Take the instance metadata and import it into your ADFS server. However, manual configuration of the relying party appears to be easier to implement.
Before you begin
Role required: sso_config_admin, business_rule_admin, script_include_admin
Procedure
-
Navigate to and verify that the SAML property Sign AuthnRequest (glide.authenticate.sso.saml2.require_signed_authnrequest) is not active.
Only keep this property active if your ADFS administrator can verify that you require signed requests.
-
Copy the metadata that you generated through the SAML 2 metadata link and save it to a file.
-
Log into the ADFS server and open the management console.
-
Select Relying Party Trusts.
-
Select Add Relying Party Trust from the top right corner of the window.
-
Click Start to begin.
-
Use the Import File option to import the metadata file.
-
Give it a display name such as ServiceNow and enter any notes you want.
-
Select ADFS 3.0 Profile.
-
Do not select a token encryption certificate.
It will use the certificate that is defined on the service that has already been exported. Defining a certificate prevents proper communication with the instance.
-
Do not enable any settings on the Configure URL.
-
Enter the instance site to which you connected as the Relying Party trust identifier.
In this case, use https://company.service-now.com and click Add.
-
Permit all users to access this relying party.
-
Click Next and clear the Open the Claims when this finishes check box.
-
Close this page.
The new relying party trust appears in the window.
-
Right-click on the relying party trust and select Properties.
-
Browse to the Advanced tab and set the Secure hash algorithm as either SHA-256 or SHA-1.
-
Browse to the Endpoints tab and add a SAML Assertion Consumer with a Post binding and a URL of https://company.service-now.com/navpage.do.