Oidc configuration not working and not showing errors in the logsIssue Following the steps of the official documentation page Create OIDC configuration SSO does not guarantee that the OIDC configuration will work. Issues such as the explained in the article KB0953708 are sometimes not visible in the logs. ReleaseAllCauseThe logs may be visible without apparent error messages even when the system properties com.snc.platform.security.oauth.debug and glide.auth.debug.enabled are set to true: <span id="mce_2"></span>2022-10-24 01:42:25 (752) http-12 New transaction 3F125AE047F29910E72FDEA8536D4359 #123848 /login_with_sso.do 2022-10-24 01:42:25 (758) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 SAML Response Validation : PreProcessing - Validating SAMLResponse for security issues. SAML Response Validation : PreProcessing - No security issues found in SAMLResponse! 2022-10-24 01:42:25 (762) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 *** MultiSSOv2: User attempting to login using SSO ID-porten Test 2022-10-24 01:42:25 (763) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 *** MultiSSOv2: ScriptName : MultiSSO_OIDC_custom 2022-10-24 01:42:25 (775) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 *** Script: OIDC Request - getting the Authn request url 2022-10-24 01:42:25 (776) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 DEBUG: CustomURL: Updating the callback URL from https://INSTANCE.service-now.com/csp to https://INSTANCE.service-now.com/csp 2022-10-24 01:42:25 (776) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 DEBUG: CustomURL: Updating the callback URL from https://INSTANCE.service-now.com/csp to https://INSTANCE.service-now.com/csp 2022-10-24 01:42:25 (776) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 MULTISSO_OIDC_SOURCE: loginRedirectURL: null 2022-10-24 01:42:25 (777) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 MULTISSO_OIDC_SOURCE: Base URL: https://INSTANCE.service-now.com 2022-10-24 01:42:25 (777) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 MULTISSO_OIDC_SOURCE: Request URI : /login_with_sso.do 2022-10-24 01:42:25 (778) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 MULTISSO_OIDC_SOURCE: Query String : glide_sso_id=c9db8e3087da95109a4db88f8bbb35c3 2022-10-24 01:42:25 (778) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 MULTISSO_OIDC_SOURCE: Generating a Relay State of: https://INSTANCE.service-now.com/csp 2022-10-24 01:42:25 (778) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 MULTISSO_OIDC_SOURCE: Nonce needed for OIDC Authorisation request: false 2022-10-24 01:42:25 (778) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 MULTISSO_OIDC_SOURCE: Nonce generat<span id="mce_18"></span>ed for OIDC Authorisation request null 2022-10-24 01:42:25 (783) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 MULTISSO_OIDC_SOURCE: MultiSSORequestParameter Record inserted into DB 2022-10-24 01:42:25 (784) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 Generating the Authn URL.<span <span id="mce_2"></span>id="mce_15"></span>["client_secret_post","client_secret_basic","private_key_jwt","none"],"request_parameter_supported":true,"request_uri_parameter_supported":false,"request_object_signing_alg_values_supported":["RS256","RS384","RS512"]} 2022-10-24 01:42:26 (108) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 DEBUG: Auth: JSON response ={"response_types_supported":<span id="mce_12"></span>["code","id_token","id_token token","token"],"request_parameter_supported":true,"pushed_authorization_request_endpoint":"https://oidc-ver2.difi.no/idporten-oidc-provider/par","request_uri_parameter_supported":false,"introspection_endpoint":"https://oidc-xxxx.no/idporten-oidc-provider/tokeninfo","end_session_endpoint":"https://oidc-ver2.difi.no/idporten-oidc-provider/endsession","ui_locales_supported":["nb","nn","en","se"],"revocation_endpoint":"https://oidc-xxxxy.no/idport-oidc-provider/revoke","scopes_supported":["openid","profile"],"issuer":"https://oidc-test.no/idporten-oidc-provider/","acr_values_supported":["Level3","Level4"],"authorization_endpoint":"https://oidc-ver2.difi.no/idporten-oidc-provider/authorize","userinfo_endpoint":"https://oidc-test.no/idporten-oidc-provider/userinfo","frontchannel_logout_supported":true,"code_challenge_methods_supported":["S256"],"jwks_uri":"https://oidc-test.no/idporten-oidc-provider/jwk","frontchannel_logout_session_supported":true,"subject_types_supported":["pairwise"],"id_token_signing_alg_values_supported":["RS256"],"token_endpoint_auth_methods_supported":["client_secret_post","client_secret_basic","private_key_jwt","none"],"response_modes_supported":["query","form_post","fragment"],"request_object_signing_alg_values_supported":["RS256","RS384","RS512"],"token_endpoint":"https://oidc-test.no/idporten-oidc-provider/token"} 2022-10-24 01:42:26 (146) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 OUTBOUND_HTTP: protocol=HTTP/1.1 response_status=200 response_time=35 request_length=0 response_length=-2 app_scope=global session_id=3F125AE047F29910E72FDEA8536D4359 transaction_name="#123848 /login_with_sso.do" transaction_id=ca225e6047f29910e72fdea8536d43de user_name=guest mid_server= source_table=sys_installation_exit source_record=1125a5720b21230001d36c4d37673a7d system_id=prt1150168.ams101.service-now.com:devtest12 method=GET log_level=Basic scheme=https hostname=oidc-test.no path=/test-oidc-provider/jwk 2022-10-24 01:42:26 (147) Default-thread-8 3F125AE047F29910E72FDEA8536D4359 txid=ca225e6047f2 event="HTTP_OUTBOUND_REQUEST" session_id="3F125AE047F29910E72FDEA8536D4359" user_name="guest" protocol="HTTP/1.1" response_status="200" response_time="35" request_length="0" response_length="-2" app_scope="global" transaction_name="#123848 /login_with_sso.do" transaction_id="ca225e6047f29910e72fdea8536d43de" source_table="sys_installation_exit" source_record="1125a5720b21230001d36c4d37673a7d" system_id="aprt1150168.ams101.service-now.com:devtest12" method="GET" log_level="Basic" log_type="SECLOG" session_id="6D4359" source_ip="165.225.199.0" tx_num="123848" url="/login_with_sso.do" domain="global" http_last_time="1666600939221" jsession_id="D60477" http_uagent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36" user="guest" user_id="5136503cc611227c0183e96598c4f706" http_time_zone="Europe/Stockholm" user_group="n/a" http_browser="chrome"ResolutionWhen setting up OIDC the first time, customer should try with the default configuration using navpage.do url instead of any ServicePortal. Once the feature works fine, the next step to to replace navpage.do by the portal according to the requirements. Same steps apply to the Oidc_entity_provider and Oauth_oidc_entity records as well as the customer (non-instance/external) IDP site. Once the changes have been applied, the logs from the syslog table will start showing the OIDC relevant errors: Related LinksFor more information, visit our documentation pages such as OIDC SSO overview and the knowledge based article oAuth JWT Grant Type Troubleshooting steps