How to setup a user to login with an Identity Provider
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2016 10:01 PM
I have a Shibboleth IdP installed on my local PC (which is working well using TestShib as the SP)
Now, in ServiceNow, I've set up a dev instance, clicked on Multi Provider SSO, created an IdP, imported my Shibboleth metadata, generate ServiceNow SP metadata and install that in Shibboleth. I click 'Test Connection' and everything works well.
So now my question is, how do I set up a user to login that triggers the identity provider I just created?
You help is much appreciated,
Andrew.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-15-2016 11:31 PM
Hello Andrew
Since Multi SSO plugin is there and your IDP is all setup and tested. You need the following :
1) Ensure the user that you are using to login exists on the instance (make sure the email matches)
2) Go to the System Properties page (sys_properties_list.do) and search for the glide.authenticate.sso.redirect.idp property. If it does not exist create it as a string. Set the value of this property to the sys_id of the SSO IDP you set up.
3) Open another browser and go to your instance URL to test
Here are some links that show you how to set this up also:
External Authentication (Single Sign-On - SSO) - ServiceNow Wiki
Multiple Provider Single Sign-On - ServiceNow Wiki
Another option to create users is you can tick the 'Auto Provisioning User' in SSO settings to create users if they login to Shiboleth succesfully but dont exist in ServiceNow. But its better to pull the users from an LDAP server into your instance, you don't want to create a lot of users manually. Below is a link on this :
LDAP Integration Setup - ServiceNow Wiki
IMPORTANT : If you are unable to login again and it keeps redirecting you to the SSO page. Access your side door page which is https://<instance>.service-now.com/side_door.do
Regards,
Mohamad
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-16-2016 03:07 PM
Hi Mohamad,
I followed your three steps and then logged in. I wasn't redirected to my IdP.
I then followed step "4.3 Configuring Users for Multi-Provider SSO" from:
Multiple Provider Single Sign-On - ServiceNow Wiki
by creating a Company and adding the SSO Source and then adding a User for that new company.
I then logged in, and again I wasn't redirected to my IdP.
RE: LDAP. I'm just trying to set up a proof of concept, so don't really need full integration with LDAP.
Any other suggestions would be much appreciated. Better still, I'm happy for you to look at my dev instance. to see what I'm doing wrong.
Thanks,
Andrew.
