SAML Vulnerability Fix for 6.8 version
As mentioned in the below post, we have attached the compatible jars and we can follow the below steps for the fix.
https://connect.zoho.com/portal/intranet/stream/105000699940145/105000702986572
Steps:
Remove xmlsec-1.4.1.jar from lib
Place xmlsec-2.2.3.jar (attached) in lib
Place the saml_xmlsec_changes_11200_13005.fjar in <sdp_home>/fixes folder
Create folder if does not exist
Restart SDP service.
Note: we have uploaded as zip, as the extension jar is not supported in supportdesk
The jar is compatible for
SDP: 11200-13005
AE: 6.8 versions
Similiar tickets
New to ADSelfService Plus?
Related Articles
SAML | Multiple Login URLs for SAML Response
Issue: Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL. Fix: The acs_url column in the SAMLSP table can be ...SAML | This Request will not be considered since passing more parameters to server might result in vulnerability issues.
Issue: After upgrade, customer might usually face this issue during SAML login: Trace: [14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHSettings]|[INFO]|[57303]: Service desk instance ID not found in Cookie| ...9205662 - Debug jar : SAML Dynamic User Addition
Issue: SAML login with existing user works, But Error while dynamic user addition. Debug: Additional prints will be printed in the serverout. Steps to get the Debug logs: Download the attached 14500_9205662_SAML_DYNAMIC_USER_ADDITION_DEBUG.fjar file ...How to get SAML tracer output for a SAML based login-attempt?
You can use your favourite SAML tracer browser plugin. Here we used SAML-tracer in a chromium-based browser. To record the SAML tracer output: Go to ServiceDesk Plus's login screen Click on SAML Tracer Extension to open up the SAML Tracer window. Now ...Login diectly with SAML / Query to enable AD or Local Auth when there is an issue with SAML
Issue: When users have AD and/or local authentication enabled along with SAML, the login page is shown when a link from an email is clicked and users need to click "Login with SAML" again. Workaround 1: You can bookmark, <sdp_url>/SamlRequestServlet ...