Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Setting up Diagnostics for SAML Integration

App Control: Setting up Diagnostics for SAML Integration

Environment

  • App Control (Formerly CB Protection) Server: 8.1.0 and Higher
  • SAML

Objective

The purpose of this article is to capture diagnostic files during SAML integration troubleshooting to assist in resolution.


Resolution

  1. On the Application Server navigate open the file - "\Program Files (x86)\Bit9\Parity Console\WebUI\html\login.php"
  2. Find the line: $lastSAMLResponse = $_SESSION['lastSAMLResponse'] and add this line bellow it, so it looks like this:
    $lastSAMLResponse = $_SESSION['lastSAMLResponse'];
    error_log($lastSAMLResponse);
  3. Log into the App Control Web Console and navigate to the "Support.php" page:
    • https://servername/support.php
    • Select "Snapshot Server Logs"
    • Set Logging Duration: 30 Min
    • Debug Level: High
    • Reporter Level: High
    • Script Level: High
    • Select "Start Logging"
  4. Reproduce by logging in via SAML multiple times and getting an error
  5. Select "Stop Logging Now "
  6. Revert the changes in the "login.php" file. 
  7. Go to Tools > Requested Files > Download the latest files
  8. Please zip up the diagnostics files along with a scrubbed version of the metadata.xml (remove cert info)
  9. Send to Cb Vault and note the case for review.

Additional Notes

Additional logging may be needed: Cb Protection: Additional SAML Logging


Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎02-14-2019
Views:
1481
Contributors