SAML with ICAM as IdP in ServiceDesk Plus
- The SAML NameID policy must either be unspecified (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified) or emailAddress (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress).
- WantAssertionsSigned="true" AND AuthnRequestsSigned="true" must be set in the metadata.
- The entityID must be set to the URL of your application endpoint (ex. entitiyID=https://www.servicedesk.mywebsite.com/authenticate)
- Document your metadata using the ContactPerson element. Minimal coverage should include the Line Office name and current point of contact with email address and phone number. Append the ContactPerson information between the </SPSSODescriptor> and </EntityDescriptor> tags in your metadata file. An example is below.
</SPSSODescriptor>
<ContactPerson contactType="technical OR administrative OR support">
<Company>Line Office</Company>
<GivenName>First Name of POC</GivenName>
<SurName>Last Name of POC</SurName>
<EmailAddress>Email Address of POC</EmailAddress>
<TelephoneNumber>Phone Number of POC</TelephoneNumber>
</ContactPerson>
</EntityDescriptor>
- The Name ID format can be changed in the SAML settings page.
- WantAssertionsSigned="true" is already set. Run the below query to set AuthnRequestsSigned="true"
update samlsp set auth_request_signed=True;
- To send sigAlg and other signing parameters as request parameters,
update samlidp set binding='REDIRECT';
- Entity ID can be modified with the below query:
update samlsp set entity_id='https://your-app-url/SamlResponseServlet';
- Restart SDP service after these changes and download the metadata file. You can manually make the required changes related to Contact Person by editing this metadata file.
New to ADSelfService Plus?
Related Articles
SAML | Configure KeyCloak as IDP
Setting up KeyCloak Download KeyCloak from their official website (Used v25 here). Open conf/keycloak.conf and enter the hostname Run sh kc.sh start-dev Create a user and login at http://localhost:8080 Setting up the IDP: To enable logging, go to ...Configuring SAML with ADFS
Step 1: Open the ADFS management application Step 2: Right-click Relying Party trust and choose Add Relying Party Trust. The Add Relying Party Trust Wizard opens. Step 3: Choose Claims Aware and click Start Step 4: Choose Enter data about the relying ...How to configure SAML with Azure AD
This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...How to configure SAML with Azure AD
This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...How to get SAML tracer output for a SAML based login-attempt?
You can use your favourite SAML tracer browser plugin. Here we used SAML-tracer in a chromium-based browser. To record the SAML tracer output: Go to ServiceDesk Plus's login screen Click on SAML Tracer Extension to open up the SAML Tracer window. Now ...