Contents x
    How to collect a HAR (HTTP ARchive format) file for SSO Troubleshooting
    • 1 Minute to read
    • Print
    • PDF
    Contents

    How to collect a HAR (HTTP ARchive format) file for SSO Troubleshooting

    • 1 Minute to read
    • Print
    • PDF
    Article Summary

    About this document

    This document describes the step-by-step procedure to collect a HAR file for troubleshooting SSO sign on issues.

    How to Collect a HAR file and provide to SAFE for analysis

    HAR is the short form for HTTP ARchive format, which tracks all the logging of a web browser's interaction with a site.The steps to fetch HAR file from a web browser are as follows:

    Note: The following example uses Chrome. Other browsers provide similar tooling, but are not documented here.

    • Open the SAFE Portal the user is trying to connect tol: https://<region>.safeone.ai/

    • On your Browser, open Developer Tools:

      • Right-click anywhere in the browser window, and select Inspect option:

    • In the Developer Tools panel, click on the Network tab:

    • If you are unable to view the Network tab, click on the more options (double right-facing arrows) button to view the Network tab:

    • In the Network tab, make sure that the network logs are being recorded:

      • If the Network tab shows the Recording network activity ... text, this step can be skipped as the network logs are being recorded:

    • Keeping the Network Tab opened, try logging into SAFE to initiate the SSO-based login flow.

    • Once the login completes/fails with an authorisation error, click on the download button (downwards pointing arrow) in the Network tab to download a HAR file.

      • When asked for the filename in your file explorer, click Save to download the HAR file.

    SAFE will be looking for various details in the provided HAR file, such as idpresponse to analyze the SAML response provided by your IdP tool. For your reference, a successful idpresponse (deflated XML) looks as follows:

    Note: To get the XML from the idp response you needed to base64 decode the response

    Sample Response

    <samlp:Response
  ID="_67a1effd-abd4-47d2-957f-fcf6091ddef2"
  Version="2.0"
  IssueInstant="2024-01-16T16:33:46.003Z"
  Destination="https://auth-app-us-1.safeone.ai/saml2/idpresponse"
  InResponseTo="_ea71e376-9361-42b9-a5d4-6bbb0d684334"
  xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
  ><Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    >https://sts.windows.net/a28016a7-6135-43f2-8ea0-37ada6ae567c/</Issuer
  ><samlp:Status
    ><samlp:StatusCode
      Value="urn:oasis:names:tc:SAML:2.0:status:Success" /></samlp:Status
  ><Assertion
    ID="_70c4d592-c53f-4a6b-868d-b39d7594b900"
    IssueInstant="2024-01-16T16:33:46.000Z"
    Version="2.0"
    xmlns="urn:oasis:names:tc:SAML:2.0:assertion"
    ><Issuer
      >https://sts.windows.net/a28016a7-6135-43f2-8ea0-37ada6ae567c/</Issuer
    ><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
      ><SignedInfo
        ><CanonicalizationMethod
          Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
        /><SignatureMethod
          Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
        /><Reference URI="#_70c4d592-c53f-4a6b-868d-b39d7594b900"
          ><Transforms
            ><Transform
              Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /><Transform
              Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms
          ><DigestMethod
            Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"
          /><DigestValue
            >GyoyCiJcGmQUrhJ2P9lnsOurOxGBUsYgXWruXlDs3Cs=</DigestValue
          ></Reference
        ></SignedInfo
      ><SignatureValue
        >0arJ3E/Q+/j4y7xJvU6gVlZP0AFws7EGqeA5qJ+TpRYqR2mJsMSD66oaVP6HqJ4URAe71FW5qxkFFmf9KtYNQDSkDlhfkyt3n8onwXuyHd9D1DVswK9UhzZdzQRAn+B1wka7UNNEbIZj+YPkiEkO3x2CTAOxhhpfKc3nuv/FVuyo3K7KP6YBFuhUggGYe+XH3YGUlvFxkAHrep4MnqMS7/097breS+LiXKRTuoFcX6gSuyFW/xZzWzcJZH6ddjV0qahfcXh+azhoWil5YLGiFawwoWjnTrXQ4u/11d7Cl3wsBvQSvckYBv/4k5cBu5is1l44aWVbUnIN94gyAXk5hA==</SignatureValue
      ><KeyInfo
        ><X509Data
          ><X509Certificate
            >MIIC8DCCAdigAwIBAgIQdWfpQni5Ma1CMU8d6uUlcDANBgkqhkiG9w0BAQsFADA0MTIwMAYDVQQDEylNaWNyb3NvZnQgQXp1cmUgRmVkZXJhdGVkIFNTTyBDZXJ0aWZpY2F0ZTAeFw0yNDAxMTYxMDI1NTdaFw0yNzAxMTYxMDI1NTdaMDQxMjAwBgNVBAMTKU1pY3Jvc29mdCBBenVyZSBGZWRlcmF0ZWQgU1NPIENlcnRpZmljYXRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23Hm3vNBUcDycpmgXMJKRLwi0BiTMJOnOgnfQftoLeXg1IkYVRQMTw9enyDak2330fWVhSjfeBcPQgZamHuTzbE+c4gkgRylzDIUjDvnmz1rJGMzae7ZzYaHmFwBfNCc8mfToAcFgFHrlwGbacKoM8ZS6MPcSH8r1hx2ImWFB0pMCqSAhrdGCvpoXI0eSRxKWWEK0f1LfidxqvmQesFcG0EmFqNEEG2NT7O8YLqkCzsk70dH8FKJb+v1Ap88qIBPWqzZgKtmnEvyVjvyqkSfTWc59PuIYPSh152KXJZ5zdckBG1xMrxyXXz20fu9/JUaEYmD6p0K8Jobj0u/UxF5yQIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAsVNQVxkqVR1ZanoK1TCUwmTkcY1R6u8c80cMxcI0wJivwfHEIpyVtL3lmR35aGQ7UM+csqkwpK1tYArFW0SyH4xglsjMhQj1jGK4jMIIUPjTKtNi/4BcxyBYuu2Vwjfy26b0SbzQQFv2Usuhmg57YZn7Yq43Rj2c1ZQND+ue5ChKsF9/1GTgsKgm6UO2E11IhHXkAOiBpvxmkHCd5pmZae7JKvv655aI1YKUZTuEPxBOWH+a86eXG4BJ5BpR3ctoDr5YyGcNSByJxoBFbYLE8iOTeaOBSH27pqvRRPAFs5uNXFsrL79GpHPPHc0/5nNqFxw/mdguPNVlyuzd1B/ID</X509Certificate
          ></X509Data
        ></KeyInfo
      ></Signature
    ><Subject
      ><NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"
        >testUser@SafeTechnologyPvtLtd.onmicrosoft.com</NameID
      ><SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"
        ><SubjectConfirmationData
          InResponseTo="_ea71e376-9361-42b9-a5d4-6bbb0d684334"
          NotOnOrAfter="2024-01-16T17:33:45.882Z"
          Recipient="https://auth-app-us-1.safeone.ai/saml2/idpresponse" /></SubjectConfirmation></Subject
    ><Conditions
      NotBefore="2024-01-16T16:28:45.882Z"
      NotOnOrAfter="2024-01-16T17:33:45.882Z"
      ><AudienceRestriction
        ><Audience
          >urn:amazon:cognito:sp:us-east-1_mSGKPnplt</Audience
        ></AudienceRestriction
      ></Conditions
    ><AttributeStatement
      ><Attribute Name="http://schemas.microsoft.com/identity/claims/tenantid"
        ><AttributeValue
          >a28016a7-6135-43f2-8ea0-37ada6ae567c</AttributeValue
        ></Attribute
      ><Attribute
        Name="http://schemas.microsoft.com/identity/claims/objectidentifier"
        ><AttributeValue
          >c035a24a-26e8-40f6-a4b9-6d2570069095</AttributeValue
        ></Attribute
      ><Attribute
        Name="http://schemas.microsoft.com/identity/claims/identityprovider"
        ><AttributeValue
          >https://sts.windows.net/a28016a7-6135-43f2-8ea0-37ada6ae567c/</AttributeValue
        ></Attribute
      ><Attribute
        Name="http://schemas.microsoft.com/claims/authnmethodsreferences"
        ><AttributeValue
          >http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/password</AttributeValue
        ></Attribute
      ><Attribute
        Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
        ><AttributeValue
          >testUser@SafeTechnologyPvtLtd.onmicrosoft.com</AttributeValue
        ></Attribute
      ></AttributeStatement
    ><AuthnStatement
      AuthnInstant="2024-01-16T16:33:39.701Z"
      SessionIndex="_70c4d592-c53f-4a6b-868d-b39d7594b900"
      ><AuthnContext
        ><AuthnContextClassRef
          >urn:oasis:names:tc:SAML:2.0:ac:classes:Password</AuthnContextClassRef
        ></AuthnContext
      ></AuthnStatement
    ></Assertion 
></samlp:Response>

    Was this article helpful?
    What's Next