When troubleshooting SAML issues, support may request a SAML trace. In this article we will outline how to do so.
What is a HAR file
A HAR file (HTTP Archive) is a network file displaying the list of redirects that occur during login activity.
How we use it
The data we are interested in are the user attributes, the group being passed and their associated values. This can help us determine what the issue may be by enabling us to identify the information that the IDP is providing us to help us map the groups, users etc.
For example, if we have mapped the ROLE_ADMIN role inside IriusRisk to be given to the IDP group COMPANY_ADMINS and it is not working, we may look at the HAR file and it may help us identify that no groups are being passed, so there may be an IDP configuration issue. Another example may show that the IDP group or mapping file may be typed incorrectly.
How to obtain a HAR file.
- Navigate to your login page
- Open the developer tools in your browser.
- This will be different on every browser
- Chrome: click the 3 dots (ellipsis) at the top right of your browser > more tools > Developer tools
- Navigate to the Network tab.
- ensure you have 'preserve log' selected
- Click the login button, fill in your single sign in information and complete redirection back to IriusRisk.
- Export the HAR file
- this is usually achieved via a download button.
- Upload the HAR file to the associated support case.