Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
Users unable to login via Single Sign-on on a domain separated instance and are redirected to "Logout Successful" page - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • Users unable to login via Single Sign-on on a domain separated instance and are redirected to "Logout Successful" page
KB0724410

Users unable to login via Single Sign-on on a domain separated instance and are redirected to "Logout Successful" page


14711 Views Last updated : Feb 14, 2025 public Copy Permalink English (Original)
  • English (Original)
  • Japanese
KB Summary by Now Assist

Issue

Users are unable to log in via Single Sign-on on a domain-separated instance. After successful authentication on the Identity Provider side, the user may see a flash message "User: XYZ not found. Could not validate SAML Response" for a fraction of a second before being redirected to the "Logout Successful" page (external_logout_complete.do). Below error will be thrown in the application node logs:

2019-01-23 14:47:07 (270) Default-thread-13 B6210EB71B472BC00390542D1E4BCB05 txid=86618a3b1b47 SEVERE *** ERROR *** SAML2: User: xyz@example.com not found

 

Cause

When a user accesses an instance where Multiple Provider Single Sign-on (SSO) is set up, the initial unauthenticated session created is under the 'guest' user account. After the user is successfully authenticated on the Identity Provider end, the SAML response is validated on the ServiceNow instance. The last validation step is finding the user in the sys_user table based on either the email or user_name fields depending on the 'User Field' configured in the Identity Provider record. 

Since the current session is under the 'guest' user, the system looks for the user to login into the guest user's domain. If the guest user is not in the global domain and the user trying to log in is not in the same domain as the guest user, he/she would not be able to log in. 

If the guest user is in the global domain, the cause might just be that the user with that email or user ID does not exist in the sys_user table or is inactive. 

Resolution

The solution to this issue is to modify the domain of the guest user to the Global domain. 


The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.