SAML Vulnerability Fix for 6.8 version

SAML Vulnerability Fix for 6.8 version

As mentioned in the below post, we have attached the compatible jars and we can follow the below steps for the fix.

https://connect.zoho.com/portal/intranet/stream/105000699940145/105000702986572

Steps:
Remove xmlsec-1.4.1.jar from lib
Place xmlsec-2.2.3.jar (attached) in lib
Place the saml_xmlsec_changes_11200_13005.fjar in <sdp_home>/fixes folder
Create folder if does not exist
Restart SDP service.

Note: we have uploaded as zip, as the extension jar is not supported in supportdesk

The jar is compatible for
SDP: 11200-13005
AE: 6.8 versions
  
Similiar tickets

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • SAML | Multiple Login URLs for SAML Response

                      Issue: Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL. Fix: The acs_url column in the SAMLSP table can be ...

                    • SAML - Login page would not reflect SAML option

                      Issue: In some cases, even after configuration and enabling of SAML option, it does not appear in the login page. However, if you notice in login page customization, the SAML option appears. Root cause: Check SAML - Service provider details. ...

                    • SAML redirection issue

                      Issue: The /SamlRequest URL is being accessed repeatedly, leading to the URL access limit being reached in only SAML enabled case. The SAML URL is triggered instead of displaying the login page, occurring only in cases where both Active Directory ...

                    • The Saml Error code 50 appears when multiple URLs are used for the SDP

                      Issue: When multiple URLs are used for the application, SAML authentication fails on the first attempt. Fix: The issue is resolved by redirecting to the alias URL before triggering the /SamlRequest call. ISSUE ID: SD-124988 Resolution: The fix for ...

                    • SAML | This Request will not be considered since passing more parameters to server might result in vulnerability issues.

                      Issue: After upgrade, customer might usually face this issue during SAML login: Trace: [14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHSettings]|[INFO]|[57303]: Service desk instance ID not found in Cookie| ...

                      Related Products