando-servicenow-platform/page/integrate/single-sign-on/task/ss...

James Proske · ‎09-14-2020

How do you address the x-frame issue when you have ServiceNow high security and your IDP does not permit cross site embedded frames? I have Microsoft ADFS and I am not sure consumer.do can work in this environment.

https://community.servicenow.com/community?id=community_question&sys_id=c8ddf65bdbcd53084816f3231f96...

https://hi.service-now.com/kb_view.do?sysparm_article=KB0623826

Jim Coyne · ‎10-16-2020

We have E-Signature working with Azure AD SSO in Paris at the moment. The important part is to make sure your approvers have the "approver_user" Role, which has licensing implications. Otherwise you'll get the authentication window trying to open up in a GlideWindow instead of a separate window. This is what you get WITHOUT the "approver_user" Role:

And WITH it:

EXTREMELY misleading.