You can easily troubleshoot issues in WIF by enabling tracing. It works similar to WCF tracing. In this recipe, we will discuss the steps to enable WIF tracing and see how the trace information can be viewed using the svctraceviewer.exe
tool.
Follow these steps, to enable WIF tracing:
Web.config
file of the RP and the STS.<system.diagnostics> <sources> <source name="Microsoft.IdentityModel" switchValue="Verbose"> <listeners> <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:LogWebSTS.svclog"/> </listeners> </source> </sources> <trace autoflush="true"/> </system.diagnostics>
Notice the switchValue
attribute is set to Verbose
to log the detailed trace information.
WebSTS.svclog
file will get generated in the C:Log
folder (a similar log file will also get generated under the folder specified in the RP Web.config
file, if communication with the RP is successful): WebSTS.svclog
file using the svctraceviewer.exe
tool. The tool will show one or more E2ETraceEvent
and any exceptions will get highlighted in red, as shown in the following screenshot:WIF tracing is a very powerful feature that enables developers of STS and RP to troubleshoot and monitor issues with WIF. Different trace types (such as ChunkedCookieHandler, HashTrace
, and so on) are generated for the RP and STS under different circumstances. The MSDN article at http://msdn.microsoft.com/en-us/library/ee517282.aspx provides a detailed description of the trace scenarios for STS and RP, including federation and trust protocols.
In addition to WIF tracing, you can also use Fiddler to inspect HTTP messages and check if the tokens are getting generated appropriately. There is a nice WIF Fiddler Inspection tool available at http://identitymodel.codeplex.com/ that can be used to inspect federation messages.