Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

Introduction

Service Now was somewhat of a straight forward implementation once we realized we had access to the script that generates the SAML 2.0 Authentication Request. Since we allow for anonymous SP authentication we modified two scripts on the Service Now side to send requests that we liked and we were in business. Here are the diff's for the files we modified.

Modify the Login Script

This modification was made to get rid of the AuthnContext which required username/password authentication, but since we are using RemoteUser for CAS this was asking to much, so we just removed it.

Login script
jjv6@nomad:~/Desktop/service-now$ diff -cBr login.script login.script.orig 
*** login.script	2011-11-15 09:29:19.938287229 -0500
--- login.script.orig	2011-11-15 09:30:21.798287235 -0500
***************
*** 124,131 ****
          
      this.SAML2.createIssuer(elem);
      this.SAML2.createNameIDPolicy(elem);
!     //var rElem = this.SAML2.createRequestedAuthnContext(elem);
!     //this.SAML2.createAuthnContextClassRef(rElem);
  
      return this.SAML2.getEncodedSAMLRequest(elem);
    },
--- 124,131 ----
          
      this.SAML2.createIssuer(elem);
      this.SAML2.createNameIDPolicy(elem);
!     var rElem = this.SAML2.createRequestedAuthnContext(elem);
!     this.SAML2.createAuthnContextClassRef(rElem);
  
      return this.SAML2.getEncodedSAMLRequest(elem);
    },

Modify the Script Object

This modification removed the SPNameQualifier from the nameID requested. They send a value that is not the entityID and I could no make it work with shib, so I just removed it.

Script Objectjjv6@nomad:~/Desktop/service-now$ diff -cBr script.object.orig script.object*** script.object.orig 2011-11-15 09:31:45.318287245 0500-- script.object 2011-11-15 09:28:44.268287225 -0500****************** 99,105 **** var nid = nb.buildObject(); nid.setValue(nameId); nid.setFormat(nameIdPolicy);! nid.setSPNameQualifier(serviceURL); var nim = new NameIDMarshaller(); return nim.marshall(nid, parentElement);
,
--- 99,105 ----
      var nid = nb.buildObject();
      nid.setValue(nameId);
      nid.setFormat(nameIdPolicy);
!     //nid.setSPNameQualifier(serviceURL);
      var nim = new NameIDMarshaller();
      return nim.marshall(nid, parentElement);
    },
***************
*** 166,172 ****
      var nameIdPolicy = nameIdPolicyBuilder.buildObject();
      // insist on the emailAddress format to match with our user's email address
      nameIdPolicy.setFormat(nameIdPolicyStr);
!     nameIdPolicy.setSPNameQualifier(serviceURLStr);
      nameIdPolicy.setAllowCreate(true);
      var nidm = new NameIDPolicyMarshaller();
      return nidm.marshall(nameIdPolicy, parentElement);
--- 166,172 ----
      var nameIdPolicy = nameIdPolicyBuilder.buildObject();
      // insist on the emailAddress format to match with our user's email address
      nameIdPolicy.setFormat(nameIdPolicyStr);
!     //nameIdPolicy.setSPNameQualifier(serviceURLStr);
      nameIdPolicy.setAllowCreate(true);
      var nidm = new NameIDPolicyMarshaller();
      return nidm.marshall(nameIdPolicy, parentElement);
  • No labels