Set up portal with a custom SSO Identity Provider. Sometimes it's getting used elsewhere
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-18-2024 06:48 PM
Hi -
I have set up a SN portal with a custom SSO Identity provider, and it works great! Except... the system seems to remember which Identity Provider the browser was last redirected to when it shouldn't.
So here's the example of the problem:
Say a user with access to the BACKEND of ServiceNow (aka a technician) only has an account in our default SSO (Shibboleth). Someone sends them a link to this custom portal and they click on it when they are not logged in to ServiceNow. It redirects them to the custom portal's SSO (Okta), and they can't log in. They attempt to go to ServiceNow's backend site (https://instance.service-now.com) and.... It now again redirects them to Okta. This redirect continues UNLESS they go to our standard Service Portal, which sets things back again so this user is again using our default SSO (shibboleth).
Our custom Service Portal uses a login widget that's ALMOST identical to the default (SN provided) login widget used in our main Service Portal, except that we set the data.default_idp to the Okta SSO sys_id. Our main Service Portal uses the default (SN provided) login widget, which sets the data.default_idp to the Shibboleth SSO sys_id as set in the sys_properties.
But whatever SN uses as the main ServiceNow instance login script - not through a portal - isn't getting this reset to our default SSO. And it doesn't seem to matter that we've set Shibboleth as our default Identity Provider.
Has anyone ever had this issue? Does anyone know where the login script used by the backend of ServiceNow (the basic https://instance.service-now.com url) can be found so I can reset this data.default_idp value?
Much thanks!
-R
