How to Collect A SAML Response Trace (KBA6076)
KBA
KBA# 6076Applicable Delphix Versions
- Click here to view the versions of the Delphix engine to which this article applies
-
Major Release All Sub Releases 6.0 6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0 5.3
5.3.0.0, 5.3.0.1, 5.3.0.2, 5.3.0.3, 5.3.1.0, 5.3.1.1, 5.3.1.2, 5.3.2.0, 5.3.3.0, 5.3.3.1, 5.3.4.0, 5.3.5.0 5.3.6.0, 5.3.7.0, 5.3.7.1, 5.3.8.0, 5.3.8.1, 5.3.9.0 5.2
5.2.2.0, 5.2.2.1, 5.2.3.0, 5.2.4.0, 5.2.5.0, 5.2.5.1, 5.2.6.0, 5.2.6.1
How to Task
This document discusses the procedure to collect and decode a SAML trace for SSO and/or Central Management troubleshooting. This may be required in conjunction with other Delphix Support troubleshooting when general Okta or other IdP events are encountered, such as 400: GENERAL_NONSUCCESS
Prerequisites
Because SSO redirects can often cause multiple page loads, the traditional built-in browser debugging tools (Developer tools, etc) will not be effective as they will not persist the network logs through redirects or page reloads. Therefore, a browser add-on will be required for logging and diagnosing these issues.
Delphix recommends SAML-tracer or others listed at https://www.samltool.com/saml_tools.php
Uninett SAML-tracer - Chrome Web Store
Uninett SAML-tracer - Firefox Add-Ons
Firefox and Chrome
- Open a new browser window.
- Click the SAML-Tracer extension button.
A new SAML-tracer window displays:
In the SAML-tracer toolbar, the blue button highlight indicates an active selection. In this example, Pause is selected, so this should be clicked again to un-Pause data collection.
- Reproduce the issue (login, etc).
- Once the issue is reproduced, click Export in the SAML-tracer toolbar. In the Export SAML-trace preferences, select None for "Select cookie-filter profile", and then click Export. Save the file to a known location. This JSON export can be attached to the active Support case for further review.
Related Articles
The following articles may provide more information or related information to this article: