- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2015 11:09 AM
We have our SN instance setup with SSO using ADFS to authenticate with our active directory.
Users can click a special hyperlink ( ourcompany.service-now.com/login_with_sso.do?glide_sso_id=12355 ) and are logged in successfully.
However, when our SN instance emails a user a link to a specific record, the user clicks the link and is sent to the login page.
Since our users do not have local accounts and local passwords, they cannot sign into this page, but will inevitably try using their AD credentials and fail.
Is there a way to configure SN such that when they click hyperlinks via email, they are automatically signed in via SSO and then directed to the record they were trying to access?
After reading the following wiki article (http://wiki.servicenow.com/?title=External_Authentication_(Single_Sign-On_-_SSO)#gsc.tab=0 ) it seems like we can direct unauthenticated requests to the SSO process rather than the default login by configuring two system properties:
- glide.authentication.external.disable_local_login (which was already set to true)
- glide.authenticate.failed_requirement_redirect (which was already set to https://idp.ssocircle.com:443/sso/SSORedirect/metaAlias/ssocircle )
I tried changing glide.authenticate.failed_requirement_redirect to our SSO URL but this had no effect.........
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2015 03:12 PM
I received a response from my SN HI ticket which fixed the issue.
If you are using the Multi-Provider SSO plugin:
You can configure the glide property "glide.authenticate.sso.redirect.idp" with the sys_id of the respective IdP.
This however assumes all users are authenticated through that one IdP.
Please see "http://wiki.servicenow.com/index.php?title=Multiple_Provider_Single_Sign-On#gsc.tab=0" ,Section 3.2.1 Modifying the Primary IdP, for more information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-13-2015 03:12 PM
I received a response from my SN HI ticket which fixed the issue.
If you are using the Multi-Provider SSO plugin:
You can configure the glide property "glide.authenticate.sso.redirect.idp" with the sys_id of the respective IdP.
This however assumes all users are authenticated through that one IdP.
Please see "http://wiki.servicenow.com/index.php?title=Multiple_Provider_Single_Sign-On#gsc.tab=0" ,Section 3.2.1 Modifying the Primary IdP, for more information.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2016 07:16 AM
James,
Have you customized your email notifications at all, or are they still the default templates that get installed with the product? We have been struggling to get SSO from email links working, and SNOW has told us that any customization to the email templates will prevent it from working.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2016 07:25 AM
Hey Eric,
Our email notifications are customized (including the hyperlinks) and it doesn't seem to have any effect on the SSO, SSO still works.
I just tested again now to confirm.
Cheers,
- James
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-14-2016 07:40 AM
James,
Thanks so much for your reply. Can you tell me what version of ADFS you're using, as well as which version of serviceNow you're on?
I also noticed that your URL to access your instance is a different format that ours. We're using IdP-initiated logon. Is that what you're doing as well?
Thanks.
-Eric
