After upgrading to Quebec, it is reported that, when any roled user (any role would suffice), try to login to the service portal, by entering SSO redirection (which requires AD creds to enter), the service portal is opened inside the navigator frame. That means it opens the portal with URL as https://<instance-name>.seervice-now.com/nav_to.do?uri=<portal suffix>
Even if the customers use the OOB Login widget, it may happen for them.
Paris and Quebec
This issue is happening because a change was introduced in Paris. There is a session property used on the Login widget named 'is_direct_redirect', which if not set true, will exhibit this behavior.
However, this is not a bug and is expected behavior, as the starting page URL for public pages is not getting set since Paris release, if the page is custom.
This is not reproducible with the OOB login page. Usual login behavior should not have any issues (meaning using the OOB login page). But if the customer has a custom login page then this issue will be seen.
The workaround is to set the session property "is_direct_redirect" to set explicitly to true on a cloned widget of the OOB Login widget if customers do not want to change the custom login page.
To do the above, use the below code in the cloned widget, even before all the if loop starts. It can be put at the start of the server script too.