logo

NJP

Configuring SSO

Import · Jul 23, 2019 · article

Configuring SSO

Image Description
image 01. Acess Guided Setup https://.service-now.com/nav_to.do?uri=%2Fhome.do%3F
image 02. ITSM Guided Setup
image 03. Click Get Started
image 04.
image 05. Click Activate/Repair
image 06. Click Activate
image 07. Close & Reload Form
image 08. Click Add New IdP
image 09. Type your informations Example www..com.br/FederationMetadata/2007-06/FederationMetadata.xml
image 10. Click Fetch
image 11. Click Save
image 12. Click Generate metada
image 13. On the NameID Policy urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified
image 14. Click >> Mult-Provider SSO > Properties
image 15. Select Enable multiple provider SS Enable debug logging for the multiple provider SSO integration The field on the user table that identifies a user accessing the "User identification" login page. By default, it uses the 'user_name' field.
image 16. >>AD FS > Trust Relationships > Relaying Party Trust >Add Relaying Party Trust
image 17. Click Start
image 18. Import data about the Relaying party from a file Browse
image 19. Type Display name, click Next
image 20. Select I do not want to configure mult-facto authentication settings for this relaying party trust at this time Click Next
image 21. Click Permit all users to access this Relaying Party and click Next
image 22. Click Close
image 23. An example about Claim Rule E-mail Address
image 24. Click OK
image 25. Click Test Connection
image 26. Login
image 27. Set Default
image 28. Set Auto Redirect Idp
29.

Metadata Sample.xml, step 13.

<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://<instance>.service-now.com">
    <SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<instance>.service-now.com/navpage.do"/>
        <NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
        <AssertionConsumerService isDefault="true" index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<instance>.service-now.com/navpage.do" />
        <AssertionConsumerService isDefault="false" index="1" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://<instance>.service-now.com/consumer.do" />
    </SPSSODescriptor>
</EntityDescriptor>

Author:

Tiago Macul

Paulo Cesar dos Santos Filho

Haddan de Queiroz Rocha

image

image

Summary

Configuring ADFS Claim rules

View original source

https://www.servicenow.com/community/itsm-articles/configuring-sso/ta-p/2312770