Configuring AD FS 2.0 with ServiceNow SAML 2.0 - Part 1

Single Sign-On access to ServiceNow  the following configurations:

1. Configurations in the ServiceNow  to accept secure communication from IdP.

2. Configurations in Identity Provider to accept communication from the ServiceNow.

Prerequisite:

• ServiceNow Instance
• SAML 2 Single sign on plugin
• Microsoft's active directory federation server (adfs)(Idp)

Note: SAML 2 Single sign on plugin is a on demand service , we have to put a request via " ServiceNow Hi"   portal to enable it. You will below configuration from ServiceNow application
Navigation section

SSO Configuration with ADFS Involves in Following Steps:

• Get Federation Service Identifier
• ServiceNow SAML 2.0 Settings
• AD FS Relying Party Configuration
• AD FS Relying Party Claim Rules
• Testing the setup

 Get Federation Service Identifier and Export the “Token-Signing” certificate: 

 Get Federation Service Identifier:

• Log into your ADFS 2.0 server and open the management console
• Right click on Service and choose Edit Federation Service Properties 

• Copy the Federation Service Identifier as that will be used to enter into the Service-Now SAML 2.0 configuration settings

Note: Please update your local host entries if  Federation Service Identifier domain is not public

Export the “Token-Signing” certificate: 

    1.Right click on Service and Double click on certificates
    2.Double click on Token-signing from certificate section
    3.Certificate wizard will open
    4.Click on the “Details” tab
    5.Click on “Copy to File…” The Certificate Export Wizard will launch. and Select “Next >”
    6.Ensure “No, do not export the private key” is select and press “Next >”
    7.Select “DER encoded binary X.509 (.cer)” and press “Next >”
    8.Select where you want to save the file and give it a name and press “Next >”.
    9.Finally, select “Finish”
 

Note:

Service-now requires that this certificate be in PEM format. You can convert this certificate using client tools or even online tools such as: SSL Shopper. Use the DER/Binary certificate we just created and export it to “Standard PEM” format.

SSL Shopper:

    1.Login to https://www.sslshopper.com/ssl-converter.html
    2.Choose DER encoded binary X.509 (.cer)



    3.Select DER/Binary for Type of current certificate
    4.Select Standard PEM for Type To Convert To
    5.Copy the PEM to Text editor

As of now, we have collected  Federation Service Identifier and Exported the “Token-Signing” certificate and Copied PEM.

----------------------------------------------------------------------------------------------------------------
 In next post will discuss about setting up ServiceNow SAML 2.0 Settings. Stay tune