E-signature Authentication FlowSummaryE-signatures approval is dependent on login either local or SSO On a local login, it uses the local authentication on an e-signature approval.For the user logged in via SSO, the e-signature approval get authenticated in IDP. Difference of SAML request with normal login and e-signature: On Login request, AssertionConsumerServiceURL attribute ends with navpage.doOn SAML Response, AssertionConsumerServiceURL attribute will have consumer.do and it was generated by a Processor(sys_processor) - eSigSaml2AssertionConsumer Sample SAML Request and Response for E-signature: SAML Request xml: <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" AssertionConsumerServiceURL="https://example.service-now.com/consumer.do" ForceAuthn="true" ID="SNC36b2fa3aca663141897276ca8e0f1bbe" IsPassive="false" IssueInstant="2020-01-27T19:13:57.250Z" ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" ProviderName="https://example.service-now.com/navpage.do" Version="2.0"> <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://example.service-now.com </saml2:Issuer> <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/></saml2p:AuthnRequest> SAML Response xml: <?xml version="1.0" encoding="UTF-8"?><saml2p:Response Destination="https://example.service-now.com/consumer.do" ID="id5381307154065787623310946" IssueInstant="2020-01-27T19:13:57.836Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">http://www.IDP.com/exktestnkqB90o1C0h7 </saml2:Issuer> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#id5381307154065787623310946"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>eU/omPLsEutesttestUEQP2G8=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> ----- Signture ----- </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509Certificate> ---- Certificate ---- </ds:X509Certificate> </ds:X509Data> </ds:KeyInfo> </ds:Signature> <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </saml2p:Status> <saml2:Assertion ID="id53813071541381921267742236" IssueInstant="2020-01-27T19:13:57.836Z" Version="2.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"> <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.IDP.com/exkfetest120o1C0h7</saml2:Issuer> <saml2:Subject> <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">342464</saml2:NameID> <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"> <saml2:SubjectConfirmationData NotOnOrAfter="2020-01-27T19:18:57.836Z" Recipient="https://example.service-now.com/consumer.do"/> </saml2:SubjectConfirmation> </saml2:Subject> <saml2:Conditions NotBefore="2020-01-27T19:08:57.836Z" NotOnOrAfter="2020-01-27T19:18:57.836Z"> <saml2:AudienceRestriction> <saml2:Audience>https://example.service-now.com</saml2:Audience> </saml2:AudienceRestriction> </saml2:Conditions> <saml2:AuthnStatement AuthnInstant="2020-01-27T19:13:57.836Z" SessionIndex="id1580152437835.1924273305"> <saml2:AuthnContext> <saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef> </saml2:AuthnContext> </saml2:AuthnStatement> </saml2:Assertion></saml2p:Response>