SAML | This Request will not be considered since passing more parameters to server might result in vulnerability issues.

SAML | This Request will not be considered since passing more parameters to server might result in vulnerability issues.

Issue:
After upgrade, customer might usually face this issue during SAML login:
Preview


Trace:

[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHSettings]|[INFO]|[57303]: Service desk instance ID not found in Cookie|
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHFilter]|[INFO]|[57303]: PORTALID : 1|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: SdpSecurityFilter called |
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: RequestURI::::::: /HomePage.do|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: urlRule::::::: URLRule ::  path = "/HomePage.do" actionParamName = "action"  urlInRegex  = "false"|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionParamValue::::::: null|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionRule::::::: ActionRule ::  Path : "/HomePage.do" method :"GET"" isCSRFProtected : "false" internal : "false" trusted : "false" roles : "" dynamicParams : "false" api : "false" isc : "false" authentication : "required" throwAllErrors : "false" urlXSSValidation : "true" ipBlockCheck : "false" loginThrowError : "false "" iscScope : "null" runAsGroupIdParam  : "null" runAsGroupTypeParam : "null "isThrottlesConfigured : "true "dynamic-throttles : "false|
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHFilter]|[INFO]|[57303]: PORTALID : 1|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: SdpSecurityFilter called |
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: RequestURI::::::: /Error|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: urlRule::::::: URLRule ::  path = "/Error"  urlInRegex  = "false"|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionParamValue::::::: null|

Root Cause:
This issue occurs when end users bookmark old SDP urls with parameters in the URL that are now unsupported (and considered extra parameter)


Solution:
Check if the customers are using a bookmark or a button from another portal/website where SDP's URL is predefined with the extra params. Ask them to remove the extra parameters from the bookmark or if it's an external website, ask the admin to remove the extra parameter from the SDP URL. 

        New to ADManager Plus?

          New to ADSelfService Plus?

            • Related Articles

            • SAML Auto Login with ADFS (in Intranet)

              Steps to enable Auto-logon: Step 1: In the AD FS server, under Authentication Methods, make sure that Windows Authentication is selected. Step 2: Run the below powershell query to check if "Chrome" is present in the supported WIA agents: ...
            • How to configure SAML with Azure AD

              This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...
            • SAML with ICAM as IdP in ServiceDesk Plus

              The SAML NameID policy must either be unspecified (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified) or emailAddress (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress). WantAssertionsSigned="true" AND AuthnRequestsSigned="true" must be set ...
            • SAML | Multiple Login URLs for SAML Response

              Issue: Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL. Fix: The acs_url column in the SAMLSP table can be ...
            • 9205662 - Debug jar : SAML Dynamic User Addition

              Issue: SAML login with existing user works, But Error while dynamic user addition. Debug: Additional prints will be printed in the serverout. Steps to get the Debug logs: Download the attached 14500_9205662_SAML_DYNAMIC_USER_ADDITION_DEBUG.fjar file ...