SAML with ICAM as IdP in ServiceDesk Plus
- The SAML NameID policy must either be unspecified (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified) or emailAddress (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress).
- WantAssertionsSigned="true" AND AuthnRequestsSigned="true" must be set in the metadata.
- The entityID must be set to the URL of your application endpoint (ex. entitiyID=https://www.mywebsite.noaa.gov/authenticate...)
- Document your metadata using the ContactPerson element. Minimal coverage should include the Line Office name and current point of contact with email address and phone number. Append the ContactPerson information between the </SPSSODescriptor> and </EntityDescriptor> tags in your metadata file. An example is below.
</SPSSODescriptor>
<ContactPerson contactType="technical OR administrative OR support">
<Company>Line Office</Company>
<GivenName>First Name of POC</GivenName>
<SurName>Last Name of POC</SurName>
<EmailAddress>Email Address of POC</EmailAddress>
<TelephoneNumber>Phone Number of POC</TelephoneNumber>
</ContactPerson>
</EntityDescriptor>
- The Name ID format can be changed in the SAML settings page.
- WantAssertionsSigned="true" is already set. Run the below query to set AuthnRequestsSigned="true"
update samlsp set auth_request_signed=True;
- Entity ID can be modified with the below query:
update samlsp set entity_id='https://your-app-url/SamlResponseServlet';
- Restart SDP service after these changes and download the metadata file. You can manually make the required changes related to Contact Person by editing this metadata file.
New to ADSelfService Plus?
Resources
Related Articles
How to configure SAML with Azure AD
This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...How to Configure SAML for Hybrid Azure AD in SDP
This article provides a workaround for older SDP builds (below 11200) alone that did not support EmailAddress as the NameID format. Moreover, this workaround is applicable only for environments that sync their On-Premise AD users to their Azure using ...How to get SAML tracer output for a SAML based login-attempt?
You can use your favourite SAML tracer browser plugin. Here we used SAML-tracer in a chromium-based browser. To provide us with SAML tracer output of SAML login attempt, please follow the steps below. 1. Go to SDP's login screen and click on SAML ...Host ServiceDesk Plus on the Internet
In order to make ServiceDesk Plus available for users on Internet, let us assume the following scenarios. Scenario 1: ServiceDesk Plus is installed in LAN and should be available in LAN and WAN: Assume ServiceDesk Plus is installed on a server in the ...How to redirect ServiceDesk Plus URL from HTTP to HTTPS
Follow the steps given below to set up the redirection from HTTP to HTTPS, For version 9.4 and above Step 1: Go to the below location and open the file 'server.xml' with a word pad and add the below entry in the file as shown in the image. ...