This topic shows you how to use tracing in Windows® Identity Foundation (WIF). This is similar to Windows Communication Foundation (WCF) tracing. For more information on WCF tracing, see How to: Enable Tracing.
How to Enable Tracing
The simplest way to enable tracing is in your
application’s app.config or web.config
file. The following configuration enables WIF traces, which are
written to the file C:\logs\WIF.xml. Note that the
folder in which the log file is written must already exist. WIF
traces can be viewed with svctraceviewer.exe, which
can be found in \Program Files\Microsoft
SDKs\Windows\v6.0A\bin on the drive on which you installed
Visual Studio.
 Copy Code |
|
|---|---|
<system.diagnostics> <sources> <source name="Microsoft.IdentityModel" switchValue="Verbose"> <listeners> <add name="xml" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WIF.xml" /> </listeners> </source> </sources> <trace autoflush="true" /> </system.diagnostics> |
|
The following configuration enables WCF and WIF traces,
which are written to the files C:\logs\WCF.xml and
C:\logs\WIF.xml, respectively. Note that the tracing
sources are differentiated by the name attribute of
the source element.
| Copy Code |
|
|---|---|
<system.diagnostics> <sources> <source name="Microsoft.IdentityModel" switchValue="Verbose"> <listeners> <add name="wif" /> </listeners> </source> <source name="System.ServiceModel.MessageLogging" logKnownPii="false" switchValue="Verbose"> <listeners> <add name="wcf" /> </listeners> </source> </sources> <sharedListeners> <add name="wcf" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WCF.xml" /> <add name="wif" type="System.Diagnostics.XmlWriterTraceListener" initializeData="C:\logs\WIF.xml" /> </sharedListeners> <trace autoflush="true" /> </system.diagnostics> |
|
Security Note: |
|---|
| WIF tracing does not attempt to filter personally identifiable information (PII). Therefore, WIF traces should be stored in a secure location. |
Traces
This topic discusses the following traces:
- ChunkedCookieHandler
- ClaimsPrincipal
- DeflateCookie
- HashTrace
- PassiveMessage
- Reference
- Token
- WsFedMessage
- Exceptions
- AppDomain
Unloading
The following tables show which traces are useful for which scenarios.
For STS developers:
| Token Issuance | Scenario | Trace |
|---|---|---|
|
WS-Federation |
Fails to issue token |
|
|
Warning: WS-Federation Message Not Processed |
||
|
Success |
||
|
RST Received |
||
|
POST body (including wresult) |
||
|
HashTraceRecord |
||
|
WS-Trust |
ActAs Request in RST |
|
|
RSTR/RST (WCF Traces) |
For RP developers:
| Token Validation | Scenario | Trace |
|---|---|---|
|
WS-Federation |
Fail (Audience URI, Certificate Validation) |
|
|
Warning: WS-Federation Message Not Processed |
||
|
Success |
||
|
ClaimsPrincipal |
||
|
POST body (FedPassive Response) |
||
|
Cookie (Name) |
||
|
Others |
Authorizations |
|
|
Exceptions |
ChunkedCookieHandler
The ChunkedCookieHandler trace contains information about the cookie: its name, size, path, domain, expiration, whether the channel was secure, and what action is being taken on it (reading, writing, or deleting).
The following trace records information about cookies that are being written:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>0</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2009-08-27T16:06:43.3655884Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-5a00-0080000000f7}" />
<Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" />
<Channel/>
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>ChunkedCookieHandler: Writing Name=FedAuth Path=/ Domain= Expires=Session Secure=True HttpOnly=True</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
The following trace records information about cookies that are being read:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>0</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2009-08-27T16:06:43.3812141Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-5b00-0080000000f7}" />
<Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" />
<Channel/>
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>ChunkedCookieHandler: Reading Name=FedAuth</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
ClaimsPrincipal
The ClaimsPrincipal trace contains information about the principal that was created: its name and all claims identities that it contains. Each claims identity has a name, NameClaimType, RoleClaimType, Label, Actor (might be empty), and a set of claims.
The following is an example ClaimsPrincipal trace:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>1</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2009-08-28T00:37:18.9548714Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="ActiveStsExample.vshost" ProcessID="4380" ThreadID="11" />
<Channel/>
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">
<Description>Setting an IClaimsPrincipal on the current EvaluationContext</Description>
<AppDomain>ActiveStsExample.vshost.exe</AppDomain>
<ClaimsPrincipalTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/ClaimsPrincipalTraceRecord">
<ClaimsPrincipal Identity.Name="MyDomain\MyUserName">
<ClaimsIdentity Name="MyDomain\MyUserName" NameClaimType="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" RoleClaimType="http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid" Label="">
<Claim Value="MyDomain\MyUserName" Type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ValueType="http://www.w3.org/2001/XMLSchema#string"></Claim>
<Claim Value="http://schemas.microsoft.com/ws/2008/06/identity/authenticationmethod/x509" Type="http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod" ValueType="http://www.w3.org/2001/XMLSchema#string"></Claim>
</ClaimsIdentity>
</ClaimsPrincipal>
</ClaimsPrincipalTraceRecord>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
DeflateCookie
The DeflateCookie trace contains information about the compression of the cookie: its original size and compressed size.
The following is an example DeflateCookie trace:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>0</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2009-08-27T16:06:43.0843258Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-5a00-0080000000f7}" />
<Execution ProcessName="w3wp" ProcessID="3412" ThreadID="4" />
<Channel/>
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>DeflateCookieTransform: BeforeDeflate=5224 AfterDeflate=2596</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
HashTrace
The HashTrace trace contains information about signatures and signing XML: bytes in Hex form, bytes in string form (when writing, the PreCanonicalBytes are included), length, and value.
The following is an example HashTrace trace:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>1</EventID>
<Type>3</Type>
<SubType Name="Verbose">0</SubType>
<Level>16</Level>
<TimeCreated SystemTime="2009-08-28T01:04:35.4997605Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="11" />
<Channel/>
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose">
<Description>Microsoft.IdentityModel Diagnostic Trace</Description>
<AppDomain>ActiveStsExample.vshost.exe</AppDomain>
<HashTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/HashTraceRecord">
<PreCanonicalBytes>
<Length>3240</Length>
<HexBytes>EFBBBF3C417…</HexBytes>
<Encoding.UTF8><Assertion ID="_0457ef59-6994-40ee-a733-b9a1210bead3" IssueInstant="2009-08-28T01:04:27.590Z" Version="2.0" /AttributeStatement></Encoding.UTF8>
</PreCanonicalBytes>
<CanonicalBytes>
<Length>3241</Length>
<HexBytes>3C417373657274696F6E20</HexBytes>
<Encoding.UTF8><Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_0457ef59-6994-40ee-a733-b9a1210bead3" …/Assertion></Encoding.UTF8>
</CanonicalBytes>
<Hash>
<Length>44</Length>
<Value>pBEYEHY7srohYL4L0lHWgIhxDw8YCaPyUb99OUI/OZA=</Value>
</Hash>
</HashTraceRecord>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
PassiveMessage
The PassiveMessage trace contains information about an STS passive or sign-in message that was received at a passive Web site: name/value pairs from the HTTP request.
The following is an example PassiveMessage trace:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>1</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2009-11-04T01:36:22.2657059Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" />
<Channel />
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">
<Description>HttpRequest.Form in SignInWithResponseMessage.</Description>
<AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain>
<PassiveMessageTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/PassiveMessageTraceRecord">
<Request>
<wa>wsignin1.0</wa>
<wresult>
<trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:RequestSecurityTokenResponse Context="rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx">
<trust:Lifetime>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T01:36:22.156Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T02:36:22.156Z</wsu:Expires>
</trust:Lifetime>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
<Address>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</Address>
</EndpointReference>
</wsp:AppliesTo>
<trust:RequestedSecurityToken>
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
</e:EncryptionMethod>
<KeyInfo>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=localhost</X509IssuerName>
<X509SerialNumber>-46063684837087187425230596485139881026</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>Hjwt9Qfo/+fSaIqxy2vFIaVuPhKxHjmfYZsWLIAe8KZg4mNz4IH9j1eeMuJUdSiNY7yiv7SXVbVNmpi/lsSON8H9vVVpMgfYbr23tgbWjTKSJp59VWwzURx/MqyNOerlRc8GOSNz9S8AgVVm6twFYw/ZgScYFklYQuNKCEAYChU=</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>hrt5PmmAaa3frZjz928PcWhXlUf+xzsR7pUSAosRfQ4MkNvyJtC12Bf4RdEYmauF59Pi2g+5WMggZj8RHfekTzV1k87jmNPxzQ9zcN8JVuz1UsqP3ADgEZiesnhSlhpfaogD3fgmFpCBikwFLg4I60y2X/0yQt+hBHqLcvu3LKbAy81tkPPx9qJYy+1y1FBbm0Wt55GdDwo+f9akJMXJkXc0MhYbNRKIsMWuWbVo73TF3aHJ8AqYjJy7kuWXdvxqbCo6yW0SkEiid6FYAG1/Rl6tB8BOaye8YlpPJRBeFkojHaa9RohnSZ73KPFH9JbFXERQfpN9Z5I1yLvkSkWbu81O3z4epgFVBcr+ARuRc5RnVnuQg7IUMeQFm5d2HD80DuonqrUkJC7+kr3ur//Hdc5WTSxCCVRTrR/YLuFRLDKjXfJ8gYXUkTCI8Ca9yoMesjNZWAT6nf0pu3P/DHh0IczdcGhMYelZiHTY6C5au0ZqMvJudgbLyLvhkM+tTX8Nt0MZFt7FEYz/QXrBjh6t5/WbItFf+2P6ZPQuGQFCMsJo0zMonmxQzUBMJbrG1hNrb2w27+RXAh5Xhvie/4njwaAmcb3nWanohs8AEU41kODsYrjbq+7VfqyyIIWvnL+8T1QEABXuGPbme+Jkp6xHViL5FHPLsHR9l9IAQwWTn85D+/LBlmSPA/avPst1nIUk5cCkwwg06W0g+ZL4zK9w7v7xTff6sinm7cNw3UcQfWbo8/R7DTEph4KFIzHPvy5kuAFk1A13uwrGvodapoh/gDyZ6laCA53S/nDy6nFeNtr3TYer8FXlZGXXe9DglBXWtYLcOc6pEM8r3rab13sbev5KgJOPUcg/ebtH6voyF/dfvsTh+hDRMtpOS+7JTV89Bn4zcDm9/8/2DzAEDhxb28YUKwgdVM30sF4e3/4+qedafQr2OIMRJqRFMxaDD6amvXw09qmp48edKDEQRCmqKi/iGPZQUtZNxrNBld+iOj8l/53dgum5DTQgrWhioeEgueWWmhLjepSpfrxW8HgeFTQMc/Eev8ASD2f1tL7rOC3XxTkQgxvLBpNm1UucI0GC/f3u0DOwL8R6z4gG2ZF5sQy0grAxiKRQOOHslw2OdKcEJCZPx8Dt53zHN5C/MhazWZcsIXS4sBE7lafC7cPS/C/kV5rNv+hvuLSrvaT3IEGx9Bfrt391FGssaqL1f6HeFBtSk7+IuGLJIFWurZ/LuZnGBcJZ9TBB7a9dpO5yj6trn/QTuaVoE7wsYJmtCpEkg/jjlQ2/SZMZlf9zUsauebwJKlm5l7U6aIlu6lsOkTdtGsNcTE2qgmN/3vZjguDCg+0/cVDQE6iyDafpatojv9/+7JAxd/Hf2ITmYb04GRn2TqPy0HPcBj4czkwJ7+q59oj49E8leFdQx/dFRFmwHk8N4XD8/Sn1rSrc3LnDcBu//xhBKf1pUoEjq2AEDYGIiY1j1Aoa1h11DxQdEx1qc4uKoVL6PHm/NA9LA5fKtwjfCmebNaVGmFx+Oq+EcHdMnL3g8GEYWkd59u0BgRaW1XeTTdF7lksNYqtwNii8fhw50oiquGwlcADksrGCxQtzrTSLq8Zt0npiOaXe1hKGuQEAsNRm5nzu7fruf2AKkQwh9RKyU1lpAux/y2cWQcvjRqldY0ZAuim7c+YmnXoWEe/xQ3k4QHn+xSooCrRjwbrV3bbMl2JdPyC4tt2MRjF/LIsH3lNWOTAXT4saFKO6dyigZoQvW88xaDPCiOIKMbL9yy9dGp5JQnk1AQv1/4UjyVgUdVakGEep0iR7euqh9m+vu1/o8WsE+lbO2S5X2WQxFxxzTnBT24AgoK2Qy9FXfmL9VQWTcif6I0tGFwGnQpp1n0Cn+37Ta+jYXtllWg1AmX8PtE18qjW/gHGh/U1aMHOLSJ6n/VmJyk9IUmmtA2q3D1tFCSGtCjd661kipUpBvi1u8dvRXz1jhrWIu0uKZ9FhMvsR4zi/oB98ZkEUSB0aUd0dCrJe7c9FHtUdDo5g7YfHY7Ch4yLMuvhfkmQa+dddXwuQNcmHdLq27PNah3v7A9SUgqZyHi+I4efjy17K3WxqxO9DJY7iaqa2KJkJifdAZ/YNRzmiL9RO4NRnheF7vc0W9fF5Ih/r1nxwLwbjyOZwIToksEgot1C2wfJpc6ylObuTCL2+/KpYKh1NGjZHRdQtEHxAaRxPhK3WW/iKT1U1g04YluHyxdlo0fiEYXikndhbNassN7fVF27FL0uCBNv75D5W0+KlYpWlSaYnBMqXMLm2Aw5cgIQueCGzMPCZf5yapP8BZUzBrURxYOiEbPPrLDzQZnSVfGDJJ9qBMBpDgtFE7fQVp11HUwwdps4bgrn1f0uTjf9G08eFTRV9jKKrhKnBZFRqNpiM97n5w+YuzTVwV4RcgXIqanZbd0q6lstQo6Ls9sg46yUQUmage6PWf/OBRdCU+1Rk0ve7uPYHATAP0gOu4HuEYbGU9Nz0BRQfGf/+Hf5xqJp1O1MzMMXpCn5kDhqZuNJRuHN26dVgk9EgviLsYSyeHJaG/yYpk3ZtRiTQU/fOKbaX8lpgCON/0UKS1rCPrf9ub1+rsZGQOYtJOGbnXulTcY8mcb//7SXTPJxPsgA51d+yZ6EgjQLc1G1E2HWzWNLSjSkd4vICoSqgM1uCecF+uacE9u9qlqaugRqT6LH65Nw6RCOlvmyJjzNh9R2xmjOqewz0QPzeojuF0DqxHmJfgyLqhv3bUrdoo3ESQ1yJPwl9srHejn0vK8MPdKB6GOocYg/Gh4fNGqxNXTG9Kz0sAw90qKByA4AfYPH7/7sscsHg+Mr3o0Ih5AJsJ9/JUBdhqMEYAVOC9kEMNgu+5HXY1aO7CfTCD/T+EuI8qYg3Dj9yVt1G0fXmCor+u7ETD2Sq8coiYJ03uCEsNqOLvCyUmZOlcBt2ZwWeNGhWokgEm9ybXQFjLhBTQ4qNrFww70oQk7Utxxgsdq/X/TWeBKWZwXDYxwiEs0mANp+YuvrDd/IrMHinThFP5wMoMG+mGapdX8uEGu6PByfd3kwzdVLPRA/dE/qxJEvVX1U8kthcxlhR3KZtmGvBDu6RZjldNVEGkjN8k8eOxMuCdiyPHRhBFHVEhEOvxkrmPtwGURFdY/7sgCXW8wYSYxmQkOzbi+6qymtcPOGxpDPHlN6ValdZih1QCotonxTF+cFVc9i41v5/VeQ9g283ujbr9P0+gqwt89mdZjG3fLPWgp4sNf9FUKo5/oHz2wkFqkdwpakNxB6KEOFIi7KgW2QP862z40waTW8/t8U6PsaYPGt2yLyssx0rHJunI0DgpxvB3FatR7EzU4xedcvribCKkX744p+iaDtIavvmVdiAPyvdZFun8fHatWK6gB9S6asrfRAK0y0yEcAU0PuLeA+h4a5VqFaRiqRxKH4sGEaYM8bsXuZPzpDeCCq1UAiaqAELGt3DFLB0OpbO3mS4ilL9kw9P/cvz/wX/nghiPRvj6Mm9qeonm/PBBfNmsnJeidGNCP3ZUD1iFkMxNIaA3oXayXwBd4+2FwY6m/jT8Gx0YseOZ4uoAiZnOBY6rrex/1pzMH/si696NtbUzw5d0RShZ13zS5LAw76QrZDsCK0YkFOnJm3Rcf6CfNDe1Efv+rTmsGwgT3tgWXp3UEeidTFrgaeMAFIfIsjKy1BSbx9ALhmORjfafEJLmZko06TWOr6fNWHIg/gWFkdFv2KmPy6/3xrqJm4vHbWdGnRSjEgnRVDZGwqTJEv35JO+CV7K78uU14VzUakgU7thEgS00hquoysOeK6Ibw3xun4NljPdb8++8u0kFXtjjFfNjpkzF82hfzurSbeF1NCPOxsP2og9xRCCmLFPcYvuHgjGGbx997lOnffoC3rfmKKnwKe40ugD6P2/+k/KKkzU1Dao+Tz/a2at69iLNLbrn8sVjFaBRadWV8eacl/kdw9f4vTNaqj4oCzqtJRKV4GDTbSwqjAi5HKI2ZjKw4KSLDnNxU7KoAZ0FBK99MBsRjN7lG/Gfm/ymF86S91Jh3z8O/FUFoi0EK+V2Z5B9vk=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</trust:RequestedSecurityToken>
<trust:RequestedAttachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedAttachedReference>
<trust:RequestedUnattachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedUnattachedReference>
<trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
</trust:RequestSecurityTokenResponse>
</trust:RequestSecurityTokenResponseCollection>
</wresult>
<wctx>rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx</wctx>
</Request>
</PassiveMessageTraceRecord>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
Reference
The Reference trace contains information about references in SignedInfo: the ReferenceId (a URI), a Boolean value that indicates equality, the computed digest, and the reference digest.
The following is an example Reference trace:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>1</EventID>
<Type>3</Type>
<SubType Name="Verbose">0</SubType>
<Level>16</Level>
<TimeCreated SystemTime="2009-11-04T01:36:22.2969573Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" />
<Channel />
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose">
<Description>Computing and checking digest of reference.</Description>
<AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain>
<ReferenceTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/ReferenceTraceRecord">
<Reference>#_a4e312b7-af54-4623-9c36-9d1da05b16de</Reference>
<Equal>True</Equal>
<ComputedDigestBase64>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ComputedDigestBase64>
<ReferenceDigestBase64>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ReferenceDigestBase64>
</ReferenceTraceRecord>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
Token
The Token trace contains information about the token. Currently, only SessionTokens, Saml11 and Saml2 tokens are traced when reading. This trace contains different information for each token type.
The following is an example Token trace:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>1</EventID>
<Type>3</Type>
<SubType Name="Verbose">0</SubType>
<Level>16</Level>
<TimeCreated SystemTime="2009-11-04T01:36:22.2969573Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" />
<Channel />
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Verbose">
<Description>Validating SecurityToken.</Description>
<AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain>
<TokenTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/TokenTraceRecord">
<SecurityToken Type="System.IdentityModel.Tokens.SamlSecurityToken">
<saml:Assertion MajorVersion="1" MinorVersion="1" AssertionID="_a4e312b7-af54-4623-9c36-9d1da05b16de" Issuer="PassiveSigninSTS" IssueInstant="2009-11-04T01:36:22.156Z" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion">
<saml:Conditions NotBefore="2009-11-04T01:36:22.156Z" NotOnOrAfter="2009-11-04T02:36:22.156Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="name" AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims">
<saml:AttributeValue>MyName</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="myID" AttributeNamespace="http://WindowsIdentityFoundationSamples">
<saml:AttributeValue>myemail@contoso.com</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="AgeClaim" AttributeNamespace="http://WindowsIdentityFoundationSamples/2008/05">
<saml:AttributeValue a:type="tn:integer" xmlns:a="http://www.w3.org/2001/XMLSchema-instance" xmlns:tn="http://www.w3.org/2001/XMLSchema">50</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"></ds:SignatureMethod>
<ds:Reference URI="#_a4e312b7-af54-4623-9c36-9d1da05b16de">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>Y0WvY8uYETf/oWAYd+x6kPHxzgvH4XqcibGwt67PsZA=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>NtLi5N5V/fOqTLxJZLMjODgPoAPxMllaPN1xsboU712EDk6TZ5RrdZjvjprKFEYKHCKG1bg779VXoXGYZImi0enBoyL0kXYtdfEtHTmYBwpXyib1bbhP0IuFAVQ7JCkhFDmODWA6nDLYBtlz2FQwEVqGnNM5OCDZZ6ItLvq7rnI=</ds:SignatureValue>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>MIIB7jCCAVugAwIBAgIQ3Vh0/hsIm4RA2OvQLeSjvjAJBgUrDgMCHQUAMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wMDAxMDEwODAwMDBaFw0zNjAxMDEwODAwMDBaMBQxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtINoa5bYMLtbJoewBFrajwnQu3K8lahVL3EokQLuXZNA59DFzf1KJTjeAa+otkydNZygMqYj6odA/PHS1v36Kt+9KU88jj+HmxCY3zlzLLLAeLphMNboV69qrv8Xhjl9Av8p3+YEQWecN+z2NT4jN/b93zHuum0UOHxgpzeuBF0CAwEAAaNJMEcwRQYDVR0BBD4wPIAQ7LJlFrGxniplf/NwIOqPJ6EWMBQxEjAQBgNVBAMTCWxvY2FsaG9zdIIQ3Vh0/hsIm4RA2OvQLeSjvjAJBgUrDgMCHQUAA4GBAB+WKIcbd7DhDmThLxlH5M2YoGNKnwx4YqPKz5J7MaM+G5D1YGG9PQfQtxLi7E6G+slSIJ73Vhhf7odZ9VE7znnh2qLISe0THnWg8NUqm9eSLpUEixzoxQQsqZf24z0qtzVlsrjJNc4EnY2F71vUc0+1FlTZvZU0CVVNX349wiUc</X509Certificate>
</X509Data>
</KeyInfo>
</ds:Signature>
</saml:Assertion>
</SecurityToken>
</TokenTraceRecord>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
WsFedMessage
The WsFedMessage trace contains information when WSFederationMessges are received: CanReadSignInResponse, GetReturnUrlFromResponse, CreateSignInResponse, and GetSignInResponse.
The following is an example WsFedMessage trace:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>1</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2009-11-04T01:36:22.2657059Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="w3wp" ProcessID="3680" ThreadID="5" />
<Channel />
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">
<Description>GetSignInResponseMessage</Description>
<AppDomain>/LM/W3SVC/1/ROOT/PassiveRedirectBasedClaimsAwareWebApp-1-129017721800312308</AppDomain>
<WSFederationMessageTraceRecord xmlns="http://schemas.microsoft.com/2009/06/IdentityModel/WSFederationMessageTraceRecord">
<WSFederationMessage>
<BaseUri>https://localhost/PassiveRedirectBasedClaimsAwareWebApp/Default.aspx</BaseUri>
<wa>wsignin1.0</wa>
<wresult>
<trust:RequestSecurityTokenResponseCollection xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:RequestSecurityTokenResponse Context="rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx">
<trust:Lifetime>
<wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T01:36:22.156Z</wsu:Created>
<wsu:Expires xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">2009-11-04T02:36:22.156Z</wsu:Expires>
</trust:Lifetime>
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
<Address>https://localhost/PassiveRedirectBasedClaimsAwareWebApp</Address>
</EndpointReference>
</wsp:AppliesTo>
<trust:RequestedSecurityToken>
<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"></xenc:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<e:EncryptedKey xmlns:e="http://www.w3.org/2001/04/xmlenc#">
<e:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
</e:EncryptionMethod>
<KeyInfo>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<X509Data>
<X509IssuerSerial>
<X509IssuerName>CN=localhost</X509IssuerName>
<X509SerialNumber>-46063684837087187425230596485139881026</X509SerialNumber>
</X509IssuerSerial>
</X509Data>
</o:SecurityTokenReference>
</KeyInfo>
<e:CipherData>
<e:CipherValue>Hjwt9Qfo/+fSaIqxy2vFIaVuPhKxHjmfYZsWLIAe8KZg4mNz4IH9j1eeMuJUdSiNY7yiv7SXVbVNmpi/lsSON8H9vVVpMgfYbr23tgbWjTKSJp59VWwzURx/MqyNOerlRc8GOSNz9S8AgVVm6twFYw/ZgScYFklYQuNKCEAYChU=</e:CipherValue>
</e:CipherData>
</e:EncryptedKey>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>hrt5PmmAaa3frZjz928PcWhXlUf+xzsR7pUSAosRfQ4MkNvyJtC12Bf4RdEYmauF59Pi2g+5WMggZj8RHfekTzV1k87jmNPxzQ9zcN8JVuz1UsqP3ADgEZiesnhSlhpfaogD3fgmFpCBikwFLg4I60y2X/0yQt+hBHqLcvu3LKbAy81tkPPx9qJYy+1y1FBbm0Wt55GdDwo+f9akJMXJkXc0MhYbNRKIsMWuWbVo73TF3aHJ8AqYjJy7kuWXdvxqbCo6yW0SkEiid6FYAG1/Rl6tB8BOaye8YlpPJRBeFkojHaa9RohnSZ73KPFH9JbFXERQfpN9Z5I1yLvkSkWbu81O3z4epgFVBcr+ARuRc5RnVnuQg7IUMeQFm5d2HD80DuonqrUkJC7+kr3ur//Hdc5WTSxCCVRTrR/YLuFRLDKjXfJ8gYXUkTCI8Ca9yoMesjNZWAT6nf0pu3P/DHh0IczdcGhMYelZiHTY6C5au0ZqMvJudgbLyLvhkM+tTX8Nt0MZFt7FEYz/QXrBjh6t5/WbItFf+2P6ZPQuGQFCMsJo0zMonmxQzUBMJbrG1hNrb2w27+RXAh5Xhvie/4njwaAmcb3nWanohs8AEU41kODsYrjbq+7VfqyyIIWvnL+8T1QEABXuGPbme+Jkp6xHViL5FHPLsHR9l9IAQwWTn85D+/LBlmSPA/avPst1nIUk5cCkwwg06W0g+ZL4zK9w7v7xTff6sinm7cNw3UcQfWbo8/R7DTEph4KFIzHPvy5kuAFk1A13uwrGvodapoh/gDyZ6laCA53S/nDy6nFeNtr3TYer8FXlZGXXe9DglBXWtYLcOc6pEM8r3rab13sbev5KgJOPUcg/ebtH6voyF/dfvsTh+hDRMtpOS+7JTV89Bn4zcDm9/8/2DzAEDhxb28YUKwgdVM30sF4e3/4+qedafQr2OIMRJqRFMxaDD6amvXw09qmp48edKDEQRCmqKi/iGPZQUtZNxrNBld+iOj8l/53dgum5DTQgrWhioeEgueWWmhLjepSpfrxW8HgeFTQMc/Eev8ASD2f1tL7rOC3XxTkQgxvLBpNm1UucI0GC/f3u0DOwL8R6z4gG2ZF5sQy0grAxiKRQOOHslw2OdKcEJCZPx8Dt53zHN5C/MhazWZcsIXS4sBE7lafC7cPS/C/kV5rNv+hvuLSrvaT3IEGx9Bfrt391FGssaqL1f6HeFBtSk7+IuGLJIFWurZ/LuZnGBcJZ9TBB7a9dpO5yj6trn/QTuaVoE7wsYJmtCpEkg/jjlQ2/SZMZlf9zUsauebwJKlm5l7U6aIlu6lsOkTdtGsNcTE2qgmN/3vZjguDCg+0/cVDQE6iyDafpatojv9/+7JAxd/Hf2ITmYb04GRn2TqPy0HPcBj4czkwJ7+q59oj49E8leFdQx/dFRFmwHk8N4XD8/Sn1rSrc3LnDcBu//xhBKf1pUoEjq2AEDYGIiY1j1Aoa1h11DxQdEx1qc4uKoVL6PHm/NA9LA5fKtwjfCmebNaVGmFx+Oq+EcHdMnL3g8GEYWkd59u0BgRaW1XeTTdF7lksNYqtwNii8fhw50oiquGwlcADksrGCxQtzrTSLq8Zt0npiOaXe1hKGuQEAsNRm5nzu7fruf2AKkQwh9RKyU1lpAux/y2cWQcvjRqldY0ZAuim7c+YmnXoWEe/xQ3k4QHn+xSooCrRjwbrV3bbMl2JdPyC4tt2MRjF/LIsH3lNWOTAXT4saFKO6dyigZoQvW88xaDPCiOIKMbL9yy9dGp5JQnk1AQv1/4UjyVgUdVakGEep0iR7euqh9m+vu1/o8WsE+lbO2S5X2WQxFxxzTnBT24AgoK2Qy9FXfmL9VQWTcif6I0tGFwGnQpp1n0Cn+37Ta+jYXtllWg1AmX8PtE18qjW/gHGh/U1aMHOLSJ6n/VmJyk9IUmmtA2q3D1tFCSGtCjd661kipUpBvi1u8dvRXz1jhrWIu0uKZ9FhMvsR4zi/oB98ZkEUSB0aUd0dCrJe7c9FHtUdDo5g7YfHY7Ch4yLMuvhfkmQa+dddXwuQNcmHdLq27PNah3v7A9SUgqZyHi+I4efjy17K3WxqxO9DJY7iaqa2KJkJifdAZ/YNRzmiL9RO4NRnheF7vc0W9fF5Ih/r1nxwLwbjyOZwIToksEgot1C2wfJpc6ylObuTCL2+/KpYKh1NGjZHRdQtEHxAaRxPhK3WW/iKT1U1g04YluHyxdlo0fiEYXikndhbNassN7fVF27FL0uCBNv75D5W0+KlYpWlSaYnBMqXMLm2Aw5cgIQueCGzMPCZf5yapP8BZUzBrURxYOiEbPPrLDzQZnSVfGDJJ9qBMBpDgtFE7fQVp11HUwwdps4bgrn1f0uTjf9G08eFTRV9jKKrhKnBZFRqNpiM97n5w+YuzTVwV4RcgXIqanZbd0q6lstQo6Ls9sg46yUQUmage6PWf/OBRdCU+1Rk0ve7uPYHATAP0gOu4HuEYbGU9Nz0BRQfGf/+Hf5xqJp1O1MzMMXpCn5kDhqZuNJRuHN26dVgk9EgviLsYSyeHJaG/yYpk3ZtRiTQU/fOKbaX8lpgCON/0UKS1rCPrf9ub1+rsZGQOYtJOGbnXulTcY8mcb//7SXTPJxPsgA51d+yZ6EgjQLc1G1E2HWzWNLSjSkd4vICoSqgM1uCecF+uacE9u9qlqaugRqT6LH65Nw6RCOlvmyJjzNh9R2xmjOqewz0QPzeojuF0DqxHmJfgyLqhv3bUrdoo3ESQ1yJPwl9srHejn0vK8MPdKB6GOocYg/Gh4fNGqxNXTG9Kz0sAw90qKByA4AfYPH7/7sscsHg+Mr3o0Ih5AJsJ9/JUBdhqMEYAVOC9kEMNgu+5HXY1aO7CfTCD/T+EuI8qYg3Dj9yVt1G0fXmCor+u7ETD2Sq8coiYJ03uCEsNqOLvCyUmZOlcBt2ZwWeNGhWokgEm9ybXQFjLhBTQ4qNrFww70oQk7Utxxgsdq/X/TWeBKWZwXDYxwiEs0mANp+YuvrDd/IrMHinThFP5wMoMG+mGapdX8uEGu6PByfd3kwzdVLPRA/dE/qxJEvVX1U8kthcxlhR3KZtmGvBDu6RZjldNVEGkjN8k8eOxMuCdiyPHRhBFHVEhEOvxkrmPtwGURFdY/7sgCXW8wYSYxmQkOzbi+6qymtcPOGxpDPHlN6ValdZih1QCotonxTF+cFVc9i41v5/VeQ9g283ujbr9P0+gqwt89mdZjG3fLPWgp4sNf9FUKo5/oHz2wkFqkdwpakNxB6KEOFIi7KgW2QP862z40waTW8/t8U6PsaYPGt2yLyssx0rHJunI0DgpxvB3FatR7EzU4xedcvribCKkX744p+iaDtIavvmVdiAPyvdZFun8fHatWK6gB9S6asrfRAK0y0yEcAU0PuLeA+h4a5VqFaRiqRxKH4sGEaYM8bsXuZPzpDeCCq1UAiaqAELGt3DFLB0OpbO3mS4ilL9kw9P/cvz/wX/nghiPRvj6Mm9qeonm/PBBfNmsnJeidGNCP3ZUD1iFkMxNIaA3oXayXwBd4+2FwY6m/jT8Gx0YseOZ4uoAiZnOBY6rrex/1pzMH/si696NtbUzw5d0RShZ13zS5LAw76QrZDsCK0YkFOnJm3Rcf6CfNDe1Efv+rTmsGwgT3tgWXp3UEeidTFrgaeMAFIfIsjKy1BSbx9ALhmORjfafEJLmZko06TWOr6fNWHIg/gWFkdFv2KmPy6/3xrqJm4vHbWdGnRSjEgnRVDZGwqTJEv35JO+CV7K78uU14VzUakgU7thEgS00hquoysOeK6Ibw3xun4NljPdb8++8u0kFXtjjFfNjpkzF82hfzurSbeF1NCPOxsP2og9xRCCmLFPcYvuHgjGGbx997lOnffoC3rfmKKnwKe40ugD6P2/+k/KKkzU1Dao+Tz/a2at69iLNLbrn8sVjFaBRadWV8eacl/kdw9f4vTNaqj4oCzqtJRKV4GDTbSwqjAi5HKI2ZjKw4KSLDnNxU7KoAZ0FBK99MBsRjN7lG/Gfm/ymF86S91Jh3z8O/FUFoi0EK+V2Z5B9vk=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</trust:RequestedSecurityToken>
<trust:RequestedAttachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedAttachedReference>
<trust:RequestedUnattachedReference>
<o:SecurityTokenReference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID">_a4e312b7-af54-4623-9c36-9d1da05b16de</o:KeyIdentifier>
</o:SecurityTokenReference>
</trust:RequestedUnattachedReference>
<trust:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</trust:TokenType>
<trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
<trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
</trust:RequestSecurityTokenResponse>
</trust:RequestSecurityTokenResponseCollection>
</wresult>
<wctx>rm=0&id=passive&ru=%2fPassiveRedirectBasedClaimsAwareWebApp%2fdefault.aspx</wctx>
</WSFederationMessage>
</WSFederationMessageTraceRecord>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
Exceptions
WIF exceptions are traces with a complete stack. The following is an example exception trace:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>8</EventID>
<Type>3</Type>
<SubType Name="Error">0</SubType>
<Level>2</Level>
<TimeCreated SystemTime="2009-08-28T01:04:27.2624325Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="11" />
<Channel/>
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Error">
<Description>Handled exception.</Description>
<AppDomain>ActiveStsExample.vshost.exe</AppDomain>
<Exception>
<ExceptionType>System.Security.AccessControl.PrivilegeNotHeldException, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
<Message>The process does not possess the 'SeTcbPrivilege' privilege which is required for this operation.</Message>
<StackTrace>
at Microsoft.IdentityModel.Privilege.EnableTokenPrivilege(SafeCloseHandle threadToken)
at Microsoft.IdentityModel.Privilege.Enable()
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.KerberosCertificateLogon(X509Certificate2 certificate)
at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.CertificateLogon(X509Certificate2 x509Certificate)
at Microsoft.IdentityModel.Claims.WindowsClaimsIdentity.CreateFromCertificate(X509Certificate2 certificate, Boolean useWindowsTokenService)
at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
at Microsoft.IdentityModel.Tokens.WrappedX509SecurityTokenAuthenticator.ValidateTokenCore(SecurityToken token)
at System.IdentityModel.Selectors.SecurityTokenAuthenticator.ValidateToken(SecurityToken token)
at System.ServiceModel.Security.TlsnegoTokenAuthenticator.ValidateSspiNegotiation(ISspiNegotiation sspiNegotiation)
at System.ServiceModel.Security.SspiNegotiationTokenAuthenticator.ProcessNegotiation(SspiNegotiationTokenAuthenticatorState negotiationState, Message incomingMessage, BinaryNegotiation incomingNego)
at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.ProcessRequestCore(Message request)
at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.NegotiationHost.NegotiationSyncInvoker.Invoke(Object instance, Object[] inputs, Object[]&amp; outputs)
at System.ServiceModel.Dispatcher.DispatchOperationRuntime.InvokeBegin(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage5(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.ImmutableDispatchRuntime.ProcessMessage4(MessageRpc&amp; rpc)
at System.ServiceModel.Dispatcher.MessageRpc.Process(Boolean isOperationContextSet)
at System.ServiceModel.Dispatcher.ChannelHandler.DispatchAndReleasePump(RequestContext request, Boolean cleanThread, OperationContext currentOperationContext)
at System.ServiceModel.Dispatcher.ChannelHandler.HandleRequest(RequestContext request, OperationContext currentOperationContext)
at System.ServiceModel.Dispatcher.ChannelHandler.AsyncMessagePump(IAsyncResult result)
at System.ServiceModel.Diagnostics.Utility.AsyncThunk.UnhandledExceptionFrame(IAsyncResult result)
at System.ServiceModel.AsyncResult.Complete(Boolean completedSynchronously)
at System.ServiceModel.Channels.InputQueue`1.AsyncQueueReader.Set(Item item)
at System.ServiceModel.Channels.InputQueue`1.Dispatch()
at System.ServiceModel.Channels.InputQueue`1.OnDispatchCallback(Object state)
at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke2()
at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.WorkItem.Invoke()
at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ProcessCallbacks()
at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.CompletionCallback(Object state)
at System.ServiceModel.Channels.IOThreadScheduler.CriticalHelper.ScheduledOverlapped.IOCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped)
at System.ServiceModel.Diagnostics.Utility.IOCompletionThunk.UnhandledExceptionFrame(UInt32 error, UInt32 bytesRead, NativeOverlapped* nativeOverlapped)
at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32 errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)
</StackTrace>
<ExceptionString>System.Security.AccessControl.PrivilegeNotHeldException: The process does not possess the 'SeTcbPrivilege' privilege which is required for this operation.</ExceptionString>
</Exception>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
AppDomain Unloading
AppDomain unloading is traced in WIF. The following is an example of the AppDomain Unloading trace:
| Copy Code |
|
|---|---|
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>2</EventID>
<Type>3</Type>
<SubType Name="Information">0</SubType>
<Level>8</Level>
<TimeCreated SystemTime="2009-08-28T01:04:44.0647095Z" />
<Source Name="Microsoft.IdentityModel" />
<Correlation ActivityID="{00000000-0000-0000-0000-000000000000}" />
<Execution ProcessName="ActiveStsExample.vshost" ProcessID="8908" ThreadID="2" />
<Channel/>
<Computer>MyComputer</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2009/10/IdentityModel/TraceRecord" Severity="Information">
<Description>AppDomain unloading.</Description>
<AppDomain>ActiveStsExample.vshost.exe</AppDomain>
<AppDomain.FriendlyName>ActiveStsExample.vshost.exe</AppDomain.FriendlyName>
<ProcessName>ActiveStsExample.vshost</ProcessName>
<ProcessId>8908</ProcessId>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
|
|
Tracing and Relying Party Applications
The following diagram shows which traces correspond to which events in the relying party application pipeline.
