Question

8
Replies
563
Views
Close popover
Arunkumar Velmurugan (A___K)
Accenture
Application Development Specialist
Accenture
NL
View Profile
A___K Member since 2018 20 posts
Accenture
Posted: November 18, 2019
Last activity: December 2, 2019

How to trace SAML Activity

Hi All,

Whenever I log in through SSO Login page, I am getting following error message in the browser.

"Your account has been disabled, contact your system administrator"

So, How to trace SAML activity?

Could you please provide inputs?

Regards,

AK

Low-Code App Development Data Integration Security System Administration
Close popover
Posted: 1 year ago
Close popover
Santhosh Bagannagari (bagas)
PEGA
Tech Lead, Security Engineering
Pegasystems Inc.
IN
View Profile

Hi,


 


Are you trying to create new operator or using an existing Pega operator to login ? From the error message, it looks the operator record has been disabled. Can you check if Operator record is not disabled on Pega ?


For debugging SSO login process, you can enable logging for below classes and see.


com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils 

com.pega.pegarules.integration.engine.internal.sso.saml.SAMLResponseHandler 

com.pega.pegarules.integration.engine.internal.sso.saml.SAMLRequestHandler 

com.pega.pegarules.integration.engine.internal.sso.AbstractSSOHandler 

com.pega.pegarules.integration.engine.internal.sso.saml.SAMLv2ACSHandler


Thanks,


Santhosh

Posted: 1 year ago
Close popover
Arunkumar Velmurugan (A___K)
Accenture
Application Development Specialist
Accenture
NL
View Profile

Hi Santosh,


I am trying to create a new operatorID. 

I have more than one node(8-10) in staging environment.


So if I enable logging in one node. How can I identify the exact node to check the log?


 

Posted: 1 year ago
Close popover
Santhosh Bagannagari (bagas)
PEGA
Tech Lead, Security Engineering
Pegasystems Inc.
IN
View Profile

Is the new operator record created in the system ?

Posted: 1 year ago
Close popover
Abhishek Goel (goela1)
PEGA
Technical Solutions Engineer
Pegasystems Inc.
IN
View Profile

Hi,


You can also add SAML tracer in Chrome browser and capture the request URLs. Please find the attached snippet for more details.


Thank you,


Abhishek

Posted: 1 year ago
Close popover
Arunkumar Velmurugan (A___K)
Accenture
Application Development Specialist
Accenture
NL
View Profile

Hi Abhishek,


Thank you for the response. 


I have tried the SAML tracer but I am getting a success message in the tracer.

In the browser, I am getting the error message  

"Your account has been disabled, contact your system administrator"

 


Posted: 1 year ago
Close popover
Rimjhim Srivastava (srivr1)
PEGA
Technical Solutions Engineer
Pegasystems Inc.
IN
View Profile

Hi,


You can either trace from the Admin studio and selecting the activity that you want to trace.


You can use SAML tracer and Fiddler tools to trace the SAML activity from the browser which you need to download based upon the browser you are using.


"Your account has been disabled, contact your system administrator"


The above error generally appears when you have logged the incorrect passwords for quite a number of times.
Share this page Share via LinkedIn Copying...
Copied!