Currently Helsinki environment that consists of 17 different IDP's for multi provider SSO using SAML2.   SP landing page setup with 17 different links that a user can click on that will take them directly to their IDP without having to click the "Use External Login".  

Here is an example URL: https://myinstance.service-now.com/login_with_sso.do?glide_sso_id=7cb23f131b121100227e5581be071355

Here is example landing page for login:

Once the users are logged in they are forced to service portal and can't get to the fufiller view.   This was done by: modifying the SPEntryPage script include, modifying glide.entry.page.script, creating glide.entry.first.page.script.

Since going to service portal the URI_REF is no longer working as it tries to take the users to fulfiller view.   We do not allow this.   Our desire is customer receives an email notification (Incident, Request, Survey, etc.,)   they can click a URI_REF that auto logs them (using correct IDP) then loads the task ticket in portal view.  

Where I am at now.   I found you can replace "${URI_REF}" with "<a href="sp?sys_id=${incident.sys_id}&view=sp&id=ticket&table=incident">${number}</a>" for an incident and it does work. If they are already logged in.   If not it requires the customer to login at the landing page and loses the "deep link" and doesn't redirect after login.      

So my question is how can I get past the URI_REF issue and what is the possibility of getting past our login issues as stated above? My guess is I have a few things that need to be addressed but need some help getting there.