How to get SAML tracer output for a SAML based login-attempt?
You can use your favourite SAML tracer browser plugin. Here we used SAML-tracer
in a chromium-based browser.
To record the SAML tracer output:
- Go to ServiceDesk Plus's login screen
- Click on SAML Tracer Extension to open up the SAML Tracer window.
- Now click on login with SAML Single Sign-On and login to your IDP.
- When it's redirected back to SDP, click on the already opened SAML Tracer window. It should have recorded the SAML requests and responses.
To send us the recording:
- Click on export in the SAML Tracer window.
- Select "Mask Values" and click on Export
- Send us the downloaded JSON file for analysis.
To check the NameID Format and NameID Attribute
- Click on the URL that ends with /SamlResponseServlet.
- Now open the SAML tab in the bottom bar
- Press ctrl+f to open search bar
- Type in nameid
- In the <NameID Format> tag, we can clearly see the format and it will have the NameID attribute too inside it (email@example.com in the below example)
To check the additional attributes:
- Search for "attribute" and the list of attributes can be seen.
- The Attribute's Name should be given in SDP
- The AttributeValue can be used to check if the expected value is returned.
New to ADSelfService Plus?
9205662 - Debug jar : SAML Dynamic User Addition
Issue: SAML login with existing user works, But Error while dynamic user addition. Debug: Additional prints will be printed in the serverout. Steps to get the Debug logs: Download the attached 14500_9205662_SAML_DYNAMIC_USER_ADDITION_DEBUG.fjar file ...
Login diectly with SAML / Query to enable AD or Local Auth when there is an issue with SAML
Issue: When users have AD and/or local authentication enabled along with SAML, the login page is shown when a link from an email is clicked and users need to click "Login with SAML" again. Workaround 1: You can bookmark, <sdp_url>/SamlRequestServlet ...
How to configure SAML with Azure AD
This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...
SAML Auto Login with ADFS (in Intranet)
Steps to enable Auto-logon: Step 1: In the AD FS server, under Authentication Methods, make sure that Windows Authentication is selected. Step 2: Run the below powershell query to check if "Chrome" is present in the supported WIA agents: ...
SAML | Multiple Login URLs for SAML Response
Issue: Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL. Fix: The acs_url column in the SAMLSP table can be ...