logging saml response xml

[Alin Tomoiaga]

Hi everyone,

Do you know what logging setting I need to turn on to be able to see the samlRequests and samlResponses in the clear text in the logs? 

Our cas server is configured as a saml idp.

(For the cas protocol, I can turn on logging to see the validation xml messages, but I do not seem to be able to turn on just the right knob with the saml messages ).

We would like to monitor changes in the saml communication (sometimes sp's change their metadata without telling us)

and I would like to be able to see in the logs the entire xml:

<?xml version="1.0" encoding="UTF-8"?> <saml2p:Response Destination="https://app.ca1.chromeriver.com/login/sso/saml/consume?customerId=2260" ID="_8921793056161713360" InResponseTo="_46f07e73-2207-47c0-8b61-bec1ae529cbe" IssueInstant="2020-01-23T22:39:24.667Z" Version="2.0" xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"> <saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity"....

As stated before, the real purpose is monitoring the samlrequests and responses for changes, in case you have other suggestions.

Thank you.

[Andy Ng]

Hi Alin,

I think I have done that before, and it probably is by enabling the following:

https://apereo.github.io/cas/6.1.x/installation/Configuring-SAML2-Authentication.html#troubleshooting

<AsyncLogger name="org.opensaml" level="debug" additivity="false">
    <AppenderRef ref="console"/>
    <AppenderRef ref="file"/>
</AsyncLogger>
<AsyncLogger name="PROTOCOL_MESSAGE" level="debug" additivity="false">
    <AppenderRef ref="console"/>
    <AppenderRef ref="file"/>
</AsyncLogger>

See if enabling that would allow you to see the logs...

Cheers!

- Andy

[Alin Tomoiaga]

Hi Andy, thank you very much for the help. I will try it tomorrow and report my findings

[Alin Tomoiaga]

It works great. Great advice. Thank you.