Using ServiceNow as Identity Provider (IdP) for External Applications – SAML Integration Issues

Moses E Ali
Tera Contributor

Hello all,

I'm currently working on a requirement where we need to use ServiceNow as the Identity Provider (IdP) for external systems, rather than the usual approach where Azure AD or other IdPs authenticate users into ServiceNow via SSO.


Use Case:
A customer logs in successfully to the ServiceNow Customer Portal. When they then access an external system (such as the Aha! Ideas Portal), they should be authenticated automatically via SSO, without needing to log in again.


To achieve this, I've configured ServiceNow as a SAML 2.0 Identity Provider using the Multi-Provider SSO > Identity Providers module.

Here are the key configuration details:

  • SAML 2.0 protocol used
  • X.509 certificate (default in ServiceNow)
  • Fingerprint hash of the certificate generated and applied in the Aha! SAML settings


However, the integration is currently failing with the following error on the Aha! side: "SAML response missing"

 

Has anyone successfully implemented ServiceNow as an IdP for an external SAML-based application?
Any guidance on what might be missing or misconfigured would be greatly appreciated.

 

Thanks in advance!

 

2 ACCEPTED SOLUTIONS

Mark Manders
Mega Patron

Why not have ServiceNow provide the details into a platform that is created for SSO (like Okta, AAD)? Create the users in those systems from ServiceNow and use them to authenticate login on the other applications. 

 

ServiceNow doesn't provide built-in IdP features. You would have to build your own SAML IdP logic (issuing SAML assertions, signing, handling requests), write and maintain the XML, crypto and endpoint mappings, (possibly) expose a public endpoint and you would be responsible for all security and are in violation of what ServiceNow officially supports (if it breaks, you have to deal with it, ServiceNow won't help).

ServiceNow isn't optimized or licensed as an identity platform, so you may also be non compliant to internal rules (non ISO compliant) and is more for managing the customers than to authenticate them for third party apps.

My advise: don't do it. Use the platforms for what they are build for.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

View solution in original post

Ambuj Tripathi
ServiceNow Employee
ServiceNow Employee

Hi @Moses E Ali 

Currently servicenow as a provider is only available with Oauth with limited capabilities, and not at all with SAML protocal.

View solution in original post

3 REPLIES 3

Ankur Bawiskar
Tera Patron
Tera Patron

@Moses E Ali 

Unfortunately ServiceNow cannot be used as Idp as per knowledge.

ServiceNow platform is designed for core service management and not around robust identity management.

for an application to be identity provider following things needs to be considered

SAML Requirements for Identity Providers 

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
Certified Technical Architect  ||  9x ServiceNow MVP  ||  ServiceNow Community Leader

Mark Manders
Mega Patron

Why not have ServiceNow provide the details into a platform that is created for SSO (like Okta, AAD)? Create the users in those systems from ServiceNow and use them to authenticate login on the other applications. 

 

ServiceNow doesn't provide built-in IdP features. You would have to build your own SAML IdP logic (issuing SAML assertions, signing, handling requests), write and maintain the XML, crypto and endpoint mappings, (possibly) expose a public endpoint and you would be responsible for all security and are in violation of what ServiceNow officially supports (if it breaks, you have to deal with it, ServiceNow won't help).

ServiceNow isn't optimized or licensed as an identity platform, so you may also be non compliant to internal rules (non ISO compliant) and is more for managing the customers than to authenticate them for third party apps.

My advise: don't do it. Use the platforms for what they are build for.


Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Ambuj Tripathi
ServiceNow Employee
ServiceNow Employee

Hi @Moses E Ali 

Currently servicenow as a provider is only available with Oauth with limited capabilities, and not at all with SAML protocal.