Notifications

59 views

Description

There are two or more IdPs configured without a Auto-Redirect IdP configured.  You want to direct users to a certain service portal for SSO login using a URL that points to a service portal with an IdP sys_id defined in glide_sso_id, for example:

https://<instance_name>.service-now.com/test_sp/login_with_sso.do?glide_sso_id=8abf82b9dbf08414b9d31649489619d5

https://<instance_name>.service-now.com/test_sp2/login_with_sso.do?glide_sso_id=8abf82b9dbf08414b9d31649489619d5

Where the Service Portal URLs are test_sp and test_sp2.

But this does not direct users to these portals for login.

Release or Environment

Applies to any release.

Cause

This is not supported and will not work:

https://<instance_name>.service-now.com/test_sp/login_with_sso.do?glide_sso_id=8abf82b9dbf08414b9d31649489619d5

https://<instance_name>.service-now.com/test_sp2/login_with_sso.do?glide_sso_id=8abf82b9dbf08414b9d31649489619d5

login_with_sso.do does not support the deep link.

Resolution

You will need to go here instead:

https://<instance_name>.service-now.com/test_sp
https://<instance_name>.service-now.com/test_sp2

To configure the specific IdP to use, use this KB as a guide:

https://hi.service-now.com/kb_view.do?sysparm_article=KB0719767

In step 2. of the Resolution you can go ahead and comment out the line (data.default_idp = GlideProperties.get("glide.authenticate.sso.redirect.idp");), but also add this one just under it:

data.default_idp ='8abf82b9dbf08414b9d31649489619d5';

8abf82b9dbf08414b9d31649489619d5 is the sys_id of the IdP you want to use for the specific portal. You will apply this to both portals test_sp and test_sp2.

So later in the Client Controller script, 8abf82b9dbf08414b9d31649489619d5 will be the "c.data.default_idp":

if (!c.data.is_logged_in && c.data.multisso_enabled && c.data.default_idp) {
c.server.get({
action: "set_sso_destination",
pageURI: c.data.pageURI
}).then(function() {
$window.location = "/login_with_sso.do?glide_sso_id=" + c.data.default_idp;
});
}

You can add additional coding to the Server script if you need to make the redirection more selective or complex.

Article Information

Last Updated:2019-12-05 13:12:10
Published:2019-12-05