Configuring AD FS 2.0 with ServiceNow SAML 2.0 - Part3

Unknown | 06:15 | 0 comments

In second post we have learned about, ServiceNow SAML 2.0 Settings and In this post we will discuss about ADFS Relying Party Configuration and ADFS Relying Party Claim Rules

ADFS Relying Party Configuration:

Now we take the Service-Now Metadata and import it into your ADFS server. However, manual configuration of the Relying partner appears to be easier to implement

1. Open the ADFS 2.0 Management console and select “Relying Party Trusts"
2. Select “add Relaying party Trust” from the top right corner of the window. The add wizard will   appear. Click on “Start” to begin
3. Select “Enter data about the relying party manually” and select “Next >”
4. Give it a display name such as “anyname” and enter any notes you wish finished by selecting “Next >”.
5. Select AD FS 2.0 Profile and click “Next >”.
6. Do not select anything and click "Next>"
7. Do not enable any settings on the “Configure URL” and press “Next >”.
8. Enter the Service-Now website you connect to as the Relying Party trust identifier. In this case use ‘https://companyname.service-now.com and click on “Add” and then click “Next >”.
9. Permit all users to access this relying party and select “Next >”.
10.Click “Next >” on the Ready to add page and uncheck “Open the Claims when this finishes” then close. You should now know see the Relying Party in the window.
11. Right click on the Relying Party trust and select “Properties”.
12. Browse to the “Endpoints tab” and add a “SAML Assertion Consumer” with a “Post” binding and a URL of https://companyname.service-now.com/navpage.do.

AD FS Relying Party Claim Rules:

Now is the time to edit the Claim rules in order to enable proper communication with Service-Now.

  1. Right click on the Relying Party and select “Edit Claim Rules…”
  2. On the Issuance Transform Rules tab select “Add Rules…”
  3. Select “Send LDAP Attribute as Claims” as the claim rule template to use and select “Next >”.
      Give the Claim a name such as “Get LDAP Attributes”. Attribute Store should be set to “Active  Directory” and LDAP Attribute should be “E-Mail-Addresses” and the Outgoing Claim Type should be NameID.
4. Click finish and Apply and OK

Add User to Active Directory:

1. Click start and Select Active Directory Users and Computers
2. Navigate to Users tab and Right click-->New-->User
3. Input FirstName and LastName and UserLogon Name(kiran@sample.com) 
4. Click Next and Input Password and Select Password never expires
5. Copy the user logon address
6. Click finish and Double click on User 
7. Past the copied Logon email address in email field
8. Apply and Click ok

Create a user in ServiceNow Instance:

1. Log on to your ServiceNow instance
2. Application Navigation->Systems and Security->Click Users 
3. Click on New button and Create a new user and Input email address copied earlier(kiran@sample.com)
4. Save

Testing:

1. Hit ADFS logon URL(https://your adfs domain/adfs/ls/idpinitiatedsignon.aspx)
2. Select your Relaying party and Proceed
3. Input ADFS user credentials and Proceed
4. You should be able to logon to ServiceNow

-------------------------------------------------------------------------------------------------------------------

  


     
 

 

Category: , , ,

handsonbook.blogspot.com

0 comments