Total Pageviews

Tuesday, September 10, 2019

debug OpenAM SAML Assertion 












How do I debug decrypted SAML assertions?



A. When assertions are encrypted, the Federation debug log does not 
contain decrypted assertion details by default. You can enable 
debug logging for unencrypted SAML assertions as follows:



    

  1. Log into the SP instance of AM/OpenAM as amadmin.
    2. 

  2. Navigate to: <protocol>://host.fqdn:port/openam/Debug.jsp, for example: http://host1.example.com:8080/openam/Debug.jsp.
    3. 

  3. Select Federation from the Category field, select Message from the Level field and then click Submit to change the debug level.
    4. 

  4. Click TURN ON for the Debug encrypted SAML communications option, 
observing the warning that this outputs sensitive data to your logs.
    5. 

  5. Click Confirm to save these debug settings. The decoded assertion 
XML from the IDP will now be output to the Federation debug log on the 
SP.
    6. 















Posted by



at







































No comments:















Post a Comment

























        

      









Subscribe to:
Post Comments (Atom)