Enabing SAML Trace

ComponentSpace · February 20, 2014, 9:42pm

The SAML component may be configured to enable SAML trace to be written to a log file. This information can assist with tracking down issues.
It is not recommended that SAML trace is left enabled in production systems as this may have an impact on performance.

Configure SAML Trace
Update your application’s web.config to include a section as shown in the configuration below.
Log files are written to the logs sub-folder under your application's root folder.

<add
name="CyclicTextWriter"
type="ComponentSpace.SAML2.Utility.CyclicTraceListener,ComponentSpace.SAML2"
initializeData="logs"/>

The switchValue should be set to "Verbose" in production systems for problem determination only. Otherwise, it should be set to either "Off" or "Information".

rob.ehle · May 15, 2014, 6:00am

Is there a simple way to toggle the diagnostics? (Without touching the config file)

ComponentSpace · May 15, 2014, 2:34pm

Hi Rob
We use the standard ASP.NET system diagnostics for logging. I’m not aware of any way to toggle logging on or off other than by updating the web.config.

scottclem · October 13, 2014, 10:50am

What are the other values for switchValue? I'd like to turn off the logging, but not have to remove all of the config settings.

ComponentSpace · October 13, 2014, 2:13pm

Replace

with

Alternatively, comment out the <system.diagnostics> section.

jinimg · March 15, 2017, 8:38am

Hi team,

I would like to use the log4net library for logging. Because I am not using the System.Diagnostics.Trace in the application anymore. I tried different options but I could not find a method to forward SAML Trace to log4net. Please help me

Thanks,
MG

ComponentSpace · March 15, 2017, 3:12pm

We use the standard .NET System.Diagnostics.TraceListener. We don’t natively support log4net.
You could either implement your own TraceListener that writes to log4net or search for an existing implementation of this.

jinimg · March 16, 2017, 1:07am

[quote]

ComponentSpace - 3/15/2017

We use the standard .NET System.Diagnostics.TraceListener. We don't natively support log4net.
You could either implement your own TraceListener that writes to log4net or search for an existing implementation of this.

[/quote]

I wrote my own TraceListener and it caught all event logs other than Component Space. Is there any mandatory configuration for ComponentSpace.SAML ??

Please help.

MG

jinimg · March 16, 2017, 10:08pm

I am able to configure log4net instead of system trace. Posting the details here. may be helpful for others.
---------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------
web.config
--------------
<system.diagnostics>

</system.diagnostics>

Custom listener class override
----------------------------------------------
namespace MyApp.Helper
{
public class Log4netTraceListener : TraceListener
{
private readonly ILog _logManager;

public Log4netTraceListener()
: this(“System.Diagnostics.Redirection”)
{

}

public Log4netTraceListener(string name)
: base(name)
{
_logManager = LogManager.GetLogger(name);
}

public override void Write(string message)
{
if (_logManager != null)
{
_logManager.Debug(message);
}
}

public override void WriteLine(string message)
{
if (_logManager != null)
{
_logManager.Debug(message);
}
}

public override void TraceEvent(TraceEventCache eventCache, string source, TraceEventType eventType, int id)
{
TraceEvent(eventCache, source, eventType, id, string.Empty, new object[0]);
}

public override void TraceEvent(TraceEventCache eventCache, string source, TraceEventType eventType, int id, string message)
{
TraceEvent(eventCache, source, eventType, id, message, new object[0]);
}
//And other overrides if needed…
}
}

Global.asax
---------------
Add the listener in application start

protected void Application_Start()
{
Trace.Listeners.Add(new Log4netTraceListener());
}

Thanks,
MG

ComponentSpace · March 17, 2017, 4:55pm

Thanks MG for sharing.

akcatchme · September 17, 2018, 12:55am

I am using highlevel api of component space. if certification mismatch or any issues , it gives exception in the line
_samlServiceProvider.ReceiveSsoAsync().Result
Is there way to capture SAML Response if I got error for debugging purpose ? If there is no issues with SAML response , don’t need to capture anything.

ComponentSpace · September 17, 2018, 1:21am

The best option is to enable the SAML trace.
Note that ReceiveSsoAsync is part of our SAML product for ASP.NET Core.
Enabling trace is the best option when debugging issues.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
The trace captures the SAML response and includes details about signature failures etc.

akcatchme · September 17, 2018, 11:19am

[quote]

ComponentSpace - 9/17/2018

The best option is to enable the SAML trace.
Note that ReceiveSsoAsync is part of our SAML product for ASP.NET Core.
Enabling trace is the best option when debugging issues.
https://www.componentspace.com/Forums/7936/Enabling-SAML-Trace
The trace captures the SAML response and includes details about signature failures etc.

[/quote]

Thank you for your information.
I am using NLog instead of AddSerilog .
I use the logic as you mentioned and appsettings is also configured with LowLevel Warning. It logs error but doesn't have SAML response on it.
Below is code in Program.cs :
public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseIISIntegration()
.UseStartup()
.ConfigureLogging(logging =>
{
logging.ClearProviders();
logging.SetMinimumLevel(Microsoft.Extensions.Logging.LogLevel.Trace);
})
.UseNLog() // NLog: setup NLog for Dependency injection
.Build();

Error logs :

at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
2018-09-17 13:09:46.2119|ERROR|DESKTOP-E17ARME|YourCause.IdentityServer|Connection id "0HLGSP1P7LD11", Request id "0HLGSP1P7LD11:00000002": An unhandled exception was thrown by the application.System.Exception: An error was encountered while handling the remote login. ---> System.AggregateException: One or more errors occurred. (The SAML response isn't signed.) ---> ComponentSpace.Saml2.Exceptions.SamlSignatureException: The SAML response isn't signed.
at ComponentSpace.Saml2.SamlServiceProvider.VerifySamlResponseSignatureAsync(XmlElement samlResponseElement)
at ComponentSpace.Saml2.SamlServiceProvider.ProcessSamlResponseAsync(XmlElement samlResponseElement)
at ComponentSpace.Saml2.SamlServiceProvider.ReceiveSsoAsync()
--- End of inner exception stack trace ---
at System.Threading.Tasks.Task.GetResultCore(Boolean waitCompletionNotification)
at YourCause.IdentityServer.Host.Security.Saml2.Saml2AuthenticationHandler.HandleRemoteAuthenticateAsync() in C:\anilkhadka\YourCause\application\YourCauseProject\IdentityServer\YourCause.IdentityServer.v2\YourCause.IdentityServer.Host\Security\Saml2\Saml2AuthenticationHandler.cs:line 125
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()
--- End of inner exception stack trace ---
at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler.HandleRequestAsync()
at IdentityServer4.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync() in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\Hosting\FederatedSignOut\AuthenticationRequestHandlerWrapper.cs:line 38
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.Cors.Infrastructure.CorsMiddleware.Invoke(HttpContext context)
at IdentityServer4.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in C:\local\identity\server4\IdentityServer4\src\IdentityServer4\Hosting\BaseUrlMiddleware.cs:line 36
at Microsoft.AspNetCore.Diagnostics.StatusCodePagesMiddleware.Invoke(HttpContext context)
at Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware.Invoke(HttpContext context)
at YourCause.IdentityServer.Host.Startup.<>c.<b__6_0>d.MoveNext() in C:\anilkhadka\YourCause\application\YourCauseProject\IdentityServer\YourCause.IdentityServer.v2\YourCause.IdentityServer.Host\Startup.cs:line 122
--- End of stack trace from previous location where exception was thrown ---
at Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.Invoke(HttpContext httpContext)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication application)

Please let me know if you need more information.

ComponentSpace · September 17, 2018, 2:13pm

We mostly log at the debug level.
If logging is setup correctly, you should see more than just the exception being thrown.
As an experiment, if you call the logDebug method from your application, do you see the entry in the log?

karlomarko.sabay · January 19, 2020, 3:53pm

Hi, we are using ComponentSpace.SAML2.dll version 2.6.0.18 and we are getting this error when trying to enable SAML trace base on the instruction.

Are we missing something?

ComponentSpace · January 19, 2020, 4:49pm

The CyclicTraceListener was added as a convenience in v2.8.3.

For earlier releases, you can use one of the standard Microsoft trace listeners or a 3rd party trace listener.

For example:

<system.diagnostics>

</system.diagnostics>

ComponentSpace · March 3, 2020, 1:41pm

We use the .NET framework system diagnostics for logging so you can use any System.Diagnostics.TraceListener implementation you wish.

As a convenience, we supply a ComponentSpace.SAML2.Utility.CyclicTraceListener that cycles daily.

However, there are more sophisticated 3rd party trace listeners available.

Ify · June 7, 2020, 4:42am

[quote]

ComponentSpace - 3/17/2017

Thanks MG for sharing.

[/quote]

Hi I have replied to your email. Thanks

ComponentSpace · June 7, 2020, 2:20pm

Thanks.

thinktime · August 6, 2021, 6:22am

I can’t turn it on, as CyclicTraceListener is not defined.
lib v 2.6.0.18