SAML | Incresing throttle for SAML request URL
Kindly add the following code in webapps/ROOT/WEB-INF/security/security-publicaccess.xml and restart SDP to increase the throttle limit for SamlRequestServlet URL. Here it's set as 45. You can change to any number you want per minute.
<throttles window="ROLLING" scope="APPSERVER" key="url.path+url.dynamic_key" name="saml_request_servlet">
<throttle duration="1m" threshold="45" lock-period="2m"/>
</throttles>
Sample:
New to ADSelfService Plus?
Related Articles
SAML automatic redirection issue
Issue: The /SamlRequest URL is being accessed repeatedly, leading to the URL access limit being reached in only SAML enabled case. The SAML URL is triggered instead of displaying the login page, occurring only in cases where both Active Directory ...SAML | InResponseTo attribute in SAML Response is missing - error code 50
What is InResponseTo? SDP will send a unique identifier named 'ID' in every SAML request and the IDP must return this ID in every SAML response named 'InResponseTo'. Most of the popular IDPs return this and this and SDP will check this for security ...SAML | Configure KeyCloak as IDP
Setting up KeyCloak Download KeyCloak from their official website (Used v25 here). Open conf/keycloak.conf and enter the hostname Run sh kc.sh start-dev Create a user and login at http://localhost:8080 Setting up the IDP: To enable logging, go to ...SAML with ICAM as IdP in ServiceDesk Plus
Usual requirements from ICAM: The SAML NameID policy must either be unspecified (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified) or emailAddress (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress). WantAssertionsSigned="true" AND ...SAML | This Request will not be considered since passing more parameters to server might result in vulnerability issues.
Issue: After upgrade, customer might usually face this issue during SAML login: Trace: [14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHSettings]|[INFO]|[57303]: Service desk instance ID not found in Cookie| ...