Creating an OpenID Connect (OIDC) configuration for Single Sign-On (SSO)

Manuel Stimac
Mega Sage

Hello my fellow experts,

I really struggle to get SSO working with OIDC. Here is what I tried:

 

I created an OpenID Connect (OIDC) configuration for Single Sign-On (SSO) as described in the product documentation. (Create an OpenID Connect (OIDC) configuration for Single Sign-On (SSO) ) I followed the steps very carefully and all of them were successful. I have client ID, client secret, and well-known configuration URL of the identity provider, so I jumped directly to the import of the OIDC configuration for SSO which also worked without any errors.

I created the user with correct email address.

After the setup and accessing the login page via /login.do and clicking the link to the identity provider - I also tried with the /login_with_sso.do?glide_sso_id=<sys_id of the sso configuration> and both correctly redirect to the configured IDP. After successful login, it correctly redirects me back to the ServiceNow instance. So far so good. Immediately after, the ServiceNow Instance redirects one more time to the page "/external_logout_complete.do" saying :

 

Logout successful
You have successfully logged out.

 

 

What I have tried so far:

  1. I checked the users SSO source (Configure users for Multi-Provider SSO )
  2. Checked if user is locked out & has role "User"
  3. Checked the sys property "glide.authenticate.external" both "true"/"false" ( KB0787186 )
  4. Username & email field contain the same username
  5. Changed the sys property "glide.authenticate.multisso.login_locate.user_field" to "email"
  6. Recreated the IDP

Many thanks in advance!

 


If my answer helped you, please mark it as Helpful/Solution.
Thanks & many Regards - Manuel 

1 ACCEPTED SOLUTION

Manuel Stimac
Mega Sage

Hi to all,

after innumerable debugging sessions, my colleague pointed out that we have some hidden fields on oauth_oidc_entity. One of them was send_client_credentials_as with the options:

  • basic_authorization_header
  • request_body_parameter

Obviously the AutoSetup with the well known URL is not correctly setting this value.

After changing it to the correct one it worked smoothly.

 

Hope this will help all other coming after me, searching for hints.

 

Regards,
Manuel

 


If my answer helped you, please mark it as Helpful/Solution.
Thanks & many Regards - Manuel 

View solution in original post

3 REPLIES 3

Manuel Stimac
Mega Sage

Hi to all,

after innumerable debugging sessions, my colleague pointed out that we have some hidden fields on oauth_oidc_entity. One of them was send_client_credentials_as with the options:

  • basic_authorization_header
  • request_body_parameter

Obviously the AutoSetup with the well known URL is not correctly setting this value.

After changing it to the correct one it worked smoothly.

 

Hope this will help all other coming after me, searching for hints.

 

Regards,
Manuel

 


If my answer helped you, please mark it as Helpful/Solution.
Thanks & many Regards - Manuel 

@Manuel Stimac @Raghava Karamch  Please can you furnish further details on this additional configuration. Screenshots much appreciated.

Raghava Karamch
Tera Contributor

I have configured similarly but i have been landing on navpage.do