795 views

401 error and infinite loop when loading CMS URL after ExternalAuthentication SSO using SiteMinder

 

Problem
There is a 401 error and infinite looping when loading a CMS site after ExternalAuthentication SSO using SiteMinder.  

  

Symptoms
Launching a CMS site URL (for example, https://<instance>.service-now.com/ess) when the instance is integrated with SSO using SiteMinder can cause an infinite loop and 401 unauthorized errors within the Chrome Developer Tool Console:




 
Cause
This issue only occurs when SAML (glide.authenticate.external) is enabled and the specific configuration below is in place:

For the above scenario, the glide.authenticate.failed_requirement_redirect property needs to be set to a static page; otherwise, it goes into the authentication loop.


Warning: The glide.authenticate.failed_requirement_redirect property should be set to the URL of the IdP login page or a company portal page outside of ServiceNow.


Resolution

This issue can be resolved using these steps:

  1. Set view_content to true.
  2. Set glide.authenticate.failed_requirement_redirect to the URL of the IdP login page.

Another possible solution is to use this configuration:

  1. Set the glide.authenticate.failed_requirement_redirect system property to the URL of the IdP login page or a company portal page outside of ServiceNow.
  2. Add the glide.ui.rotate_sessions system property.
    Product documentation reference: https://docs.servicenow.com/bundle/helsinki-servicenow-platform/page/administer/security/concept/c_HighSecuritySettings.html 
  3. Rotate HTTP session identifiers to reduce security vulnerabilities.
    See: https://www.owasp.org/index.php/Session_Management#Rotate_Session_Identifiers
  4. Set Default: Yes

Note: If you are using the SAML 2.0 plugin for single sign-on authentication, set this feature to false. Otherwise, it interferes with the session information sharing that takes place between ServiceNow and the identity provider.

Article Information

Last Updated:2017-05-17 12:16:56
Published:2015-10-19