Announcing the Global SNUG Board of Directors. Learn more here

Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ServiceNow SSO Logout Error (redirects to logout page) – Reason, Fixes and Cause.

Sohail Khilji
Tera Sage
Tera Sage

on ‎10-08-2021 09:42 PM

Wondering why ?

ServiceNow redirects to logout page, ServiceNow logout successful ?

ServiceNow  SSO logout error - OKTA - AZURE - ADFS - SSO Circle ?

 

When integrating any SSO with ServiceNow, its very common that the first test of the integration always redirects to logout successful page, I myself have implemented different SSO's more than 10+times. Every time I do, I always expect this error. So lets figure out What are the common reason that causes ServiceNow redirects to logout successful page.

Kindly request to Bookmark this article as it might help you every time you implement SSO with ServiceNow and get ServiceNow logout error. Also, if you find any fixes apart from the below mentioned points it would be great to put them in the comments so that the community can find it very helpful.

 

This issue can be focused on 2 aspects:

  • 1. All the users facing the same issue.
  • 2. Only specific users are facing.

> Based on the aspect you can perform the below check.

 

Pre-Checks: 

 

Check 1 : Before you begin ( Clear Cache your browser and restart your browser and login again ) or Try a different Brower.

Check 2 : Navigate to the below URL and check if the issue still persist.

https://YOURINSTANCENAME.service-now.com/login.do

Check 3 :

In your User account -- make sure you have same data in your UserID and Email Fields.

Check 4 :

When trying to log with a user check if the user field(commonly user_name or email id) is not empty in his profile (check the field on user form based on the SSO properties configured for login )

find_real_file.png

Check 5 :

In SAML response ServiceNow would be receiving Audience URI as: https://*********prod.service-now.com however the expected Audience URI is: https://*********prod.service-now.com/ (wondering what's the difference?) its the slash (/).

Check 6 :

One main reason will be user's account "locked out" field is updated to True. (set it to false)

Check 7 : 

If users unable to login via Single Sign-on on a domain separated instance and are redirected to "Logout Successful" page: Then...

Refer : https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0724410

Check 8 : 

In the user table check the SSO Source sys id is matching with the identity provider sys id or not

find_real_file.png

Check 9 :

In the User account -- make sure you have the same data in your UserId and Email Fields. make sure the email you have in ServiceNow matches up with the email in your source.

Check 10 :

If there are 2 users in ServiceNow with the same email address and SSO users email and not user id (samAccountName) then you will get logout page

Check 11 :

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0787186

Check 12 :

Fields to check on:

NameID Policy: Check the suffix if its emailAddress or its user_name

External Logout Redirect: check if it is as per below screenshot.

In the Advance Section > field: Single sing on script > change it to Custom string and try.

find_real_file.png

You can consider giving me more point if found any, which I can consider updating the blog with more checks...

 

Kindly Consider Marking Helpful or Bookmark for Future Reference.

 

Preview file
31 KB
Preview file
245 KB
Preview file
132 KB
  • 24,293 Views
Comments
Peter Farkas
Tera Explorer
‎11-21-2022 03:52 AM

Certificate can also expire (/sys_certificate_list.do)

0 Helpfuls
Rachel Gomez
Giga Expert
‎12-21-2022 09:14 PM

In the User account -- make sure you have the same data in your UserId and Email Fields. make sure the email you have in ServiceNow matches up with the email in your source. External Logout Redirect: check if it is as per below screenshot.

Regards,

Rachel Gomez

0 Helpfuls
Michael Searle
Giga Guru
‎03-30-2023 02:09 PM

How do I handle a situation when the user_id and email field values don't match?

I have a user whose Azure/AD account was compromised. The Azure team gave him a new username in Azure; it doesn't match his email address.

 

The error in the log indicates that the user (using the correctly entered AD username) isn't found in ServiceNow. But he has a user record with a matching user_id value.

0 Helpfuls
Mi Mi
Tera Contributor
‎05-28-2023 04:03 PM

UPDATE: I have found it.

 

Hi @Sohail Khilji 

Thank you for providing a lot of information on this 'Logout successful' issue. Could you please tell me where to go for Check 12.

Thank you in advance.

mmk

 

 

0 Helpfuls
Andres Jasso
Tera Expert
‎11-14-2023 11:17 AM

I had this issue, after reading this article and following check #4 here, it is now resolved.

Our LDAP sync was creating a duplicate profile for each user during new hire onboarding. The initial user account created does not have an email. Then when LDAP synced, it did not update the account it created, it created a duplicate account. The account now had an email at a later time.


Therefore there is one account without an email (first) and a duplicate account with an email (second).
This caused the user to redirect to the logout screen because the system checked the first account without the email against the SSO sign-on.

We fixed the LDAP sync to only import users with email accounts and then deleted the deactivated accounts. 

The user is now able to log on.

0 Helpfuls
Tfnhodgi
Tera Contributor
‎01-29-2024 08:58 AM

@Michael Searle Did you find a way to fix this? we have a group of users that will always have this issue with user id and email not matching. not about the compromised part just about not matching.

0 Helpfuls
Michael Searle
Giga Guru
‎01-29-2024 12:56 PM

Hi @Tfnhodgi 

Unfortunately, I did not.

Best wishes.

Brad Warman
Kilo Sage
‎02-21-2024 02:37 PM

Thanks for this @Sohail Khilji. It definitely helped in identifying the cause of my logout redirect issues in the Now Agent mobile app. In my case, it was occurring for random users. It turns out the instructions for connecting to a server in the app almost always use the <instance>.service-now.com URL. Our ServiceNow instance and SSO are configured using an alias so when users were entering <instance>.service-now.com as the server, it would always redirect to the logout page. Changing the URL to the alias we use resolved the issue for us. 

0 Helpfuls
Nayan J
Tera Contributor
3 weeks ago

Also check if property "glide.authenticate.sso.redirect.idp" holds the correct active

Identity Provider Sys Id.
0 Helpfuls
Version history
Last update:
‎10-08-2021 09:42 PM
Updated by:
Tera Sage