- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-18-2024 06:24 PM
Hello folks,
I'm facing an issue with a particular configuration in SSO.
Problem:
When users log out of ServiceNow and try to open a new window in browser and log back in again, it neither prompts to ask login creds nor the Idp login page is presented again.
Is this how it's supposed to work once you use SSO to login. Is this the default behavior? The client said this didn't happen before until they upgraded their instances and that, it is happening on all environments. Honestly it's very confusing as to what they are saying.
I think their Idp is ADFS. I have been put on this project since I implemented a SSO integration before with Microsoft Azure. I noticed their field value in Idp record "Identity Provider's SingleLogoutRequest" was empty. When I had implemented SSO, I too kept this as empty. Does this have any significance in what needs to be acheived?
As far as the core functionality is concerned it seems to be working fine. The users can login using SSO and when logging out, they are redirected to the Idp's login page. In the instance their Idp record looks fine and all details are populated and valid.
Would appreciate your inputs.
Thanks,
Hamad
#Integrations #SSO #SAML
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2024 06:56 AM
Ignore this question. It was entirely a different problem which was causing this incident and was resolved by ServiceNow support.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2024 02:15 AM
Based on your description, it seems like the issue is related to Single Sign-On (SSO) session management. Here are some points to consider:
- The behavior you described is typical for SSO implementations. Once a user logs in via SSO, they are authenticated until their session expires. This means that if they log out of ServiceNow and then try to log back in, they won't be prompted for their credentials again unless their SSO session has expired.
- The "Identity Provider's SingleLogoutRequest" field is used to specify the URL where ServiceNow should send logout requests. If this field is empty, ServiceNow won't send a logout request to the Identity Provider (IdP) when a user logs out. This could explain why users aren't being prompted for their credentials when they log back in.
- If the client insists that this behavior has changed since they upgraded their instances, it might be worth checking the release notes for the versions they upgraded to. There might have been changes to the SSO functionality that could explain the change in behavior.
- If the client wants users to be prompted for their credentials every time they log in, you might need to configure the IdP to not maintain a session, or to have a very short session timeout. This would be done on the IdP side, not in ServiceNow.
- Alternatively, you could consider implementing a custom solution in ServiceNow to force a logout from the IdP when a user logs out. This would likely involve scripting and would need to be carefully tested to ensure it doesn't introduce any security risks.
- Finally, it's worth noting that the behavior you described could actually be seen as a feature, not a bug. One of the main benefits of SSO is that it reduces the need for users to repeatedly enter their credentials. If the client's users find this behavior inconvenient, it might be worth discussing the benefits of SSO with them to see if they still want to change it.
For asking ServiceNow-related questions try this :
For a better and more optimistic result, please visit this website. It uses a Chat Generative Pre-Trained Transformer ( GPT ) technology for solving ServiceNow-related issues.
Please visit : https://nowkb.com/home
Link - https://nowgpt.ai/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-19-2024 02:19 AM
ServiceNow supports Single Sign-On (SSO) which allows users to authenticate themselves against an external Identity Provider (IdP) rather than obtaining and using a separate username and password stored in the ServiceNow instance. Here are the steps to log out and log back in using SSO:
1. To log out from ServiceNow using SSO, you can simply click on the logout option in the user menu. This will end your ServiceNow session.
2. However, depending on the SSO configuration, you may still be logged into your IdP. To completely log out, you may need to also log out from your IdP. This process varies depending on the IdP used.
3. To log back into ServiceNow using SSO, navigate to your ServiceNow instance URL.
4. If SSO is properly configured, you should be redirected to your IdP's login page.
5. Enter your IdP credentials.
6. After successful authentication, you should be redirected back to your ServiceNow instance and logged in.
Please note that the exact steps can vary depending on the specific SSO method and IdP used. If you're using a specific SSO method like SAML or OAuth, or a specific IdP like Okta or ADFS, the steps can be slightly different.
nowKB.com
For a good and optimistic result, and solving ServiceNow-related issues please visit this website.https://nowkb.com/home
Kindly mark correct and helpful if applicable
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2024 06:56 AM
Ignore this question. It was entirely a different problem which was causing this incident and was resolved by ServiceNow support.
