Deep linking for SAML with multiple provider plugin?

dickhirsch
Giga Guru

I'm trying to figure out how to get SAML deep links to work in a shared instance (Fuji) where the multiple provider plugin is active.

Scenario

An instance has three multiple providers configured.   Users should receive an email with links to content in ServiceNow. The user, however, must first login with their IdP / multiple provider before accessing the content link.  

Something like this: https://myinstance.service-now.com/login_with_sso.do?glide_sso_id=49add5fe0f8cca009850ecdhhhgdt&nav_...

Usually, the target link would be placed in the RelayState parameter and would be called after a successful external login. The problem is that the script " global.SAML2_update1" prevents deep links when the URL includes "login_with_sso":

if (!requestURI ||requestURI.equals("") || requestURI.equals("/") || requestURI.indexOf("login_with_sso")>=0) {

                // No deep linking

                this.logDebug("No Deep Linking for this SAML request");

                relayState = this.serviceUrl;

My assumption is that restriction is to prevent endless loops.

Can anyone provide advice to deal with this problem?

Thanks,

Richard

6 REPLIES 6

Sorry I meant Jakarta - not Istanbul..


Nigel SS
Kilo Explorer

I think I have found a workaround, using the nav_to.do page!

 

https://<your_tenant>.service-now.com/nav_to.do?uri=%2Fmyhomepage&glide_sso_id=<your_saml_idp_sys_id>

 

It doesn't work perfectly, because the ServiceNow sidebar menu shows up the 2nd time and 3rd time you click the link, but at least it hits the correct page, as opposed to using the login_with_sso.do page.

 

Seems to be a double-URI encoding issue: https://community.servicenow.com/community?id=community_question&sys_id=dd104b21db98dbc01dcaf3231f96...