...
This page describes how to enable protocol tracing on UAS and how to enable tracing using SAML SP for Java.
Enable Protocol Tracing on UAS
To enable recording of the SAML protocol messages on UAS:
Enable Protocol Trace on UAS. Set enabled to true to view through a web browser only. Set file-output to true to additionally record all individual messages to the file system (tomcat\temp).
Code Block language bash theme RDark C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\web.xml <servlet> <servlet-name>com.ubisecure.saml2.trace.TraceServlet</servlet-name> <servlet-class>com.ubisecure.saml2.trace.TraceServlet</servlet-class> <init-param> <param-name>enabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>file-output</param-name> <param-value>true</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet>Activate the change by running update:
Code Block language bash theme RDark C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat> update.cmd
Do an authentication request:
Check that SAML requests are viewable with web browser at the address
https://{sso-server address}/uas/trace
Figure 1. Example of a trace Check that requests are recorded to the filesystem:
C:\Program Files\Ubisecure\ubilogin-sso\tomcat\temp\Trace\uas
...
Disable Protocol Trace on UAS. Set
enabledtofalseto view through a web browser only. Setfile-outputtofalseto additionally prevent recording of all individual messages to the file system (tomcat\temp).
C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\webapps\uas\WEB-INF\web.xmlCode Block language bash theme RDark <servlet> <servlet-name>com.ubisecure.saml2.trace.TraceServlet</servlet-name> <servlet-class>com.ubisecure.saml2.trace.TraceServlet</servlet-class> <init-param> <param-name>enabled</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>file-output</param-name> <param-value>false</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet>Activate the change by running update:
C:\Program Files\Ubisecure\ubilogin-sso\ubilogin\config\tomcat> update.cmdDo an authentication request:
- Check that SAML requests are not viewable with web browser at the address
https://{sso-server address}/uas/trace
- Check that SAML requests are not viewable with web browser at the address
- Check that requests are not recorded to the filesystem:
C:\Program Files\Ubisecure\ubilogin-sso\tomcat\temp\Trace\uas
Enable Tracing on SAML SP for Java
To enable the recording of the SAML protocol messages on SAML SP for Java:
Add the following to the
web.xmlconfiguration of the application protected by the SP. Setenabledtotrueto view through a web browser only. Setfile-outputto true to additionally record all individual messages to the file system (temporary directory of application server).Code Block language bash theme RDark <!-- Protocol Tracing --> <filter> <filter-name>com.ubisecure.saml2.trace.TraceServlet</filter-name> <filter-class>com.ubisecure.saml2.trace.TraceServlet</filter-class> </filter> <filter-mapping> <filter-name>com.ubisecure.saml2.trace.TraceServlet</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>com.ubisecure.saml2.trace.TraceServlet</servlet-name> <servlet-class>com.ubisecure.saml2.trace.TraceServlet</servlet-class> <init-param> <param-name>enabled</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>file-output</param-name> <param-value>true</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>com.ubisecure.saml2.trace.TraceServlet</servlet-name> <url-pattern>/trace/*</url-pattern> </servlet-mapping>Do an authentication request:
- Check that SAML request are viewable with web browser on address /
{application context root}/trace(e.g .,http://localhost:8080/palvelu/trace). - Check that requests are recorded to the application server's
temp directory.
- Check that SAML request are viewable with web browser on address /
...