Nope.  Still working on a solution.  We're trying to integrate with a SecureAuth appliance for SSO...  The trouble is that we don't really want to do SSO.  We aren't trying to validate ServiceNow login based on an external user directory.  So we're going to have to start putting everyone into an external LDAP directory to make it work that way.

As a side project, on my own time... I'm looking at creating a simple web page with a php script that uses the LightSAML library.  The web server (apache) can be set to force the collection of the CAC certs and validate them against DISA OCSP.  It can then pass that info on to the PHP script that will process the SAML request and generate the appropriate SAML response based on the OCSP response and certificate UPN.  Because that's really all we want... is to validate a user is who they say they are based on their certificate and the fact that we could access the certificate because they knew their PIN.

Wish I had better news...  Since ServiceNow sits on a Tomcat shell, it shouldn't be this hard.  Tomcat has the same certificate collection and OCSP verification abilities as Apache.  I'm just not familiar with the mechanics of how the ServiceNow applet interacts with the Tomcat shell... to potentially even try to write something myself like a customer portal login widget that would make use of it.

I'm in a similar situation as jodyadomatis....  Very interested in possible solution paths for SmartCard based Certificate logins (CAC) for ServiceNow.  Any advice would be helpful!

We also have this problem. All the documentation seems to say this is not supported. Are there any other ways to get a SAML token from a CAC?