Disabling Session Index in Saml login script

rnalband · ‎02-19-2015

Hi all,

We are configuring SSO in service now, out third party IDP tool is not sending the session index in response. I have tested by commenting below code in Saml login script , SSO works fine. Just wanted to know is there any drawbacks by commenting this session Index ..

var sessionIndex = this.SAML2.getSessionIndex();

if (sessionIndex == null) {

this.logError("Could not extract SessionIndex from SAMLResponse");

return "failed_missing_requirement";

}

this.logDebug("SAML2 SessionIndex: " + sessionIndex);

// pass these values to Logout script

request.getSession().setAttribute("glide.saml2.session_index", sessionIndex);

-Rahamath

mandle · ‎11-04-2015

Rahamath,

I have commented out Lines 67-77 of the "SAML2SingleSignon_update1" Installation Exit with no impact to the client-specific IdP.

For maximum flexibility in the case where "a few years down the road" a different IdP might be used I recommend adding in a system property (and adding it to the SAML 2 System Properties Category) that controls that block of code.

View solution in original post

mandle · ‎11-04-2015

Rahamath,

I have commented out Lines 67-77 of the "SAML2SingleSignon_update1" Installation Exit with no impact to the client-specific IdP.

For maximum flexibility in the case where "a few years down the road" a different IdP might be used I recommend adding in a system property (and adding it to the SAML 2 System Properties Category) that controls that block of code.

JamesEcoStratus · ‎11-04-2015

jmandle Excellent Point!

Rahamath - I'd also comment that you'd want to keep in mind when your certificates expires as some providers require you to renew 5-10 days prior to expiration date.

Also - bookmark this LINK & Wiki below.

WIKI - SAML TROUBLESHOOTING -- Includes ServiceNow Knowledge Base Article: KB0540617 SAML Error Matrix.

JamesN