How to pass RelayState using "login_with_sso.do?glide_sso_id=" links?

MG Casey · ‎03-15-2016

We are using the multiple provider single sign-on plugin.

I want to pass a return URL after sending my users to the correct SSO portal.

Example:

Our ServiceNow instance is defaulted to SSO #1.
However, if I provide users with a certain URL (a public UI Page), it sends them to SSO #2 using the "login_with_sso.do?glide_sso_id=#########" link.
- how can I add a relayState parameter to that link to give to my identity provider?

MG Casey · ‎07-26-2017

I finally figured this out for good. All the wiki needed was some examples.

Say you have this URL:

myinstance.service-now.com/knowledge_detail_rtsd.do?sysparm_articlenumber=KB0026349

To force a specific SSO login, all you have to do is add the "glide_sso_id" parameter to that URL, so it becomes:

myinstance.service-now.com/knowledge_detail_rtsd.do?sysparm_articlenumber=KB0026349&glide_sso_id=b18ef6234234234055343be3ee4c1

In the bolded part, just input the sys_id of the identity provider you want the user to be forced to log in with.

View solution in original post

MG Casey · ‎03-15-2016

I'm basically just wanting to know how to set this URL parameter mentioned in the Wiki:

I've tried all kinds of URL paramters and it's not working:

glide_sso_id=7cb23f131b121100227e5581be071355&url=https%3a//hallmarkcardsdev.service-now.com/gcretailers/incidentview.do%3fsysparm_incident%3dd1900b1b6f8612006b7283bc5d3ee447

chris_snc_ · ‎03-31-2016

If "glide.authenticate.sso.redirect.idp" (available in Fuji and above) is not configured, when the user visits the instance the first time, they will need to use the "Use External Login" link on the instance to determine which Identity Provider (IdP) record to use.

Using that link or the "/login_with_sso.do" page creates a cookie to associate the user's machine to that IdP.

On subsequent visits, if the cookie still exists, the browser will redirect to the respective IdP.

The default value for "RelayState" is https://<instance_name>.service-now.com/navpage.do.

It would change if a 'deep-link' was used when the user session is inactive.

You'll need to update the MultiSSO and/or UI scripts if you need to have users, associated to SSO #2, see a different page after they are authenticated successfully.

MG Casey · ‎07-26-2017

I finally figured this out for good. All the wiki needed was some examples.

Say you have this URL:

myinstance.service-now.com/knowledge_detail_rtsd.do?sysparm_articlenumber=KB0026349

To force a specific SSO login, all you have to do is add the "glide_sso_id" parameter to that URL, so it becomes:

myinstance.service-now.com/knowledge_detail_rtsd.do?sysparm_articlenumber=KB0026349&glide_sso_id=b18ef6234234234055343be3ee4c1

In the bolded part, just input the sys_id of the identity provider you want the user to be forced to log in with.

nthumma · ‎10-10-2017

mgcasey300 , thanks for your post I was able to partially solve my issue,

if I am trying to access myinstance.service-now.com/sp, I was able to force them to SSO then redirect to myinstance.service-now.com/sp.

but if I am trying to access a deep link like myinstance.service-now.com/sp?id=sp_form&table=incident&sys_id=9660c23637f0e640e9cbd5c543990ee5 it is going into an infinite loop, any thoughts?