- 3 Minutes to read
- Print
- PDF
How to collect a HAR (HTTP ARchive format) file for SSO Troubleshooting
- 3 Minutes to read
- Print
- PDF
About this document
This document describes the step-by-step procedure to collect a HAR file for troubleshooting SSO sign on issues.
How to Collect a HAR file and provide to SAFE for analysis
HAR is the short form for HTTP ARchive format, which tracks all the logging of a web browser's interaction with a site.The steps to fetch HAR file from a web browser are as follows:
Note: The following example uses Chrome. Other browsers provide similar tooling, but are not documented here.
Open the SAFE Portal the user is trying to connect tol: https://<region>.safeone.ai/
On your Browser, open Developer Tools:
Right-click anywhere in the browser window, and select Inspect option:
In the Developer Tools panel, click on the Network tab:
If you are unable to view the Network tab, click on the more options (double right-facing arrows) button to view the Network tab:
In the Network tab, put a check in the “Preserve logs” box.
In the Network tab, make sure that the network logs are being recorded:
If the Network tab shows the Recording network activity ... text, this step can be skipped as the network logs are being recorded:
Keeping the Network Tab opened, try logging into SAFE to initiate the SSO-based login flow.
Once the login completes/fails with an authorisation error, click on the download button (downwards pointing arrow) in the Network tab to download a HAR file.
When asked for the filename in your file explorer, click Save to download the HAR file.
Share the downloaded HAR file with SAFE via the SAFE Service Desk.
SAFE will be looking for various details in the provided HAR file, such as idpresponse to analyze the SAML response provided by your IdP tool. For your reference, a successful idpresponse (deflated XML) looks as follows:
Note: To get the XML from the idp response you needed to base64 decode the response
Sample Response
<samlp:Response
ID="_67a1effd-abd4-47d2-957f-fcf6091ddef2"
Version="2.0"
IssueInstant="2024-01-16T16:33:46.003Z"
Destination="https://auth-app-us-1.safeone.ai/saml2/idpresponse"
InResponseTo="_ea71e376-9361-42b9-a5d4-6bbb0d684334"
xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
>https://sts.windows.net/a28016a7-6135-43f2-8ea0-37ada6ae567c/</Issuer
><samlp:Status
><samlp:StatusCode
Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status
><Assertion
ID="_70c4d592-c53f-4a6b-868d-b39d7594b900"
IssueInstant="2024-01-16T16:33:46.000Z"
Version="2.0"
xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
><Issuer
>https://sts.windows.net/a28016a7-6135-43f2-8ea0-37ada6ae567c/</Issuer
><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
><SignedInfo
><CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/><SignatureMethod
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
/><Reference URI="#_70c4d592-c53f-4a6b-868d-b39d7594b900"
><Transforms
><Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms
><DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"
/><DigestValue
>GyoyCiJcGmQUrhJ2P9lnsOurOxGBUsYgXWruXlDs3Cs=</DigestValue
></Reference
></SignedInfo
><SignatureValue
>0arJ3E/Q+/j4y7xJvU6gVlZP0AFws7EGqeA5qJ+TpRYqR2mJsMSD66oaVP6HqJ4URAe71FW5qxkFFmf9KtYNQDSkDlhfkyt3n8onwXuyHd9D1DVswK9UhzZdzQRAn+B1wka7UNNEbIZj+YPkiEkO3x2CTAOxhhpfKc3nuv/FVuyo3K7KP6YBFuhUggGYe+XH3YGUlvFxkAHrep4MnqMS7/097breS+LiXKRTuoFcX6gSuyFW/xZzWzcJZH6ddjV0qahfcXh+azhoWil5YLGiFawwoWjnTrXQ4u/11d7Cl3wsBvQSvckYBv/4k5cBu5is1l44aWVbUnIN94gyAXk5hA==</SignatureValue
><KeyInfo
><X509Data
><X509Certificate
>MIIC8DCCAdigAwIBAgIQdWfpQni5Ma1CMU8d6uUlcDANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDAxMTYxMDI1NTdaFw0yNzAxMTYxMDI1NTdaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23Hm3vNBUcDycpmgXMJKRLwi0BiTMJOnOgnfQftoLeXg1IkYVRQMTw9enyDak2330fWVhSjfeBcPQgZamHuTzbE+c4gkgRylzDIUjDvnmz1rJGMzae7ZzYaHmFwBfNCc8mfToAcFgFHrlwGbacKoM8ZS6MPcSH8r1hx2ImWFB0pMCqSAhrdGCvpoXI0eSRxKWWEK0f1LfidxqvmQesFcG0EmFqNEEG2NT7O8YLqkCzsk70dH8FKJb+v1Ap88qIBPWqzZgKtmnEvyVjvyqkSfTWc59PuIYPSh152KXJZ5zdckBG1xMrxyXXz20fu9/JUaEYmD6p0K8Jobj0u/UxF5yQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAsVNQVxkqVR1ZanoK1TCUwmTkcY1R6u8c80cMxcI0wJivwfHEIpyVtL3lmR35aGQ7UM+csqkwpK1tYArFW0SyH4xglsjMhQj1jGK4jMIIUPjTKtNi/4BcxyBYuu2Vwjfy26b0SbzQQFv2Usuhmg57YZn7Yq43Rj2c1ZQND+ue5ChKsF9/1GTgsKgm6UO2E11IhHXkAOiBpvxmkHCd5pmZae7JKvv655aI1YKUZTuEPxBOWH+a86eXG4BJ5BpR3ctoDr5YyGcNSByJxoBFbYLE8iOTeaOBSH27pqvRRPAFs5uNXFsrL79GpHPPHc0/5nNqFxw/mdguPNVlyuzd1B/ID</X509Certificate
></X509Data
></KeyInfo
></Signature
><Subject
><NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
>testUser@SafeTechnologyPvtLtd.onmicrosoft.com</NameID
><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"
><SubjectConfirmationData
InResponseTo="_ea71e376-9361-42b9-a5d4-6bbb0d684334"
NotOnOrAfter="2024-01-16T17:33:45.882Z"
Recipient="https://auth-app-us-1.safeone.ai/saml2/idpresponse" /></SubjectConfirmation></Subject
><Conditions
NotBefore="2024-01-16T16:28:45.882Z"
NotOnOrAfter="2024-01-16T17:33:45.882Z"
><AudienceRestriction
><Audience
>urn:amazon:cognito:sp:us-east-1_mSGKPnplt</Audience
></AudienceRestriction
></Conditions
><AttributeStatement
><Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid"
><AttributeValue
>a28016a7-6135-43f2-8ea0-37ada6ae567c</AttributeValue
></Attribute
><Attribute
Name="http://schemas.microsoft.com/identity/claims/objectidentifier"
><AttributeValue
>c035a24a-26e8-40f6-a4b9-6d2570069095</AttributeValue
></Attribute
><Attribute
Name="http://schemas.microsoft.com/identity/claims/identityprovider"
><AttributeValue
>https://sts.windows.net/a28016a7-6135-43f2-8ea0-37ada6ae567c/</AttributeValue
></Attribute
><Attribute
Name="http://schemas.microsoft.com/claims/authnmethodsreferences"
><AttributeValue
>http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue
></Attribute
><Attribute
Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
><AttributeValue
>testUser@SafeTechnologyPvtLtd.onmicrosoft.com</AttributeValue
></Attribute
></AttributeStatement
><AuthnStatement
AuthnInstant="2024-01-16T16:33:39.701Z"
SessionIndex="_70c4d592-c53f-4a6b-868d-b39d7594b900"
><AuthnContext
><AuthnContextClassRef
>urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef
></AuthnContext
></AuthnStatement
></Assertion
></samlp:Response>