servicenow SAML 2 integration
Michael R. Gettes
gettes at cmu.edu
Sun May 18 14:52:25 EDT 2014
Update from ServiceNow
http://wiki.servicenow.com/index.php?title=Multiple_Provider_Single_Sign-On#Configuring_SSO_Federations
available in their Eureka release. No, I have no idea when Eureka comes out or if it is already out.
/mrg
On May 8, 2014, at 10:16 AM, Michael R. Gettes <gettes at cmu.edu<mailto:gettes at cmu.edu>> wrote:
as a couple of folks have asked… here is the contract language we use. When the company refuses to do InCommon we come up something custom but along similar lines. From my experience I have decided to NOT promote SAML in contract and to specify shibboleth compatibility because I have had too many cases of a vendor saying “we do SAML” and then it becomes a pissing contest on what means SAML so I decided to pursue the product compatibility path and I have had much greater success with this path. We’ve been using this language (and derivates of it) for about 2 years now. Our contracts office is actively involved and promotes this language along with our ISO. We remain challenged with other parts of the University understanding the need for such language in contracts so not all contracts have this language but we are getting better at it as time goes on.
I realize this list is Shibboleth specific and not InCommon - but this is all about promoting shib so I think it is pertinent to the list. My apologies to those who feel otherwise.
/mrg
COMPANY will join the InCommon Federation, remain a member in good standing and utilize the shibboleth software or software known to be compatible with the latest versions of Shibboleth software (shibboleth software can be found at www.shibboleth.net<http://www.shibboleth.net/>). Carnegie Mellon University will determine appropriate compatibility of software. InCommon Federation metadata will be used to securely maintain the trust relationship between the Carnegie Mellon University’s Shibboleth identity provider and Supplier’s Shibboleth service provider. Carnegie Mellon University’s identity provider will provide identities in the form of user at andrew.cmu.edu<mailto:user at andrew.cmu.edu> as attributes to the COMPANY service provider. Additional attributes may also be provided based on negotiations between COMPANY and Carnegie Mellon University. Carnegie Mellon University will sponsor the COMPANY membership in InCommon Federation if requested.
On May 7, 2014, at 9:23 PM, Paul B. Henson <henson at csupomona.edu<mailto:henson at csupomona.edu>> wrote:
From: Michael R. Gettes
Sent: Wednesday, May 07, 2014 3:32 PM
been rather busy so haven't had a chance to respond to all of this... CMU has
worked with ServiceNow to get the functionality into ServiceNow (what you
describe below). We included the need for all this in our contract with them.
Sir, we owe you and your campus a debt of gratitude :). I guess your contract must have been larger than ours, or your management more tenacious, as whenever I try to push our management into demanding decent implementations from the companies they do business with it doesn't usually happen <sigh>.
I told the consultants that were hired to build our ServiceNow instance to tell them we want the "CMU Package" ;), guess we'll see what happens.
Thanks much...
--
Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/
Operating Systems and Network Analyst | henson at csupomona.edu<mailto:henson at csupomona.edu>
California State Polytechnic University | Pomona CA 91768
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
--
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net<mailto:users-unsubscribe at shibboleth.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://shibboleth.net/pipermail/users/attachments/20140518/6881271d/attachment.html
More information about the users
mailing list