Tracing SAML Logins
Trace data can gather the SAML responses that are posted to Kion in order to facilitate logins. These responses contain all of the information necessary to create/update a user and provide permissions. Gathering trace data can be helpful when troubleshooting issues with authentication and logging in through a SAML IDMS.
Gathering Trace Data with Browser Extensions
The following methods describe how to trace SAML responses in a browser when you’re able to install browser extensions. You must have access to web developer tools in your browser to perform these processes.
Google Chrome: SAML Chrome Panel
- Install the SAML Chrome Panel extension from the Chrome Web Store.
- Navigate to your Kion login page. If you are already signed in, sign out.
- Open the Chrome developer tools. This can be done from the Chrome ellipsis menu under More Tools or by using the keyboard shortcut
Ctrl+Shift+I
.
- Select SAML from the tabs at the top.
- In the same tab where the SAML extension is now open, log in to Kion using your SAML identity provider.
- In the developer tools panel, you should now see two entries: one GET and one POST. The relevant response data is in the POST entry.
- Select and copy all of the POST response data in the SAML tab.
- Open a plain text editor, such as Notepad, and paste in the data.
- Save the file as XML.
Firefox: SAML-Tracer
- Install the SAML-tracer extension from the Firefox Add-Ons site.
- Navigate to your Kion login page. If you are already signed in, sign out.
- From the extensions list in the top right of Firefox, click SAML-tracer.
- In the same tab where you opened the SAML extension, log in to Kion using your SAML identity provider.
- In the extension window, you should now see several entries for different activities. SAML entries have a badge that shows SAML. The relevant response data is in the POST entry.
- Select and copy all of the POST response data in the SAML tab.
- Open a plain text editor, and paste in the data.
- Save the file as XML.
Gathering Trace Data Without Browser Extensions
The following methods describe how to trace SAML responses in a browser when you can’t install extensions. This is useful when the trace needs to happen in a restricted environment. You must have access to web developer tools in your browser to perform these processes.
Google Chrome: SAML Trace Data
- Navigate to your Kion login page. If you are already signed in, sign out.
- Open the Chrome developer tools. This can be done from the Chrome ellipsis menu under More Tools or by using the keyboard shortcut
Ctrl+Shift+I
.
- Select Network from the tabs at the top.
- In the filter bar, select Doc to narrow down the results.
- In the same tab where the developer tools are now open, log in to Kion using your SAML identity provider.
- On the developer tools Network tab, click the red dot above the filter bar to stop recording new events.
- In the list of recorded events, select the callback event.
- Select the Payload tab.
- Copy the SAML response.
- Select the Console tab. This opens a JavaScript console.
- Enter the following command, pasting the response you copied between the apostrophes. The pasted response is likely very long.
atob('example_response')
- Select Enter.
- Copy the results.
- Open a plain text editor, and paste in the data.
- Save the file as XML.
Firefox: SAML Trace Data
- Navigate to your Kion login page. If you are already signed in, sign out.
- Open the Firefox developer tools. This can be done from the Firefox ellipsis menu under Tools.
- Select the Network tab.
- In the filter bar, select HTML to narrow down the results.
- In the same tab where the developer tools are now open, log in to Kion using your SAML identity provider.
- In the list of recorded events, select the callback event.
- Select the Response tab.
- Copy the SAML response.
- Open a plain text editor, and paste in the response.
- Remove the leading characters, including the trailing space:
SAMLResponse:
.
- Copy the edited response.
- In Firefox, select the Console tab in the developer tools. This opens a JavaScript console.
- Enter the following command, pasting the response you copied between the apostrophes.
atob('example_response')
- Select Enter.
- Copy the results.
- Paste the results into a new file in the plain text editor.
- Delete the quotation marks at the beginning and end of the text.
- Perform a find-and-replace:
- Find:
\"
(backslash and a quotation mark)
- Replace:
"
( a quotation mark)
- Save the file as XML.