Disabling Session Index in Saml login script

rnalband
Kilo Expert

Hi all,

We are configuring SSO   in service now, out third party IDP tool is not   sending the   session index   in response.     I have tested by commenting   below code in Saml login script , SSO works fine. Just wanted to know is there any drawbacks   by commenting this session Index ..

var sessionIndex = this.SAML2.getSessionIndex();

      if (sessionIndex == null) {

          this.logError("Could not extract SessionIndex from SAMLResponse");

          return "failed_missing_requirement";

      }

      this.logDebug("SAML2 SessionIndex: " + sessionIndex);

      // pass these values to Logout script

      request.getSession().setAttribute("glide.saml2.session_index", sessionIndex);

-Rahamath

1 ACCEPTED SOLUTION

mandle
Mega Guru

Rahamath,



I have commented out Lines 67-77 of the "SAML2SingleSignon_update1" Installation Exit with no impact to the client-specific IdP.


For maximum flexibility in the case where "a few years down the road" a different IdP might be used I recommend adding in a system property (and adding it to the SAML 2 System Properties Category) that controls that block of code.


View solution in original post

2 REPLIES 2

mandle
Mega Guru

Rahamath,



I have commented out Lines 67-77 of the "SAML2SingleSignon_update1" Installation Exit with no impact to the client-specific IdP.


For maximum flexibility in the case where "a few years down the road" a different IdP might be used I recommend adding in a system property (and adding it to the SAML 2 System Properties Category) that controls that block of code.


jmandle Excellent Point!



Rahamath - I'd also comment that you'd want to keep in mind when your certificates expires as some providers require you to renew 5-10 days prior to expiration date.



Also - bookmark this LINK & Wiki below.


WIKI - SAML TROUBLESHOOTING -- Includes ServiceNow Knowledge Base Article: KB0540617 SAML Error Matrix.



JamesN