SSO configuration
- Dan Franko (Unlicensed)
From Howard:
We do not maintain any configuration for Service Now instances. We have no metadata ourselves, nor does InCommon have meaningful metadata. Instead, for better or worse we configured Shibboleth to have a default release policy that matches current CAS. That is, we release the Netid to anyone who tries to login to a service. However, this does not work for IdP initiated login (where there is a link in a Yale menu). It only works for a partner who sends us a SAMLRequest message. ServiceNow is configured with Shibboleth URL and redirects the browser to the Shibboleth URL with a SAMLRequest string (an XML format message encoded and then added as a parameter to an HTTP GET. So if the other instances of Service Now are configured the same way, then they will get the same response. They do not require any special configuration because even production Service Now has no configuration.