Configure SAML 2.0 with ADFS 2.0 to use User ID as identifier

lars-ake_bolk · ‎01-31-2014

In the Wiki it is exemplified how to use the Email (email) field in the User (sys_user) table as the uniqe identifier between the user records in ServiceNow and the AD.

We tried to change this into using the User ID (user_name) field instead. - but we haven't gotten it to work.

The User ID field contains the AD account name, for example "labo01" for myself, just a simple character field.

From a ServiceNow configuration perspective it seems quite simple and straightforward - I guess most of the configuration work is performed at the ADFS. Unfortunately the ADFS team can't seem to be able to configure it properly...

Has anyone been able to successfully use the User ID (user_name) field to map with the AD/ADFS - is it possible? Any configuration hints (both in ServiceNow and in ADFS)?

Thanx! Lars-í…ke Bolk

danielbilling · ‎01-31-2014

Hej Lars-í…ke,

I remember having some issues regarding this at project.

Cannot recall the exact solution, but it was related to the mapping between ADFS and AD. The mapping was changed and ServiceNow properties updated. I believe we also needed to rerun the metadata file.
will have a look if i can find documentation on this

lars-ake_bolk · ‎01-31-2014

Thank you, Daniel.

If you find more information, please share. When we solve this, I'll write an update here.

Swapna Abburi · ‎02-25-2014

Hi,

Did anyone able to solve this issue? We are planning to use user_name field as a NameID instead of email Address. Thanks in advance.

Lam_Hoang · ‎02-26-2014

Hi Lars,

I'm sure that you already setup the right system property. glide.authenticate.sso.saml2.user_field to use te field user_id \instead of email

And did you already check this part of the saml 2.0 setup.

https://wiki.servicenow.com/index.php?title=SAML_2.0_Web_Browser_SSO_Profile#Step_3c._Set_Up_NameID_...

The adfs needs to send an nameid that contains, the userid that matched with the user_id in SNC.