Prevent SSO Redirect on Public Service Portal Page

Trevor Muhl · ‎05-02-2017

Hello everyone,

I just enabled Multiple Provider SSO after using SAML 2 Single Sign-On and am having issues managing SSO redirects.

Here is a brief description of my organization:

Internal users (employees) are authenticated by an identity provider.
External users (clients) are authenticated using local accounts via a service portal.
Users and guests without specific roles are automatically redirected to the service portal via a UI script.

I would like to use the 'glide.authenticate.sso.redirect.idp' system property to redirect internal users to an SSO login. However, after configuring this system property, users viewing the service portal authentication page are redirected to the SSO login. This service portal login page is specified as a public page and should not require authentication, based on my understanding.

When not using the above system property, users are not redirected to the SSO login from ServiceNow's default login page. Is it possible to prevent redirection when viewing a particular service portal login page?

Thank you for your time and have a great day!

- Trevor Muhl

Trevor Muhl · ‎05-03-2017

Again, I solved my own question after recharging my brain last night.

The base system 'Login' service portal widget has the following code within the client controller:

       if (!c.data.is_logged_in && c.data.multisso_enabled && c.data.default_idp) {

               c.server.get({

                       action: "set_sso_destination",

                       pageURI: c.data.pageURI

               }).then(function() {

                       $window.location = "/login_with_sso.do?glide_sso_id=" + c.data.default_idp;

               });

       }

Variables used there are initialized within a server script:

data.multisso_enabled = GlideProperties.getBoolean("glide.authenticate.multisso.enabled");

data.default_idp = GlideProperties.get("glide.authenticate.sso.redirect.idp");

I simply removed the code block within the client controller (and the associated server-side variable initialization) to prevent the redirect from occurring. You can see that the a default redirect IdP must be set within the system property in order for the redirect to occur on the Service Portal login page.

View solution in original post

Trevor Muhl · ‎05-03-2017

Again, I solved my own question after recharging my brain last night.

The base system 'Login' service portal widget has the following code within the client controller:

       if (!c.data.is_logged_in && c.data.multisso_enabled && c.data.default_idp) {

               c.server.get({

                       action: "set_sso_destination",

                       pageURI: c.data.pageURI

               }).then(function() {

                       $window.location = "/login_with_sso.do?glide_sso_id=" + c.data.default_idp;

               });

       }

Variables used there are initialized within a server script:

data.multisso_enabled = GlideProperties.getBoolean("glide.authenticate.multisso.enabled");

data.default_idp = GlideProperties.get("glide.authenticate.sso.redirect.idp");

I simply removed the code block within the client controller (and the associated server-side variable initialization) to prevent the redirect from occurring. You can see that the a default redirect IdP must be set within the system property in order for the redirect to occur on the Service Portal login page.

Harish KM · ‎10-22-2017

I have the same issue..After commenting that part. SSO still running for external users.Did u do anything else apart 4m this?

Regards
Harish

Trevor Muhl · ‎10-23-2017

Hello harishkumar,

Are you using the Multiple Provider SSO plugin? If so, are new users who have never accessed the instance being redirected to SSO login? Try logging in with a private/incognito window and see what results you get.

- Trevor Muhl

Harish KM · ‎10-23-2017

Yep using multiprovider SSO. It was wrkg before. After upgrading to helsinki patch12a. It is not working

Regards
Harish