How To Gather A SAML Trace?

News Knowledge Base
1

How to gather a SAML trace?

When troubleshooting SAML issues, the first thing that needs to be checked is always a SAML trace in order to see if the Request and the Response contain all the needed information.

  1. Install the SAML-tracer plugin

In order to perform a SAML trace, a small plugin is required in the browser that records the SAML conversation.

The SAML-tracer plugin Mozilla Firefox and Google Chrome. Get it from:

The plugin works identically in both browsers, and the remainder of these steps apply irrespective of which you choose.

  1. Open the SAML-tracer window

SAML-tracer only actively records your connections when its window is open. To open the SAML-tracer window, you need to click on the newly added SAML-tracer icon in the plugins area. This is usually on the top right of the browser.

SAML-tracer plugin icon

  1. Log into a website

At this point, perform the login that is wished to trace. Typically it will be a service that is having difficulty authenticating with, and complete the normal login process from the beginning as far as possible until the error or problem occurs.

While doing this, see the SAML-tracer window recording the details of the transaction, including the SAML transactions (shown with the occasional orange SAML tags) that indicate an authentication process is occurring.

saml-trace-testsp.png786×593 29.9 KB


SAML trace in progress

Note: It often helps to do this in a private or incognito window to ensure that any cookies previously set in the browser do not interfere with the trace. However, it is needed to allow the SAML-tracer plugin to run in private/incognito mode. Typically do this in the plugin/add-on settings of the browser.

  1. Review the trace (optional)

If interested in the details of what is happening, and how the information is being transferred, view the steps in the SAML trace. To view a particular step, select it in the SAML-tracer windows and then click on the “SAML” tab to see the transaction.

saml-trace-testsp-view.png786×593 40 KB

  1. Export the SAML trace

The next step is to export the SAML trace by clicking on the “Export” button that is on the top menu bar of the SAML-tracer window.

If prompted to select how to handle cookies in the export. For the most part, the default value of “Mask values” is okay and will preserve some of the privacy. However also send a trace with the cookies intact, in which case select “None”. Then click the “Export” button.


Cookie preferences in the SAML-tracer export

The result of the export will be a JSON file that is saved to your local computer.

  1. Share the trace

Send a copy of the SAML-tracer JSON file to the support team. However, also share a screenshot or photograph of any error message(s) seen in the browser window, for the UiPath support team can see how they are displayed.

Be aware that the JSON trace file may contain some personally identifying information, in particular the values of the attributes shared by the identity provider.