SSO login credentials including password in plaintext is showing on network payload on browser tool

pdurgapavan · ‎07-31-2025

The Password that is saved in Entra ID for SSO integration with Microsoft Entra ID using OIDC protocol, is showing in plaintext format in Network Payload on browser developer tools when there is a successful login. Please verify from the screenshot, and guide us how to encrypt the password in network payload.

@Ankur Bawiskar ,

@Dr Atul G- LNG,

@GlideFather ,

@Chaitanya ILCR ,

@Samidhya Karmak

Ankur Bawiskar · ‎07-31-2025

@pdurgapavan

Is there any customization for login logic such as widget changes etc? are you using any middleware or proxy?

When it comes to OIDC here is the usual flow

1) user goes to ServiceNow and is redirected to Microsoft Entra ID login page

2) user enters credentials on Entra ID page
3) only Entra ID processes the password, after authentication token is issued and sent to ServiceNow for user's session creation

4) no where ServiceNow, browser or any other item sees the raw password

I believe you should raise a case with ServiceNow as this is a security concern.

I don't think anything we can do within ServiceNow platform.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · ‎08-05-2025

@pdurgapavan

Hope you are doing good.

Did my reply answer your question?

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader

Ankur Bawiskar · ‎08-05-2025

@pdurgapavan

Thank you for marking my response as helpful.

If my response helped please mark it correct and close the thread so that it benefits future readers.

Regards,
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader