Enabling SAML Trace

SAML for ASP.NET Core
1

SAML debug trace may be enabled to assist with tracking down issues. The standard ASP.NET Core logging API is used. In our examples, we make use of Serilog. However, any logging provider, including Serilog, Log4Net and NLog, may be used to capture the logging information.

Regardless of the logging provider used, the “Debug” level must be specified for “ComponentSpace”.


“Logging”: {
“LogLevel”: {
“Default”: “Information”,
“Microsoft”: “Warning”,
“Microsoft.Hosting.Lifetime”: “Information”,
“ComponentSpace”: “Debug”
}
}



However, it’s not recommended to enable SAML debug trace in production environments, unless for problem determination, as it may impact performance.

Serilog
The following is an example Serilog configuration in appsettings.json. Logs are written to a “logs” folder under the application’s root folder.


“Serilog”: {
“MinimumLevel”: {
“Default”: “Warning”,
“Override”: {
“ComponentSpace”: “Debug”
}
},
“WriteTo”: [
{
“Name”: “Debug”
},
{
“Name”: “Async”,
“Args”: {
“configure”: [
{
“Name”: “File”,
“Args”: {
“path”: “logs/saml-.log”,
“rollingInterval”: “Day”,
“retainedFileCountLimit”: 7,
“buffered”: true,
“flushToDiskInterval”: “00:00:01”
}
}
]
}
}
]
}



To support Serilog and the above configuration, the following NuGet packages must be included in the application.


Serilog.AspNetCore
Serilog.Sinks.Async
Serilog.Sinks.File



The following example CreateWebHostBuilder method in the Program class removes the default logging providers and adds the Serilog provider.


public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureLogging(configureLogging => configureLogging.ClearProviders())
.UseSerilog((webHostBuilderContext, loggerConfiguration) =>
loggerConfiguration.ReadFrom.Configuration(webHostBuilderContext.Configuration))
.UseStartup();



For more information, please refer to the Serilog documentation.

Log4Net
The following is an example Log4Net configuration in log4net.config. Logs are written to a “logs” folder under the application’s root folder.





















To support Log4Net and the above configuration, the following NuGet packages must be included in the application.


Microsoft.Extensions.Logging.Log4Net.AspNetCore



The following example CreateWebHostBuilder method in the Program class removes the default logging providers and adds the Log4Net provider.


public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.ConfigureLogging(configureLogging => configureLogging.ClearProviders());
webBuilder.UseStartup();
}).ConfigureLogging(builder =>
{
builder.SetMinimumLevel(LogLevel.Debug);
builder.AddLog4Net(“log4net.config”);
});



For more information, please refer to the Log4Net documentation.

NLog
The following is an example NLog configuration in nlog.config. Logs are written to a “logs” folder under the application’s root folder.


<nlog xmlns=“<a href=“http://www.nlog-project.org/schemas/NLog.xsd” “=””><a href=“http://www.nlog-project.org/schemas/NLog.xsd” “=”“><a href=“http://www.nlog-project.org/schemas/NLog.xsd” “=””><a href=“http://www.nlog-project.org/schemas/NLog.xsd” “=”“><a href=“http://www.nlog-project.org/schemas/NLog.xsd””>http://www.nlog-project.org/schemas/NLog.xsd"
xmlns:xsi=“<a href=“http://www.w3.org/2001/XMLSchema-instance” “=””><a href=“http://www.w3.org/2001/XMLSchema-instance” “=”“><a href=“http://www.w3.org/2001/XMLSchema-instance” “=””><a href=“http://www.w3.org/2001/XMLSchema-instance” “=”“><a href=“http://www.w3.org/2001/XMLSchema-instance””>http://www.w3.org/2001/XMLSchema-instance"
autoReload=“true”>




<target xsi:type=“File” name=“logfile” fileName=“${aspnet-appbasepath}\logs${shortdate}.log”
layout=“${longdate}|${level}|${message} ${exception:format=tostring}” />








To support NLog and the above configuration, the following NuGet packages must be included in the application.


NLog
NLog.Web.AspNetCore



The following example code in the Program class removes the default logging providers and adds the NLog provider.


public static void Main(string[] args)
{
var logger = NLogBuilder.ConfigureNLog(“nlog.config”).GetCurrentClassLogger();

try
{
CreateHostBuilder(args).Build().Run();
}
finally
{
NLog.LogManager.Shutdown();
}
}

public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.UseStartup();
})
.ConfigureLogging(logging =>
{
logging.ClearProviders();
logging.SetMinimumLevel(LogLevel.Trace);
})
.UseNLog();



For more information, please refer to the NLog documentation.
The Getting started with ASP.NET Core 5 article describes how to configure and enable NLog in an ASP.NET Core 5 application.
There are similar articles for other versions of ASP.NET Core.

2
[quote]
ComponentSpace - 5/26/2017
The SAML library may be configured to enable SAML trace to be written to a log file. This information can assist with tracking down issues.
The standard ASP.NET Core logging API is used.
An example logging configuration from appsettings.json follows.


"Logging": {
"IncludeScopes": false,
"LogLevel": {
"Default": "Warning"
}
}


The BuildWebHost method from the Program class adds the configured logging.
In this example Serilog is used but any logging mechanism may be specified.


public static IWebHost BuildWebHost(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.ConfigureLogging((hostingContext, logging) =>
{
logging.AddConfiguration(hostingContext.Configuration.GetSection("Logging"));
logging.AddConsole();
logging.AddDebug();
logging.AddSerilog(new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.RollingFile("Logs/saml-{Date}.log")
.Filter.ByIncludingOnly(Matching.FromSource("ComponentSpace.Saml2"))
.CreateLogger());
})
.UseStartup()
.Build();


[/quote]

Thank you.
But I added the below to Configure method in Startup.cs, I don't see the log file in that expected directory. I ran SAML SSO to reproduce the problem.
Can you please help with this and also tell possible reasons why 500 Internal Server Error could be sent while in the process of generating SAML Response

loggerFactory.AddSerilog(new LoggerConfiguration()
.MinimumLevel.Debug()
.WriteTo.RollingFile("Logs/saml-{Date}.log")
.Filter.ByIncludingOnly(Matching.FromSource("ComponentSpace.Saml2"))
.CreateLogger());


3

The 500 internal error usually means an exception was thrown.
If you run in the Visual Studio debugger it should show the exception and stack trace.
A common cause is configuration mismatches but it’s hard to be certain without the details of the exception.
Do you see any logging in the console window?
The above Serilog configuration is what we use in our example projects and should generate log files if setup correctly.

4

Hello

I followed the steps above, and added the following to Program.cs, but the log files do not contain the SAML Response.


Serilog.Log.Logger = new LoggerConfiguration().Enrich.FromLogContext().MinimumLevel.Information()
.WriteTo.ApplicationInsights(TelemetryConfiguration.Active, TelemetryConverter.Traces).WriteTo
.Console().WriteTo.RollingFile(“wwwroot/logs/saml-{Date}.log”, shared: true)
.Filter.ByIncludingOnly(Matching.FromSource(“ComponentSpace.Saml2”)).CreateLogger();



All I have in the log files is the following:

2019-11-01 12:07:17.213 -07:00 [Information] ComponentSpace.Saml2, Version=2.2.0.0, Culture=neutral,
PublicKeyToken=null, .NET Standard build, Licensed.
2019-11-01 12:07:17.266 -07:00 [Information] CLR: .NET Core 4.6.28008.02, OS: Microsoft Windows 10.0.17763 ,
Culture: English (United States)



Any help would be greatly appreciated.

Thanks, M

5

Try MinimumLevel.Debug().
Alternatively, see the first message in this post which shows how to do this via configuration.

6
[quote]
ComponentSpace - 11/4/2019
Try MinimumLevel.Debug().
Alternatively, see the first message in this post which shows how to do this via configuration.
[/quote]

That worked, thank you !
7

You’re welcome.