Generally, the first step to troubleshooting a problem is to check the application log file. We have documentation that covers logging in more detail.
The error logs can help you pinpoint the cause of the error, including information about the failing message and its sender.
Viewing the SAML message
We don't log the incoming or outgoing SAML messages in order to prevent PII from being logged and security assertions stolen.
To view a SAML message, you will need to obtain it from the browser network trace. The exact steps required to view the network trace depends on the browser you are using. The following examples use the Google Chrome network DevTools.
Getting the Encoded SAML Message
You will need to obtain the encoded SAML message from the network trace. If you are using HTTP Redirect binding, you will need to get the encoded SAML message from the query string, and if you are using HTTP POST binding, you will need to get the message from the form body.
Decoding the SAML Message
There are various tools available online for decoding the SAML messages. Our favorite is the SAML-Parser.
Fixing the Error
Most of the SAML errors are due to misconfiguration or invalid incoming SAML messages. Check out our Frequently Asked Questions.
If you are unable to fix the error, please check our Support page.