Troubleshooting SAML Authentication setup in Orchestrator

How to troubleshoot issues related to SAML Authentication in Orchestrator ?

From Orchestrator version 2018.4.x, Orchestrator supports the SAML Authentication.

  1. Ensure all the steps are fulfilled from our set-up guide at SSO Using SAML 2 . If SAML is enabled and correctly configured, a button is displayed at the bottom of the Login page.
  2. Enable logging for the SAML Authentication
In most of the case the default logs generated in event viewer does not gives clear picture on the issue. Please add below lines in the web.config of Orchestrator to enable the detail logs
<system.diagnostics>
        <switches>
          <add name="Microsoft.Owin" value="Verbose" />
        </switches>
        <trace autoflush="true"></trace>
        <sharedListeners>
          <add name="file" type="System.Diagnostics.TextWriterTraceListener" initializeData="WebAppOwin.log" />
        </sharedListeners>
        <sources>
          <source name="Microsoft.Owin">
            <listeners>
              <add name="file" />
            </listeners>
          </source>
        </sources>
    </system.diagnostics>
Add this after the after
</runtime> section

This will generate a log file with OWin.log in the Orchestrator folder.
Note: Ensure the user under which app pool is running has full access on the folder, so that it creates the log files.
  1. Validating the SAML response : Capture the SAML Response