Skip to main content
Delphix

How to Collect A SAML Response Trace (KBA6076)

 

KBA

KBA# 6076

Applicable Delphix Versions

Click here to view the versions of the Delphix engine to which this article applies
Major Release All Sub Releases
6.0 6.0.0.0, 6.0.1.0, 6.0.1.1, 6.0.2.0

5.3

5.3.0.0, 5.3.0.1, 5.3.0.2, 5.3.0.3, 5.3.1.0, 5.3.1.1, 5.3.1.2, 5.3.2.0, 5.3.3.0, 5.3.3.1, 5.3.4.0, 5.3.5.0 5.3.6.0, 5.3.7.0, 5.3.7.1, 5.3.8.0, 5.3.8.1, 5.3.9.0

5.2

5.2.2.0, 5.2.2.1, 5.2.3.0, 5.2.4.0, 5.2.5.0, 5.2.5.1, 5.2.6.0, 5.2.6.1

How to Task

This document discusses the procedure to collect and decode a SAML trace for SSO and/or Central Management troubleshooting. This may be required in conjunction with other Delphix Support troubleshooting when general Okta or other IdP events are encountered, such as 400: GENERAL_NONSUCCESS

clipboard_eb8809179dc823974b2d9ceb2b201c952.png

Prerequisites

Because SSO redirects can often cause multiple page loads, the traditional built-in browser debugging tools (Developer tools, etc) will not be effective as they will not persist the network logs through redirects or page reloads. Therefore, a browser add-on will be required for logging and diagnosing these issues.

Delphix recommends SAML-tracer or others listed at https://www.samltool.com/saml_tools.php

Uninett SAML-tracer - Chrome Web Store

Uninett SAML-tracer - Firefox Add-Ons

Firefox and Chrome

  1. Open a new browser window.
  2. Click the SAML-Tracer extension button. 

clipboard_e35b50e7d0460851f69fced7f85996bba.png

A new SAML-tracer window displays:

clipboard_e8443fe903a41f8a5a68696df5185952d.png

In the SAML-tracer toolbar, the blue button highlight indicates an active selection. In this example, Pause is selected, so this should be clicked again to un-Pause data collection.

Note

Note:

The SAML-tracer will trace ALL SAML exchanges from all browser windows. If it is desirable to isolate logging to only the Delphix application(s) in question, other browser tabs leveraging SSO should be suspended or closed for this data collection.

  1. Reproduce the issue (login, etc).
  2. Once the issue is reproduced, click Export in the SAML-tracer toolbar. In the Export SAML-trace preferences, select None for "Select cookie-filter profile", and then click Export. Save the file to a known location. This JSON export can be attached to the active Support case for further review.

clipboard_e64f0f7360ec29b59052e0cad54b7ed47.png

Note

Note:

If administrative or security policies restrict export of SAML data, selecting other values in this dialog will not render any diagnostic information that can be used for diagnosis, and live review of the JSON may be required via remote session.

 

Related Articles

The following articles may provide more information or related information to this article: