Troubleshooting SAML2 Web SSO Scenarios

If you are working on developing, integrating and testing SAML2 based SSO scenarios;  It would be really useful, If we can trace the SAML2 messages that are going here and there. Once of the great tool that we can use for this, is the SSO Tracer It is just a firefox plugin and you can install it in your browser easily.

Step1. Once you install the plugin, It will appear under the tool bar of the Firefox browser .   (Tools -> SSO Tracer)

Step2. When you click on it, It would popup new window (SSO tracer window) that shows the tracing messages.

Step3. You can try out your SAML2 SSO scenario while keeping the SSO tracer window. Then SAML and other all HTTP message would be traced. You can simply look in to the messages on demand.

Step4. If you want to save all captured messages to file system for further analysis.,  You can do it by clicking SAVE icon in the SSO tracer window.

If your SAML2 SSO IDP is WSO2 Identity Server, You can also trace the SAML request and response message as a Administrator. You just need to enable the debug logs in identity Server and all SAML message would be dumped in to logs file. You can go through following steps.

Step1. Locate log4j.properties file which can be found at <IS_HOME>/repository/conf directory.

Step2. Add following entry in to the file

log4j.logger.org.wso2.carbon.identity.sso.saml=DEBUG

Step3. Restart the server.

Step4. Tryout your SAML scenario with Identity Server.

Step5. You can find SAML request/response messages in the server console or these logs would be dumped in to the wso2carbon.log file which can be found at <IS_HOME>/repository/logs directory.