When authenticating through SSO, the glide cookie for the old Identity Provider initiated single sign-on is being used instead of the current Service Provider initiated single sign-on as defined by glide.authenticate.sso.redirect.idp.
Steps to Reproduce
- Configure your instance with the Multi-Provider SSO plugin.
For more information, see the product documentation topic: Activate a plugin.
- Configure a new Identity provider record.
- Configure glide.authenticate.sso.redirect.idp with the corresponding sys_id.
For more information, see the product documentation topic: Modify the primary and default IdP.
- Access the instance through SSO.
- Create a new identity provider record and configure glide.authenticate.sso.redirect.idp with the corresponding sys_id.
- Inactivate the previous IdP.
- Access the instance again through SSO without clearing browser cache or cookies.
Note that the old IdP is used.
The best solution is to clear the associated cookie in the browser so the client is updated with the new sys_id on the subsequent visit to the instance.
To not force users to refresh their cookies, back up the old IdP record and then replace the information of the IdP record instead of creating a new one so the same IdP sys_id is used.
To clear the cookies on Firefox:
Related Problem: PRB717733