Generate SAML logs on the IdP

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version Affected: All

    Description:

    How to turn on SAML tracing for the realm.

     

    Cause:

    Sometimes it is not practical to use a client side SAML tracer such as the SAML tracer plugin for Firefox.  In such circumstances the realm can be configured to capture the AuthN and SAML Assertions. 

    This also works when using the AssertionConsumerService to see what is received from the other IdP. 


    Resolution:

    1. Backup the web.config for the realm then open the Admin Console

    2. Go to the System Info tab of the SAML realm

    3. a. If using IdP 9.2 or lower, Click the "Click to edit Web Config file"

    3. b. If using IdP 9.3 or above, you will need to first decrypt the Web.Config file via the System tab and then open in a text editor.

    4. Scroll to the end of Web config and paste the following just above the final </configuration> line

    <system.diagnostics>
          <trace autoflush="true">
            <listeners>
              <add name="TextWriter"/>
            </listeners>
          </trace>
          <sources>
            <source name="ComponentSpace.SAML2" switchValue="Verbose">
              <listeners>
                <add name="TextWriter"/>
              </listeners>
            </source>
          </sources>
          <sharedListeners>
            <add name="TextWriter"
                 type="System.Diagnostics.TextWriterTraceListener"
                 initializeData="idp.log"/>
          </sharedListeners>
        </system.diagnostics>

    log.PNG
    5. Click Save

    This will generate a log called idp.log in the realm folder eg, D:\SecureAuth\Secureauth10\IdP.log

    6. IMPORTANT:  When finished troubleshooting the SAML issue revert the web.config to disable SAML tracing as it will fill up the disk if left long enough.

     

    (Replace the server name and realm number with your own)
    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
     
    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.