servicenow SAML 2 integration

Michael R. Gettes gettes at
Wed May 7 18:32:05 EDT 2014

been rather busy so haven’t had a chance to respond to all of this… CMU has worked with ServiceNow to get the functionality into ServiceNow (what you describe below).  We included the need for all this in our contract with them.  We needed them to support multiple IdP login from InCommon so they had to be able to automatically process InCommon MD.  Getting them to publish into InCommon MD was a secondary concern (desirable but not as important).  They did a nice job and have a good grasp of how to support our world along with the varied needs of their other customers.  Good bunch to work with.  When the functionality will be in the base product - I don’t know - but i do know it’s coming soon.  apologies for not responding sooner and with better info.


On May 7, 2014, at 6:21 PM, Paul B. Henson <henson at> wrote:

>> From: Paul B. Henson
>> Sent: Wednesday, April 23, 2014 4:38 PM
>> I've been asked to integrate our shibboleth idp with servicenow. I've seen a
>> few postings regarding this, but would like to clarify a couple of issues.
> Our campus is working with a consulting group called Cloud Sherpas to get our upcoming servicenow instance configured. I had complained to them about the lack of Incommon integration and kludginess, and also specifically about how they would handle a key rotation, given their manual metadata cut-and-paste process. They opened a ticket with ServiceNow for us, and they responded with this yesterday:
> ----------
> 2014-05-06 16:13:10 PDT - Aman Rao (NOW)
> Solution proposed by Aman Rao (NOW)
> How will the certificate rollover work with service now?
> WP: InCommon Federation in MultiSSO will update the SAML configuration (including certificates) automatically per configured interval. By default once a day.
> Is there a way to cleanly cut over, or will there be some period of breakage after the cutover while things are frantically manually reconfigured?
> WP: Yes incommon federation in multisso will automatically manage the configuration / certificates that can also be manually updated if needed.
> ----------
> There are absolutely no technical details, but they seem to be saying there's some way to integrate such that metadata is automatically pulled from the Federation, and a key rotation would happen transparently? I've seen nothing like this in any of the documentation I found, or in any of the responses I received about shibboleth integration with them from you guys. I'm thinking maybe they're just confused 8-/ and discussing something else they do?
> I've asked for a clarification on this response, but I was just curious if anybody had heard of or had any idea what "Incommon Federation in MulitSSO" might be in relation with ServiceNow?
> Thanks...
> --
> To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list