How To: Run a SAML Trace

To troubleshoot the SSO connection, it is required to check what is sent in the SAML requests. Following are the tools and browser add-ons available to run an SAML trace:

• Google Chrome SAML tracer

• Mozilla Firefox SAML tracer

• Fiddler

• Other network traffic monitors for Internet Explorer like F12 Developer Tools

Following example uses the Google Chrome SAML Tracer extension.

To Execute a SAML Trace

1. Click Google Chrome SAML tracer from the above list and click Add to Chrome.

   
   
   

2. Add SAML tracer is displayed, click Add extension to install in the Chrome menu bar.

   
   
   

3. Go to Google chrome click on Extensions icon, click on SAML tracer, and pin it for subsequent ease of use.
   
   
   
   

4. Click to view the SAML tracer window.

   
   
   

   The upper half of the window displays the real-time method entries (GET, POST, etc.), and the lower half is the preview pane that shows all the details of the selected entry.

5. Ensure to de-select the Filter resources to view all the methods.

   
   
   

6. Go to https://profile.autodesk.com/ after a successfull SIGN IN.

   Note:

   During the authentication process, if there is an SAML error, an error page is displayed. Otherwise, the SSO login is successfully completed.

7. Return to the SAML tracer window, a list of GET and POST entries with the URL is displayed. Some entries are highlighted in orange with a SAML tag, indicating SAML events.

   
   
   

   Note:

   The SAML tags appear in the right corner of the entries, denoting SAML events being passed.

8. Click on an Entry and select the SAML tab in the preview pane to view the SAML information.
   
   

   
   
   

9. Check the body of the assertion to ensure the correct mapping, including the following SAML assertion attributes:

   • firstName

   • lastName

   • email

   • objectGUID

     
     
     

10. Also, make sure that each of these fields has a value entered.

    Note:

    For ADFS, in addition to the four attributes mentioned, a value for the "Name ID" field is necessary.

To Export the Logs

1. Click Export in the SAML tracer to view a pop-up Export SAML trace preference.

   
   
   

2. Select appropriate cookie filter and click Export.

3. A JSON file is downloaded containing log information.

   
   
   

4. Go to Downloads and open the log file using VS code or Notepad.