How to pass RelayState using "login_with_sso.do?glide_sso_id=" links?

MG Casey · ‎03-15-2016

We are using the multiple provider single sign-on plugin.

I want to pass a return URL after sending my users to the correct SSO portal.

Example:

Our ServiceNow instance is defaulted to SSO #1.
However, if I provide users with a certain URL (a public UI Page), it sends them to SSO #2 using the "login_with_sso.do?glide_sso_id=#########" link.
- how can I add a relayState parameter to that link to give to my identity provider?

MG Casey · ‎07-26-2017

I finally figured this out for good. All the wiki needed was some examples.

Say you have this URL:

myinstance.service-now.com/knowledge_detail_rtsd.do?sysparm_articlenumber=KB0026349

To force a specific SSO login, all you have to do is add the "glide_sso_id" parameter to that URL, so it becomes:

myinstance.service-now.com/knowledge_detail_rtsd.do?sysparm_articlenumber=KB0026349&glide_sso_id=b18ef6234234234055343be3ee4c1

In the bolded part, just input the sys_id of the identity provider you want the user to be forced to log in with.

View solution in original post

MG Casey · ‎10-10-2017

I haven't run into that (except deep-linking to a list-view, but that just redirects you to the homepage).

Possibly comes down to different between the & symbol and the %26 symbol instead?

Example:

myinstance.service-now.com/knowledge_detail_rtsd.do?sysparm_articlenumber=KB0026349%26glide_sso_id=b18ef6234234234055343be3ee4c1

Charlotte Pakes · ‎02-24-2018

Hi,

Did you ever find a solution to this? I'm experiencing the exact same issue you describe, it just goes into an infinite loop.

Thanks,

Charlotte

MG Casey · ‎02-25-2018

Kind of - I instead link to a publicly-visible UI Page that checks if the user is already logged in or not, then redirects the user to the URL specified in one of the URL parameters.

UI Page HTML:

<?xml version="1.0" encoding="utf-8" ?>
<j:jelly trim="false" xmlns:j="jelly:core" xmlns:g="glide" xmlns:j2="null" xmlns:g2="null">

	<g2:evaluate>
		var logintest = gs.getSession().isLoggedIn();

		var url = '${HTML:sysparm_url}';
		var returnurl = decodeURIComponent(url);
	</g2:evaluate>
	
	${HTML:sysparm_returnurl}
	
	<input type="hidden" id="logincheck" name="logincheck" value="$[logintest]" />	
	<input type="hidden" id="returnurl" name="returnurl" value="$[returnurl]" />
	
</j:jelly>

UI Page Client Script

checkLoggedIn();

function checkLoggedIn() {
	var logincheck = gel("logincheck").value;
	var returnurl = gel("returnurl").value;
	
	if (logincheck == "true") {
		
		window.location = returnurl;
		
	} else {
		
		window.location = 'login_with_sso.do?glide_sso_id=7cb23f131b121100227e5581be071355&nav_to.do?uri=' + returnurl;

	}	
}

Charlotte Pakes · ‎02-26-2018

Thanks, this helped me piece together what I was missing. Seems to be working a treat now.

For anyone else getting stuck, here is what I did, this was for our Knowledge article pages (we have a mixture of public and non-public articles) and the code is in the kb article widget:

Server script:

data.default_idp = GlideProperties.get("glide.authenticate.sso.redirect.idp");

if (input && input.action === "set_sso_destination") {

gs.getSession().putProperty("login_redirect_url","/sp?id=kb_article&sys_id=" + $sp.getParameter("sys_id"));

}

Client controller:

if (!c.data.isvalid) {

	c.server.get({

		action: "set_sso_destination",

	}).then(function() {

var url = "login_with_sso.do?glide_sso_id=" + c.data.default_idp;
$window.location.href = url;

	});
}

Nicholas H · ‎10-28-2021

Thanks! Had been struggling with a similar issue and this was the final clue to solving it (had to remove the glide_sso_id parameter as it was being included in the return url for some reason and therefor wasn't returning to the correct page after logging in, but otherwise worked perfectly!)