SAML with ICAM as IdP in ServiceDesk Plus

SAML with ICAM as IdP in ServiceDesk Plus


  1. The SAML NameID policy must either be unspecified (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified) or emailAddress (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress).
  2. WantAssertionsSigned="true" AND AuthnRequestsSigned="true" must be set in the metadata.
  3. The entityID must be set to the URL of your application endpoint (ex. entitiyID=https://www.servicedesk.mywebsite.com/authenticate)
  4. Document your metadata using the ContactPerson element. Minimal coverage should include the Line Office name and current point of contact with email address and phone number. Append the ContactPerson information between the </SPSSODescriptor> and </EntityDescriptor> tags in your metadata file. An example is below.
  </SPSSODescriptor>
  <ContactPerson contactType="technical OR administrative OR support">
    <Company>Line Office</Company>
    <GivenName>First Name of POC</GivenName>
    <SurName>Last Name of POC</SurName>
    <EmailAddress>Email Address of POC</EmailAddress>
    <TelephoneNumber>Phone Number of POC</TelephoneNumber>
  </ContactPerson>
</EntityDescriptor>

  1. The Name ID format can be changed in the SAML settings page.
  2. WantAssertionsSigned="true" is already set. Run the below query to set AuthnRequestsSigned="true" 
update samlsp set auth_request_signed=True;
  1. To send sigAlg and other signing parameters as request parameters,
update samlidp set binding='REDIRECT';
  1. Entity ID can be modified with the below query:
update samlsp set entity_id='https://your-app-url/SamlResponseServlet';
  1. Restart SDP service after these changes and download the metadata file. You can manually make the required changes related to Contact Person by editing this metadata file.

                  New to ADSelfService Plus?

                    • Related Articles

                    • SAML | Configure KeyCloak as IDP

                      Setting up KeyCloak Download KeyCloak from their official website (Used v25 here). Open conf/keycloak.conf and enter the hostname Run sh kc.sh start-dev Create a user and login at http://localhost:8080 Setting up the IDP: To enable logging, go to ...
                    • Configuring SAML with ADFS

                      Step 1: Open the ADFS management application Step 2: Right-click Relying Party trust and choose Add Relying Party Trust. The Add Relying Party Trust Wizard opens. Step 3: Choose Claims Aware and click Start Step 4: Choose Enter data about the relying ...
                    • How to configure SAML with Azure AD

                      This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...
                    • How to configure SAML with Azure AD

                      This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...
                    • Configuring SAML with Azure (New)

                      Step 1: Open the Azure Portal--->Enterprise Applications. Step 2: Select the created Enterprise Application and get started with Set up Single Sign-On. Step 3: Edit the basic SAML Configuration. Step 4: Copy the Entity ID from SDPMSP and place the ...