question Re: Where is the Single Sign-On script located? in Developer forum

Where is the Single Sign-On script located?

xmikeam — Wed, 07 Dec 2016 17:52:27 GMT

@Where is the Single Sign-On script located that uses the Customization Properties for Single Sign-on form?

This form has input fields for HTTP Header Name and ServiceNow field name to match against the incoming header.

I am aware of the External Authentication script located in the group of Installation Exist list of scripts. However the Single Sign-On doesn't seem to use the External Authentication script in the Installation Exist list of scripts.

I am assuming the Single Sign-On customization script exist somewhere within a Service Now table.

Thanks in advance for your assistance.

Re: Where is the Single Sign-On script located?

sudharsanv36 — Wed, 07 Dec 2016 17:55:04 GMT

Under System Definition --> Installation Exits.

Re: Where is the Single Sign-On script located?

xmikeam — Wed, 07 Dec 2016 19:02:53 GMT

Thanks for feedback Sudharsan. However, as mentioned in my question, I am aware of these scripts in the Installation Exist group. These scripts are not used in the SSO customization properties configuration form.

I've tested disabling External Authentication and enabling within the SSO form "Enable external authentication" and providing a HTTP header name and ServiceNow field name and it works.

What I am attempting to do is parse the HTTP header value but I cannot seem to locate where the Single Sign-on script is located.

Re: Where is the Single Sign-On script located?

Blaze2 — Wed, 07 Dec 2016 21:06:33 GMT

Go under the script includes, then search for SSO or what have you.

You can create an application menu so that you don't have to go searching for them again.

Re: Where is the Single Sign-On script located?

xmikeam — Wed, 07 Dec 2016 21:45:24 GMT

Thanks Blaze. What version of Service Now are using. I forgot to mention I am using the Geneva version. I tried to locate those scripts on my version and didn't come up with anything.

Re: Where is the Single Sign-On script located?

Blaze2 — Wed, 07 Dec 2016 23:10:39 GMT

I am in helsinki

I was trying to send you the xml file with the scripts in them I will make 4 separate replies with a screenshot of the script and then the text version.

var MultiSSO_Abstract_Core = Class.create();

MultiSSO_Abstract_Core.prototype = {

debugMode: false,

failedRedirect : "",

failedSSO: "",

logoutRedirect: "",

ssoHelper: null,

LOG_SOURCE : 'MultiSSO',

LOGGER : GlideSysLog,

initialize : function() {

if (gs.getProperty("glide.authenticate.multisso.debug") == "true"){

this.debugMode = true;

}

else {

this.debugMode = false;

}

getHeaderOrCookie : function(sentHeader){

//this.debug("Fetching header: " + sentHeader);

// Look in the Headers

var data = request.getHeader(sentHeader);

// If not, then check the URL Parameters

if (!data) {

data = request.getParameter(sentHeader);

}

// then maybe its a cookie

if (!data) {

var CookieMan = GlideCookieMan;

var cookies = request.getCookies();

data = CookieMan.getCookieValue(cookies, sentHeader);

}

return data;

printDebugValues : function(){

if (this.debugMode){

var headerNames = request.getHeaderNames();

while (headerNames.hasMoreElements()){

var aName = headerNames.nextElement();

this.debug("HEADER: " + aName + " --> " + request.getHeader(aName));

}

var parmMap = request.getParameterMap();

this.printHashTable(parmMap);

}

printHashTable : function( hashMap ){

var iterator = hashMap.keySet().iterator();// Iterate on keys

this.debug("Printing POST Parms...");

while ( iterator.hasNext() ){

var key = iterator.next();

var value = hashMap.get( key );

for(var i=0; i<value.length; i++){

this.debug( "POST Parm '" + key + "': " + value[i] );

}

debug : function (msg){

if (this.debugMode){

this.LOGGER.info(this.LOG_SOURCE, msg);

}

error: function (msg){

this.LOGGER.info(this.LOG_SOURCE, "ERROR: " + msg);

var lMsg = gs.getMessage(msg);

gs.addErrorMessage(lMsg );

//GETTERS

getIDPRedirect : function (){

var idp_url = (this.propertiesGR.failed_requirement_redirect) ? this.propertiesGR.failed_requirement_redirect: this.propertiesGR.idp_authnrequest_url;

return idp_url;

getFailedSSORedirect : function (){

var failure_url = (this.propertiesGR.failed_redirect) ? this.propertiesGR.failed_redirect: "failed_authentication";

return failure_url ;

getLogoutRedirect : function (){

var logout_url = (this.propertiesGR.external_logout_redirect) ? this.propertiesGR.external_logout_redirect: this.propertiesGR.idl_logout_url;

return logout_url;

getSecretKey : function (data){

var cred = new String(data);

var e = new GlideEncrypter();

var jsCred = cred + '';

var decryptedData = e.decrypt(jsCred);

return decryptedData ;

//SETTERS

setSSOHelper : function (helper){

this.ssoHelper = helper;

this.propertiesGR = this.ssoHelper.getProperties();

}

};

Re: Where is the Single Sign-On script located?

Blaze2 — Wed, 07 Dec 2016 23:11:17 GMT

gs.include("SSO_Helper");

gs.include("SSO_SAMLMetaUtil");

var MultiSSO_ClientHelper = Class.create();

// method name cannot start with "get"!

MultiSSO_ClientHelper.prototype = Object.extendsObject(AbstractAjaxProcessor , {

isPublic: function() {

return true;

getDiscoveryURL: function(serviceURL, federationId) {

var pat = /^https?:\/\//i;

if (pat.test(serviceURL)) {

// we always use it for sp entity id which is globally unique name

var instanceURL = new SSO_SAMLMetaUtil().getInstanceURL();

var returnURL = GlideStringUtil.urlEncode(instanceURL + "/login_with_sso.do");

return serviceURL + "?entityID=" + GlideStringUtil.urlEncode(instanceURL) + "&return=" + returnURL;

}

return serviceURL + "?glide_federation_id=" + federationId;

// return auto prov idp id or select URL

autoProvIdPOrSelectURL: function() {

if ("true" == gs.getProperty("glide.authenticate.multisso.user.autoprovision")) {

var atp = SNC.SSOUtils.getAutoProvSAMLIdPList();

var count = atp.getRowCount();

if (count>1) {

var result = this.newItem("result");

var url = "/idp_disco.do";

SSO_Helper.debug("Returning auto provisioning discovery URL: " + url);

result.setAttribute("discovery_service_url", url);

return url;

}

else {

// only one auto prov idp found just login with this idp

atp.next();

if (count == 1) {

var result = this.newItem("result");

var idpId = atp.getUniqueValue();

SSO_Helper.debug("Returning auto provisioning IdP: " + idpId);

result.setAttribute(SNC.SSOUtils.SSOID(), idpId);

return idpId;

}

return null;

ssoByUser: function() {

var userId = this.getParameter("sysparm_user_id");

var user_field = gs.getProperty("glide.authenticate.multisso.login_locate.user_field", "user_name");

SSO_Helper.debug("Looking up user id : " + userId);

var userTab = new GlideRecord("sys_user");

userTab.addQuery(user_field, userId);

userTab.addActiveQuery();

userTab.queryNoDomain();

var found = false;

if(userTab.next()) {

var source = userTab.sso_source;

if (GlideStringUtil.notNil(source)) {

SSO_Helper.debug("Found SSO " + source + " for the user : " + userId);

var values = source.split(":");

if ( values.length > 1 ) {

if ("sso" == values[0] ) {

SSO_Helper.debug("Returing SSO IdP from user record: " + values[1]);

var ssoBase = new GlideRecord("sso_properties");

ssoBase.addActiveQuery();

ssoBase.addQuery("sys_id", values[1]);

ssoBase.queryNoDomain();

if (ssoBase.next()) {

var result = this.newItem("result");

result.setAttribute(SNC.SSOUtils.SSOID(), values[1]);

found = true;

} else {

SSO_Helper.debug("SSO Provider not found or inActive at user record: " + values[1]);

found = false;

}

} else if ( "federation" == values[0] ) {

var federationId = values[1];

SSO_Helper.debug("Returing SSO federation from user record: " + federationId);

var fed = new GlideRecord("sso_federation");

fed.addActiveQuery();

fed.addQuery("sys_id", federationId);

fed.queryNoDomain();

if (fed.next()) {

found = true;

var url = this.getDiscoveryURL(fed.discovery_service_url, federationId);

SSO_Helper.debug("Discovery URL: " + url);

var result = this.newItem("result");

result.setAttribute("discovery_service_url", url);

} else {

found = false;

SSO_Helper.debug("Federation not found or inActive at user record: " + federationId);

}

if(!found) {

// try user company

var company = userTab.company;

if (company && !company.isNil()) {

// get the source field from referenced company record.

var source = company.getRefRecord().sso_source;

if (GlideStringUtil.notNil(source)) {

SSO_Helper.debug("Found SSO " + source + " for the user : " + userId + " from its company record");

var values = source.split(":");

if ( values.length > 1 ) {

if ( "sso" == values[0] ) {

SSO_Helper.debug("Returing SSO IdP from company record: " + values[1]);

var ssoBase = new GlideRecord("sso_properties");

ssoBase.addActiveQuery();

ssoBase.addQuery("sys_id", values[1]);

ssoBase.queryNoDomain();

if (ssoBase.next()) {

var result = this.newItem("result");

result.setAttribute(SNC.SSOUtils.SSOID(), values[1]);

found = true;

} else {

SSO_Helper.debug("SSO Provider not found or inActive at company record: " + values[1]);

found = false;

}

} else if ( "federation" == values[0] ) {

var federationId = values[1];

SSO_Helper.debug("Returing SSO federation from company record: " + federationId);

var fed = new GlideRecord("sso_federation");

fed.addActiveQuery();

fed.addQuery("sys_id", federationId);

fed.queryNoDomain();

if (fed.next()) {

found = true;

var url = this.getDiscoveryURL(fed.discovery_service_url, federationId);

SSO_Helper.debug("Discovery URL: " + url);

var result = this.newItem("result");

result.setAttribute("discovery_service_url", url);

} else {

found = false;

SSO_Helper.debug("Federation not found or inActive at company record: " + federationId);

}

} else {

// user not found, check if we need auto provisioning

var autoProvOrURL = this.autoProvIdPOrSelectURL();

if (GlideStringUtil.notNil(autoProvOrURL)) {

found = true;

}

if (!found) {

// no sso found, try to use the default one

var defaultProvider = SSO_Helper.getDefaultSSOProperties();

if (defaultProvider) {

found = true;

var defaultSysId = defaultProvider.sys_id;

SSO_Helper.debug("Using default SSO: " + defaultSysId);

var result = this.newItem("result");

result.setAttribute(SNC.SSOUtils.SSOID(), defaultSysId);

}

if (!found)

this.setError(gs.getMessage("External login not found"));

loadSAMLMetaFromXML: function() {

var meta_xml = this.getParameter("sysparm_meta_xml");

var sys_id = this.getParameter("sysparm_sys_id");

var resultArray = new SSO_SAMLMetaUtil().loadSAMLMetaFromXML(meta_xml, sys_id);

var result = this.newItem("result");

if(resultArray.sys_id != null)

result.setAttribute("sys_id", resultArray.sys_id);

result.setAttribute("error_msg", resultArray.error_msg);

loadSAMLMetaFromURL: function() {

var meta_url = this.getParameter("sysparm_meta_url");

var sys_id = this.getParameter("sysparm_sys_id");

var resultArray = new SSO_SAMLMetaUtil().loadSAMLMetaFromURL(meta_url, sys_id);

var result = this.newItem("result");

if(resultArray.sys_id != null)

result.setAttribute("sys_id", resultArray.sys_id);

result.setAttribute("error_msg", resultArray.error_msg);

type: 'MultiSSO_ClientHelper'

});

Re: Where is the Single Sign-On script located?

Blaze2 — Wed, 07 Dec 2016 23:12:01 GMT

gs.include("PrototypeServer");

var MultiSSO_DigestedToken = Class.create();

MultiSSO_DigestedToken.prototype = Object.extend(new MultiSSO_Abstract_Core(), {

process : function() {

var userData = SSO_Helper.getHeaderOrCookie(this.propertiesGR.header_key);

var userDigest = SSO_Helper.getHeaderOrCookie(this.propertiesGR.encrypted_key);

var userField = this.propertiesGR.user_field;

var secretKey = this.getSecretKey(this.propertiesGR.secret_key);

this.debug("User Data: " + userData);

this.debug("User Digest Received: " + userDigest);

this.debug("User Field: " + userField);

// if found run encryption

if (userData && userDigest) {

try {

// Replace all spaces with plus(+)'s, converted in url

userDigest = userDigest.replaceAll(' ', '+');

// Ecrypt the username and secretKey combination to calculate digest

var userDigestCalc = this.getDigest(userData, secretKey);

this.debug ("User Digest Received: " + userDigest + " Calculated: " + userDigestCalc );

// Check for match if recieved digest data matches calculated digest

if (userDigest == userDigestCalc) {

this.debug("Digest value received matches with calculated");

var ugr = new GlideRecord("sys_user");

ugr.initialize();

if (!ugr.isValidField(userField)) {

var Log = GlideLog;

Log.warn("External authorization is set to use field: '" + userField + "' which doesn't exist");

gs.log("External authorization is set to use field: '" + userField + "' which doesn't exist");

SNC.SecurityEventSender.sendDigestLoginFailureEventData("user_name=" + userData + ",multisso=true,idpsysid=" + this.propertiesGR.getUniqueValue());

return this.getFailedRedirect();

}

ugr.addQuery(userField, userData);

ugr.query();

if (!ugr.next()) {

var User = GlideUser;

var userLoad = User.getUser(userData);

if (userLoad == null){

gs.log("User authenticated...but we cannot find this user in Service-now");

SNC.SecurityEventSender.sendDigestLoginFailureEventData("user_name=" + userData + ",multisso=true,idpsysid=" + this.propertiesGR.getUniqueValue());

return this.getFailedRedirect();

}

ugr.initialize();

ugr.addQuery(userField, userData);

ugr.query();

if (!ugr.next()){

gs.log("User authenticated...but we cannot find this user in Service-now 2");

SNC.SecurityEventSender.sendDigestLoginFailureEventData("user_name=" + userData + ",multisso=true,idpsysid=" + this.propertiesGR.getUniqueValue());

return this.getFailedRedirect();

}

this.debug("Success. Logging in user: " + userData);

request.getSession().setAttribute("glide.multiSSO.logout_url", this.propertiesGR.external_logout_redirect.toString());

// userDataValidated could be any of email, user_name or others

var userDataValidated = ugr.getValue(userField);

SNC.SecurityEventSender.sendDigestLoginSuccessEventData("user_name=" + userData, "multisso=true,idpsysid=" + this.propertiesGR.getUniqueValue());

return userDataValidated;

} else {

gs.log("User Digest Received did not match Calculated Digest");

SNC.SecurityEventSender.sendDigestLoginFailureEventData("user_name=" + userData, "multisso=true,idpsysid=" + this.propertiesGR.getUniqueValue());

return this.getFailedRedirect();

}

} catch(e) {

gs.log(e);

SNC.SecurityEventSender.sendDigestLoginFailureEventData("user_name=" + userData, "multisso=true,idpsysid=" + this.propertiesGR.getUniqueValue());

return this.getFailedRedirect();

}

// Encoded data didn't match recieved Encoded data

} else {

// If there is no userData and userDigest together then redirect him to another portal.

// Example: Customer's Intranet site where user's Digest Token Authentication URL could already be present.

return this.getPortalURLRedirect();

}

getDigest : function( data, secretKey ) {

try {

// default to something JDK 1.4 has

var MAC_ALG = "HmacSHA1";

return SncAuthentication.encode(data, secretKey, MAC_ALG);

} catch (e) {

throw 'failed_missing_requirement';

}

getFailedRedirect : function (){

var failure_url = (this.propertiesGR.failed_redirect) ? this.propertiesGR.failed_redirect.toString(): "failed_authentication";

return failure_url;

getPortalURLRedirect : function () {

var portalURL = (this.propertiesGR.portal_url_redirect) ? this.propertiesGR.portal_url_redirect.toString() : "failed_authentication";

return portalURL;

}

});

Re: Where is the Single Sign-On script located?

Blaze2 — Wed, 07 Dec 2016 23:12:18 GMT

gs.include("PrototypeServer");

gs.include("SAML2_update1");

gs.include("SSO_Helper");

gs.include("MultiSSO_SAML2_UserProvisioning");

var MultiSSO_SAML2_Update1 = Class.create();

MultiSSO_SAML2_Update1.prototype = Object.extend(new MultiSSO_Abstract_Core(), {

initialize: function() {

process: function() {

this.redirectURL = null;

this.requestType = "request";

try {

var result = this.processSAMLMessage();

return result;

} finally {

this.setActionRedirectURL();

}

processSAMLMessage: function() {

var Session = GlideUISession;

var relayState = request.getParameter("RelayState");

this.SAML2 = new SAML2_update1(this.ssoHelper);

this.logoutURL = (this.propertiesGR.idp_logout_url) ? this.propertiesGR.idp_logout_url : this.propertiesGR.external_logout_redirect;

this.serviceURL = this.propertiesGR.service_url;

this.userField = this.propertiesGR.user_field;

var samlResponseObject = null;

if(GlideController.exists("SAMLResponseObject"))

samlResponseObject = GlideController.getGlobal("SAMLResponseObject");

else {

this.logDebug("SAMLResponseObject not found in GlideController.");

samlResponseObject = this.SAML2.getSAMLObjectFromRequest(request);

}

// Refresh login request

if(!samlResponseObject && !relayState) {

var redirectURL = this.SAML2.generateAuthnRequestRedirectURL(request, false);

if (GlideStringUtil.nil(redirectURL))

return "failed_missing_requirement";

SNC.SecurityEventSender.sendSAMLRedirectSentEventData("", "multisso=true,idpsysid=" + this.propertiesGR.getUniqueValue());

return redirectURL;

}

var httpSession = request.getSession();

var inResponseTo = httpSession.getAttribute("glide.saml2.session_request_id");

SSO_Helper.debug("Session inResponseTo: " + inResponseTo);

if (this.SAML2.isLogoutResponse(samlResponseObject)) {

this.logDebug("It is a logout response");

this.requestType = "logoutResponse";

if(!this.SAML2.validateLogoutResponseObject(samlResponseObject, inResponseTo)) {

this.logError("Could not validate SAML LogoutResponse");

gs.eventQueue(this.SAML2.logoutFailureEventId, null, Session.getId(httpSession), "SAML2 LogoutResponse validation failed.");

}

return "logout_success";

}

// If none of above, this is login response from IDP.

return this.loginProcess(samlResponseObject, inResponseTo);

isIdPInitiated: function(inResponseTo) {

// for IdP initiated SAML response, inResponseTo is empty

return GlideStringUtil.nil(inResponseTo);

loginProcess : function(samlResponseObject, inResponseTo) {

var respType = this.isIdPInitiated(inResponseTo) ? "IdP" : "SP";

var eventLogParm2 = "initiator=" + respType + ",multisso=true,idpsysid=" + this.propertiesGR.getUniqueValue();

SNC.SecurityEventSender.sendSAMLRedirectReceivedEventData("", eventLogParm2);

if (!this.SAML2.validateLoginResponse(samlResponseObject, inResponseTo)) {

this.logError("Could not validate SAMLResponse");

SNC.SecurityEventSender.sendSAMLLoginFailureEventData("", eventLogParm2);

return "failed_authentication";

}

var nameId = null;

if ( this.propertiesGR.nameid_attribute

&& !this.propertiesGR.nameid_attribute.isNil() ) {

this.logDebug("Use nameid_attribute to look up NameID.");

nameId = this.SAML2.getAssertionAttrValueByNameOrFriendlyName(this.propertiesGR.nameid_attribute);

}

else

nameId = this.SAML2.getSubjectNameID();

if (nameId == null) {

SNC.SSOUtils.writeMultipleLogSummary(false, gs.getMessage("Subject NameID validation failed"), gs.getMessage("Could not extract Subject NameID from SAMLResponse"), 'subject');

this.logError("Could not extract Subject NameID from SAMLResponse");

SNC.SecurityEventSender.sendSAMLLoginFailureEventData("", eventLogParm2);

return this.propertiesGR.getValue("failed_requirement_redirect");

}

this.logDebug("SAML2 NameID: " + nameId);

var eventLogParm1 = "user_name=" + nameId;

var sessionIndex = this.SAML2.getSessionIndex();

if (sessionIndex == null) {

SNC.SSOUtils.writeMultipleLogSummary(false, gs.getMessage("SessionIndex value not found"), gs.getMessage("Could not extract SessionIndex from SAMLResponse"), '');

this.logError("Could not extract SessionIndex from SAMLResponse");

SNC.SecurityEventSender.sendSAMLLoginFailureEventData(eventLogParm1, eventLogParm2);

return this.propertiesGR.failed_requirement_redirect;

}

this.logDebug("SAML2 SessionIndex: " + sessionIndex);

// pass these values to Logout script

if(!SSO_Helper.isTestSAMLConnection()) {

request.getSession().setAttribute("glide.saml2.session_index", sessionIndex);

request.getSession().setAttribute("glide.saml2.session_id", nameId);

request.getSession().setAttribute("glide.multiSSO.logout_url", this.logoutURL);

request.getSession().setAttribute("glide.multiSSO.service_url", this.serviceURL);

}

return this.loginUser(nameId, eventLogParm2);

setActionRedirectURL: function() {

var url = null;

var isTestConn = GlideController.getGlobal("sysparm_saml_tc");

if ("true" == isTestConn) {

this.logDebug("request type : " + this.requestType);

if (this.requestType == "logoutResponse") {

url = "/saml_test_conn_logout_completed.do?sysparm_nostack=true&sysparm_test_sso_id=" + this.propertiesGR.getUniqueValue();

}

else

url = "/saml_test_conn_completed.do?sysparm_nostack=true&sysparm_test_sso_id=" + this.propertiesGR.getUniqueValue();

}

else if (this.redirectURL)

url = this.redirectURL;

if(url){

this.logDebug("We will be redirecting user to the URL: " + url);

action.setRedirect(url);

}

loginUser : function (nameId, eventLogParm2) {

if (nameId == null) {

SNC.SecurityEventSender.sendSAMLLoginFailureEventData("", eventLogParm2);

return this.propertiesGR.failed_requirement_redirect;

}

var eventLogParm1 = "user_name=" + nameId;

if(!this.userField || this.userField == ''){

var errorMessage = gs.getMessage("User Field validation failed");

SNC.SSOUtils.writeLogSummary(false, errorMessage, gs.getMessage("Ensure that the 'User Field' field is not null or blank"));

this.logError(errorMessage);

SNC.SecurityEventSender.sendSAMLLoginFailureEventData(eventLogParm1,eventLogParm2);

return "failed_authentication";

}else if(!GlideTableDescriptor.fieldExists('sys_user',this.userField)) {

var errorMessage = gs.getMessage("Invalid User Field. {0} is not a field on the sys_user table.", this.userField);

SNC.SSOUtils.writeLogSummary(false, gs.getMessage("User Field validation failed"), errorMessage);

this.logError(errorMessage);

SNC.SecurityEventSender.sendSAMLLoginFailureEventData(eventLogParm1,eventLogParm2);

return "failed_authentication";

}

var ugr = new GlideRecord("sys_user");

ugr.addQuery(this.userField, nameId);

ugr.query();

var foundUser = ugr.next();

if (!foundUser) {

if (! SSO_Helper.isTestSAMLConnection()) {

this.importOrUpdateSAMLUser();

ugr.query(); // query again to make sure import is successful

foundUser = ugr.next();

}

if (!foundUser) {

var errorMessage = gs.getMessage("User: ") + nameId + gs.getMessage(" not found");

SNC.SSOUtils.writeMultipleLogSummary(false, errorMessage, gs.getMessage("Ensure that the user you are trying the test connection with is present in the system."), 'userField');

this.logError(errorMessage);

SNC.SecurityEventSender.sendSAMLLoginFailureEventData(eventLogParm1,eventLogParm2);

return "failed_authentication";

}

} else if(SSO_Helper.isTestSAMLConnection()) {

if(ugr.locked_out == true) {

var errorMessage = gs.getMessage("User: ") + nameId + gs.getMessage(" is locked out");

SNC.SSOUtils.writeMultipleLogSummary(false, errorMessage, gs.getMessage("Ensure that the user you are trying the test connection with is active and not locked out."), 'userField');

this.logError(errorMessage);

SNC.SecurityEventSender.sendSAMLLoginFailureEventData(eventLogParm1,eventLogParm2);

return "failed_authentication";

}

if(ugr.active == false){

var errorMessage = gs.getMessage("User: ") + nameId + gs.getMessage(" is not active");

SNC.SSOUtils.writeMultipleLogSummary(false, errorMessage, gs.getMessage("Ensure that the user you are trying the test connection with is active."), 'userField');

this.logError(errorMessage);

SNC.SecurityEventSender.sendSAMLLoginFailureEventData(eventLogParm1,eventLogParm2);

return "failed_authentication";

}

} else {

if (this.propertiesGR.auto_update_user)

this.importOrUpdateSAMLUser();

}

var userName = ugr.getValue("user_name");

if ( GlideStringUtil.nil(userName) ) {

SNC.SecurityEventSender.sendSAMLLoginFailureEventData(eventLogParm1, eventLogParm2);

this.logError("user_name value is empty.");

return "failed_authentication";

}

// only set the cookie if it is NOT testing

if (! SSO_Helper.isTestSAMLConnection()) {

this.redirectURL = request.getSession().getAttribute("SAML_RelayState");

if (! this.redirectURL) {

this.logDebug("SAML_RelayState is not available in the session, try the RelayState in the request.");

this.redirectURL = request.getParameter("RelayState");

}

SNC.SecurityEventSender.sendSAMLLoginSuccessEventData(eventLogParm1, eventLogParm2);

request.getSession().setAttribute("SAML_RelayState", null);

// successfully logged in. we need set sso_id cookie

this.ssoHelper.saveInCookie(SNC.SSOUtils.SSOID(), this.propertiesGR.sys_id);

request.getSession().setAttribute("glide.authenticate.multisso.login.method", "saml");

}

return userName;

importOrUpdateSAMLUser: function() {

// will try to update table schema and insert the import set row

if (SNC.SSOUtils.isAutoProvisiongEnabled() && this.propertiesGR.auto_provision) {

var userImportTable = this.propertiesGR.transform_map.source_table;

SSO_Helper.debug("SAML User Import Table: " + userImportTable);

var userProvising = new MultiSSO_SAML2_UserProvisioning(userImportTable, this.SAML2.SAMLAssertion, this.propertiesGR.getUniqueValue());

userProvising.loadImportSet();

}

logDebug : function (msg) {

this.SAML2.logDebug(msg);

logError : function (msg) {

var lMsg = gs.getMessage(msg);

if (! SSO_Helper.isTestSAMLConnection())

gs.addErrorMessage(lMsg);

if (SSO_Helper.isTestSAMLConnection())

SNC.SSOUtils.writeToLogStream(0, lMsg);

gs.logError(lMsg, "SAML2");

}

});

Re: Where is the Single Sign-On script located?

sudharsanv36 — Thu, 08 Dec 2016 10:35:29 GMT

My bad! Hope you found the answer now.

Re: Where is the Single Sign-On script located?

xmikeam — Thu, 08 Dec 2016 21:04:21 GMT

Thanks Blaze, but the script I was looking for was the script for the form "Single Sign-on". If you filter for that you will find the that form.

Thanks again.

Re: Where is the Single Sign-On script located?

Blaze2 — Thu, 08 Dec 2016 23:25:12 GMT

When I filter SSO these are the results I get \

Re: Where is the Single Sign-On script located?

Blaze2 — Wed, 18 Jan 2017 15:08:08 GMT

Did you ever get this figured out?

Re: Where is the Single Sign-On script located?

xmikeam — Wed, 18 Jan 2017 16:05:53 GMT

I wasn't able to locate the script. I no longer need to locate it.