1 Reply · Latest reply on Nov 15, 2017 12:55 AM by Slava

    E-Signature / ADFS integration issues

      We are attempting to setup the E-Signature plugin along-side our ADFS/SSO integration. This is in Helsinki.

       

      SSO works great, users are logged in when they hit the site internally and are prompted when accessing it externally.

       

      We are setting the Force Authentication flag within ServiceNow which should prompt users to enter their credentials again, even though they are already stored from the initial login.

       

      What we are seeing is that "ForcedAuthn" is being sent in the SAML request and ADFS is honoring it by responding with 401 Unauthorized. Unfortunately the user does not see an authentication prompt because the machine from where he is accessing the application is inside corporate network (in intranet) and WIA is using the initial set of credentials to get that user re-authenticated. In this environment WIA (windows integrated auth) and FBA (Form Base Auth) are both enabled for Intranet and WIA is being preferred.

       

      Has anyone else run into this issue? Does anyone know if it is even possible to use ADFS 3.0 (Win Server 2012 R2) with the e-signature plugin? Any help you can give would be appreciated.

       

      Thank you,

      Chris