Environment

• App Control (Formerly CB Protection) Server: 8.1.0 and Higher
• SAML

Objective

The purpose of this article is to capture diagnostic files during SAML integration troubleshooting to assist in resolution.

Resolution

1. On the Application Server navigate open the file - "\Program Files (x86)\Bit9\Parity Console\WebUI\html\login.php"
2. Find the line: $lastSAMLResponse = $_SESSION['lastSAMLResponse'] and add this line bellow it, so it looks like this:

   $lastSAMLResponse = $_SESSION['lastSAMLResponse'];
   error_log($lastSAMLResponse);

3. Log into the App Control Web Console and navigate to the "Support.php" page:
   • https://servername/support.php
   • Select "Snapshot Server Logs"
   • Set Logging Duration: 30 Min
   • Debug Level: High
   • Reporter Level: High
   • Script Level: High
   • Select "Start Logging"
4. Reproduce by logging in via SAML multiple times and getting an error
5. Select "Stop Logging Now "
6. Revert the changes in the "login.php" file. 
7. Go to Tools > Requested Files > Download the latest files
8. Please zip up the diagnostics files along with a scrubbed version of the metadata.xml (remove cert info)
9. Send to Cb Vault and note the case for review.

Additional Notes

Additional logging may be needed: Cb Protection: Additional SAML Logging

Related Content