MultiSSO_ClientHelper script explanation ?

Kiddy1
Tera Contributor

‎11-09-2017 01:46 AM

we have migrated to jakarta from helsinki and found some functions aded in scripts can anyone explain the part which is new (i have kept text as bold)

gs.include("SSO_Helper");

gs.include("SSO_SAMLMetaUtil");

var MultiSSO_ClientHelper = Class.create();

// method name cannot start with "get"!

MultiSSO_ClientHelper.prototype = Object.extendsObject(AbstractAjaxProcessor , {

isPublic: function() {

return true;

},

getDiscoveryURL: function(serviceURL, federationId) {

var pat = /^https?:\/\//i;

if (pat.test(serviceURL)) {

// we always use it for sp entity id which is globally unique name

var instanceURL = new SSO_SAMLMetaUtil().getInstanceURL();

var returnURL = GlideStringUtil.urlEncode(instanceURL + "/login_with_sso.do");

return serviceURL + "?entityID=" + GlideStringUtil.urlEncode(instanceURL) + "&return=" + returnURL;

}

return serviceURL + "?glide_federation_id=" + federationId;

},

// return auto prov idp id or select URL

autoProvIdPOrSelectURL: function() {

      if ("true" == gs.getProperty("glide.authenticate.multisso.user.autoprovision")) {

var atp = SNC.SSOUtils.getAutoProvSAMLIdPList();

var count = atp.getRowCount();

if (count>1) {

var result = this.newItem("result");

var url = "/idp_disco.do";

SSO_Helper.debug("Returning auto provisioning discovery URL: " + url);

      result.setAttribute("discovery_service_url", url);

return url;

}

                      else {

// only one auto prov idp found just login with this idp

atp.next();

if (count == 1) {

                                      var result = this.newItem("result");

var idpId = atp.getUniqueValue();

SSO_Helper.debug("Returning auto provisioning IdP: " + idpId);

      result.setAttribute(SNC.SSOUtils.SSOID(), idpId);

return idpId;

}

}

}

return null;

},

ssoByUser: function() {

var userId = this.getParameter("sysparm_user_id");

var user_field = gs.getProperty("glide.authenticate.multisso.login_locate.user_field", "user_name");

SSO_Helper.debug("Looking up user id : " + userId);

SSO_Helper.debug("Looking up using user field : " + user_field);

var userTD = new GlideTableDescriptor('sys_user');

if (!(userTD.isValidField(user_field) && userTD.getElementDescriptor(user_field).isString())) {

SSO_Helper.debug("Invalid user field : " + user_field + ". Check property glide.authenticate.multisso.login_locate.user_field");

this.setError(gs.getMessage("External login not found"));

return;

}

var userTab = new GlideRecord("sys_user");

userTab.addQuery(user_field, userId);

userTab.addActiveQuery();

userTab.queryNoDomain();

var found = false;

if(userTab.next()) {

var source = userTab.sso_source;

if (GlideStringUtil.notNil(source)) {

SSO_Helper.debug("Found SSO " + source + " for the user : " + userId);

var values = source.split(":");

if ( values.length > 1 ) {

if ("sso" == values[0] ) {

SSO_Helper.debug("Returing SSO IdP from user record: " + values[1]);

var ssoBase = new GlideRecord("sso_properties");

ssoBase.addActiveQuery();

ssoBase.addQuery("sys_id", values[1]);

ssoBase.queryNoDomain();

if (ssoBase.next()) {

var result = this.newItem("result");

result.setAttribute(SNC.SSOUtils.SSOID(), values[1]);

found = true;

} else {

SSO_Helper.debug("SSO Provider not found or inActive at user record: " + values[1]);

found = false;

}

} else if ( "federation" == values[0] ) {

var federationId = values[1];

SSO_Helper.debug("Returing SSO federation from user record: " + federationId);

var fed = new GlideRecord("sso_federation");

fed.addActiveQuery();

fed.addQuery("sys_id", federationId);

fed.queryNoDomain();

if (fed.next()) {

found = true;

var url = this.getDiscoveryURL(fed.discovery_service_url, federationId);

SSO_Helper.debug("Discovery URL: " + url);

var result = this.newItem("result");

result.setAttribute("discovery_service_url", url);

} else {

found = false;

SSO_Helper.debug("Federation not found or inActive at user record: " + federationId);

}

}

}

}

if(!found) {

// try user company

var company = userTab.company;

if (company && !company.isNil()) {

// get the source field from referenced company record.

var source = company.getRefRecord().sso_source;

if (GlideStringUtil.notNil(source)) {

SSO_Helper.debug("Found SSO " + source + " for the user : " + userId + " from its company record");

var values = source.split(":");

if ( values.length > 1 ) {

if ( "sso" == values[0] ) {

SSO_Helper.debug("Returing SSO IdP from company record: " + values[1]);

var ssoBase = new GlideRecord("sso_properties");

ssoBase.addActiveQuery();

ssoBase.addQuery("sys_id", values[1]);

ssoBase.queryNoDomain();

if (ssoBase.next()) {

var result = this.newItem("result");

result.setAttribute(SNC.SSOUtils.SSOID(), values[1]);

found = true;

} else {

SSO_Helper.debug("SSO Provider not found or inActive at company record: " + values[1]);

found = false;

}

} else if ( "federation" == values[0] ) {

var federationId = values[1];

SSO_Helper.debug("Returing SSO federation from company record: " + federationId);

var fed = new GlideRecord("sso_federation");

fed.addActiveQuery();

fed.addQuery("sys_id", federationId);

fed.queryNoDomain();

if (fed.next()) {

found = true;

var url = this.getDiscoveryURL(fed.discovery_service_url, federationId);

SSO_Helper.debug("Discovery URL: " + url);

var result = this.newItem("result");

result.setAttribute("discovery_service_url", url);

} else {

found = false;

SSO_Helper.debug("Federation not found or inActive at company record: " + federationId);

}

}

}

}

}

}

} else {

// user not found, check if we need auto provisioning

var autoProvOrURL = this.autoProvIdPOrSelectURL();

if (GlideStringUtil.notNil(autoProvOrURL)) {

found = true;

}

}

if (!found) {

// no sso found, try to use the default one

var defaultProvider = SSO_Helper.getDefaultSSOProperties();

if (defaultProvider) {

found = true;

var defaultSysId = defaultProvider.sys_id;

SSO_Helper.debug("Using default SSO: " + defaultSysId);

var result = this.newItem("result");

result.setAttribute(SNC.SSOUtils.SSOID(), defaultSysId);

}

}

if (!found)

this.setError(gs.getMessage("External login not found"));

},

loadSAMLMetaFromXML: function() {

var meta_xml = this.getParameter("sysparm_meta_xml");

var sys_id = this.getParameter("sysparm_sys_id");

var resultArray = new SSO_SAMLMetaUtil().loadSAMLMetaFromXML(meta_xml, sys_id);

var result = this.newItem("result");

if(resultArray.sys_id != null)

result.setAttribute("sys_id", resultArray.sys_id);

result.setAttribute("error_msg", resultArray.error_msg);

},

loadSAMLMetaFromURL: function() {

var meta_url = this.getParameter("sysparm_meta_url");

var sys_id = this.getParameter("sysparm_sys_id");

var resultArray = new SSO_SAMLMetaUtil().loadSAMLMetaFromURL(meta_url, sys_id);

var result = this.newItem("result");

if(resultArray.sys_id != null)

result.setAttribute("sys_id", resultArray.sys_id);

result.setAttribute("error_msg", resultArray.error_msg);

},

type: 'MultiSSO_ClientHelper'

});

0 Helpfuls
  • 1,870 Views
2 REPLIES 2

corina
ServiceNow Employee
ServiceNow Employee

‎11-09-2017 02:45 AM

Hello Kids.



I think   the first part is related to points 5 and 6 from here:


Create a SAML 2.0 configuration using Multi-Provider SSO


0 Helpfuls

corina
ServiceNow Employee
ServiceNow Employee
In response to corina

‎11-09-2017 02:49 AM

And the metadata part is related to point 3 in the same article


0 Helpfuls