- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-17-2014 01:34 PM
I'm trying to supply referring url information to an SSO provider for a single sign on solution. The wiki (http://wiki.servicenow.com/index.php?title=External_Authentication_(Single_Sign-On_-_SSO) implies that a TARGET parameter will get appended to the installation exit property of 'glide.authenticate.failed_missing_requirement' but it doesn't appear that the variable is passing anything when we attempt to get it from our single sign on page. Does anyone have experience with this, or know where I could configure this parameter?
Thanks
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2014 05:36 AM
We had Fruition look at it, and they modified an Installation Exit for DigestSingleSign On.
It will basically catch the url string you are attempting to navigate to, store it in a variable, and then after you successfully login, it will redirect you to the page you initially requested. Here's the code.
gs.include("PrototypeServer");
var DigestSingleSignOn = Class.create();
DigestSingleSignOn.prototype = {
process : function() {
var headerKey = GlideProperties.get("glide.authenticate.header.key", "SM_USER");
var headerDigestKey = GlideProperties.get("glide.authenticate.header.encrypted_key", "DIGEST");
var fieldName = GlideProperties.get("glide.authenticate.header.value", "user_name");
var fkey = GlideProperties.get("glide.authenticate.secret_key");
//gs.log('***RUNNING THE DIGESTSINGLESIGNON SCRIPT***');
//gs.log('URI:' + gs.action.getGlideURI().toString());
//gs.log('Session:' + gs.getSessionID());
var map = gs.action.getGlideURI().getMap();
var uristring = gs.action.getGlideURI().toString();
var relayState = map.get('sysparm_original_request');
var login = map.get('sysparm_is_login');
if (relayState == null) {
relayState = gs.action.getGlideURI().toString();
}
//gs.log('LOG:' + login + ' RELAY:' + relayState);
if (login == 'true' || relayState !=null && uristring.indexOf(headerKey) == -1 ) {
//gs.log('SavingRelay:' + relayState);
gs.getSession().putClientData('relayState',relayState);
}
// Look in the Headers
var data = request.getHeader(headerKey);
var encdata = request.getHeader(headerDigestKey);
// If not, then check the URL Parameters
if (data == null || encdata == null) {
data = request.getParameter(headerKey);
encdata = request.getParameter(headerDigestKey);
}
// then maybe its a cookie
if (data == null || encdata == null) {
var CookieMan = GlideCookieMan;
var cookies = request.getCookies();
data = CookieMan.getCookieValue(cookies, headerKey);
encdata = CookieMan.getCookieValue(cookies, headerDigestKey);
}
// if found run encryption
if (data != null && encdata != null) {
try {
// Replace all spaces with plus(+)'s, converted in url
encdata = encdata.replaceAll(' ', '+');
// ----- Ecrypt the username
var key = this.getDigest(data, fkey);
// Check for match of recieved encoded data
// and your encoding of user name
if (encdata == key) {
var ugr = new GlideRecord("sys_user");
ugr.initialize();
if (!ugr.isValidField(fieldName)) {
var Log = GlideLog;
Log.warn("External authorization is set to use field: '"
+ fieldName + "' which doesn't exist");
return "failed_missing_requirement:%26amp;TARGET=1";
}
ugr.addQuery(fieldName, data);
ugr.query();
if (!ugr.next()) {
var User = GlideUser;
var userLoad = User.getUser(data);
if (userLoad == null)
return "failed_authentication";
ugr.initialize();
ugr.addQuery(fieldName, data);
ugr.query();
if (!ugr.next())
return "failed_authentication";
}
var userName = ugr.getValue("user_name");
var uri = gs.getSession().getClientData('relayState');
if (uri != null && uri != '') {
//gs.log('REDIRECTING!!!!' + uri);
action.setRedirect(uri.toString());
gs.getSession().clearClientData('relayState');
}
return userName;
} else {
return "failed_authentication";
}
} catch(e) {
gs.log(e);
return "failed_authentication";
}
// Encoded data didn't match recieved Encoded data
} else {
return "failed_missing_requirement";
}
},
getDigest : function( data, fkey ) {
try {
// default to something JDK 1.4 has
var MAC_ALG = "HmacSHA1";
return SncAuthentication.encode(data, fkey, MAC_ALG);
} catch (e) {
gs.log(e.toString());
throw 'failed_missing_requirement:%26amp;TARGET=3';
}
}
};

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2014 05:00 AM
Any News on this, I have exactly the same issue...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2014 05:36 AM
We had Fruition look at it, and they modified an Installation Exit for DigestSingleSign On.
It will basically catch the url string you are attempting to navigate to, store it in a variable, and then after you successfully login, it will redirect you to the page you initially requested. Here's the code.
gs.include("PrototypeServer");
var DigestSingleSignOn = Class.create();
DigestSingleSignOn.prototype = {
process : function() {
var headerKey = GlideProperties.get("glide.authenticate.header.key", "SM_USER");
var headerDigestKey = GlideProperties.get("glide.authenticate.header.encrypted_key", "DIGEST");
var fieldName = GlideProperties.get("glide.authenticate.header.value", "user_name");
var fkey = GlideProperties.get("glide.authenticate.secret_key");
//gs.log('***RUNNING THE DIGESTSINGLESIGNON SCRIPT***');
//gs.log('URI:' + gs.action.getGlideURI().toString());
//gs.log('Session:' + gs.getSessionID());
var map = gs.action.getGlideURI().getMap();
var uristring = gs.action.getGlideURI().toString();
var relayState = map.get('sysparm_original_request');
var login = map.get('sysparm_is_login');
if (relayState == null) {
relayState = gs.action.getGlideURI().toString();
}
//gs.log('LOG:' + login + ' RELAY:' + relayState);
if (login == 'true' || relayState !=null && uristring.indexOf(headerKey) == -1 ) {
//gs.log('SavingRelay:' + relayState);
gs.getSession().putClientData('relayState',relayState);
}
// Look in the Headers
var data = request.getHeader(headerKey);
var encdata = request.getHeader(headerDigestKey);
// If not, then check the URL Parameters
if (data == null || encdata == null) {
data = request.getParameter(headerKey);
encdata = request.getParameter(headerDigestKey);
}
// then maybe its a cookie
if (data == null || encdata == null) {
var CookieMan = GlideCookieMan;
var cookies = request.getCookies();
data = CookieMan.getCookieValue(cookies, headerKey);
encdata = CookieMan.getCookieValue(cookies, headerDigestKey);
}
// if found run encryption
if (data != null && encdata != null) {
try {
// Replace all spaces with plus(+)'s, converted in url
encdata = encdata.replaceAll(' ', '+');
// ----- Ecrypt the username
var key = this.getDigest(data, fkey);
// Check for match of recieved encoded data
// and your encoding of user name
if (encdata == key) {
var ugr = new GlideRecord("sys_user");
ugr.initialize();
if (!ugr.isValidField(fieldName)) {
var Log = GlideLog;
Log.warn("External authorization is set to use field: '"
+ fieldName + "' which doesn't exist");
return "failed_missing_requirement:%26amp;TARGET=1";
}
ugr.addQuery(fieldName, data);
ugr.query();
if (!ugr.next()) {
var User = GlideUser;
var userLoad = User.getUser(data);
if (userLoad == null)
return "failed_authentication";
ugr.initialize();
ugr.addQuery(fieldName, data);
ugr.query();
if (!ugr.next())
return "failed_authentication";
}
var userName = ugr.getValue("user_name");
var uri = gs.getSession().getClientData('relayState');
if (uri != null && uri != '') {
//gs.log('REDIRECTING!!!!' + uri);
action.setRedirect(uri.toString());
gs.getSession().clearClientData('relayState');
}
return userName;
} else {
return "failed_authentication";
}
} catch(e) {
gs.log(e);
return "failed_authentication";
}
// Encoded data didn't match recieved Encoded data
} else {
return "failed_missing_requirement";
}
},
getDigest : function( data, fkey ) {
try {
// default to something JDK 1.4 has
var MAC_ALG = "HmacSHA1";
return SncAuthentication.encode(data, fkey, MAC_ALG);
} catch (e) {
gs.log(e.toString());
throw 'failed_missing_requirement:%26amp;TARGET=3';
}
}
};

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2014 05:55 AM
Hello Adam,
thank you so much, this is exactly what I've needed!