servicenow SAML 2 integration

Paul B. Henson henson at
Wed Apr 30 19:07:45 EDT 2014

> From: Michael A Grady
> Sent: Wednesday, April 23, 2014 6:31 PM
> Yes, you'd have something like the following example that you'd add to your
> attribute resolver:
> You don't need to mess with the global "release transientID to anyone"
> config, just add the Deny for it for those SPs where you need to send an
> alternate NameID.

Cool; thanks much for the examples. Leaving the global transientid filter alone and explicitly denying it in the separate servicenow policy is a lot cleaner than the previous example I saw of munging the global one to specifically exclude servicenow.

More information about the users mailing list