Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
Attempt to Access Captcha for Password Reset ($pwd_reset.do) via Edge Encryption Proxy Fails With: "ERROR for site owner: Invalid domain for site key" - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • Attempt to Access Captcha for Password Reset ($pwd_reset.do) via Edge Encryption Proxy Fails With: "ERROR for site owner: Invalid domain for site key"
KB0621757

Attempt to Access Captcha for Password Reset ($pwd_reset.do) via Edge Encryption Proxy Fails With: "ERROR for site owner: Invalid domain for site key"


4159 Views Last updated : Apr 7, 2024 public Copy Permalink
KB Summary by Now Assist

Issue

Attempt to Access Captcha for Password Reset ($pwd_reset.do) via Edge Encryption Proxy Fails With: "ERROR for site owner: Invalid domain for site key" 

 

Problem

This issue can be reproduced as follows:

  1. Activate the Password Reset Plugin with Demo Data.

  2. Navigate to Password Reset > Properties > Processes > and select Demo Self-Service Process 1.

  3. Set the following values:

    Active
    Apply to all users
    Public access
    Display captcha

  4. Click Save.

  5. Go to the page defined by the Demo Self-Service Process 1 through the Edge Proxy URL:

    https://<edge_proxy_host:<port>/$pwd_reset.do?sysparm_url=demo1

    The captcha displays the following error:

    ERROR for site owner:
    Invalid domain for site key

    If you do not go through the Edge Proxy, for example, by going to https://<instance_name>.service-now.com/$pwd_reset.do?sysparm_url=demo1, the captcha "I'm not a robot" is displayed.

 

Cause


The issue is caused by the use of the Google Captcha which is configured by default in the Password Reset plugin. For more information, refer to the documentation topic Configure Google reCAPTCHA.

The following system properties on the instance are configured to work only with the service-now.com domain:

google.captcha.secret
google.captcha.site_key

Therefore, the captcha works correctly when going through the instance URL, which uses the service-now.com domain. Going through the proxy is not being presented as the service-now.com domain but rather as the proxy IP/host, which causes the following failing response to be returned from Google:

<!DOCTYPE HTML><html dir="ltr"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<style type="text/css">
@font-face {
    font-family: 'Roboto';
    font-style: normal;
    font-weight: 400;
    src: local('Roboto Regular'), local('Roboto-Regular'), url(//fonts.gstatic.com/s/roboto/v15/2UX7WLTfW3W8TclTUvlFyQ.woff) format('woff');
    }
@font-face {
    font-family: 'Roboto';
    font-style: normal;
    font-weight: 500;
    src: local('Roboto Medium'), local('Roboto-Medium'), url(//fonts.gstatic.com/s/roboto/v15/RxZJdnzeo3R5zSexge8UUT8E0i7KZn-EPnyo3HZu7kw.woff) format('woff');
    }
@font-face {
    font-family: 'Roboto';
    font-style: normal;
    font-weight: 900;
    src: local('Roboto Black'), local('Roboto-Black'), url(//fonts.gstatic.com/s/roboto/v15/mnpfi9pxYH-Go5UiibESIj8E0i7KZn-EPnyo3HZu7kw.woff) format('woff');
    }

</style>
<link rel="stylesheet" type="text/css" href="https://www.gstatic.com/recaptcha/api2/r20161102163809/styles__ltr.css">
<script>

</script></head>
<body><script>
recaptcha.anchor.ErrorMain.init("[\x22ainput\x22,,,,,,[1,1,1]\n,\x22Invalid domain for site key\x22,6]\n");
</script></body></html>

Resolution


There are two options to resolve this issue.

  • To make this work from the Edge Proxy address but no longer work from the instance hostname address:

    1. Go to the Google recaptcha site (https://www.google.com/recaptcha/admin), log in with a Google account, and select Get reCAPTCHA:

    2. Enter a Label and a Domain (the IP Address or host name of the Edge Proxy) and select Register.

      The next screen will provide a Site key and a Secret key.

    3. Select Export > XML (this record) for the existing system properties.

      Keep these files, which are the values for the service-now.com domain:

      google.captcha.secret

      google.captcha.site_key

    4. For the google.captcha.secret property, replace the current value after the second } (keep the rest before the second }) with the provided Secret key and save it.

    5. For the google.captcha.site_key property, replace the current value with the provided Site key and save it.

      Accessing through the Edge Proxy will now work correctly but accessing through the instance hostname will display the error message originally seen with Edge Proxy access. The Google recaptcha and the instance can be configured only to work from one domain, so either it will work with the Edge Proxy or the instance hostname but not both.

  • To have the captcha render from both the Edge Proxy and the instance hostname URL, use the CAPTCHA service that is provided with the base ServiceNow system rather than Google reCAPTCHA. To switch to the base system CAPTCHA service, change the system property password_reset.captcha.google.enabled from true to false and save it.

 


The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.