Deep linking for SAML with multiple provider plugin?

dickhirsch · ‎10-30-2015

I'm trying to figure out how to get SAML deep links to work in a shared instance (Fuji) where the multiple provider plugin is active.

Scenario

An instance has three multiple providers configured. Users should receive an email with links to content in ServiceNow. The user, however, must first login with their IdP / multiple provider before accessing the content link.

Something like this: https://myinstance.service-now.com/login_with_sso.do?glide_sso_id=49add5fe0f8cca009850ecdhhhgdt&nav_...

Usually, the target link would be placed in the RelayState parameter and would be called after a successful external login. The problem is that the script " global.SAML2_update1" prevents deep links when the URL includes "login_with_sso":

if (!requestURI ||requestURI.equals("") || requestURI.equals("/") || requestURI.indexOf("login_with_sso")>=0) {

// No deep linking

this.logDebug("No Deep Linking for this SAML request");

relayState = this.serviceUrl;

My assumption is that restriction is to prevent endless loops.

Can anyone provide advice to deal with this problem?

Thanks,

Richard

davidliu · ‎10-17-2016

Hi there,

Did you ever get around this issue? We are currently facing the same problem and are looking for any workarounds/solutions.

Thanks,
David

thisis · ‎12-17-2016

Hi,

Did you manage to figure out a solution for this issue, I am facing the same situation and have just posted a question in the community.

Many Thanks Jon

davidliu · ‎12-19-2016

Hi Jon,

Unfortunately not - we were told that there may be a fix targeted for Istanbul release.

thisis · ‎12-19-2016

Hi David,

Thanks for responding, I have a thread open, https://community.servicenow.com/thread/247648

it may be of use to you.

Thanks Jon