I went through the motions of configuring SAML with Identity Server.
I found the following to be helpful.
- Adding
"EnablePII": true
inOrchestrator/Identity/appsettings.Production.json
withinAppSettings
if you need to reveal Personally Identifiable Information (PII). The default is false and Error messages in Event Viewer would resemble2021-08-31 16:46:18.0627 Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler Exception occurred while processing message. SecurityTokenSignatureKeyNotFoundException*IDX10501: Signature validation failed. Unable to match key: kid: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
- SAML Chrome Panel Chrome Extension for decoding the SAML claim on the client side.