The Now Platform® Washington DC release is live. Watch now!

Help
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Setting up OIDC SSO

Woz
Tera Contributor

Hello,

Goal: I am trying to connect ServiceNow to a customers OIDC Identity Provider.

Problem Summery: on customer login attempt to ServiceNow user is redirected to IDP. On login and successfully customer is authenticated is redirected to ServiceNow.

I can see I the logs that IDP sends ServiceNow the below which is expected. I have removed the JWT token here for privacy but in its valid

{

    "access_token": "********",

    "scope": "openid",

    "id_token":VALID JWT TOKEN HERE MASKED,

    "token_type": "Bearer",

    "expires_in": 864000

}

 

On receiving this response service now tried to run a black box method `this.oauthClient.getUserNameAndClaimsByAuthorization(map);` found in Script Include `global.OIDC_custom`

 

Which results in errors

 

Woz_0-1679916698178.png

 



I have compared this login flow with one that works and the only difference I can see it that in the one that works a scope is different

Woz_1-1679916698180.png

 

 


I have 2 questions

  • I feel like I need to ask the customer to change something about there IDP but I am not sure what – maybe add some scopes
  • In the likely event the customer wont make changes to their SSO so it works with ServiceNow what options do I have

 

1 REPLY 1

Clarkie1
Giga Expert

Based off the error, it looks the "iss" claim is not sent back from the idP - the idP config will need to be updated to send that claim back in the JWT