Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-4736: How to record headers and traces for Centrify Cloud debugging

Centrify Identity Service, App Edition ,  

21 December,16 at 10:11 PM

Applies to: Centrify Identity Service, App Edition



Question:

Centrify Support may sometimes ask for browser network traces when debugging web app configuration for SSO in the Centrify User Portal.

What are the steps needed to retrieve this information?


Answer:

Note: When debugging SSO operations with Centrify applications, the preferred method is to use to use Firefox browser with the following Add-ons installed:
If Firefox cannot be used, then alternative methods are also available to capture client-side traces for Centrify Cloud debugging.


== Debug capture methods ==
  1. Using Live HTTP Headers & SSO Tracer with Firefox
  2. Using Fiddler with Internet Explorer, Chrome, Outlook, etc
  3. Using Chrome's Developer Tools
  4. Using STRACE for Office 365 rich-client debugging (Lync, Outlook, etc)

 
 
1. Using Live HTTP Headers & SSO Tracer with Firefox:
 
If needed, make sure Firefox is also set up for Single-Sign-On using the following guide: 
  1. Right-click on the Firefox toolbar and enable the Menu Bar
     
  2. Select Tools from the menu bar and open both the Live HTTP Headers and SSO Tracer
     
  3. In the Live HTTP Headers window, make sure the "Capture" checkbox is enabled
     
  4. Go to the main Firefox window and reproduce the issue.
     
  5. Go back to Live HTTP Headers and press [ Save All ] from both the Headers tab and Generators tab (Save as headers.txt and generator.txt)

    User-added image

     
  6. Go to SSO Tracer, check through the entries to make sure the POST SAML request has been logged (There will be an orange SAML icon on the right of the list) 

    User-added image

     
  7. Once the SAML entry has been found, click the icon to save the SSO Tracer output.
     
  8. Send the saved output files to Centrify Support for analysis.





2. Using Fiddler with Internet Explorer, Chrome, Outlook, etc:

If needed, make sure Internet Explorer is set up for Single-Sign-On using the following guide:   

      KB-8417- How to trace and capture an issue using Fiddler



3. Using Chrome's Developer Tools
  1. Open Chrome and navigate to the target page, do not reproduce any issues yet.
     
  2. Right-click anywhere on the page and select "Inspect element". (If the right-click action has been disabled for that page - the panel can still be accessed via the Chrome menu button > More Tools > Developer Tools)
     
  3. In the Developer Tools panel that opens, click to the "Network" tab
    • Make sure "Preserve log" is selected.
    • Press the "Clear" button to start a fresh log trace
      User-added image
       
  4. In the main browser page, reproduce the target issue, the network panel will start to fill with traffic entries.
     
  5. Once the issue is fully reproduced and the trace is not recording any more communication, right-click anywhere in the network trace area and select "Copy all as HAR"

    User-added image
  6. Open up a blank text file and paste the HAR output into the .txt
     
  7. Zip and send the file into Centrify Support for analysis.





4. Using STRACE for Office 365 rich-client debugging (Lync, Outlook, etc)

STRACE is a Microsoft tool used for recording socket-level traffic and is included as part of the Microsoft HTTPRELAY analysis package.

Note:
  • STRACE is a high-level logging application and will capture login information including passwords if used to record login events.
  • If this method is used, it is recommended to either use a disposable test account for the reproduction, or immediately change the target user's password after the logs are generated.
  • It is also recommended to password-protect the zip file when packing the logs for transport.
 
  1. Download and install the latest version of HTTPRELAY to the target machine:
  2. Make sure the target apps (Lync, Sharepoint, etc) are fully closed down (including closed from the System Tray)
     
  3. Open up a command prompt and navigate to the HTTPREPLAY installation directory. This is normally located at:
    • C:\Program Files (x86)\HTTPREPLAY\
  4. Open the target app using the STRACE.DLL as a wrapper.
    • For example to open Lync through the DLL, enter the command in either of the following formats (depending on the architecture of the system):
      • withdll /d:strace32.dll "[ full path to lync.exe ]"
      • withdll64 /d:strace64.dll "[ full path to lync.exe ]"

        User-added image
         
  5. Reproduce the target issue and then close down the app completely again.
     
  6. When the app is fully shut down, a log file will get saved to the Desktop with a filename similar to:
    • STRACE_LYNC_PID_####_########_####.STRACE  
    • (If no log file is created, try opening the app with the other 32/64-bit architecture command)
  7. Zip up and send in the STRACE log(s) into Centrify Support for analysis.

Note: When capturing login issues for O365 desktop applications, it will also be useful to simultaneously record a debug trace from the Microsoft Online Services Sign-in Assistant. See the following MS KB on how to do this:



(All external links provided as a courtesy)

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.

Related Articles

No related Articles