SAML2 – Enable Trace Logging

Issue:

SAML authentication has been configured in XMPro as described below in Configure SAML 2 Authentication for XMPro Action Console and the following steps have completed by the SAML2 authentication service provider and XMPro in SAML2 Authentication Setup.

The user is successful redirect to the login URL as provided by the service provider. After signing in the user redirect to XMPro causes a continuous loop between the SAML authentication server and XMPro.

Solution:

The only way to determine the issue is to see the response returned to XMPro. To view this, you will need to enable trace logging for XMPro.

Update your application’s web.config to include a <system.diagnostics> section as shown in the configuration below.

<system.diagnostics>
    <trace autoflush="true">
      <listeners>
        <add name="TextWriter"/>
      </listeners>
    </trace>
    <sources>
      <source name="ComponentSpace.SAML2" switchValue="Verbose">
        <listeners>
          <add name="TextWriter"/>
        </listeners>
      </source>
    </sources>
    <sharedListeners>
      <add name="TextWriter"
           type="System.Diagnostics.TextWriterTraceListener"
           initializeData="D:\Temp\logs\SAML\idp.log"/>
    </sharedListeners>
  </system.diagnostics>

The value for initializeData=”D:\Temp\logs\SAML\idp.log” is the file where the entries will be written to. Ensure that the IIS users have full access to the folder and file.

Some of the most common errors are:

• The username provided in the SAML response does not match the username in XMPro. In the response look for xml node saml2:NameID. The value returned for this node must match the username in XMPro.
• The partner identity provider value configured in XMPro is not correctly configured. Look for ComponentSpace.SAML2 Verbose: 0 : 12:41:23 AM: Exception: ComponentSpace.SAML2.Exceptions.SAMLConfigurationException entries.