Redirect SAML User Not Found Login

Nia McCash · ‎12-14-2015

How do I modify it so that I can redirect a SAML login to a publicly accessible page when the user does not exist in the ServiceNow system?

What currently happens is that the user logs in successfully through our Shibboleth portal, then a ServiceNow message flashes very briefly on the screen saying the user is not found, and redirects immediately to logout.do.

I have read Redirecting user logins - UI Scripts, Login Rules, or Installation Exits and found the script that I may be able to modify but it seems the loginUser function expects a username to be returned at the end of a successful login in order to redirect?? I believe I need to modify the block with the if (!ugr.next()) conditional, but I'm not sure what the return should be.

if (!ugr.next()) {

var errorMessage = gs.getMessage("User: ") + nameId + gs.getMessage(" not found");

this.logError(errorMessage);

SNC.SecurityEventSender.sendSAMLLoginFailureEventData(eventLogParm1, eventLogParm2);

relayState = "https://myinstance.service-now.com/mysite/no_account.do";

action.setRedirect(relayState);

return ????????;

}

Dan Alexander1 · ‎08-31-2016

Hi Nia,

I found this in the documentation which solved my issue:

Set (or create) the system property glide.authenticate.failed_redirect to redirect failed authentication requests to this URL. Typically the URL endpoint is an error page or logout page.

http://wiki.servicenow.com/index.php?title=SAML_2.0_Setup#Step_7._Test_the_Integration

This can redirect to a public catalog or UI Page.

Cheers,
Dan

View solution in original post

Dan Alexander1 · ‎08-31-2016