Skip to main content

How to Collect A SAML Response Trace (KBA6076)



KBA# 6076

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases



How to Task

This document discusses the procedure to collect and decode a SAML trace for SSO and/or Central Management troubleshooting. This may be required in conjunction with other Delphix Support troubleshooting when general Okta or other IdP events are encountered, such as 400: GENERAL_NONSUCCESS



Because SSO redirects can often cause multiple page loads, the traditional built-in browser debugging tools (Developer tools, etc) will not be effective as they will not persist the network logs through redirects or page reloads. Therefore, a browser add-on will be required for logging and diagnosing these issues.

Delphix recommends SAML-tracer or others listed at

Uninett SAML-tracer - Chrome Web Store

Uninett SAML-tracer - Firefox Add-Ons

Firefox and Chrome

  1. Open a new browser window.
  2. Click the SAML-Tracer extension button. 


A new SAML-tracer window displays:


In the SAML-tracer toolbar, the blue button highlight indicates an active selection. In this example, Pause is selected, so this should be clicked again to un-Pause data collection.



The SAML-tracer will trace ALL SAML exchanges from all browser windows. If it is desirable to isolate logging to only the Delphix application(s) in question, other browser tabs leveraging SSO should be suspended or closed for this data collection.

  1. Reproduce the issue (login, etc).
  2. Once the issue is reproduced, click Export in the SAML-tracer toolbar. In the Export SAML-trace preferences, select None for "Select cookie-filter profile", and then click Export. Save the file to a known location. This JSON export can be attached to the active Support case for further review.




If administrative or security policies restrict export of SAML data, selecting other values in this dialog will not render any diagnostic information that can be used for diagnosis, and live review of the JSON may be required via remote session.


Related Articles

The following articles may provide more information or related information to this article: