SSO Users redirected to /not_allowed.do Redirect fix in London Release?

Liyakhat
Mega Expert

‎12-27-2018 09:20 PM

Hello,

Later in Jakarta we had an issue of users redirection to redirected to /not_allowed.do  page

we had fixed this issue by following the KB article 

https://hi.service-now.com/kb_view.do?sysparm_article=KB0640068

 From Jakarta, security checks are in place to avoid redirecting to external sites. If SSO is not correctly configured, there are cases when the users are not redirected to the Identity provider but to the /not_allowed.do page

 

we created a sys property  glide.authenticate.auth.validate.url and and set it to false

 

We need to know what are the security checks that are in place regarding the SSO starting from Jakarta. and if this fix has no impact on our SSO in London release as we are migrating to london?

 

Thanks in advance 

 

0 Helpfuls
  • 1,804 Views
3 REPLIES 3

Alikutty A
Tera Sage

‎12-27-2018 10:19 PM

Hello,

You will need to test it out in London to determine if there impact to external sites(Ideally there should not be any) Or you could open a ticket in HI and check with them if the issue has been fixed permanently or not

Or you could check the release notes to see if there are any information specified: https://docs.servicenow.com/bundle/london-release-notes/page/release-notes/new-features-changes.html

Thanks

Liyakhat
Mega Expert
In response to Alikutty A

‎12-27-2018 10:34 PM

hello Alikutty,

 

thanks for reply

Actually we got a reply from HI team as below

find_real_file.png

 

As a fix we have created a property and set it to false,now in london release he suggests to delete the property or make it to true,We need to know what is the fix made in london regarding this before taking action ,can u guide me to the particular fix made in london related to this issue?? 

Preview file
45 KB
0 Helpfuls

Alikutty A
Tera Sage
In response to Liyakhat

‎12-27-2018 10:41 PM

You got a solution here which can be applied. The internal fixes are not usually highlighted but we get workarounds like this to be applied. it might be documented either as a part of SN problem record or change which initiated it. You will need to check the HI personnel about it or you could respond on your HI ticket asking if there are any impacts if we delete the property on our iDP redirection and based on his response you could take the necessary action. This is how we take action on similar product issues.