SAML | This Request will not be considered since passing more parameters to server might result in vulnerability issues.
Issue:
After upgrade, customer might usually face this issue during SAML login:
Trace:
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHSettings]|[INFO]|[57303]: Service desk instance ID not found in Cookie|
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHFilter]|[INFO]|[57303]: PORTALID : 1|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: SdpSecurityFilter called |
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: RequestURI::::::: /HomePage.do|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: urlRule::::::: URLRule :: path = "/HomePage.do" actionParamName = "action" urlInRegex = "false"|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionParamValue::::::: null|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionRule::::::: ActionRule :: Path : "/HomePage.do" method :"GET"" isCSRFProtected : "false" internal : "false" trusted : "false" roles : "" dynamicParams : "false" api : "false" isc : "false" authentication : "required" throwAllErrors : "false" urlXSSValidation : "true" ipBlockCheck : "false" loginThrowError : "false "" iscScope : "null" runAsGroupIdParam : "null" runAsGroupTypeParam : "null "isThrottlesConfigured : "true "dynamic-throttles : "false|
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHFilter]|[INFO]|[57303]: PORTALID : 1|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: SdpSecurityFilter called |
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: RequestURI::::::: /Error|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: urlRule::::::: URLRule :: path = "/Error" urlInRegex = "false"|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionParamValue::::::: null|
Root Cause:
This issue occurs when end users bookmark old SDP urls with parameters in the URL that are now unsupported (and considered extra parameter)
Solution:
Check if the customers are using a bookmark or a button from another portal/website where SDP's URL is predefined with the extra params. Ask them to remove the extra parameters from the bookmark or if it's an external website, ask the admin to remove the extra parameter from the SDP URL.
New to ADSelfService Plus?
Related Articles
SAML Auto Login with ADFS (in Intranet)
Steps to enable Auto-logon: Step 1: In the AD FS server, under Authentication Methods, make sure that Windows Authentication is selected. Step 2: Run the below powershell query to check if "Chrome" is present in the supported WIA agents: ...HTTP ERROR 400 when logging in via SAML - Description and Resolution
Description: When logging into the application via SAML, the following error occurs even when the configurations are accurate. Overview: When you see an HTTP ERROR 400 during a SAML login, it means there’s a "Bad Request" error. This error occurs ...SAML | Multiple Login URLs for SAML Response
Issue: Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL. Fix: The acs_url column in the SAMLSP table can be ...SAML - Login page would not reflect SAML option
Issue: In some cases, even after configuration and enabling of SAML option, it does not appear in the login page. However, if you notice in login page customization, the SAML option appears. Root cause: Check SAML - Service provider details. ...Configuring SAML with ADFS
Step 1: Open the ADFS management application Step 2: Right-click Relying Party trust and choose Add Relying Party Trust. The Add Relying Party Trust Wizard opens. Step 3: Choose Claims Aware and click Start Step 4: Choose Enter data about the relying ...