SAML with ICAM as IdP in ServiceDesk Plus
- The SAML NameID policy must either be unspecified (urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified) or emailAddress (urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress).
- WantAssertionsSigned="true" AND AuthnRequestsSigned="true" must be set in the metadata.
- The entityID must be set to the URL of your application endpoint (ex. entitiyID=https://www.servicedesk.mywebsite.com/authenticate)
- Document your metadata using the ContactPerson element. Minimal coverage should include the Line Office name and current point of contact with email address and phone number. Append the ContactPerson information between the </SPSSODescriptor> and </EntityDescriptor> tags in your metadata file. An example is below.
</SPSSODescriptor>
<ContactPerson contactType="technical OR administrative OR support">
<Company>Line Office</Company>
<GivenName>First Name of POC</GivenName>
<SurName>Last Name of POC</SurName>
<EmailAddress>Email Address of POC</EmailAddress>
<TelephoneNumber>Phone Number of POC</TelephoneNumber>
</ContactPerson>
</EntityDescriptor>
- The Name ID format can be changed in the SAML settings page.
- WantAssertionsSigned="true" is already set. Run the below query to set AuthnRequestsSigned="true"
update samlsp set auth_request_signed=True;
- To send sigAlg and other signing parameters as request parameters,
update samlidp set binding='REDIRECT';
- Entity ID can be modified with the below query:
update samlsp set entity_id='https://your-app-url/SamlResponseServlet';
- Restart SDP service after these changes and download the metadata file. You can manually make the required changes related to Contact Person by editing this metadata file.
New to ADSelfService Plus?
Related Articles
How to configure SAML with Azure AD
This guide will help us configure SAML for users who want to use Azure AD as their IdP and also give you insights on a few issues that you might run into while configuring SAML in an Azure Environment. In an ideal environment, customers will have an ...How to get SAML tracer output for a SAML based login-attempt?
You can use your favourite SAML tracer browser plugin. Here we used SAML-tracer in a chromium-based browser. To record the SAML tracer output: Go to ServiceDesk Plus's login screen Click on SAML Tracer Extension to open up the SAML Tracer window. Now ...SAML | Multiple Login URLs for SAML Response
Issue: Even if SDP can be accessed with multiple URLs like internal.servicedesk.com and external.servicedesk.com, the SAML response is always received at the same URL that is configured in Alias URL. Fix: The acs_url column in the SAMLSP table can be ...How to Configure SAML for Hybrid Azure AD in SDP
This article provides a workaround for older SDP builds (below 11200) alone that did not support EmailAddress as the NameID format. Moreover, this workaround is applicable only for environments that sync their On-Premise AD users to their Azure using ...9205662 - Debug jar : SAML Dynamic User Addition
Issue: SAML login with existing user works, But Error while dynamic user addition. Debug: Additional prints will be printed in the serverout. Steps to get the Debug logs: Download the attached 14500_9205662_SAML_DYNAMIC_USER_ADDITION_DEBUG.fjar file ...