SAML does not redirect users to the appropriate page after authentication.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2020 01:19 AM
Hi,
One of my clients is having a issue with SSO redirections. I'm hoping that you guys can help me.
Version is Paris, SSO is Azure.
Reproducing the issue:
1- User clicks or enters a url for example : https://instance.service-now.com/hrone?id=ticket&table=ticket&sys_id=ab464fcedb3ca410bf11ac184896191a%20
2- User is authenticated with Azure SSO then the page redirects him to https://instance.service-now.com/navpage.do
When I checked the relay state of the request, it is indeed "/navpage.do", the expected url is not in the relay state of the request.
*The request URL :
https://instance.service-now.com/auth_redirect.do?sysparm_stack=no&sysparm_url=https%3A%2F%2Flogin.microsoftonline.com%2F4067565c-d76c-459a-bebf-0d0a802924f8%2Fsaml2%3FSAMLRequest%3DlVJNj5swEP0ryHfAOECIFSLRRFUjbbdok%252FbQm2MPWUtgU4%252FJtv%252B%252BrJPVbg%252FdqlfPm%252Fc1XqMYejbyZvKP5gF%252BTIA%252B%252Bjn0Bvl1UpPJGW4FauRGDIDcS35oPt9xllA%252BOuuttD2JGkRwXluztQanAdwB3EVL%252BPpwV5NH70fkaTqTgBRDgtdZbOxTIu2QGnEZxRkSZUm0mx1oI56pXhd7e9YmGbR0Fm3nrem1gbCa03JZlIWM1bKUcV6sRHyCUxdTRUVF2YrlXZWGKCT6aJ2EkLQmnegRSLTf1eRwv82KvOyoEiLLRVEx1bElKzOZVWwBdMFWMxBbgagv8LqKOMHeoBfG14RRRuOMxTQ%252F0oovljyvkkVVfidRe%252BvogzZKm%252FP7hZ6uIOSfjsc2br8cjoHgohW4%252Bxn9f11%252BA4ehx5mabNahBh58u7dHft%252BSeLks2fxDe52%252BVbjpjfzZ937X2l7LX1HT9%252FZp60D4OYt3E4SzDML%252F3USWZOFFq7gLUA6D0H2jlANEkm5uun%252F%252B4s1v%26RelayState%3Dhttps%253A%252F%252Finstance.service-now.com%252Fnavpage.do
I opened a case from HI Portal but they said that this is expected due to decoding and encoding of the url. And the only option is using "/saml_redirector.do?" parameter in the first URL but this is not a efficient solution because the collegues can't send any url from the portal to each other with copy and paste. It is only viable for external redirections.
I've found this from the community and "SAML does not redirect users to the appropriate page after authentication." is the thing we are having trouble with. We tried to edit or copy the OOB version of the SPEntryPage script and MultiSSOv2_SAML2_custom script in the SSO properties. No luck.
Do you have any ideas why is this happening and how to fix it ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2023 08:06 AM
Hello Cuneyt, let me know if you found a solution to this problem. Thanks!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-28-2023 09:47 AM
In your case, the wrong relay state is getting generated. You can enable MultiSSO Debugging and check the logs to identify the root cause.
In case you are not on MultiSSOv2, I would recommend you upgrade to MultiSSOv2, if the problem is caused due to customization it will automatically be solved.
