SAML | This Request will not be considered since passing more parameters to server might result in vulnerability issues.
Issue:
After upgrade, customer might usually face this issue during SAML login:
Trace:
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHSettings]|[INFO]|[57303]: Service desk instance ID not found in Cookie|
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHFilter]|[INFO]|[57303]: PORTALID : 1|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: SdpSecurityFilter called |
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: RequestURI::::::: /HomePage.do|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: urlRule::::::: URLRule :: path = "/HomePage.do" actionParamName = "action" urlInRegex = "false"|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionParamValue::::::: null|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionRule::::::: ActionRule :: Path : "/HomePage.do" method :"GET"" isCSRFProtected : "false" internal : "false" trusted : "false" roles : "" dynamicParams : "false" api : "false" isc : "false" authentication : "required" throwAllErrors : "false" urlXSSValidation : "true" ipBlockCheck : "false" loginThrowError : "false "" iscScope : "null" runAsGroupIdParam : "null" runAsGroupTypeParam : "null "isThrottlesConfigured : "true "dynamic-throttles : "false|
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHFilter]|[INFO]|[57303]: PORTALID : 1|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: SdpSecurityFilter called |
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: RequestURI::::::: /Error|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: urlRule::::::: URLRule :: path = "/Error" urlInRegex = "false"|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionParamValue::::::: null|
Root Cause:
This issue occurs when end users bookmark old SDP urls with parameters in the URL that are now unsupported (and considered extra parameter)
Solution:
Check if the customers are using a bookmark or a button from another portal/website where SDP's URL is predefined with the extra params. Ask them to remove the extra parameters from the bookmark or if it's an external website, ask the admin to remove the extra parameter from the SDP URL.
New to ADSelfService Plus?
Related Articles
SAML | Auto Login with ADFS (in Intranet)
Steps to enable Auto-logon: Step 1: In the AD FS server, under Authentication Methods, make sure that Windows Authentication is selected. Step 2: Run the below powershell query to check if "Chrome" is present in the supported WIA agents: ...SAML | Skip login page | Login directly with SAML | Query to enable AD or Local Auth during SAML issues
Issue: When users have AD and/or local authentication enabled along with SAML, the login page is shown when a link from an email is clicked and users need to click "Login with SAML" again. Workaround 1: You can bookmark, <sdp_url>/SamlRequestServlet ...HTTP ERROR 400 when logging in via SAML - Description and Resolution
Description: When logging into the application via SAML, the following error occurs even when the configurations are accurate. Overview: When you see an HTTP ERROR 400 during a SAML login, it means there’s a "Bad Request" error. This error occurs ...SAML - Login page would not reflect SAML option
Issue: In some cases, even after configuration and enabling of SAML option, it does not appear in the login page. However, if you notice in login page customization, the SAML option appears. Root cause: Check SAML - Service provider details. ...How to configure SAML with Azure AD
This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...