Testing an authentication service
You can test and debug an authentication service in a development or staging environment by setting the appropriate log level.
-
Set the logger to debug. For performance and security reasons, do not use this
setting in a production environment.
- For a SAML authentication service, the logger is
com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils
. - For an OIDC authentication service, the loggers are:
com.pega.pegarules.integration.engine.internal.auth.oidc.NimbusOIDCClientHandler
com.pega.pegarules.integration.engine.internal.auth.oidc.OIDCClientHandler
- For a SAML authentication service, the logger is
- Optional:
For an OIDC authentication service, get the claim values by using remote
tracing.
- Open a browser window to the application login screen and proceed to the login screen for your identity provider. Do not log in yet.
-
In a separate browser window for Dev Studio,
do the following steps:
- In the developer toolbar, click Tracer.
- From the Tracer dialog, click Settings, and under Pages to Trace, enter D_pzSSOAttributes. Click Add, and then click OK.
- From the Tracer dialog, click Remote Tracer, select the ID of the unauthenticated requestor, and click OK.
- Attempt to log in by authenticating with the identity provider.
- Examine the console log by clicking and selecting the Pega log.
- Use a third-party tool to decode the Base64-encoded assertion from the log.