SSO not redirecting SAML request

sturton
Tera Guru

Hello SN Community

All of a sudden this morning, our SSO failed to redirect to our network login page. SSO is enabled and identity provider is set up as active and default and redirects to the native SN login page. Any ideas where else we can look (I have backdoor access, while all other users cannot log in)?

Thanks in advance

Steve

1 ACCEPTED SOLUTION

Erik Stolberg
Tera Guru

Since a lot of config for SSO is stored in system properties, I would start with looking at sys_properties table and sorting by Updated date descending... make sure nobody changed any values recently.

If you're using Multi-Provider SSO in ServiceNow, find your IdP and you should be able to click Test Connection while on the record. That might give further insight.

Other random things to check:
- expiration of X509 Cert (related list at bottom of IdP record)
- check if your default IdP has field "Auto Redirect IdP" set to true
- system property "glide.authenticate.sso.redirect.idp" has a value set to the sys_id of your default IdP
- syslogs for keywords like SSO and SAML and such... sometimes getting direct error language in the logs can lead to finding where it's erroring in other scripts like Installation Exits and SSO scripts

If you still can't find anything, I would check with your SSO provider to make sure nothing changed on that end.

View solution in original post

2 REPLIES 2

Erik Stolberg
Tera Guru

Since a lot of config for SSO is stored in system properties, I would start with looking at sys_properties table and sorting by Updated date descending... make sure nobody changed any values recently.

If you're using Multi-Provider SSO in ServiceNow, find your IdP and you should be able to click Test Connection while on the record. That might give further insight.

Other random things to check:
- expiration of X509 Cert (related list at bottom of IdP record)
- check if your default IdP has field "Auto Redirect IdP" set to true
- system property "glide.authenticate.sso.redirect.idp" has a value set to the sys_id of your default IdP
- syslogs for keywords like SSO and SAML and such... sometimes getting direct error language in the logs can lead to finding where it's erroring in other scripts like Installation Exits and SSO scripts

If you still can't find anything, I would check with your SSO provider to make sure nothing changed on that end.

Thanks Eric, figured out yesterday it was in fact changes to 'glide.authenticate.sso.redirect.idp' that accidentally got included in an update set.