Total Pageviews

Tuesday, September 10, 2019

debug OpenAM SAML Assertion







How do I debug decrypted SAML assertions?

A. When assertions are encrypted, the Federation debug log does not contain decrypted assertion details by default. You can enable debug logging for unencrypted SAML assertions as follows:
  1. Log into the SP instance of AM/OpenAM as amadmin.
  2. Navigate to: <protocol>://host.fqdn:port/openam/Debug.jsp, for example: http://host1.example.com:8080/openam/Debug.jsp.
  3. Select Federation from the Category field, select Message from the Level field and then click Submit to change the debug level.
  4. Click TURN ON for the Debug encrypted SAML communications option, observing the warning that this outputs sensitive data to your logs.
  5. Click Confirm to save these debug settings. The decoded assertion XML from the IDP will now be output to the Federation debug log on the SP.

No comments:

Post a Comment