SAML | How to get SAML tracer output for a SAML based login-attempt?
You can use your favourite SAML tracer browser plugin. Here we used SAML-tracer in a chromium-based browser.
To record the SAML tracer output:
- Go to ServiceDesk Plus's login screen
- Click on SAML Tracer Extension to open up the SAML Tracer window.
- Now click on login with SAML Single Sign-On and login to your IDP.
- When it's redirected back to SDP, click on the already opened SAML Tracer window. It should have recorded the SAML requests and responses.
To send us the recording:
- Click on export in the SAML Tracer window.
- Select "Mask Values" and click on Export
- Send us the downloaded JSON file for analysis.
To check the NameID Format and NameID Attribute
- Click on the URL that ends with /SamlResponseServlet.
- Now open the SAML tab in the bottom bar
- Press ctrl+f to open search bar
- Type in nameid
- In the <NameID Format> tag, we can clearly see the format and it will have the NameID attribute too inside it (admin@zylker.com in the below example)
<NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">admin@zylker.com</NameID>
Sample Image:
To check the additional attributes:
- Search for "attribute" and the list of attributes can be seen.
- The Attribute's Name should be given in SDP
- The AttributeValue can be used to check if the expected value is returned.