I have had a lot of people come to me with questions on where to get started with their SAML 2.0 Single Sign-on plugin.
In order to help people out a little quicker, I have created a video that demonstrates the steps that are required to take in order to set up the SAML 2.0 plugin in ServiceNow with SSOCircle.com, a free, public Identity Provider (IdP).
While companies will not typically use SSOCircle.com as their identity provider, it allows me to demonstrate the basic steps that an individual would need to take in order to set up their ServiceNow instance with their own IdP.
Hi John,
Thanks for this.
We are having some logout issues with ServiceNow and my customer’s IdP. They are using PING and the PING expect is saying this:
Please confirm if your Identity Federation product supports Single Log Out.
We tried giving /logout_redirect.do as the SLO URL but it calls https://xxxxx.service-now.com/ and which in turn calls https://pilotsso.xxxxx.com/idp/SSO.saml2?SAMLRequest=nVPLbtswEPwVgXe92MR2CMuAqqCogTQVbLWH3mhylRCgSJVL2e7fl5KdxIfEQHvdGe7OzC6XyDtNe1YO%2Ftls4PcA6KNjpw2yE1KQwRlmOSpkhneAzAu2Lb89MJpkrHfWW2E1iUpEcF5ZU1mDQwduC26vBPzYPBTk2fseWZr2Ox%2F6J3iCYmMPibBdavi%2B50%2BQSEuiL9YJmNQUpOUagUTr%2B4JsH6vZIr%2BZfZrzHb2bQ347l5xmor2b385u2l27oIGINUdUe3h7ijjA2qDnxheEZjmNszymWZMvGKUso0lOZ79IVJ99fFZGKvN03fTuREL2tWnquP6kpHVcgqdTbLd5R6uK%2BIv4ZPV9dHL9HLAeVzPRtXr%2B9pqJf5Epdb2UDngPjjxboBpKR33H2vIk3yqKBm3E5VBx5UupXSASNLXQecLAzltOJyKh6OPKtv13CkcY4AjF%2F41iEtapYPNDbT%2FFctVmmBi7B3K4%2F0crJPjPYAIOhvHDfbW%2BZfk3lO0OoMf%2BHuDL3%2FZ6i8%3D&RelayState=https://xxxxxxx.service-now.com/navpage.do.
Since the SSO URL is called again user will remain signed in and will not be logged out of the application.
Any idea what I could do?
Thanks in advance,
Erite
It probably means your SLO url is not correct on the IdP side. Another possibility is that the SingleLogout URL on the IdP is throwing an error in the background with the logout request that it is receiving from ServiceNow.
We know we are processing the logout properly on the ServiceNow side because you are getting redirected to the IdP after logout because ServiceNow realizes it doesn’t have an active session.
When the SLO is processed correctly on the IdP side, it terminates the session. So, if the browser is redirected back to the IdP it will force a login.
Therefore, my first thought is that you need to review your SLO url on the IdP, or view the IdP logs to see if it is throwing an error with regard to the LogoutRequest it is receiving.
Thanks John.
I’ll get the customer to check this.
Regards,
Erite
Will this kind of set be required when using an enterprise SSO solution like Imprivata?
@Pedro…I am not familiar with Imprivata. A quick google search led me to beleive Imprivata doesn’t leverage the SAML protocol. If this is the case, then it may need to be a custom SSO configuration for the ServiceNow instance. More time would need to be invested to see what it would take.
Paragraph writing is also a excitement, if you be familiar with afterward
you can write otherwise it is complicated to write.
What’s up everyone, it’s my first pay a quick visit at this weeb site, aand piece of writing
is in fact fruitful iin favor of me, keep
up posting these types of articles or reviews.
The very next time I read a blog, Hopefully
it won’t disappoint me just ass much as this one.
After all, Yes, it was my choice to read, nonetheless I truly believed you
would have something helpful to say. All I hear is a bunch of moaning about something youu could possibly fix iff you were not too busy looking for attention.
Everyone loves it when folks come together and share
ideas. Great blog, continue the god work!
Thanks for any other informative blog. The place else may just I am getting that type
of information written in such a perfect manner? I’ve a challenge that I’m
simply now running on, and I’ve been at the look out for such info.