Notifications

211 views

Description

Users of Single-sing ON (SSO) are required to use "Use External Login" if they close the browser even if they have already logged into the instance once. This is caused because the glide_sso_id cookie is removed upon browser closure.

It works as expected if the user does not exit the browser, because the session cookie is present until they exit the browser.

Steps to Reproduce

  1. Configure an instance with SSO, and do not set a default, nor a default redirection to an SSO IdP.
  2. Log in into the instance the first time, and the user will get required to select "Use External Login".
  3. Select "Use External Login", then type the required information.
  4. You will get redirected to the IdP. 
  5. Once Authenticated to the IdP, you will be allowed to login into the instance.
  6. Close the browser & Reopen the browser, and try to login into the instance.
  7. It will not automatically redirect you to the IdP. You will need to use the "Use External Login" if you log in.

Workaround

This problem is currently under review. You can contact ServiceNow Technical Support or subscribe to this Known Error article by clicking the Subscribe button at the top right of this form to be notified when more information will become available.

If not already on MultiSSOv2, please upgrade to MultiSSOv2, by following KB0756504:

  1. Please follow these steps.
  2. Search for Single Sign-On Scripts in navigation Menu
  3. Go to MultiSSOv2_SAML2_internal Script include
  4. Copy log in User method(line 86 to 157
  5. Go to MultiSSOv2_SAML2_custom Script include and paste copied code on line 8
  6. Search for "successfully logged in. we need set sso_id cookie"
  7. Paste these lines below that line (~line 76)

    // successfully logged in. we need set sso_id cookie
    //this.SAML2.saveSSOIdInCookie(this.propertiesGR.sys_id);
    //PRB1361326 fix
    var cookie = new Packages.javax.servlet.http.Cookie("glide_sso_id", this.propertiesGR.sys_id);
    cookie.setPath("/");
    cookie.setMaxAge(60*60*24*6004);
    response.addCookie(cookie);
    this.logDebug("Saving cookie. " + "glide_sso_id" + " --> " + this.propertiesGR.sys_id);

 

NOTE: Make sure "this.SAML2.saveSSOIdInCookie(this.propertiesGR.sys_id);" is commented as mentioned in step#5 or else it will get overwritten.

//this.SAML2.saveSSOIdInCookie(this.propertiesGR.sys_id);


Related Problem: PRB1361326

Seen In

There is no data to report.

Intended Fix Version

New York Patch 3
Orlando

Safe Harbor Statement

This "Intended Fix Version" information is meant to outline ServiceNow's general product direction and should not be relied upon in making a purchasing decision. The information provided here is for information purposes only and may not be incorporated into any contract. It is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at ServiceNow's sole discretion.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2019-10-14 11:17:52
Published:2019-09-18