Centrify Identity Service, App EditionQuestion:
Centrify Support may sometimes ask for browser network traces when debugging web app configuration for SSO in the Centrify User Portal.
What are the steps needed to retrieve this information?Answer:Note:
When debugging SSO operations with Centrify applications, the preferred method is to use to use Firefox browser with the following Add-ons installed:
If Firefox cannot be used, then alternative methods are also available to capture client-side traces for Centrify Cloud debugging.
== Debug capture methods ==
- Using Live HTTP Headers & SSO Tracer with Firefox
- Using Fiddler with Internet Explorer, Chrome, Outlook, etc
- Using Chrome's Developer Tools
- Using STRACE for Office 365 rich-client debugging (Lync, Outlook, etc)
1. Using Live HTTP Headers & SSO Tracer with Firefox:
If needed, make sure Firefox is also set up for Single-Sign-On using the following guide:
2. Using Fiddler with Internet Explorer, Chrome, Outlook, etc:
- Right-click on the Firefox toolbar and enable the Menu Bar
- Select Tools from the menu bar and open both the Live HTTP Headers and SSO Tracer
- In the Live HTTP Headers window, make sure the "Capture" checkbox is enabled
- Go to the main Firefox window and reproduce the issue.
- Go back to Live HTTP Headers and press [ Save All ] from both the Headers tab and Generators tab (Save as headers.txt and generator.txt)
- Go to SSO Tracer, check through the entries to make sure the POST SAML request has been logged (There will be an orange SAML icon on the right of the list)
- Once the SAML entry has been found, click the icon to save the SSO Tracer output.
- Send the saved output files to Centrify Support for analysis.
If needed, make sure Internet Explorer is set up for Single-Sign-On using the following guide:
KB-8417- How to trace and capture an issue using Fiddler3. Using Chrome's Developer Tools
4. Using STRACE for Office 365 rich-client debugging (Lync, Outlook, etc)
- Open Chrome and navigate to the target page, do not reproduce any issues yet.
- Right-click anywhere on the page and select "Inspect element". (If the right-click action has been disabled for that page - the panel can still be accessed via the Chrome menu button > More Tools > Developer Tools)
- In the Developer Tools panel that opens, click to the "Network" tab
- Make sure "Preserve log" is selected.
- Press the "Clear" button to start a fresh log trace
- In the main browser page, reproduce the target issue, the network panel will start to fill with traffic entries.
- Once the issue is fully reproduced and the trace is not recording any more communication, right-click anywhere in the network trace area and select "Copy all as HAR"
- Open up a blank text file and paste the HAR output into the .txt
- Zip and send the file into Centrify Support for analysis.
STRACE is a Microsoft tool used for recording socket-level traffic and is included as part of the Microsoft HTTPRELAY analysis package.Note:
- STRACE is a high-level logging application and will capture login information including passwords if used to record login events.
- If this method is used, it is recommended to either use a disposable test account for the reproduction, or immediately change the target user's password after the logs are generated.
- It is also recommended to password-protect the zip file when packing the logs for transport.
Note: When capturing login issues for O365 desktop applications, it will also be useful to simultaneously record a debug trace from the Microsoft Online Services Sign-in Assistant. See the following MS KB on how to do this:
- Download and install the latest version of HTTPRELAY to the target machine:
- Make sure the target apps (Lync, Sharepoint, etc) are fully closed down (including closed from the System Tray)
- Open up a command prompt and navigate to the HTTPREPLAY installation directory. This is normally located at:
- C:\Program Files (x86)\HTTPREPLAY\
- Open the target app using the STRACE.DLL as a wrapper.
- For example to open Lync through the DLL, enter the command in either of the following formats (depending on the architecture of the system):
- withdll /d:strace32.dll "[ full path to lync.exe ]"
- withdll64 /d:strace64.dll "[ full path to lync.exe ]"
- Reproduce the target issue and then close down the app completely again.
- When the app is fully shut down, a log file will get saved to the Desktop with a filename similar to:
- (If no log file is created, try opening the app with the other 32/64-bit architecture command)
- Zip up and send in the STRACE log(s) into Centrify Support for analysis.
(All external links provided as a courtesy)