Diagnosing SAML authentication failure within an environment


We have successfully implemented the ComponentSpace Saml2 library (v2.2.0) into our .NET Core identity server and this is working perfectly in a number of environments. However, testing within our cloud production environment we have found that no connection can be made and are trying to diagnose why. The last SAML entry we see is “Constructing an authn request.” from “ComponentSpace.Saml2.SamlServiceProvider”. At the moment we are running Debug logging. Can you provide me any information on what should be happening following this event? Is the actual SAML post or redirect taking place? Is there any extra log level we can apply that might help?

At the moment the user receives a timeout within their browser and they are not redirected to their SAML IdP for authentication. We have not ruled out network issues but our tech team do not believe this is to be case. Looking at the logs available at the moment it appears that the SAML flow just stops (or fails to complete) but there is no clue as to why.

Any help or direction you can provide would be appreciated.


That is strange. At the debug logging level there should be a number of logging entries including the encoding of the authn request and the URL for redirection to the IdP.

What are you using for logging (eg Serilog)? Is it possible that the logging is still in memory and hasn’t been flushed?

If you use the browser developer tools (F12) and capture the network traffic, do you see a 302 redirect to the identity provider?

Let us know what you find.

If you’re still stuck, please send the SAML log file and the captured network traffic as a HAR file to support@componentspace.com mentioning your forum post.