Self-Service Password Reset Page being overridden by SSO

robpickering · ‎05-15-2014

I'm setting up the new AD Self-Service Password Reset.

I've got a public URL for the password reset page, and that page is in my Public Pages:

e.g.: https://myinstance.service-now.com/nav_to.do?url=pwd_reset.do?sysparm_url=suffix

Where "nav_to" is listed in Public Pages and is Active=true.

Same goes for all of the "pwd_" pages.

The issue is that when I access that page on my SSO instance, I'm automatically redirected back to the SSO login page for our ADFS. Is there something else I have to do to allow this page to be reached without forcing authentication?

Thanks.

robpickering · ‎05-19-2014

According to ServiceNow (HI) this is a known problem in Dublin GA.

The issue is tracked as Problem PRB577496, which states:

When trying to access a public page (i.e, a Public Survey) with enabled SSO, if the url contains "nav_to.do?uri=", the page will force SSO authentication even though the page is public. If navigating without the "nav_to.do?uri=", then the page does not require authentication.

I have confirmed that use of the URL:

https://myinstance.service-now.com/pwd_reset.do?sysparm_url=suffix

Does in fact work.

View solution in original post

Bhavesh Jain1 · ‎05-18-2014

You will need to give a link on your SSO login page something like : Forgot Password?

This link will point to the URL you specified.

Another way is to edit the Login script in the SSO module where you redirect the page based on SSO re-direct URLs set in your instance.

robpickering · ‎05-19-2014

Bhavesh,

I can put a link on my SSO login page and point it to the link I mention in my post, but it just sends me back to my SSO login page, which my user cannot log into. I need a link that BYPASSES the SSO in order to get them to the Password Reset page.

For example, if I go to: https://myinstance.service-now.com/login.do then it doesn't redirect back to my SSO page. However, as far as I can tell, I have login.do set up the same way as nav_to.do, both are Public.

I played with it some more, and I did find an error in my above post. I had replaced the "%3F" with a "?", which while technically correct is not what the system is looking for...it needs to remain a %3F (I verified this in my Dev system which is not SSO authenticated).

Furthermore, that /nav_to.do?url=pwd_reset.do%3Fsysparm_url=suffix URL, on my Development system is actually getting re-written to be navpage.do, which is where I believe the SSO is taking over and redirecting back to my authentication site.

Appreciate the help, hopefully someone else has some ideas as well. I've now put a HI ticket in, as I have to get this working.

robpickering · ‎05-19-2014