Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Setting up OIDC SSO

Woz
Tera Contributor

‎03-27-2023 04:32 AM

Hello,

Goal: I am trying to connect ServiceNow to a customers OIDC Identity Provider.

Problem Summery: on customer login attempt to ServiceNow user is redirected to IDP. On login and successfully customer is authenticated is redirected to ServiceNow.

I can see I the logs that IDP sends ServiceNow the below which is expected. I have removed the JWT token here for privacy but in its valid

{

    "access_token": "********",

    "scope": "openid",

    "id_token":VALID JWT TOKEN HERE MASKED,

    "token_type": "Bearer",

    "expires_in": 864000

}

 

On receiving this response service now tried to run a black box method `this.oauthClient.getUserNameAndClaimsByAuthorization(map);` found in Script Include `global.OIDC_custom`

 

Which results in errors

 

Woz_0-1679916698178.png

 



I have compared this login flow with one that works and the only difference I can see it that in the one that works a scope is different

Woz_1-1679916698180.png

 

 


I have 2 questions

  • I feel like I need to ask the customer to change something about there IDP but I am not sure what – maybe add some scopes
  • In the likely event the customer wont make changes to their SSO so it works with ServiceNow what options do I have

 

0 Helpfuls
  • 1,336 Views
1 REPLY 1

Clarkie1
Tera Expert

‎09-17-2023 04:51 PM

Based off the error, it looks the "iss" claim is not sent back from the idP - the idP config will need to be updated to send that claim back in the JWT

0 Helpfuls