Testing an authentication service

You can test and debug an authentication service in a development or staging environment by setting the appropriate log level.

1. Set the logger to debug. For performance and security reasons, do not use this setting in a production environment.
   • For a SAML authentication service, the logger is com.pega.pegarules.integration.engine.internal.util.PRSAMLv2Utils.
   • For an OIDC authentication service, the loggers are:
     • com.pega.pegarules.integration.engine.internal.auth.oidc.NimbusOIDCClientHandler
     • com.pega.pegarules.integration.engine.internal.auth.oidc.OIDCClientHandler
2. Optional: For an OIDC authentication service, get the claim values by using remote tracing.
   1. Open a browser window to the application login screen and proceed to the login screen for your identity provider. Do not log in yet.
   2. In a separate browser window for Dev Studio, do the following steps:
      1. In the developer toolbar, click Tracer.
      2. From the Tracer dialog, click Settings, and under Pages to Trace, enter D_pzSSOAttributes. Click Add, and then click OK.
      3. From the Tracer dialog, click Remote Tracer, select the ID of the unauthenticated requestor, and click OK.
3. Attempt to log in by authenticating with the identity provider.
4. Examine the console log by clicking Configure > System > Operations > Logs > Log files and selecting the Pega log.
5. Use a third-party tool to decode the Base64-encoded assertion from the log.