SAML FAQ's

SAML FAQ's

Please find the list of frequently asked queries in SAML

1. I have enabled SAML but still could not find a way to log in using SAML

Since the application has multi-tenant feature there are certain security added to the SAML login. In a SAML configuration, if only one account is assigned, then SAML SSO will work only when the application is accessed via the Account-Specific URL and not the default URL. 

If Mark as Default SAML configuration is enabled, then SAML SSO will work with the default URL. However, the SAML configuration will apply for all accounts. 

2. When a new user logs into the application using SAML, how will it work?

The application matches the application username with the SAML username, when it matches the existing user is overridden, if it does not a new user will be created which we call it Dynamic User Addition

If Mark as Default SAML configuration is enabled then the dynamic user addition will not work, since the application does not know which account the user belongs to. 
If SAML is configured to a specific account, then Dynamic User addition will work, the user present in iDP will be created as a user in SDP-MSP

3. A user is unable to login dynamically, receiving Error code 60

If the name ID format is set to Email Address, then the dynamic user addition does not work. The reason is, dynamic user addition looks up the email address field and in MSP, the uniqueness of a user is based on the loginname. If user login via dynamic user addition, opt for other name id format. 

                  New to ADSelfService Plus?

                    • Related Articles

                    • HTTP ERROR 400 when logging in via SAML - Description and Resolution

                      Description: When logging into the application via SAML, the following error occurs even when the configurations are accurate. Overview: When you see an HTTP ERROR 400 during a SAML login, it means there’s a "Bad Request" error. This error occurs ...
                    • The Saml Error code 50 appears when multiple URLs are used for the SDP

                      Issue: When multiple URLs are used for the application, SAML authentication fails on the first attempt. Fix: The issue is resolved by redirecting to the alias URL before triggering the /SamlRequest call. ISSUE ID: SD-124988 Resolution: The fix for ...
                    • SAML | Configure KeyCloak as IDP

                      Setting up KeyCloak Download KeyCloak from their official website (Used v25 here). Open conf/keycloak.conf and enter the hostname Run sh kc.sh start-dev Create a user and login at http://localhost:8080 Setting up the IDP: To enable logging, go to ...
                    • Startup issue in Linux after fresh installation_Error code 10001

                      In certain scenario, the application cannot be started just after the fresh install. Below are the error traces, [06:24:57:427]|[10-11-2021]|[pglog]|[INFO]|[18]: -sh: 1: /root/ManageEngine/ServiceDeskPlus-MSP/pgsql/bin/pg_ctl: Permission denied| ...
                    • 9205662 - Debug jar : SAML Dynamic User Addition

                      Issue: SAML login with existing user works, But Error while dynamic user addition. Debug: Additional prints will be printed in the serverout. Steps to get the Debug logs: Download the attached 14500_9205662_SAML_DYNAMIC_USER_ADDITION_DEBUG.fjar file ...