- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-24-2022 05:29 AM
Hello my fellow experts,
I really struggle to get SSO working with OIDC. Here is what I tried:
I created an OpenID Connect (OIDC) configuration for Single Sign-On (SSO) as described in the product documentation. (Create an OpenID Connect (OIDC) configuration for Single Sign-On (SSO) ) I followed the steps very carefully and all of them were successful. I have client ID, client secret, and well-known configuration URL of the identity provider, so I jumped directly to the import of the OIDC configuration for SSO which also worked without any errors.
I created the user with correct email address.
After the setup and accessing the login page via /login.do and clicking the link to the identity provider - I also tried with the /login_with_sso.do?glide_sso_id=<sys_id of the sso configuration> and both correctly redirect to the configured IDP. After successful login, it correctly redirects me back to the ServiceNow instance. So far so good. Immediately after, the ServiceNow Instance redirects one more time to the page "/external_logout_complete.do" saying :
Logout successful
You have successfully logged out.
What I have tried so far:
- I checked the users SSO source (Configure users for Multi-Provider SSO )
- Checked if user is locked out & has role "User"
- Checked the sys property "glide.authenticate.external" both "true"/"false" ( KB0787186 )
- Username & email field contain the same username
- Changed the sys property "glide.authenticate.multisso.login_locate.user_field" to "email"
- Recreated the IDP
Many thanks in advance!
If my answer helped you, please mark it as Helpful/Solution.
Thanks & many Regards - Manuel
Solved! Go to Solution.
- 3,091 Views
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-08-2022 06:54 AM - edited 04-28-2023 01:38 AM
Hi to all,
after innumerable debugging sessions, my colleague pointed out that we have some hidden fields on oauth_oidc_entity. One of them was send_client_credentials_as with the options:
- basic_authorization_header
- request_body_parameter
Obviously the AutoSetup with the well known URL is not correctly setting this value.
After changing it to the correct one it worked smoothly.
Hope this will help all other coming after me, searching for hints.
Regards,
Manuel
If my answer helped you, please mark it as Helpful/Solution.
Thanks & many Regards - Manuel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-08-2022 06:54 AM - edited 04-28-2023 01:38 AM
Hi to all,
after innumerable debugging sessions, my colleague pointed out that we have some hidden fields on oauth_oidc_entity. One of them was send_client_credentials_as with the options:
- basic_authorization_header
- request_body_parameter
Obviously the AutoSetup with the well known URL is not correctly setting this value.
After changing it to the correct one it worked smoothly.
Hope this will help all other coming after me, searching for hints.
Regards,
Manuel
If my answer helped you, please mark it as Helpful/Solution.
Thanks & many Regards - Manuel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-13-2025 12:30 PM
@Manuel Stimac @Raghava Karamch Please can you furnish further details on this additional configuration. Screenshots much appreciated.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-29-2025 11:18 AM
I have configured similarly but i have been landing on navpage.do