How to perform a SAML-traceHow to perform a SAML-trace

When investigating why a SAML configuration isn't working as expected it is often very helpful to track what is being sent in the SAML requests. For this purpose please install the "SAML-Tracer" plugin in your browser. It is available for Chrome and Firefox.

After installing the extension click the SAML-Tracer icon in the menu bar to open it.
 

This will open the following window:

The upper half of this window displays the real-time method entries (GET, POST, etc.). 

The lower half (preview pane) shows details of the selected entry.

Please proceed with these steps to complete the SAML trace:

1. Start a screen recording.
2. Preparation:
   1. Ensure that the SAML Tracer extension is configured to allow use in InPrivate (also known as "incognito") tabs/windows.
   2. Open a new InPrivate browser window (later referred to as the "normal browser window")
   3. Close all other browser windows of the current browser (to only record requests specific to your problem).
   4. Open SAML Tracer for the current browser (later referred to as the "SAML Tracer window").
   5. (You should now only have two open windows in the current browser; the normal browser window and the newly opened SAML Tracer window.)
   6. Click the Clear button in the SAML Tracer window.
   7. Ensure that SAML Tracer is not paused.
       
3. Perform the full navigation flow:
   1. Access the URL to your Pure admin instance and reproduce the part of the authentication flow that isn't working as expected by navigating to 'https://<host-name-of-your-pure-instance>/admin'. You may need to navigate to 'https://<host-name-of-your-pure-instance>:<some-non-standard-port>/admin' if your Pure instance uses a non-standard port.
   2. You should now be faced with a SAML2 log in flow where you are asked for credentials relevant for the IdP.
   3. Complete the SAML2 log in flow.
   4. You should now be logged into Pure and be presented with a Pure overview page.
   5. Click the profile picture in the top-right corner (the "Profile menu") and then click the Log out link in the pop-up menu that appears.
   6. (You should now be logged out of Pure - and the IdP in general due to SAML2 SLO - and be presented with a Pure page saying "You have successfully logged out of Pure".)
   7. Navigate to URL defined in 3a. by means of the location input field at the top of the normal browser window.
   8. You should now be faced with a SAML2 log in flow where you are asked for credentials relevant for the IdP.
       
4. Finalize the SAML Tracer trace:
   1. Click the Pause button in the SAML Tracer window. You’ll see a list of GET and POST entries. Some entries are highlighted in orange with a SAML tag, indicating a SAML event.
   2. Click the Export button in the SAML Tracer window to save the recorded trace. Keep the "Mask values" option and export. This will store a file (sample name: SAML-tracer-export-2023-03-01T14_45_52.447Z.json) in your downloads folder, please supply this file directly in the Case where you are getting help
       
5. Stop the screen recording.
   1. Share the file with your Pure support as well.