SAML | Multiple Login URLs for SAML Response

SAML | Multiple Login URLs for SAML Response

Issue:

Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL.

Fix:

The acs_url column in the SAMLSP table can be modified to support multiple comma separated URLs and when the attached fjar is applied, it separates the URLs and allows the SAML response to be sent to any of those mentioned URLs. 

Steps to apply:

1. Run the following query after connecting to the database by following the steps below:

Run the following query:
update samlsp set acs_url='https://<sdp_url_1>/SamlResponseServlet,https://<sdp_url_2>/SamlResponseServlet';

Note: Replace <sdp_url_1> amd <sdp_url_2> with your actual URLs.
Sample Query: update samlsp set acs_url='https://servicedesk:8080/SamlResponseServlet,https://servicedesk.zyler.com/SamlResponseServlet';

2. Apply the attached fjar
  1. Download the fjar file corresponding to your servicedesk version.
  2. Place the fjar file under <SDP_HOME>\fixes (if you have existing fjars, please consult with us before applying this)
  3. Restart the application.

3. Please ensure that your Identity Provider (Azure, OneLogin, etc) supports adding multiple URLs, and ensure to add them too.

                    New to ADSelfService Plus?