SAML | Multiple Login URLs for SAML Response

SAML | Multiple Login URLs for SAML Response

Issue:

Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL.

Fix:

The acs_url column in the SAMLSP table can be modified to support multiple comma separated URLs and when the attached fjar is applied, it separates the URLs and allows the SAML response to be sent to any of those mentioned URLs. 

Steps to apply:

1. Run the following query after connecting to the database by following the steps below:

Run the following query:
update samlsp set acs_url='https://<sdp_url_1>/SamlResponseServlet,https://<sdp_url_2>/SamlResponseServlet';

Note: Replace <sdp_url_1> amd <sdp_url_2> with your actual URLs.
Sample Query: update samlsp set acs_url='https://servicedesk:8080/SamlResponseServlet,https://servicedesk.zyler.com/SamlResponseServlet';

2. Apply the attached fjar
  1. Download the fjar file corresponding to your servicedesk version.
  2. Place the fjar file under <SDP_HOME>\fixes (if you have existing fjars, please consult with us before applying this)
  3. Restart the application.

3. Please ensure that your Identity Provider (Azure, OneLogin, etc) supports adding multiple URLs, and ensure to add them too.
        New to M365 Manager Plus?
        New to M365 Manager Plus?
          New to RecoveryManager Plus?
          New to RecoveryManager Plus?
            New to Exchange Reporter Plus?
            New to Exchange Reporter Plus?
              New to SharePoint Manager Plus?
              New to SharePoint Manager Plus?
                  See all integrations
                  New to ADManager Plus?
                  See all integrations
                  New to ADManager Plus?

                    New to ADSelfService Plus?

                    Start your free trial
                    Start your free trial

                      • Related Articles

                      • InResponseTo attribute in SAML Response is missing

                        Issue: Every SAML request has an ID and every SAML response should return this ID with the name InResponseTo. Most of the popular IDPs return this is now required to be verified. Response without InResponseTo: Expected Response: Solution: If your ...

                      • SAML | This Request will not be considered since passing more parameters to server might result in vulnerability issues.

                        Issue: After upgrade, customer might usually face this issue during SAML login: Trace: [14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHSettings]|[INFO]|[57303]: Service desk instance ID not found in Cookie| ...

                      • SAML - Login page would not reflect SAML option

                        Issue: In some cases, even after configuration and enabling of SAML option, it does not appear in the login page. However, if you notice in login page customization, the SAML option appears. Root cause: Check SAML - Service provider details. ...

                      • prod and test instance has same entity id for SAML

                        The issue: When restoring backup from production instance to create a test instance, the entity ID in SAML configuration is same as the production instance. Hence not able to configure SAML in test instance. Workaround: To change the application URL, ...

                      • SAML Auto Login with ADFS (in Intranet)

                        Steps to enable Auto-logon: Step 1: In the AD FS server, under Authentication Methods, make sure that Windows Authentication is selected. Step 2: Run the below powershell query to check if "Chrome" is present in the supported WIA agents: ...

                        Related Products