In order to further troubleshoot a SSO login related error, Box User Services may ask you to run a trace that will capture the SAML assertion made to Box during the login process.
Here's how collect a SAML on your computer and how to provide them to your support agent:
Chrome
Follow the steps found on the site below to set up a Chrome SAML trace (bottom right on the page where Chrome is listed in yellow)
- Install this add-in on Chrome.
- Open a new tab.
- Click the three dots in the upper right corner of the screen and go to More Tools > Developer Tools.
- When the developer panel opens, click the carrot (>>) symbols and select the SAML tab.
- Check the box to "Show Only SAML".
- Go to your branded sub domain and click Continue.
- Click the line containing https://sso.services.box.net/sp/ACS.saml2 and then click the SAML tab in the right-hand panel.
- Copy all the text from the SAML panel into your reply email.
Note: The steps above must be performed in the same tab so that the traffic is captured within the SAML.
Firefox
- Using the FireFox browser install the add-on SAML tracer.
- Launch SAML tracer
Windows: Firefox -> Web Developer -> SAML tracer
Mac: Firefox -> Tools -> SAML tracer - Perform a login by going to account.box.com this way you begin at the first step of your login flow and attempt to recreate the login error you are receiving.
- Within the SAML Tracer you should notice some SAML requests. Look for the one titled: https://sso.services.box.net/sp/ACS.saml2
- In the bottom pane click on the SAML tab.
- Copy the SAML response or export it as a file.
You can provide the exported SAML file you have collected from your browser to your support agent by using any of the following options:
- Attach the file directly to your support case. You will need to be signed in to see your open support cases.
- Upload the file to your Box account and provide your support agent with a shared link to the .zip file
- Attach the file to your email message when you reply to the agent
admin_swarm_kb