Friday, September 23, 2011

ADFS 2.0 Debugging / Tracing

Environment with customized idp login pages. ADFS redirects to Error page with a reference number. The reference number is not the be see in event viewer.


1. Which log to check ? Cannot find messages in EventViewer - Application.
Refer this link for solution:

"Open the Event Viewer. Navigate to 'Applications and Services Logs' -> 'AD FS 2.0' -> Admin. In the 'View' menu, using 'Add/Remove Columns...', add the 'Correlation Id' column. Look up the reference number 'c14bcf7c-268d-46be-82c3-7c1d873c3df2' in the 'Correlation Id' column.

(In some specific cases you get a 'Reference number' but no event in the AD FS 2.0 event log. In my experience that is mostly when customizing the sign-in pages.)"

2. Enable tracing

Excellent article to enable tracing for ADFS 2.0

Much more detailed:

The steps in the above article should help configure tracing of ADFS and enable logging to event viewer. It still does not show up anything because of customized login pages.

3. Right click on Error page and check source. Nothing. Sometimes MS loves putting the stack trace in there.

4. Fiddler to the rescue:

    a. Navigate to the inetpub (inetpub\..\ad\ls\) folder where the Error.aspx page can be found.
    b. There is just one method in there, Add   "HttpContext.Current.Response.Write(Exception.ToString())"
    c. This should present the exact stack trace.
    d. Use the same idea for the pages that were edited, e.g. idp login page and trace it using Respose.Write.
    e. If it still does not work, and it still redirects to Error page and the response.write on Error page provide a very generic message, then use fiddler and read the response of each page during the transaction and you will see the error on the pages.
(Make sure to decrypt https requests using fiddler cert.)

No comments:

Post a Comment