Digest Token Authentication

Digest Token Authentication uses data , key and mac algorithm to generate digest data.User access instance with the digest data.This digest data is  compared against the digest data calculated within instance.If digest data matches then user is authenticated.

How does Digest Token Authentication work?

1.Client launches instance url with Digest token.



**glide_sso_id is required if default or redirect idp is not configured.


2.MultiSSO Digest Token Authentication uses MultiSSO_DigestToken installation exits to parse request parameters,cookies or headers.

3.NOW platform calculates digest value based on the digest token configurations configured within platform.

4.MultiSSO_DigestToken installation exit compares digest data with digest data extracted ( DE_USER )from request parameters.

5.If digest data matches

   a)MultiSSO_DigestToken script validates user ( SM_USER ) against user table.

   b)if there is a valid user record session is initialized for that user.

   c)else, user is redirected to failed sso redirect page.

6)Else, user is redirected to failed sso redirect page.

Integration Setup

1)Multi-Provider SSO > Identity Providers > New > What kind of SSO are you trying to create? ( Select Digest )

 Name  Description 
 DE_USER Digest token is sent with DE_USER  
 SM_USER User field for lookup with user table
 User Field Name of the field  which is queried with user table
 Secret Passphrase  secret key to encrypt/decrypt digest data ( ex:12345 )
 Single Sign-On Script Select MultiSSO_DigestedToken.This script decrypts token token and authenticate user 
 Failed SSO redirect page user redirected to post login failure
 External logout redirect  page user redirected to post logout


2)Multi-Provider SSO > Properties > Enable multiple provider sso

Algorithm Supported

NOW platform uses HmacSHA1 algorithm to generate digest token by default.If HMAC algorithm needs to be changed please use the below steps.

1.Open MultiSSO_DigestedToken Installation Exit

2.Update MAC_ALG var with the MAC algorithm supported by Java.

Java 8 platform supports the below Mac Algorithms.







How to generate digest data with scripting?

Run this script via System DefinitionScripts background to generate Digest data with different MAC algorithms


function generateDigestData(){


var data="admin";

//Secret Passphrase

var secretKey = "12345";

var MAC_ALG_1 = "HmacSHA1";
var MAC_ALG_2 = "HmacSHA224";
var MAC_ALG_3 = "HmacSHA256";
var MAC_ALG_4 = "HmacSHA384";
var MAC_ALG_5 = "HmacSHA512";
var MAC_ALG_6 = "HmacMD5";


//SncAuthentication.encode() function generates digest data.This is compared against DE_USER

gs.print("Digest data generated with HmacSHA1: "+SncAuthentication.encode(data, secretKey, MAC_ALG_1));

gs.print("Digest data generated with HmacSHA224: "+SncAuthentication.encode(data, secretKey, MAC_ALG_2));

gs.print("Digest data generated with HmacSHA256: "+SncAuthentication.encode(data, secretKey, MAC_ALG_3));

gs.print("Digest data generated with HmacSHA384: "+SncAuthentication.encode(data, secretKey, MAC_ALG_4));

gs.print("Digest data generated with HmacSHA512: "+SncAuthentication.encode(data, secretKey, MAC_ALG_5));

gs.print("Digest data generated with HmacMD5: "+SncAuthentication.encode(data, secretKey, MAC_ALG_6));



*** Script: Digest data generated with HmacSHA1: SuaGUdiqQZikiOfxcgQZALaQJpE=
*** Script: Digest data generated with HmacSHA224: HcTdLXVPwfK+3MRsI1m9BN10xYXKGTqzWYmGMg==
*** Script: Digest data generated with HmacSHA256: IMafPR3HHBl+ykp7ACAfQqMffxtCI86Qv1oI8dqQJr0=
*** Script: Digest data generated with HmacSHA384: 3atp1KaQgbr7W+/Wr9Lq7/K+/OTGk1X5YkhF+d+DwiGpI2rSFBP7cC1FN3fDlhLR
*** Script: Digest data generated with HmacSHA512: c22+q9VaE720r4uWo19Ot9VTRQXQc1oXKHi3mnWB6G/A6gjDG55DXw6fg8JizH/Z5reovgW1oat8 eZTcqxyKcg==
*** Script: Digest data generated with HmacMD5: 8ETw8Cm8Az6JOuWzotRYZA==

Deep Linking

NOW platform supports deep linking for digest token authentication.Include glide_sso_id,SM_USER and DE_USER in the deep link url for authentication.


System logs

Set glide.authenticate.multisso.debug = true to print debugger messages in the System logs.

Login Successful 

Login Failure

Service Portal and CMS Redirection

NOW platform does not support digest token authentication for CMS & Service Portal.This is because CMS & Service Portal has login page configured so user will be redirected to the platform configured login is the only public page platform support digest token for authentication.

Workaround 1:

Service Portal has $sp set to true and CMS has view_content set to true in the sys_public table.Setting $sp= false and view_content = false allows platform to authenticate user with digest token authentication.This approach does not allow user to access any public pages configured for Service Portan and CMS.

Workaround 2:

1.Configure first page for CMS & Service Portal.

2.Configure login redirection.

Service Portal


3.Authenticate with  instance url 

4.NOW platform redirects user to first page ( landing page ) after authentication.

****Admin User:

Login URL

User is redirected to after authentication

*****ESS User:

Login URL

user is redirected to service portal ( first page / landing page ) after authentication

***Admin User

Login URL

user is redirected to incident record after authentication.

***ESS User

ess user is redirected to service portal after authentication.



Applicable Versions

Check for the applicable versions.

Additional Information

1)Check doc site for Integration Setup,Sample Digest Token Implementations and deep linking within instance.

2)Mac Algorithms supported by Java 8 at the time of writing this article.  


Article Information

Last Updated:2019-08-02 20:57:26