How to accept external SSO session

Fabricio4 · ‎10-31-2024

So, we have an OIDC SSO integration with Keycloak, and it's working as expected for user authentication. However, we need ServiceNow to automatically recognize and reauthenticate users who have an active session initiated from external systems through the same SSO realm in Keycloak. The Keycloak configuration supports this, but I'm unsure if additional adjustments are needed in our ServiceNow Identity Provider configuration to allow for automatic session recognition and avoid a new login prompt. Any guidance on enabling this in ServiceNow?

Fabricio4 · ‎11-06-2024

Managed to do it with an UI script running on the Portal's theme. The script basically calls the same SSO link used in the original login widget. I did some shenanigans in the script so it validates if the user is authenticated outside or not, by basically calling the provider endpoint right when you enter the Portal, so if an auth code is returned that means the user is logged outside on that provider, which means I can call the actual ServiceNow URL, the one that will do the whole process:

"/login_with_sso.do?glide_sso_id=" + <IdentityProviderSysID>;"

View solution in original post

Fabricio4 · ‎11-06-2024

Managed to do it with an UI script running on the Portal's theme. The script basically calls the same SSO link used in the original login widget. I did some shenanigans in the script so it validates if the user is authenticated outside or not, by basically calling the provider endpoint right when you enter the Portal, so if an auth code is returned that means the user is logged outside on that provider, which means I can call the actual ServiceNow URL, the one that will do the whole process:

"/login_with_sso.do?glide_sso_id=" + <IdentityProviderSysID>;"