401 error and infinite loop when loading CMS URL after ExternalAuthentication SSO using SiteMinder


There is a 401 error and infinite looping when loading a CMS site after ExternalAuthentication SSO using SiteMinder.  


Launching a CMS site URL (for example, https://<instance> when the instance is integrated with SSO using SiteMinder can cause an infinite loop and 401 unauthorized errors within the Chrome Developer Tool Console:

This issue only occurs when SAML (glide.authenticate.external) is enabled and the specific configuration below is in place:

For the above scenario, the glide.authenticate.failed_requirement_redirect property needs to be set to a static page; otherwise, it goes into the authentication loop.

Warning: The glide.authenticate.failed_requirement_redirect property should be set to the URL of the IdP login page or a company portal page outside of ServiceNow.


This issue can be resolved using these steps:

  1. Set view_content to true.
  2. Set glide.authenticate.failed_requirement_redirect to the URL of the IdP login page.

Another possible solution is to use this configuration:

  1. Set the glide.authenticate.failed_requirement_redirect system property to the URL of the IdP login page or a company portal page outside of ServiceNow.
  2. Add the glide.ui.rotate_sessions system property.
    Product documentation reference: 
  3. Rotate HTTP session identifiers to reduce security vulnerabilities.
  4. Set Default: Yes

Note: If you are using the SAML 2.0 plugin for single sign-on authentication, set this feature to false. Otherwise, it interferes with the session information sharing that takes place between ServiceNow and the identity provider.

Article Information

Last Updated:2019-08-02 21:26:20