The CreatorCon Call for Content is officially open! Get started here.

Is there a way to authenticate external user in service portal without using login.do?

LadySNWizard
Tera Contributor

‎07-05-2018 05:58 AM

 

Hi All,

The requirement is to create a public portal which is Visible to users even without logging in (Like the csm portal)

E.g.: https://devtest.service-now.com/csm or https://devtest.service-now.com/sampleportal

 

The problem that we have is using Multi-provider Single Sign-on (Multi-SSO) and SAML 2.0 for authentication and as soon as we enter the url (e.g.: https://aaaaaaaaaa.service-now.com/csm (OOB)or https://aaaaaaaaaaa.service-now.com/sampleportal (Custom)) it redirects to the external login page. 

So I need solutions/advises on the following issues

  1. How is the external authentication working?
  2. How to bypass the SSO to exempt the public portal (https://aaaaaaaaa.service-now.com/sampleportal) from redirecting to the login page
  3. Is there a way to authenticate external user in service portal without using login.do

 

Issue exists after doing the recommended changes, and the change I did is explained below

I am not able to go to the custom portal that is meant to be public. The home page  is set as public along with the widgets inside.

I could go to the portal directly if I am logged in to the instance. When try to access the Portal home page from an incognito window it gets redirected to  SSO driven login page. When I try to open the same portal from a personal instance in an incognito window it readily goes to the page as expected(No SSO enabled). Even in the client's instance the out of the box csm portal which is supposed to be public(home page) redirects to the SSO driven login page ,when opened in an incognito window In client's instance.

 

The following properties are also set according to the script include SPEntryPage.

 

PROPERTY                                           SET VALUE

glide.entry.page.script                      new SPEntryPage().getLoginURL()

glide.entry.first.page.script              new SPEntryPage().getFirstPageURL()

 

Is there a way the redirection to SSO  be prevented on trying to acces custom Portal Home when the there is no valid user logged in. It should remain in the same page for public users without roles. 

 

Thanks in Advance,

Anjaly Ashok

 

 

0 Helpfuls
  • 3,859 Views
2 REPLIES 2

VarunArulmani
Mega Expert

‎07-09-2018 01:42 PM

 

1) How is the external authentication working?   

For Service Portal, the external authentication is configured through Service Portal widget 'Login'. The server script on widget has idp code. 

data.default_idp = GlideProperties.get("glide.authenticate.sso.redirect.idp");

'Login' widget finds the sysid of default idp using glide property and redirects the portal user through appropriate idp.

2) How to bypass the SSO to exempt the public portal (https://aaaaaaaaa.service-now.com/sampleportal) from redirecting to the login page.

Clone 'Login' widget and create a new login widget 'LoginSampleportal'. You can configure the sampleportal to use'LoginSampleportal' as login method. Modify server script in 'LoginSampleportal' widget to exclude idp routing. 

 

Pascal R_
Kilo Contributor
In response to VarunArulmani

‎08-16-2018 07:16 AM

Thanks for this trick,

It turns out the widget was designed with a variable  to bypass the SSO but it's not present in the "option schema" so either you can add it to the option schema and set it to "true" in the widget instance options.

Server Script Line 21

var bypass_sso = options.bypass_sso == "true";

or you can force it to skip SSO redirection by replacing by

var bypass_sso = "true";
0 Helpfuls