Allow local login alongside SSO - "source"-field?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-08-2023 03:05 AM
Hi,
I'm currently running in a problem when configuring SSO for a customer. They'd like to use the local login as well as SSO. I know about ACR, but this isn't what I need, I just want users to be able to authenticate via /login.do (and their corresponding local auth credentials), and via SSO if they just open the instance URL (without /login.do).
In the customer's setup, users get pulled via MID Server from their AD, and SSO is realized via a different IdP solution.
I have noticed that during the LDAP import, the "source" field on user records get populated with the LDAP path of that user (CN=....OU=... and so on). As long as that field is populated, I am not able to log in locally.
No matter what I do, I just get a "Invalid username / password" error when trying to log in locally. As soon as I clear the "source"-field, it's working. The login via SSO is also still working.
Therefore, I guess, my question is: Can I change this behavior somehow, that the "source" field gets ignored, and I can just enable all users to login locally? Or do I have to clear the source-field (or rather, not import it) for all users?
Also, what are the consequences of doing so?
Thanks for your help,
Max
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎11-02-2023 06:20 AM
Hi, we were just experiencing the same problem. Our solution was to turn off ACR by setting the value of the system property glide.sso.acr.enabled to false. This allowed us to login locally along with SSO.
Below is the community post and referenced KB Article where we found this solution:
Enable Local Login along with SSO login in ServiceNow
If this resolves your issue, feel free to mark this reply as helpful.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-08-2025 02:16 AM
What must the be the reason behind that?
why is it happening?
even if SSO is enabled , then locally user should be able to login .
but why is colliding?
@Ankur Bawiskar @Ravi Gaurav @Robert Perrone @Max Nowak
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-08-2025 10:06 AM
Hi, Abdullah. Below, I pasted the "Cause" section from the KB article that I linked above. From what I understand, if ACR is enabled, only users that are marked as "ACR" can login locally and anyone else will be required to login through SSO. Hopefully this helps.
"Cause
This is because Multi-Provider SSO with no auto-redirect was enabled along with Account Recovery (ACR), and the user tried to log in as a local user.
Multi-Provider SSO was disabled by setting the system property glide.authenticate.multisso.enabled to false from the database, however this did not turn off ACR, and as per existing ACR conditions, it does not allow a user to log in via username and password."
