service portal Prevent SSO redirection

Harish KM · ‎10-22-2017

Hello all,

Can any one tell me how to stop SSO redirection for external users?

I have a widget cloned of OOB login widget. It was working fine, After upgrading to Helsinki patch12a. Not able to stop redirection.

Widget

Client script:

function loginCtrl($rootScope,$scope, $http, $window, $location, urlTools, glideUserSession, glideSystemProperties, spUtil) {

var c = this;

c.register = false;

c.showReg = function(){

console.log('Test!');

c.register = !c.register;

$rootScope.$broadcast('showRegistration', c.register);

};

$scope.$on('showRegistration', function(event,data){

c.register = data;

});

if (typeof c.options.show_panel == 'undefined') {

c.options.show_panel = true;

}

// This is where the redirection happening. Now this block of code though commented SSO still not able to restrict

/* if (!c.data.is_logged_in && c.data.multisso_enabled && c.data.default_idp) {

alert("inside");

c.server.get({

action: "set_sso_destination",

pageURI: c.data.pageURI

}).then(function() {

//$window.location = "/login_with_sso.do?glide_sso_id=" + c.data.default_idp;

});

} */

c.login = function(username, password) {

var url = urlTools.getURL('view_form.login');

// If the page isn't public then the id in the

// url won't match the rendered page id.

var pageId = $location.search().id || $scope.page.id;

var isLoginPage = $scope.portal.login_page_dv == pageId;

return $http({

method: 'post',

url: url,

data: urlTools.encodeURIParameters({

'sysparm_type': 'login',

'ni.nolog.user_password': true,

'remember_me': !!c.remember_me ? true : false,

'user_name': username,

'user_password': password,

'get_redirect_url': true,

'sysparm_goto_url': isLoginPage ? null : '/bd'

}),

headers: {

'Content-Type': 'application/x-www-form-urlencoded'

}

}).then(function(response) {

if (!response.data) {

$scope.message = "${There was an error processing your request}";

return;

}

if (response.data.status == 'success') {

c.success = response.data.message;

$window.location = '/bd';

} else {

// wrong username and password

c.message = response.data.message;

}

}, function errorCallback(response) {

// error

c.message = "${There was an error processing your request}";

});

};

c.externalLogin = function() {

c.server.get({

action: "set_sso_destination",

pageURI: c.data.pageURI

}).then(function() {

glideSystemProperties.set("glide.authenticate.multisso.enabled", true);

glideUserSession.getSsoRedirectUrlForUsername(c.username)

.then(function(url) {

$window.location = url;

}, function(err) {

spUtil.addErrorMessage("${An error has occurred. Please contact your system administrator.}");

});

}

c.setExternalLogin = function(newVal) {

console.log("newVal"+ newVal);

c.externalLoginMode = newVal;

}

Regards
Harish

Dubz · ‎10-23-2017

Hi Harish,

The only solution HI support could suggest for me when i asked them was to set the URL to redirect to the internal Service Now login page and then have internal users click the 'use external login' option which would then be saved as a preference in their browser.

We have opted instead to extend our AD and authenticate customers on a separate AD instance so anyone interacting with Service Now, whether internal or external, will be authenticated via SSO.

Harish KM · ‎10-23-2017

so there is no way to prevent SSO redirection for external users?

Regards
Harish

Dubz · ‎10-23-2017

It doesn't appear so. The trouble is there is no way to determine that they are external until they have interacted with the system.The glide.authenticate.sso.redirect.idp redirects everyone accessing the URL to the SSO page, there's no point at which it can be determined whether the user is internal or external. You could introduce a proxy and give out different URL's but then you're introducing a single point of failure to your instance access.

Harish KM · ‎10-23-2017

Umm okay. Let me convey this to team and see how it goes

Thanks for the info..I have been spending 2 days on this trying to prevent SSO to external users

Regards
Harish