Configure SAML 2.0 with ADFS 2.0 to use User ID as identifier

lars-ake_bolk
Kilo Explorer

In the Wiki it is exemplified how to use the Email (email) field in the User (sys_user) table as the uniqe identifier between the user records in ServiceNow and the AD.

We tried to change this into using the User ID (user_name) field instead. - but we haven't gotten it to work.

 

The User ID field contains the AD account name, for example "labo01" for myself, just a simple character field.

From a ServiceNow configuration perspective it seems quite simple and straightforward - I guess most of the configuration work is performed at the ADFS. Unfortunately the ADFS team can't seem to be able to configure it properly...

 

Has anyone been able to successfully use the User ID (user_name) field to map with the AD/ADFS - is it possible? Any configuration hints (both in ServiceNow and in ADFS)?

 

Thanx! Lars-í…ke Bolk

8 REPLIES 8

danielbilling
Kilo Guru

Hej Lars-í…ke,



I remember having some issues regarding this at project.


Cannot recall the exact solution, but it was related to the mapping between ADFS and AD. The mapping was changed and ServiceNow properties updated. I believe we also needed to rerun the metadata file.
will have a look if i can find documentation on this


Thank you, Daniel.


If you find more information, please share. When we solve this, I'll write an update here.


Hi,


Did anyone able to solve this issue? We are planning to use user_name field as a NameID instead of email Address. Thanks in advance.


Lam_Hoang
Kilo Expert

Hi Lars,



I'm sure that you already setup the right   system property. glide.authenticate.sso.saml2.user_field to use te field user_id \instead of email



And did you already check this part of the saml 2.0 setup.




https://wiki.servicenow.com/index.php?title=SAML_2.0_Web_Browser_SSO_Profile#Step_3c._Set_Up_NameID_...



The adfs needs to send an nameid that contains, the userid that matched with the user_id in SNC.