The following procedures describe how to view the Laserfiche Directory Server Token from Laserfiche Directory Server in your browser. The XML returned will contain the user's claims as issued by Directory Server, such as groups the user belongs to, username, and email. This helps determine if Directory Server has the latest information about a user and the expected group membership. The Directory Server token is built after interpreting the SAML response and incorporating user properties stored in Directory Server.
To view an Laserfiche Directory Server token in Chrome, Edge, or Firefox, follow these steps:
- Open Chrome, Edge, or Firefox and press F12 to start the developer console.
- In Chrome or Edge, select the Network tab, then click Preserve log. In Firefox, select the Network tab, then click Persist logs.
- Reproduce the issue by opening an application and signing in.
- Look for a POST with the name of your end application in the network request list's Name column. In Chrome or Edge, select that row and then view the Headers tab. In Firefox, view the Params tab. Look for the wresult attribute that contains the token.
- Once you find the Laserfiche Directory Server token in your browser, copy it and view it as XML in a text editor. For an example, see the image of an intercepted Laserfiche Directory Server Token below.
- Compare the claims contained in the Directory Server token to the SAML response. Mismatches can help narrow down where to investigate potential configuration issues.
- If the claims don't match, take a closer look at your Directory Server configuration.
- If the claims match, but don't match your expectations for what should be included, take a closer look at your SAML provider configuration.
- If the claims match, and are what you expect, the issue is likely not related to SSO configuration (e.g., you didn't put the group in your repository trusted groups).