1. create IDP metadata from Forgerock OpenAM make sure you have NameID Format same as Service Now. your metadata should have x509 certificate that is required by SAML to sign the request. If you are not using certificate make sure to select default certificate offered by forgerock AM
2. send metadata to Service Now.
3. import Service Now Metadata (SP) to forgerock AM servers. make changes to SP metadata. Click on Service Now metadata and go to Assertion Processing and at the Attribute Mapper put the attribute you have in Service Now at Advanced --> User Field (uid=user_name)
Service Now configuration:
Service now should have these below values
NameID Policy(SP) same as NameID Format (IDP)
Value in the User Field is same as what IDP have in Service Now Assertion processing --> Attribute Mapper --> Attribute MAP i.e(uid=user_name)
other points to consider is users who are not in SNOW wont be able to login to SNOW if that user does not exists in the SNOW.
No comments:
Post a Comment