Login diectly with SAML / Query to enable AD or Local Auth when there is an issue with SAML

Login diectly with SAML / Query to enable AD or Local Auth when there is an issue with SAML


When users have AD and/or local authentication enabled along with SAML, the login page is shown when a link from an email is clicked and users need to click "Login with SAML" again. 

Workaround 1:

You can bookmark, <sdp_url>/SamlRequestServlet and access it to log in directly via SAML.
Limitation of workaround 1: However, when a link is clicked from email, SAML will not happen directly, but the login page will be shown.

Workaround 2:

  1. You can disable AD Authentication and Local Authentication and have SAML as the only mode of authentication.
  2. Now SAML login will be attempted without showing the login page.
  3. When there is a SAML error, local authentication will be allowed automatically in that browser instance from 14304.
SD-110962 : Users are allowed to login via local authentication when SAML authentication fails even if SAML is configured as the only mode of authentication.
Limitation of workaround 2: When there is an issue with SAML, and there are no local auth password is not known, need to reset local auth password or enable AD authentication (if it was configured)

Queries to enable Local / AD Authentication:

For enabling local auth:
update globalconfig set paramvalue='true' where parameter='Enable_LocalAuthentication_Login';

For enabling AD Auth:
update sdpamconf set pammodule_id = AAAPAMMODULE.pammodule_id from AAAPAMMODULE where AAAPAMMODULE.name = 'SDRelationalLoginModule';

                    New to ADSelfService Plus?

                      • Related Articles

                      • SAML Auto Login with ADFS (in Intranet)

                        Steps to enable Auto-logon: Step 1: In the AD FS server, under Authentication Methods, make sure that Windows Authentication is selected. Step 2: Run the below powershell query to check if "Chrome" is present in the supported WIA agents: ...
                      • How to Configure SAML for Hybrid Azure AD in SDP

                        This article provides a workaround for older SDP builds (below 11200) alone that did not support EmailAddress as the NameID format. Moreover, this workaround is applicable only for environments that sync their On-Premise AD users to their Azure using ...
                      • SAML | Multiple Login URLs for SAML Response

                        Issue: Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL. Fix: The acs_url column in the SAMLSP table can be ...
                      • How to configure SAML with Azure AD

                        This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...
                      • prod and test instance has same entity id for SAML

                        The issue: When restoring backup from production instance to create a test instance, the entity ID in SAML configuration is same as the production instance. Hence not able to configure SAML in test instance. Workaround: To change the application URL, ...