How to check ADFS logs for SAML logins

Need to configure your Exchange server for SAML authentication first? Start here to configure SAML with ADFS.

When something goes awry with a SAML login, Robin will attempt to show as much information as possible in the resulting error message. Depending on how much information your ADFS server sends back, this may not be super helpful. In these cases, your ADFS server will have the best information available when trying to troubleshoot.

Opening the Event Viewer

This guide shows screenshots from Exchange Server 2013, but the process should be similar to versions 2010 and higher.

You can generally find these logs on the ADFS server, using the Event Viewer application. Once logged into your ADFS server, you can find it under Control Panel > Administrative Tools > Event Viewer. If you do not see the Administrative Tools option, try switching the view to "Small Icons" instead.

event-viewer-admin-tools-location.png

adfs-event-viewer-location.png

How to find SAML error messages

Once inside the Event Viewer, you should find a directory tree on the left for the different applications on your server. In this case, we select Application and Services Logs > AD FS > Admin. Depending on how you've configured the server, tours may be labeled differently but should include the same information.

adfs-error-logs.png

On active servers, this may contain upwards thousands of entries per day. To narrow down, you can use the Find menu item on the right to search for logs containing keywords like "SAML" or "robinpowered.com" to match our service's SAML entity ID. If you're actively troubleshooting an issue, the most recent attempts should appear right at the top of the page.

filtering-adfs-event-viewer-logs.png

Click on an Error log entry, and you will see more information about the issue. In the example below, we can see more information about the Invalid NameIDPolicy provided, and which one your server expected for the given service's Relaying Trust Policy.

error-details-for-saml-nameid.png

With these logs in hand, you should be able to troubleshoot specific issues faster without the need for "guess and check" attempts at varying SAML configurations.

 

Articles in this section

Was this article helpful?
26 out of 71 found this helpful
Share