Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Agneta Teuchler (AgnetaT2)
Tieto Sweden AB

Tieto Sweden AB
SE
AgnetaT2 Member since 2019 1 post
Tieto Sweden AB
Posted: Jun 25, 2019
Last activity: Dec 29, 2019
Posted: 25 Jun 2019 10:46 EDT
Last activity: 29 Dec 2019 18:09 EST
Closed

SAML authentication fails - how to trace?

Hi,

We're trying to setup SAML authentication for Pega 8.2 and so far we've managed to get the following working:

1. Using the Login URL displayed in the SAML 2.0 tab, we get redirected to the IDP
2. Login works fine in the IDP
3. When IDP redirects me to Pega again, I end up on the ordinary login page, where I am prompted with username and password. I haven't managed to see anything in the logs.

Can you help me on how to view the logs for this? Do I somehow need to activate ACS service in Pega or can I check that it's alive somehow? We have checked that the ACS address is the same in the IDP, but I don't get any error messages or anything so I don't know what's happening.

This is what is auto generated in the Service Provider settings:
Entity Identification:
http://<MyHostAddress>/prweb/sp/1561056963
Assertion Consumer Service (ACS)
http://<MyHostAddress>/prweb/PRRestService/WebSSO/SAML/v2/AssertionConsumerService

Regards
Niclas

To see attachments, please log in.
Low-Code App Development
Data Integration
System Administration

Posted: 5 years ago
Posted: 25 Jun 2019 11:48 EDT
Kranthi Kumar Gunda (gundk)
PEGA
Principal Engineer, Technical Support
Pegasystems Inc.
IN

Hi,

Please enable below loggers in DEBUG mode and reproduce the issue it will generates the logs.

com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils

com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ResponseSSOProfileValidator

com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ResponseProtocolValidator

Rule_Obj_Activity.pySAMLWebSSOAuthenticationActivity

Thanks,

Kranthi

To see attachments, please log in.
Posted: 5 years ago
Posted: 26 Jun 2019 3:20 EDT
Agneta Teuchler (AgnetaT2)
Tieto Sweden AB

Tieto Sweden AB
SE

Hi,

The only logger that exists is com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils, the other three aren't there.

/Niclas

 

To see attachments, please log in.
Posted: 5 years ago
Posted: 25 Jun 2019 20:07 EDT
Prakhar Aggarwal (Prakhar_GCS)
PEGA
Principal Engineer, Technical Support
Pegasystems Inc.
GB

Hi Niclas,

To enable logger as mentioned in above comment you can follow below path:

Dev Studio-> Configure -> System --> Operations --> Logs --> Logging Level Setting --> Provide Logger name one by one --> Set Current Level to Debug.

Once you get the logs, you can Reset all logger to default as this may increase logs size.

In addition to above loggers, you can also use SAML browser tracer which is available for free. Which will helps you to see the flow, where it went wrong.

PS: Share SAML tracer and pegarules logs here if you want us to look into the issue.

Regards,

-Prakhar

To see attachments, please log in.
Posted: 5 years ago
Posted: 26 Jun 2019 4:19 EDT
Niclas Graufelds (NiclasG2)
Tieto Sweden AB

Tieto Sweden AB
SE

So, these libraries can't be found from the logger view, do they need to be installed separately somehow?

com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ResponseSSOProfileValidator

com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ResponseProtocolValidator

Rule_Obj_Activity.pySAMLWebSSOAuthenticationActivity

/Niclas 

To see attachments, please log in.
Posted: 5 years ago
Posted: 29 Dec 2019 18:09 EST
Pawan Narain Singh (pawann)
Swedbank AB

Swedbank AB
SE

If the loggers are not to be found, then you just need to create one.

Adding the logger and setting it to DEBUG from the logging level settings page should create the necessary logger for you.

Thank you,
Pawan

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice