Announcing the Global SNUG Board of Directors. Learn more here
on 07-23-2019 10:11 AM
Configuring SSO
Image | Description |
01. Acess Guided Setup https://<instance>.service-now.com/nav_to.do?uri=%2Fhome.do%3F
| |
02. ITSM Guided Setup | |
03. Click Get Started | |
04. | |
05. Click Activate/Repair | |
06. Click Activate | |
07. Close & Reload Form | |
08. Click Add New IdP | |
09. Type your informations
Example www.<website>.com.br/FederationMetadata/2007-06/FederationMetadata.xml | |
10. Click Fetch | |
11. Click Save | |
12. Click Generate metada | |
13. On the NameID Policy urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified | |
14. Click >> Mult-Provider SSO > Properties | |
15. Select Enable multiple provider SS Enable debug logging for the multiple provider SSO integration
The field on the user table that identifies a user accessing the "User identification" login page. By default, it uses the 'user_name' field. | |
16. >>AD FS > Trust Relationships > Relaying Party Trust >Add Relaying Party Trust | |
17. Click Start | |
18. Import data about the Relaying party from a file
Browse | |
19. Type Display name, click Next | |
20. Select I do not want to configure mult-facto authentication settings for this relaying party trust at this time
Click Next | |
21. Click Permit all users to access this Relaying Party and click Next | |
22. Click Close | |
23. An example about Claim Rule
E-mail Address | |
24. Click OK | |
25. Click Test Connection | |
26. Login | |
27. Set Default | |
28. Set Auto Redirect Idp | |
29. |
Metadata Sample.xml, step 13.
<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://<instance>.service-now.com">
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<instance>.service-now.com/navpage.do"/>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<instance>.service-now.com/navpage.do" />
<AssertionConsumerService isDefault="false" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<instance>.service-now.com/consumer.do" />
</SPSSODescriptor>
</EntityDescriptor>
Author:
Tiago Macul
Paulo Cesar dos Santos Filho
Haddan de Queiroz Rocha
Thanks for sharing this.