Notifications

6 views

Description

  • Newly provisioned SSO Users fail to logon to Servicenow and they are immediately redirected to the    external_logout_complete.do page
  • The following error is observed in the System log "ERROR *** *** Script: User: [Username] not found"
  • In the node logs the error "SAMLRequestIDGenerator: can’t get request id from session." was observed

Cause

Once a user is successfully authenticated, the last step in the authentication process is to validate the user is to identify the user in the sys_user table based on the value in the 'User field' configured in the advanced section of the Identity Provider record. In this occasion it was trying to validate a valid name against an email address. As the email address did not match the name, the user was not found. It is important to validate the name against the 'user_name' or validate the email against the email address so the values can match

Resolution

From the logs it was identified that subjectUserName was a user name but the user_field was 'email' which is not a valid match

To resolve the issue it was necessary to navigate to the advanced section of the Identity provider record and update the 'User Field' column with 'user_name' instead of 'email'

Article Information

Last Updated:2019-12-04 08:31:49
Published:2019-12-04