- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-19-2015 07:41 AM
Hi all,
We are configuring SSO in service now, out third party IDP tool is not sending the session index in response. I have tested by commenting below code in Saml login script , SSO works fine. Just wanted to know is there any drawbacks by commenting this session Index ..
var sessionIndex = this.SAML2.getSessionIndex();
if (sessionIndex == null) {
this.logError("Could not extract SessionIndex from SAMLResponse");
return "failed_missing_requirement";
}
this.logDebug("SAML2 SessionIndex: " + sessionIndex);
// pass these values to Logout script
request.getSession().setAttribute("glide.saml2.session_index", sessionIndex);
-Rahamath
Solved! Go to Solution.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2015 02:59 PM
Rahamath,
I have commented out Lines 67-77 of the "SAML2SingleSignon_update1" Installation Exit with no impact to the client-specific IdP.
For maximum flexibility in the case where "a few years down the road" a different IdP might be used I recommend adding in a system property (and adding it to the SAML 2 System Properties Category) that controls that block of code.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2015 02:59 PM
Rahamath,
I have commented out Lines 67-77 of the "SAML2SingleSignon_update1" Installation Exit with no impact to the client-specific IdP.
For maximum flexibility in the case where "a few years down the road" a different IdP might be used I recommend adding in a system property (and adding it to the SAML 2 System Properties Category) that controls that block of code.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-04-2015 04:36 PM
jmandle Excellent Point!
Rahamath - I'd also comment that you'd want to keep in mind when your certificates expires as some providers require you to renew 5-10 days prior to expiration date.
Also - bookmark this LINK & Wiki below.
WIKI - SAML TROUBLESHOOTING -- Includes ServiceNow Knowledge Base Article: KB0540617 SAML Error Matrix.
JamesN