SAML | This Request will not be considered since passing more parameters to server might result in vulnerability issues.
Issue:
After upgrade, customer might usually face this issue during SAML login:
Trace:
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHSettings]|[INFO]|[57303]: Service desk instance ID not found in Cookie|
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHFilter]|[INFO]|[57303]: PORTALID : 1|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: SdpSecurityFilter called |
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: RequestURI::::::: /HomePage.do|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: urlRule::::::: URLRule :: path = "/HomePage.do" actionParamName = "action" urlInRegex = "false"|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionParamValue::::::: null|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionRule::::::: ActionRule :: Path : "/HomePage.do" method :"GET"" isCSRFProtected : "false" internal : "false" trusted : "false" roles : "" dynamicParams : "false" api : "false" isc : "false" authentication : "required" throwAllErrors : "false" urlXSSValidation : "true" ipBlockCheck : "false" loginThrowError : "false "" iscScope : "null" runAsGroupIdParam : "null" runAsGroupTypeParam : "null "isThrottlesConfigured : "true "dynamic-throttles : "false|
[14:14:03:012]|[10-02-2023]|[com.manageengine.mdh.MDHFilter]|[INFO]|[57303]: PORTALID : 1|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: SdpSecurityFilter called |
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: RequestURI::::::: /Error|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: urlRule::::::: URLRule :: path = "/Error" urlInRegex = "false"|
[14:14:03:012]|[10-02-2023]|[com.manageengine.servicedesk.filter]|[INFO]|[57303]: actionParamValue::::::: null|
Root Cause:
This issue occurs when end users bookmark old SDP urls with parameters in the URL that are now unsupported (and considered extra parameter)
Solution:
Check if the customers are using a bookmark or a button from another portal/website where SDP's URL is predefined with the extra params. Ask them to remove the extra parameters from the bookmark or if it's an external website, ask the admin to remove the extra parameter from the SDP URL.
New to ADSelfService Plus?
Related Articles
SAML Auto Login with ADFS (in Intranet)
Steps to enable Auto-logon: Step 1: In the AD FS server, under Authentication Methods, make sure that Windows Authentication is selected. Step 2: Run the below powershell query to check if "Chrome" is present in the supported WIA agents: ...SAML - Login page would not reflect SAML option
Issue: In some cases, even after configuration and enabling of SAML option, it does not appear in the login page. However, if you notice in login page customization, the SAML option appears. Root cause: Check SAML - Service provider details. ...How to configure SAML with Azure AD
This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...SAML FAQ's
Please find the list of frequently asked queries in SAML 1. I have enabled SAML but still could not find a way to log in using SAML Since the application has multi-tenant feature there are certain security added to the SAML login. In a SAML ...SAML | Multiple Login URLs for SAML Response
Issue: Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL. Fix: The acs_url column in the SAMLSP table can be ...