Logs for errors in SAML?

By: Rhett Prichard user 10 Aug 2021 at 10:30 a.m. CDT

2 Responses
Rhett Prichard gravatar
I have made a change to one of my development gluu servers and now it when it runs a saml connection to samltest.id, it is providing pretty empty saml xml, with no attributes and no nameIDs. I have turned all the logging in shibboleth and gluu to trace/debug and can not find a error. What log should i be watching that would explain this KINDA of error. I understand this is not enough information to solve the issue, but what im looking for is what log would show me how i ended up with no attributes in the saml that was passed to the SP. The changes i made where to the velocity template and the SAML->Configure Custom NameId setting in the GUI. I rolled back the velcocity tempate and I thought i had rolled back the GUI setting but im assuming i must have missed something and am hoping the right log would tell me what.
Gluu 4.2.2 CentOS 7.0
closed

Answers

By Mohib Zico Account Admin 12 Aug 2021 at 1:13 p.m. CDT

Copy
Mohib Zico gravatar
I would start with: - Shibboleth log to find out what type of assertion coming, if there is any error during statup of shibboleth velocity templates and what actually being sent to SP at this moment ( after applied modification ) : https://www.gluu.org/docs/gluu-server/4.2/operation/logs/#adjust-shibboleth-log-level - oxTrust log: to find out what "Custom NameID" change doing at this moment: https://www.gluu.org/docs/gluu-server/4.2/operation/logs/#oxtrust-logs

By Rhett Prichard user 12 Aug 2021 at 2:29 p.m. CDT

Copy
Rhett Prichard gravatar
Can you point out which shib log I should use for the assertions and which log for the start up? I’ve been using the jetty/idp/logs but that isn’t the same so I’m not sure which of those on that link are which.

Post an answer