Single Sign On Deep Linking Issue - RelayState not returning from IBM TFIM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎05-05-2013 04:48 PM
Hi,
thought I'd share the solution to a problem we were having with Single Sign on using SAML2 and IBM Tivoli Federated Identity Management (TFIM).
The issue was that when URLs to specific pages (deep links) within Service-Now were attempted to be navigated to, users were automatically redirected to the Service-Now homepage, as when passing through the SAML2 authentication process, the deep link would be lost.
Setting a RelayState parameter was documented to fix this issue. When we tried to append RelayState to the end of our baseUrl we found that TFIM would only return the baseURL - ie it seemed that TFIM was not reading the RelayState.
The problem turned out to be that our baseURL included the Target parameter. When leaving the Target parameter off the baseURL, RelayState was able to be returned by TFIM:
Originally, system property "glide.authenticate.sso.saml2.idp_authnrequest_url" included the parameter "Target".
https://mycompany-idp.com?RequestBinding=HTTPPost&NameIdFormat=email&PartnerId=https://mycompany.ser...
Leaving off the Target parameter resolved the problem:
https://mycompany-idp.com?RequestBinding=HTTPPost&NameIdFormat=email&PartnerId=https://mycompany.ser...
Hope this helps others as it is not clear in IBM TFIM documenation!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎06-07-2019 11:05 AM
It turns out our issue was fixed by ServiceNow, but you had to update a system property to activate.
