Redirect not working for SSO

Christine24 · ‎03-10-2020

So I have two issues I'm trying to resolve and I'm not sure where to start.

Here is the back story: I'm trying to set up Multi SSO solution now that we will have different companies logging into our ServiceNow. Originally we only had the need for one company to sign in so I made a sys property called "authenticate.sso.redirect.idp" and added the sys_id of the identity provider to the value. Now that we have the need for multiple people to sign in, I went ahead and deleted that property (probably not best practice but when I tried to just remove the sys_id it still redirected).

Anyway, I set up the other identity provider, turned on the sys property for "glide.authenticate.external" and turned made sure the "Enable multiple provider SSO" was turned on.

Here is where I'm at..

Now when I try to log into the instance on a Test machine it just redirect to the Successful Logout page. I also had someone on our domain try just to verify and they got the same message. I am not sure how to fix this so it does not keep logging the user out.

The other issue is when I go to login.do and select "Use external credentials," it does not work. I get the error "Redirect failed, please contact your administrator."

Any ideas?

Christine24 · ‎03-12-2020

After talking with ServiceNow I have the two issues resolved.

The first one:
On SSO Source, you need to have it formatted as follows: sso:<sys_id of identity provider>

The other issue we resolved by doing the following:
1. Removed the glide.authenticate.sso.redirect.idp (for me, I actually had to delete it)

2. Clearing cache (using cache.do)

3. Turning glide.authenticate.external to false

View solution in original post

Michael Jones - · ‎03-10-2020

As far as fixing the "Use External Credentials", I believe that you need to first set the SSO Source either for the users individually, or at the company level before that will function.

To the second part, I'm trying to recall; once you have multiple providers setup I think you either need to use the external credentials option to be redirected, or you need to use a specially formatted URL with the IDP sys_id hard coded.

I believe you would use <instancename>/login_with_sso.do?glide_sso_id=xxxx where xxx is the sys_id of the record for your identity.

If this was helpful or correct, please be kind and remember to click appropriately!

Michael Jones - Proud member of the CloudPires team!

I hope this helps!
Michael D. Jones
Proud member of the GlideFast Consulting Team!

Christine24 · ‎03-10-2020

Thanks for responding!

I forgot to mention that I did add a SSO Source on the company level. From what I'm reading, you should just be able to use the External Credentials link, but that won't help if the login page does not work and it just keeps force logging users out.

Michael Jones - · ‎03-10-2020

Just to be sure, are you hitting the main URL <instance>/ and just being immediately sent to the log out? I'd give the <instancename>/login_with_sso.do?glide_sso_id=xxxx a try and see if you get the same results. Might be an issue with the redirection...

I hope this helps!
Michael D. Jones
Proud member of the GlideFast Consulting Team!

Christine24 · ‎03-10-2020

Yeah, so when I go to <instancename>.serivce-now.com that redirects to the logout screen, but when I go to <instancename>/login_with_sso.do?glide_sso_id=xxxx that does bring me to the SSO sign in.